host/lib/gsmtap.c: Add GPLv2 disclaimer

Change-Id: Ie163af869c6aa2f3e2bd9007432dc6945384aaf2
host: Add COPYING file for host software (GPLv2)
2026-03-18 06:08:31 +03:00 · 2020-01-17 10:59:41 +01:00 · 2020-01-17 10:59:32 +01:00
119 changed files with 2546 additions and 5805 deletions
--- a/.clang-format
+++ b/.clang-format
@@ -1,563 +0,0 @@
 # SPDX-License-Identifier: GPL-2.0
 #
 # clang-format configuration file. Intended for clang-format >= 4.
 #
 # For more information, see:
 #
 #   Documentation/process/clang-format.rst
 #   https://clang.llvm.org/docs/ClangFormat.html
 #   https://clang.llvm.org/docs/ClangFormatStyleOptions.html
 #
 ---
 AccessModifierOffset: -4
 AlignAfterOpenBracket: Align
 AlignConsecutiveAssignments: false
 AlignConsecutiveDeclarations: false
 #AlignEscapedNewlines: Left # Unknown to clang-format-4.0
 AlignOperands: true
 AlignTrailingComments: false
 AllowAllParametersOfDeclarationOnNextLine: false
 AllowShortBlocksOnASingleLine: false
 AllowShortCaseLabelsOnASingleLine: false
 AllowShortFunctionsOnASingleLine: None
 AllowShortIfStatementsOnASingleLine: false
 AllowShortLoopsOnASingleLine: false
 AlwaysBreakAfterDefinitionReturnType: None
 AlwaysBreakAfterReturnType: None
 AlwaysBreakBeforeMultilineStrings: false
 AlwaysBreakTemplateDeclarations: false
 BinPackArguments: true
 BinPackParameters: true
 BraceWrapping:
  AfterClass: false
  AfterControlStatement: false
  AfterEnum: false
  AfterFunction: true
  AfterNamespace: true
  AfterObjCDeclaration: false
  AfterStruct: false
  AfterUnion: false
  #AfterExternBlock: false # Unknown to clang-format-5.0
  BeforeCatch: false
  BeforeElse: false
  IndentBraces: false
  #SplitEmptyFunction: true # Unknown to clang-format-4.0
  #SplitEmptyRecord: true # Unknown to clang-format-4.0
  #SplitEmptyNamespace: true # Unknown to clang-format-4.0
 BreakBeforeBinaryOperators: None
 BreakBeforeBraces: Custom
 #BreakBeforeInheritanceComma: false # Unknown to clang-format-4.0
 BreakBeforeTernaryOperators: false
 BreakConstructorInitializersBeforeComma: false
 #BreakConstructorInitializers: BeforeComma # Unknown to clang-format-4.0
 BreakAfterJavaFieldAnnotations: false
 BreakStringLiterals: false
 ColumnLimit: 120
 CommentPragmas: '^ IWYU pragma:'
 #CompactNamespaces: false # Unknown to clang-format-4.0
 ConstructorInitializerAllOnOneLineOrOnePerLine: false
 ConstructorInitializerIndentWidth: 8
 ContinuationIndentWidth: 8
 Cpp11BracedListStyle: false
 DerivePointerAlignment: false
 DisableFormat: false
 ExperimentalAutoDetectBinPacking: false
 #FixNamespaceComments: false # Unknown to clang-format-4.0
 # Taken from:
 #   git grep -h '^#define [^[:space:]]*for_each[^[:space:]]*(' include/ \
 #   | sed "s,^#define \([^[:space:]]*for_each[^[:space:]]*\)(.*$,  - '\1'," \
 #   | sort | uniq
 ForEachMacros:
  - 'apei_estatus_for_each_section'
  - 'ata_for_each_dev'
  - 'ata_for_each_link'
  - '__ata_qc_for_each'
  - 'ata_qc_for_each'
  - 'ata_qc_for_each_raw'
  - 'ata_qc_for_each_with_internal'
  - 'ax25_for_each'
  - 'ax25_uid_for_each'
  - '__bio_for_each_bvec'
  - 'bio_for_each_bvec'
  - 'bio_for_each_bvec_all'
  - 'bio_for_each_integrity_vec'
  - '__bio_for_each_segment'
  - 'bio_for_each_segment'
  - 'bio_for_each_segment_all'
  - 'bio_list_for_each'
  - 'bip_for_each_vec'
  - 'bitmap_for_each_clear_region'
  - 'bitmap_for_each_set_region'
  - 'blkg_for_each_descendant_post'
  - 'blkg_for_each_descendant_pre'
  - 'blk_queue_for_each_rl'
  - 'bond_for_each_slave'
  - 'bond_for_each_slave_rcu'
  - 'bpf_for_each_spilled_reg'
  - 'btree_for_each_safe128'
  - 'btree_for_each_safe32'
  - 'btree_for_each_safe64'
  - 'btree_for_each_safel'
  - 'card_for_each_dev'
  - 'cgroup_taskset_for_each'
  - 'cgroup_taskset_for_each_leader'
  - 'cpufreq_for_each_entry'
  - 'cpufreq_for_each_entry_idx'
  - 'cpufreq_for_each_valid_entry'
  - 'cpufreq_for_each_valid_entry_idx'
  - 'css_for_each_child'
  - 'css_for_each_descendant_post'
  - 'css_for_each_descendant_pre'
  - 'device_for_each_child_node'
  - 'displayid_iter_for_each'
  - 'dma_fence_chain_for_each'
  - 'do_for_each_ftrace_op'
  - 'drm_atomic_crtc_for_each_plane'
  - 'drm_atomic_crtc_state_for_each_plane'
  - 'drm_atomic_crtc_state_for_each_plane_state'
  - 'drm_atomic_for_each_plane_damage'
  - 'drm_client_for_each_connector_iter'
  - 'drm_client_for_each_modeset'
  - 'drm_connector_for_each_possible_encoder'
  - 'drm_for_each_bridge_in_chain'
  - 'drm_for_each_connector_iter'
  - 'drm_for_each_crtc'
  - 'drm_for_each_crtc_reverse'
  - 'drm_for_each_encoder'
  - 'drm_for_each_encoder_mask'
  - 'drm_for_each_fb'
  - 'drm_for_each_legacy_plane'
  - 'drm_for_each_plane'
  - 'drm_for_each_plane_mask'
  - 'drm_for_each_privobj'
  - 'drm_mm_for_each_hole'
  - 'drm_mm_for_each_node'
  - 'drm_mm_for_each_node_in_range'
  - 'drm_mm_for_each_node_safe'
  - 'flow_action_for_each'
  - 'for_each_acpi_dev_match'
  - 'for_each_active_dev_scope'
  - 'for_each_active_drhd_unit'
  - 'for_each_active_iommu'
  - 'for_each_aggr_pgid'
  - 'for_each_available_child_of_node'
  - 'for_each_bio'
  - 'for_each_board_func_rsrc'
  - 'for_each_bvec'
  - 'for_each_card_auxs'
  - 'for_each_card_auxs_safe'
  - 'for_each_card_components'
  - 'for_each_card_dapms'
  - 'for_each_card_pre_auxs'
  - 'for_each_card_prelinks'
  - 'for_each_card_rtds'
  - 'for_each_card_rtds_safe'
  - 'for_each_card_widgets'
  - 'for_each_card_widgets_safe'
  - 'for_each_cgroup_storage_type'
  - 'for_each_child_of_node'
  - 'for_each_clear_bit'
  - 'for_each_clear_bit_from'
  - 'for_each_cmsghdr'
  - 'for_each_compatible_node'
  - 'for_each_component_dais'
  - 'for_each_component_dais_safe'
  - 'for_each_comp_order'
  - 'for_each_console'
  - 'for_each_cpu'
  - 'for_each_cpu_and'
  - 'for_each_cpu_not'
  - 'for_each_cpu_wrap'
  - 'for_each_dapm_widgets'
  - 'for_each_dev_addr'
  - 'for_each_dev_scope'
  - 'for_each_dma_cap_mask'
  - 'for_each_dpcm_be'
  - 'for_each_dpcm_be_rollback'
  - 'for_each_dpcm_be_safe'
  - 'for_each_dpcm_fe'
  - 'for_each_drhd_unit'
  - 'for_each_dss_dev'
  - 'for_each_dtpm_table'
  - 'for_each_efi_memory_desc'
  - 'for_each_efi_memory_desc_in_map'
  - 'for_each_element'
  - 'for_each_element_extid'
  - 'for_each_element_id'
  - 'for_each_endpoint_of_node'
  - 'for_each_evictable_lru'
  - 'for_each_fib6_node_rt_rcu'
  - 'for_each_fib6_walker_rt'
  - 'for_each_free_mem_pfn_range_in_zone'
  - 'for_each_free_mem_pfn_range_in_zone_from'
  - 'for_each_free_mem_range'
  - 'for_each_free_mem_range_reverse'
  - 'for_each_func_rsrc'
  - 'for_each_hstate'
  - 'for_each_if'
  - 'for_each_iommu'
  - 'for_each_ip_tunnel_rcu'
  - 'for_each_irq_nr'
  - 'for_each_link_codecs'
  - 'for_each_link_cpus'
  - 'for_each_link_platforms'
  - 'for_each_lru'
  - 'for_each_matching_node'
  - 'for_each_matching_node_and_match'
  - 'for_each_member'
  - 'for_each_memcg_cache_index'
  - 'for_each_mem_pfn_range'
  - '__for_each_mem_range'
  - 'for_each_mem_range'
  - '__for_each_mem_range_rev'
  - 'for_each_mem_range_rev'
  - 'for_each_mem_region'
  - 'for_each_migratetype_order'
  - 'for_each_msi_entry'
  - 'for_each_msi_entry_safe'
  - 'for_each_msi_vector'
  - 'for_each_net'
  - 'for_each_net_continue_reverse'
  - 'for_each_netdev'
  - 'for_each_netdev_continue'
  - 'for_each_netdev_continue_rcu'
  - 'for_each_netdev_continue_reverse'
  - 'for_each_netdev_feature'
  - 'for_each_netdev_in_bond_rcu'
  - 'for_each_netdev_rcu'
  - 'for_each_netdev_reverse'
  - 'for_each_netdev_safe'
  - 'for_each_net_rcu'
  - 'for_each_new_connector_in_state'
  - 'for_each_new_crtc_in_state'
  - 'for_each_new_mst_mgr_in_state'
  - 'for_each_new_plane_in_state'
  - 'for_each_new_private_obj_in_state'
  - 'for_each_node'
  - 'for_each_node_by_name'
  - 'for_each_node_by_type'
  - 'for_each_node_mask'
  - 'for_each_node_state'
  - 'for_each_node_with_cpus'
  - 'for_each_node_with_property'
  - 'for_each_nonreserved_multicast_dest_pgid'
  - 'for_each_of_allnodes'
  - 'for_each_of_allnodes_from'
  - 'for_each_of_cpu_node'
  - 'for_each_of_pci_range'
  - 'for_each_old_connector_in_state'
  - 'for_each_old_crtc_in_state'
  - 'for_each_old_mst_mgr_in_state'
  - 'for_each_oldnew_connector_in_state'
  - 'for_each_oldnew_crtc_in_state'
  - 'for_each_oldnew_mst_mgr_in_state'
  - 'for_each_oldnew_plane_in_state'
  - 'for_each_oldnew_plane_in_state_reverse'
  - 'for_each_oldnew_private_obj_in_state'
  - 'for_each_old_plane_in_state'
  - 'for_each_old_private_obj_in_state'
  - 'for_each_online_cpu'
  - 'for_each_online_node'
  - 'for_each_online_pgdat'
  - 'for_each_pci_bridge'
  - 'for_each_pci_dev'
  - 'for_each_pci_msi_entry'
  - 'for_each_pcm_streams'
  - 'for_each_physmem_range'
  - 'for_each_populated_zone'
  - 'for_each_possible_cpu'
  - 'for_each_present_cpu'
  - 'for_each_prime_number'
  - 'for_each_prime_number_from'
  - 'for_each_process'
  - 'for_each_process_thread'
  - 'for_each_prop_codec_conf'
  - 'for_each_prop_dai_codec'
  - 'for_each_prop_dai_cpu'
  - 'for_each_prop_dlc_codecs'
  - 'for_each_prop_dlc_cpus'
  - 'for_each_prop_dlc_platforms'
  - 'for_each_property_of_node'
  - 'for_each_registered_fb'
  - 'for_each_requested_gpio'
  - 'for_each_requested_gpio_in_range'
  - 'for_each_reserved_mem_range'
  - 'for_each_reserved_mem_region'
  - 'for_each_rtd_codec_dais'
  - 'for_each_rtd_components'
  - 'for_each_rtd_cpu_dais'
  - 'for_each_rtd_dais'
  - 'for_each_set_bit'
  - 'for_each_set_bit_from'
  - 'for_each_set_clump8'
  - 'for_each_sg'
  - 'for_each_sg_dma_page'
  - 'for_each_sg_page'
  - 'for_each_sgtable_dma_page'
  - 'for_each_sgtable_dma_sg'
  - 'for_each_sgtable_page'
  - 'for_each_sgtable_sg'
  - 'for_each_sibling_event'
  - 'for_each_subelement'
  - 'for_each_subelement_extid'
  - 'for_each_subelement_id'
  - '__for_each_thread'
  - 'for_each_thread'
  - 'for_each_unicast_dest_pgid'
  - 'for_each_vsi'
  - 'for_each_wakeup_source'
  - 'for_each_zone'
  - 'for_each_zone_zonelist'
  - 'for_each_zone_zonelist_nodemask'
  - 'fwnode_for_each_available_child_node'
  - 'fwnode_for_each_child_node'
  - 'fwnode_graph_for_each_endpoint'
  - 'gadget_for_each_ep'
  - 'genradix_for_each'
  - 'genradix_for_each_from'
  - 'hash_for_each'
  - 'hash_for_each_possible'
  - 'hash_for_each_possible_rcu'
  - 'hash_for_each_possible_rcu_notrace'
  - 'hash_for_each_possible_safe'
  - 'hash_for_each_rcu'
  - 'hash_for_each_safe'
  - 'hctx_for_each_ctx'
  - 'hlist_bl_for_each_entry'
  - 'hlist_bl_for_each_entry_rcu'
  - 'hlist_bl_for_each_entry_safe'
  - 'hlist_for_each'
  - 'hlist_for_each_entry'
  - 'hlist_for_each_entry_continue'
  - 'hlist_for_each_entry_continue_rcu'
  - 'hlist_for_each_entry_continue_rcu_bh'
  - 'hlist_for_each_entry_from'
  - 'hlist_for_each_entry_from_rcu'
  - 'hlist_for_each_entry_rcu'
  - 'hlist_for_each_entry_rcu_bh'
  - 'hlist_for_each_entry_rcu_notrace'
  - 'hlist_for_each_entry_safe'
  - 'hlist_for_each_entry_srcu'
  - '__hlist_for_each_rcu'
  - 'hlist_for_each_safe'
  - 'hlist_nulls_for_each_entry'
  - 'hlist_nulls_for_each_entry_from'
  - 'hlist_nulls_for_each_entry_rcu'
  - 'hlist_nulls_for_each_entry_safe'
  - 'i3c_bus_for_each_i2cdev'
  - 'i3c_bus_for_each_i3cdev'
  - 'ide_host_for_each_port'
  - 'ide_port_for_each_dev'
  - 'ide_port_for_each_present_dev'
  - 'idr_for_each_entry'
  - 'idr_for_each_entry_continue'
  - 'idr_for_each_entry_continue_ul'
  - 'idr_for_each_entry_ul'
  - 'in_dev_for_each_ifa_rcu'
  - 'in_dev_for_each_ifa_rtnl'
  - 'inet_bind_bucket_for_each'
  - 'inet_lhash2_for_each_icsk_rcu'
  - 'key_for_each'
  - 'key_for_each_safe'
  - 'klp_for_each_func'
  - 'klp_for_each_func_safe'
  - 'klp_for_each_func_static'
  - 'klp_for_each_object'
  - 'klp_for_each_object_safe'
  - 'klp_for_each_object_static'
  - 'kunit_suite_for_each_test_case'
  - 'kvm_for_each_memslot'
  - 'kvm_for_each_vcpu'
  - 'list_for_each'
  - 'list_for_each_codec'
  - 'list_for_each_codec_safe'
  - 'list_for_each_continue'
  - 'list_for_each_entry'
  - 'list_for_each_entry_continue'
  - 'list_for_each_entry_continue_rcu'
  - 'list_for_each_entry_continue_reverse'
  - 'list_for_each_entry_from'
  - 'list_for_each_entry_from_rcu'
  - 'list_for_each_entry_from_reverse'
  - 'list_for_each_entry_lockless'
  - 'list_for_each_entry_rcu'
  - 'list_for_each_entry_reverse'
  - 'list_for_each_entry_safe'
  - 'list_for_each_entry_safe_continue'
  - 'list_for_each_entry_safe_from'
  - 'list_for_each_entry_safe_reverse'
  - 'list_for_each_entry_srcu'
  - 'list_for_each_prev'
  - 'list_for_each_prev_safe'
  - 'list_for_each_safe'
  - 'llist_for_each'
  - 'llist_for_each_entry'
  - 'llist_for_each_entry_safe'
  - 'llist_for_each_safe'
  - 'mci_for_each_dimm'
  - 'media_device_for_each_entity'
  - 'media_device_for_each_intf'
  - 'media_device_for_each_link'
  - 'media_device_for_each_pad'
  - 'nanddev_io_for_each_page'
  - 'netdev_for_each_lower_dev'
  - 'netdev_for_each_lower_private'
  - 'netdev_for_each_lower_private_rcu'
  - 'netdev_for_each_mc_addr'
  - 'netdev_for_each_uc_addr'
  - 'netdev_for_each_upper_dev_rcu'
  - 'netdev_hw_addr_list_for_each'
  - 'nft_rule_for_each_expr'
  - 'nla_for_each_attr'
  - 'nla_for_each_nested'
  - 'nlmsg_for_each_attr'
  - 'nlmsg_for_each_msg'
  - 'nr_neigh_for_each'
  - 'nr_neigh_for_each_safe'
  - 'nr_node_for_each'
  - 'nr_node_for_each_safe'
  - 'of_for_each_phandle'
  - 'of_property_for_each_string'
  - 'of_property_for_each_u32'
  - 'pci_bus_for_each_resource'
  - 'pcl_for_each_chunk'
  - 'pcl_for_each_segment'
  - 'pcm_for_each_format'
  - 'ping_portaddr_for_each_entry'
  - 'plist_for_each'
  - 'plist_for_each_continue'
  - 'plist_for_each_entry'
  - 'plist_for_each_entry_continue'
  - 'plist_for_each_entry_safe'
  - 'plist_for_each_safe'
  - 'pnp_for_each_card'
  - 'pnp_for_each_dev'
  - 'protocol_for_each_card'
  - 'protocol_for_each_dev'
  - 'queue_for_each_hw_ctx'
  - 'radix_tree_for_each_slot'
  - 'radix_tree_for_each_tagged'
  - 'rb_for_each'
  - 'rbtree_postorder_for_each_entry_safe'
  - 'rdma_for_each_block'
  - 'rdma_for_each_port'
  - 'rdma_umem_for_each_dma_block'
  - 'resource_list_for_each_entry'
  - 'resource_list_for_each_entry_safe'
  - 'rhl_for_each_entry_rcu'
  - 'rhl_for_each_rcu'
  - 'rht_for_each'
  - 'rht_for_each_entry'
  - 'rht_for_each_entry_from'
  - 'rht_for_each_entry_rcu'
  - 'rht_for_each_entry_rcu_from'
  - 'rht_for_each_entry_safe'
  - 'rht_for_each_from'
  - 'rht_for_each_rcu'
  - 'rht_for_each_rcu_from'
  - '__rq_for_each_bio'
  - 'rq_for_each_bvec'
  - 'rq_for_each_segment'
  - 'scsi_for_each_prot_sg'
  - 'scsi_for_each_sg'
  - 'sctp_for_each_hentry'
  - 'sctp_skb_for_each'
  - 'shdma_for_each_chan'
  - '__shost_for_each_device'
  - 'shost_for_each_device'
  - 'sk_for_each'
  - 'sk_for_each_bound'
  - 'sk_for_each_entry_offset_rcu'
  - 'sk_for_each_from'
  - 'sk_for_each_rcu'
  - 'sk_for_each_safe'
  - 'sk_nulls_for_each'
  - 'sk_nulls_for_each_from'
  - 'sk_nulls_for_each_rcu'
  - 'snd_array_for_each'
  - 'snd_pcm_group_for_each_entry'
  - 'snd_soc_dapm_widget_for_each_path'
  - 'snd_soc_dapm_widget_for_each_path_safe'
  - 'snd_soc_dapm_widget_for_each_sink_path'
  - 'snd_soc_dapm_widget_for_each_source_path'
  - 'tb_property_for_each'
  - 'tcf_exts_for_each_action'
  - 'udp_portaddr_for_each_entry'
  - 'udp_portaddr_for_each_entry_rcu'
  - 'usb_hub_for_each_child'
  - 'v4l2_device_for_each_subdev'
  - 'v4l2_m2m_for_each_dst_buf'
  - 'v4l2_m2m_for_each_dst_buf_safe'
  - 'v4l2_m2m_for_each_src_buf'
  - 'v4l2_m2m_for_each_src_buf_safe'
  - 'virtio_device_for_each_vq'
  - 'while_for_each_ftrace_op'
  - 'xa_for_each'
  - 'xa_for_each_marked'
  - 'xa_for_each_range'
  - 'xa_for_each_start'
  - 'xas_for_each'
  - 'xas_for_each_conflict'
  - 'xas_for_each_marked'
  - 'xbc_array_for_each_value'
  - 'xbc_for_each_key_value'
  - 'xbc_node_for_each_array_value'
  - 'xbc_node_for_each_child'
  - 'xbc_node_for_each_key_value'
  - 'zorro_for_each_dev'
  - 'for_each_line'
  - 'for_each_non_empty_line'
 #IncludeBlocks: Preserve # Unknown to clang-format-5.0
 IncludeCategories:
  - Regex: '.*'
    Priority: 1
 IncludeIsMainRegex: '(Test)?$'
 IndentCaseLabels: false
 #IndentPPDirectives: None # Unknown to clang-format-5.0
 IndentWidth: 8
 IndentWrappedFunctionNames: false
 JavaScriptQuotes: Leave
 JavaScriptWrapImports: true
 KeepEmptyLinesAtTheStartOfBlocks: false
 MacroBlockBegin: ''
 MacroBlockEnd: ''
 MaxEmptyLinesToKeep: 1
 NamespaceIndentation: None
 #ObjCBinPackProtocolList: Auto # Unknown to clang-format-5.0
 ObjCBlockIndentWidth: 8
 ObjCSpaceAfterProperty: true
 ObjCSpaceBeforeProtocolList: true
 # Taken from git's rules
 #PenaltyBreakAssignment: 10 # Unknown to clang-format-4.0
 PenaltyBreakBeforeFirstCallParameter: 30
 PenaltyBreakComment: 10
 PenaltyBreakFirstLessLess: 0
 PenaltyBreakString: 10
 PenaltyExcessCharacter: 100
 PenaltyReturnTypeOnItsOwnLine: 60
 PointerAlignment: Right
 ReflowComments: false
 SortIncludes: false
 #SortUsingDeclarations: false # Unknown to clang-format-4.0
 SpaceAfterCStyleCast: false
 SpaceAfterTemplateKeyword: true
 SpaceBeforeAssignmentOperators: true
 #SpaceBeforeCtorInitializerColon: true # Unknown to clang-format-5.0
 #SpaceBeforeInheritanceColon: true # Unknown to clang-format-5.0
 SpaceBeforeParens: ControlStatements
 #SpaceBeforeRangeBasedForLoopColon: true # Unknown to clang-format-5.0
 SpaceInEmptyParentheses: false
 SpacesBeforeTrailingComments: 1
 SpacesInAngles: false
 SpacesInContainerLiterals: false
 SpacesInCStyleCastParentheses: false
 SpacesInParentheses: false
 SpacesInSquareBrackets: false
 Standard: Cpp03
 TabWidth: 8
 UseTab: Always
 ...
--- a/.gitignore
+++ b/.gitignore
@@ -18,8 +18,7 @@ tags
 *.bin
 *.p
 host/simtrace2-list
-host/simtrace2-cardem-pcsc
+host/simtrace2-remsim
-host/contrib/simtrace2.spec
+host/simtrace2-remsim-usb2udp
 usb_strings_generated.h
 firmware/usbstring/usbstring
 firmware/apps/*/usb_strings.txt.patched
--- a/.gitreview
+++ b/.gitreview
@@ -1,3 +0,0 @@
 [gerrit]
 host=gerrit.osmocom.org
 project=simtrace2
--- a/14
+++ b/14
@@ -8,23 +8,13 @@ fw-$(1)-$(2)-clean:
 endef
 $(eval $(call RULES,simtrace,dfu))
 $(eval $(call RULES,simtrace,blupdate))
 $(eval $(call RULES,simtrace,trace))
 $(eval $(call RULES,simtrace,cardem))
 $(eval $(call RULES,qmod,dfu))
 $(eval $(call RULES,qmod,blupdate))
 $(eval $(call RULES,qmod,cardem))
 $(eval $(call RULES,ngff_cardem,dfu))
 $(eval $(call RULES,ngff_cardem,blupdate))
 $(eval $(call RULES,ngff_cardem,trace))
 $(eval $(call RULES,ngff_cardem,cardem))
-fw-clean: fw-simtrace-dfu-clean fw-simtrace-blupdate-clean fw-simtrace-trace-clean fw-simtrace-cardem-clean \
+fw-clean: fw-simtrace-dfu-clean fw-simtrace-trace-clean fw-simtrace-cardem-clean fw-qmod-dfu-clean fw-qmod-cardem-clean
-	fw-qmod-dfu-clean fw-qmod-blupdate-clean fw-qmod-cardem-clean \
+fw: fw-simtrace-dfu fw-simtrace-trace fw-simtrace-cardem fw-qmod-dfu fw-qmod-cardem
 	fw-ngff_cardem-dfu-clean fw-ngff_cardem-blupdate-clean fw-ngff_cardem-trace-clean fw-ngff_cardem-cardem-clean
 fw: fw-simtrace-dfu fw-simtrace-blupdate fw-simtrace-trace fw-simtrace-cardem \
 	fw-qmod-dfu fw-qmod-blupdate fw-qmod-cardem \
 	fw-ngff_cardem-dfu fw-ngff_cardem-blupdate fw-ngff_cardem-trace fw-ngff_cardem-cardem
 utils:
 	(cd host && \
--- a/README.md
+++ b/README.md
@@ -5,6 +5,9 @@ This is the repository for the next-generation SIMtrace devices,
 providing abilities to trace the communication between (U)SIM card and
 phone, remote (U)SIM card forward, (U)SIM man-in-the-middle, and more.
 This is under heavy development, and right now it is not surprising if
 things still break on a daily basis.
 NOTE: Nothing in this repository applies to the SIMtrace v1.x hardware
 or its associated firmware.  SIMtrace v1.x is based on a different CPU /
 microcontroller architecture and uses a completely different software
@@ -13,6 +16,12 @@ stack and host software.
 Supported Hardware
 ------------------
 At this point, the primary development target is still the OWHW + sysmoQMOD
 device, but we expect to add support for a SAM3 based SIMtrace hardware
 board soon.
 The goal is to support the following devices:
 * Osmocom SIMtrace 1.x with SAM3 controller
 ** this is open hardware and schematics / PCB design is published
 * sysmocom sysmoQMOD (with 4 Modems,  4 SIM slots and 2 SAM3)
@@ -28,11 +37,3 @@ This repository contains several directory
 * firmware - the firmware to run on the actual devices
 * hardware - some information related to the hardware
 * host - Programs to use on the USB host to interface with the hardware
 The host software includes
 * libosmo-simtrace2 - a shared library to talk to devices running the simtrace2 firmware
 * simtrace2-list - list any USB-attached devices running simtrace2 firmware
 * simtrace2-sniff - interface the 'trace' firmware to obtain card protocol traces
 * simtrace2-cardem-pcsc - interface the 'cardem' fimrware to use a SIM in a PC/SC reader
--- a/10
+++ b/10
@@ -1,10 +0,0 @@
 # When cleaning up this file: bump API version in corresponding Makefile.am and rename corresponding debian/lib*.install
 # according to https://osmocom.org/projects/cellular-infrastructure/wiki/Make_a_new_release
 # In short: https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html#Updating-version-info
 # LIBVERSION=c:r:a
 # If the library source code has changed at all since the last update, then increment revision: c:r + 1:a.
 # If any interfaces have been added, removed, or changed since the last update: c + 1:0:0.
 # If any interfaces have been added since the last public release: c:r:a + 1.
 # If any interfaces have been removed or changed since the last public release: c:r:0.
 #library	what			description / commit summary line
 simtrace2	API/ABI change		osmo_st2_transport new member
--- a/contrib/flash.py
+++ b/contrib/flash.py
@@ -1,164 +0,0 @@
 #!/usr/bin/env python
 # encoding: utf-8
 # python: 3.8.1
 # library to enumerate USB devices
 import usb.core
 from usb.util import *
 # more elegant structure
 from typing import NamedTuple
 # regular expressions utilities
 import re
 # open utilities to handle files
 import os, sys
 # to download the firmwares
 import urllib.request
 # to flash using DFU-util
 import subprocess
 # SIMtrace 2 device information
 class Device(NamedTuple):
 	usb_vendor_id: int
 	usb_product_id: int
 	name: str
 	url: dict # 1: sniff/trace firmware, 2: card emulation firmware
 # SIMtrace 2 devices definitions
 DEVICE_SIMTRACE = Device(usb_vendor_id=0x1d50, usb_product_id=0x60e3, name="SIMtrace 2", url={"trace": "https://ftp.osmocom.org/binaries/simtrace2/firmware/latest/simtrace-trace-dfu-latest.bin", "cardem": "https://osmocom.org/attachments/download/3868/simtrace-cardem-dfu.bin"})
 DEVICE_QMOD = Device(usb_vendor_id=0x1d50, usb_product_id=0x4004, name="sysmoQMOD (Quad Modem)", url={"cardem": "https://ftp.osmocom.org/binaries/simtrace2/firmware/latest/qmod-cardem-dfu-latest.bin"})
 DEVICE_OWHW = Device(usb_vendor_id=0x1d50, usb_product_id=0x4001, name="OWHW", url={"cardem": "https://ftp.osmocom.org/binaries/simtrace2/firmware/latest/owhw-cardem-dfu-latest.bin"})
 DEVICE_OCTSIMTEST = Device(usb_vendor_id=0x1d50, usb_product_id=0x616d, name="OCTSIMTEST", url={"cardem": "https://ftp.osmocom.org/binaries/simtrace2/firmware/latest/octsimtest-cardem-dfu-latest.bin"})
 DEVICE_NGFF_CARDEM = Device(usb_vendor_id=0x1d50, usb_product_id=0x616e, name="ngff-cardem", url={"cardem": "https://ftp.osmocom.org/binaries/simtrace2/firmware/latest/ngff_cardem-cardem-dfu-latest.bin"})
 DEVICES = [DEVICE_SIMTRACE, DEVICE_QMOD, DEVICE_OCTSIMTEST, DEVICE_NGFF_CARDEM]
 # which firmware does the SIMtrace USN interface subclass correspond
 FIRMWARE_SUBCLASS = {1: "trace", 2: "cardem"}
 def print_help():
 	print("this script will flash SIMtrace 2 - based devices")
 	print("when no argument is provided, it will try to flash the application firmware of all SIMtrace 2 devices connected to USB with the latest version")
 	print("to flash a specific firmware, provide the name as argument")
 	print("the possible firmwares are: trace, cardem")
 	print("to list all devices connected to USB, provide the argument \"list\"")
 # the firmware to flash
 to_flash = None
 # parse command line argument
 if len(sys.argv) == 2:
  to_flash = sys.argv[1]
 if to_flash not in ["list", "trace", "cardem"] and len(sys.argv) > 1:
 	print_help()
 	exit(0)
 # get all USB devices
 devices = []
 devices_nb = 0
 updated_nb = 0
 usb_devices = usb.core.find(find_all=True)
 for usb_device in usb_devices:
 	# find SIMtrace devices
 	definitions = list(filter(lambda x: x.usb_vendor_id == usb_device.idVendor and x.usb_product_id == usb_device.idProduct, DEVICES))
 	if 1 != len(definitions):
 		continue
 	devices_nb += 1
 	definition = definitions[0]
 	serial = usb_device.serial_number or "unknown"
 	usb_path = str(usb_device.bus) + "-" + ".".join(map(str, usb_device.port_numbers))
 	print("found " + definition.name + " device (chip ID " + serial + ") at USB path " + usb_path)
 	# determine if we are running DFU (in most cases the bootloader, but could also be the application)
 	dfu_interface = None
 	for configuration in usb_device:
 		# get DFU interface descriptor
 		dfu_interface = dfu_interface or find_descriptor(configuration, bInterfaceClass=254, bInterfaceSubClass=1)
 	if (None == dfu_interface):
 		print("no DFU USB interface found")
 		continue
 	dfu_mode = (2 == dfu_interface.bInterfaceProtocol) # InterfaceProtocol 1 is runtime mode, 2 is DFU mode
 	# determine firmware type (when not in DFU mode)
 	firmware = None
 	simtrace_interface = None
 	for configuration in usb_device:
 		simtrace_interface = simtrace_interface or find_descriptor(configuration, bInterfaceClass=255)
 	if simtrace_interface and simtrace_interface.bInterfaceSubClass in FIRMWARE_SUBCLASS:
 		firmware = firmware or FIRMWARE_SUBCLASS[simtrace_interface.bInterfaceSubClass]
 	if dfu_mode:
 		firmware = 'dfu'
 	if firmware:
 		print("installed firmware: " + firmware)
 	else:
 		print("unknown installed firmware")
 		continue
 	# determine version of the application/bootloader firmware
 	version = None
 	version_interface = None
 	for configuration in usb_device:
 		# get custom interface with string
 		version_interface = version_interface or find_descriptor(configuration, bInterfaceClass=255, bInterfaceSubClass=255)
 	if version_interface and version_interface.iInterface and version_interface.iInterface > 0 and get_string(usb_device, version_interface.iInterface):
 		version = get_string(usb_device, version_interface.iInterface)
 	if not version:
 		# the USB serial is set (in the application) since version 0.5.1.34-e026 from 2019-08-06
 		# https://git.osmocom.org/simtrace2/commit/?id=e0265462d8c05ebfa133db2039c2fbe3ebbd286e
 		# the USB serial is set (in the bootloader) since version 0.5.1.45-ac7e from 2019-11-18
 		# https://git.osmocom.org/simtrace2/commit/?id=5db9402a5f346e30288db228157f71c29aefce5a
 		# the firmware version is set (in the application) since version 0.5.1.37-ede8 from 2019-08-13
 		# https://git.osmocom.org/simtrace2/commit/?id=ede87e067dadd07119f24e96261b66ac92b3af6f
 		# the firmware version is set (in the bootloader) since version 0.5.1.45-ac7e from 2019-11-18
 		# https://git.osmocom.org/simtrace2/commit/?id=5db9402a5f346e30288db228157f71c29aefce5a
 		if dfu_mode:
 			if serial:
 				version = "< 0.5.1.45-ac7e"
 			else:
 				versoin = "< 0.5.1.45-ac7e"
 		else:
 			if serial:
 				version = "< 0.5.1.37-ede8"
 			else:
 				versoin = "< 0.5.1.34-e026"
 	print("device firmware version: " + version)
 	# flash latest firmware
 	if to_flash == "list": # we just want to list the devices, not flash them
 		continue
 	# check the firmware exists
 	if firmware == "dfu" and to_flash is None:
 		print("device is currently in DFU mode. you need to specify which firmware to flash")
 		continue
 	to_flash = to_flash or firmware
 	if to_flash not in definition.url.keys():
 		print("no firmware image available for " + firmware + " firmware")
 		continue
 	# download firmware
 	try:
 		dl_path, header = urllib.request.urlretrieve(definition.url[to_flash])
 	except:
 		print("could not download firmware " + definition.url[to_flash])
 		continue
 	dl_file = open(dl_path, "rb")
 	dl_data = dl_file.read()
 	dl_file.close()
 	# compare versions
 	dl_version = re.search(b'firmware \d+\.\d+\.\d+\.\d+-[0-9a-fA-F]{4}', dl_data)
 	if dl_version is None:
 		print("could not get version from downloaded firmware image")
 		os.remove(dl_path)
 		continue
 	dl_version = dl_version.group(0).decode("utf-8").split(" ")[1]
 	print("latest firmware version: " + dl_version)
 	versions = list(map(lambda x: int(x), version.split(" ")[-1].split("-")[0].split(".")))
 	dl_versions = list(map(lambda x: int(x), dl_version.split("-")[0].split(".")))
 	dl_newer = (versions[0] < dl_versions[0] or (versions[0] == dl_versions[0] and versions[1] < dl_versions[1]) or (versions[0] == dl_versions[0] and versions[1] == dl_versions[1] and versions[2] < dl_versions[2]) or (versions[0] == dl_versions[0] and versions[1] == dl_versions[1] and versions[2] == dl_versions[2] and versions[3] < dl_versions[3]))
 	if not dl_newer:
 		print("no need to flash latest version")
 		os.remove(dl_path)
 		continue
 	print("flashing latest version")
 	dfu_result = subprocess.run(["dfu-util", "--device", hex(definition.usb_vendor_id) + ":" + hex(definition.usb_product_id), "--path", usb_path, "--cfg", "1", "--alt", "1", "--reset", "--download", dl_path])
 	os.remove(dl_path)
 	if 0 != dfu_result.returncode:
 		printf("flashing firmware using dfu-util failed. ensure dfu-util is installed and you have the permissions to access this USB device")
 		continue
 	updated_nb += 1
 print(str(devices_nb)+ " SIMtrace 2 device(s) found")
 print(str(updated_nb)+ " SIMtrace 2 device(s) updated")
--- a/contrib/jenkins.sh
+++ b/contrib/jenkins.sh
@@ -21,18 +21,13 @@ mkdir "$deps" || true
 osmo-build-dep.sh libosmocore "" '--disable-doxygen --enable-gnutls'
 # verify only after building the dependency (to ensure we have most recent source of dependency)
 verify_value_string_arrays_are_terminated.py $(find . -name "*.[hc]")
 export PKG_CONFIG_PATH="$inst/lib/pkgconfig:$PKG_CONFIG_PATH"
 export LD_LIBRARY_PATH="$inst/lib"
 BUILDS=""
-BUILDS+="simtrace/dfu simtrace/blupdate simtrace/trace simtrace/cardem "
+BUILDS+="simtrace/dfu simtrace/cardem simtrace/trace " # simtrace/triple_play
-BUILDS+="qmod/dfu qmod/blupdate qmod/cardem "
+BUILDS+="qmod/dfu qmod/cardem "
-BUILDS+="owhw/dfu owhw/blupdate owhw/cardem "
+BUILDS+="owhw/dfu owhw/cardem "
 BUILDS+="octsimtest/cardem "
 BUILDS+="ngff_cardem/dfu ngff_cardem/blupdate ngff_cardem/cardem ngff_cardem/trace "
 cd $TOPDIR/firmware
 for build in $BUILDS; do
@@ -68,16 +63,15 @@ make dist
 if [ "x$publish" = "x--publish" ]; then
 	echo
 	echo "=============== UPLOAD BUILD  =============="
 	$TOPDIR/contrib/prepare_upload.sh
 	cat > "/build/known_hosts" <<EOF
-[ftp.osmocom.org]:48 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDgQ9HntlpWNmh953a2Gc8NysKE4orOatVT1wQkyzhARnfYUerRuwyNr1GqMyBKdSI9amYVBXJIOUFcpV81niA7zQRUs66bpIMkE9/rHxBd81SkorEPOIS84W4vm3SZtuNqa+fADcqe88Hcb0ZdTzjKILuwi19gzrQyME2knHY71EOETe9Yow5RD2hTIpB5ecNxI0LUKDq+Ii8HfBvndPBIr0BWYDugckQ3Bocf+yn/tn2/GZieFEyFpBGF/MnLbAAfUKIdeyFRX7ufaiWWz5yKAfEhtziqdAGZaXNaLG6gkpy3EixOAy6ZXuTAk3b3Y0FUmDjhOHllbPmTOcKMry9
+[rita.osmocom.org]:48 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDgQ9HntlpWNmh953a2Gc8NysKE4orOatVT1wQkyzhARnfYUerRuwyNr1GqMyBKdSI9amYVBXJIOUFcpV81niA7zQRUs66bpIMkE9/rHxBd81SkorEPOIS84W4vm3SZtuNqa+fADcqe88Hcb0ZdTzjKILuwi19gzrQyME2knHY71EOETe9Yow5RD2hTIpB5ecNxI0LUKDq+Ii8HfBvndPBIr0BWYDugckQ3Bocf+yn/tn2/GZieFEyFpBGF/MnLbAAfUKIdeyFRX7ufaiWWz5yKAfEhtziqdAGZaXNaLG6gkpy3EixOAy6ZXuTAk3b3Y0FUmDjhOHllbPmTOcKMry9
-[ftp.osmocom.org]:48 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPdWn1kEousXuKsZ+qJEZTt/NSeASxCrUfNDW3LWtH+d8Ust7ZuKp/vuyG+5pe5pwpPOgFu7TjN+0lVjYJVXH54=
+[rita.osmocom.org]:48 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPdWn1kEousXuKsZ+qJEZTt/NSeASxCrUfNDW3LWtH+d8Ust7ZuKp/vuyG+5pe5pwpPOgFu7TjN+0lVjYJVXH54=
-[ftp.osmocom.org]:48 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8iivY70EiR5NiGChV39gRLjNpC8lvu1ZdHtdMw2zuX
+[rita.osmocom.org]:48 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8iivY70EiR5NiGChV39gRLjNpC8lvu1ZdHtdMw2zuX
 EOF
 	SSH_COMMAND="ssh -o 'UserKnownHostsFile=/build/known_hosts' -p 48"
-	rsync --archive --verbose --compress --delete --rsh "$SSH_COMMAND" $TOPDIR/firmware/bin/*-latest.{bin,elf} binaries@ftp.osmocom.org:web-files/simtrace2/firmware/latest/
+	rsync --archive --verbose --compress --delete --rsh "$SSH_COMMAND" $TOPDIR/firmware/bin/*-latest.{bin,elf} binaries@rita.osmocom.org:web-files/simtrace2/firmware/latest/
-	rsync --archive --verbose --compress --rsh "$SSH_COMMAND" --exclude $TOPDIR/firmware/bin/*-latest.{bin,elf} $TOPDIR/firmware/bin/*-*-*-*.{bin,elf} binaries@ftp.osmocom.org:web-files/simtrace2/firmware/all/
+	rsync --archive --verbose --compress --rsh "$SSH_COMMAND" --exclude $TOPDIR/firmware/bin/*-latest.{bin,elf} $TOPDIR/firmware/bin/*-*-*-*.{bin,elf} binaries@rita.osmocom.org:web-files/simtrace2/firmware/all/
 fi
 echo
--- a/contrib/prepare_upload.sh
+++ b/contrib/prepare_upload.sh
@@ -1,16 +0,0 @@
 #!/bin/sh -e
 # Create copies of binaries with -latest, -$GIT_VERSION (OS#4413, OS#3452)
 cd "$(dirname "$0")/.."
 GIT_VERSION="$(./git-version-gen .tarball-version)"
 echo "Copying binaries with "-latest" and "-$GIT_VERSION" appended..."
 cd firmware/bin
 for ext in bin elf; do
 	for file in *."$ext"; do
 		without_ext="${file%.*}"
 		cp -v "$file" "$without_ext-latest.$ext"
 		cp -v "$file" "$without_ext-$GIT_VERSION.$ext"
 	done
 done
--- a/contrib/simtrace.lua
+++ b/contrib/simtrace.lua
@@ -1,92 +0,0 @@
 usb_simtrace_protocol = Proto("USB_simtrace",  "USB simtrace protocol")
 local control_commands = {
 -- /* SIMTRACE_MSGC_GENERIC */
 [0x0000] = "SIMTRACE_CMD_DO_ERROR",
 [0x0001] = "SIMTRACE_CMD_BD_BOARD_INFO",
 -- /* SIMTRACE_MSGC_CARDEM */
 [0x0101] = "SIMTRACE_MSGT_DT_CEMU_TX_DATA",
 [0x0102] = "SIMTRACE_MSGT_DT_CEMU_SET_ATR",
 [0x0103] = "SIMTRACE_MSGT_BD_CEMU_STATS",
 [0x0104] = "SIMTRACE_MSGT_BD_CEMU_STATUS",
 [0x0105] = "SIMTRACE_MSGT_DT_CEMU_CARDINSERT",
 [0x0106] = "SIMTRACE_MSGT_DO_CEMU_RX_DATA",
 [0x0107] = "SIMTRACE_MSGT_DO_CEMU_PTS",
 [0x0108] = "SIMTRACE_MSGT_BD_CEMU_CONFIG",
 -- /* SIMTRACE_MSGC_MODEM */
 [0x0201] = "SIMTRACE_MSGT_DT_MODEM_RESET",
 [0x0202] = "SIMTRACE_MSGT_DT_MODEM_SIM_SELECT",
 [0x0203] = "SIMTRACE_MSGT_BD_MODEM_STATUS",
 -- /* SIMTRACE_MSGC_SNIFF */
 [0x0300] = "SIMTRACE_MSGT_SNIFF_CHANGE",
 [0x0301] = "SIMTRACE_MSGT_SNIFF_FIDI",
 [0x0302] = "SIMTRACE_MSGT_SNIFF_ATR",
 [0x0304] = "SIMTRACE_MSGT_SNIFF_TPDU",
 [0x0303] = "SIMTRACE_MSGT_SNIFF_PPS"
 }
 local msgtype  = ProtoField.uint16("usb_simtrace.msgtype", "Message Type", base.HEX_DEC, control_commands)
 local seqnr  = ProtoField.uint8("usb_simtrace.seqnr", "Sequence Number", base.HEX_DEC)
 local slotnr  = ProtoField.uint8("usb_simtrace.slotnr", "Slot Number", base.HEX_DEC)
 local reserved  = ProtoField.uint16("usb_simtrace.reserved", "reserved", base.HEX_DEC)
 local payloadlen  = ProtoField.uint16("usb_simtrace.length", "length", base.HEX_DEC)
 local payload  = ProtoField.bytes("usb_simtrace.payload", "Data")
 local pb_and_rx  = ProtoField.uint32("usb_simtrace.pb_and_rx", "pb_and_rx", base.HEX_DEC, NULL, 0x8)
 local pb_and_tx  = ProtoField.uint32("usb_simtrace.pb_and_tx", "pb_and_tx", base.HEX_DEC, NULL, 0x4)
 local final  = ProtoField.uint32("usb_simtrace.final", "final", base.HEX_DEC, NULL, 0x2)
 local tpdu_hdr  = ProtoField.uint32("usb_simtrace.tpdu_hdr", "tpdu_hdr", base.HEX_DEC, NULL, 0x1)
 local rxtxdatalen  = ProtoField.uint16("usb_simtrace.rxtxdatalen", "rx/tx data length", base.HEX_DEC)
 local rxtxdata  = ProtoField.bytes("usb_simtrace.rxtxdata", "rx/tx (data)")
 usb_simtrace_protocol.fields = {
  msgtype, seqnr, slotnr, reserved, payloadlen, payload, pb_and_rx, pb_and_tx, final, tpdu_hdr, rxtxdatalen, rxtxdata
 }
 function dissect_rxtx(payload_data,pinfo,tree)
  local headerSubtree = tree:add(usb_simtrace_protocol, payload_data, "rx/tx data")
  local len  = payload_data(8+4,2):le_uint();
  local cmd32 =  payload_data(8+0,4):le_uint();
  headerSubtree:add(pb_and_rx, cmd32)
  headerSubtree:add(pb_and_tx, cmd32)
  headerSubtree:add(final, cmd32)
  headerSubtree:add(tpdu_hdr, cmd32)
  headerSubtree:add(rxtxdatalen, len)
  headerSubtree:add_le(rxtxdata, payload_data(8+6,len))
 end
 function usb_simtrace_protocol.dissector(buffer, pinfo, tree)
  length = buffer:len()
  if length == 0 then return end
  pinfo.cols.protocol = usb_simtrace_protocol.name
  local subtree = tree:add(usb_simtrace_protocol, buffer(), "USB simtrace Data")
  local command = buffer(0,2):uint()
  subtree:add(msgtype, command):set_generated()
  subtree:add(seqnr, buffer(2,1))
  subtree:add(slotnr, buffer(3,1))
  subtree:add_le(payloadlen, buffer(6,2))
  pinfo.cols.info = string.format("Cmd 0x%04X : %s", command, control_commands[command])
  local payload_data = buffer(8,length-8)
  if(command == 0x0101 or command == 0x0106) then
    return dissect_rxtx(buffer(),pinfo,subtree)
  else
    subtree:add(payload, payload_data)
  end
 end
 function usb_simtrace_protocol.init()
 local usb_product_dissectors = DissectorTable.get("usb.product")
 usb_product_dissectors:add(0x1d50616d, usb_simtrace_protocol)
 usb_product_dissectors:add(0x1d50616e, usb_simtrace_protocol)
 DissectorTable.get("usb.bulk"):add(0xffff, usb_simtrace_protocol)
 end
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,211 +1,8 @@
-simtrace2 (0.8.1) unstable; urgency=medium
+simtrace2 (0.5.2) UNRELEASED; urgency=medium
  * host/contrib/simtrace2.spec.in: fix soname
 -- Oliver Smith <osmith@sysmocom.de>  Fri, 10 Dec 2021 10:04:28 +0100
 simtrace2 (0.8.0) unstable; urgency=medium
  [ Harald Welte ]
  * adapt to host tools in autotools
  * simtrace2_api: Remove dead code
  * fix baudrate of 'make log'
  * qmod DFU: Don't overwrite memory beyond end of usb_strings[]
  * usb_strings.txt: s/SIMtrace Phone/SIMtrace Card Emulation/
  * Patch actual board name into the USB iProduct string descriptor
  * Build only 'reasonable' combinations of APP/MEMORY
  * stdio: Add support for %p format string (pointer address)
  * Fix format string related warnings (int vs. long)
  * Add missing CR to achieve CRLF at end of log lines
  * more comments in host_communication.c.
  * usb_buf: count number of elements in queue
  * usb_buf: Limit the maximum queue length to 3 elements
  * qmod: Don't print EEPROM operations in help when not supported
  * cosmetic: board_qmod: Annotate #endif with comments
  * qmod: Document '!' and '@' commands on UART
  * implement minimalistic talloc_report(); add 't' command on UART
  * update copyright statement
  * cardem: Fix memory leak on unsupported SIMTRACE_MSGT_DT_CEMU_CARDINSERT
  * usb_buf: Actually limit queue to 3 elements, not 4
  * USBD_HAL: Don't disable UDP peripheral clock on suspend
  * usb_buf: Properly initialize buffered_endpoint->ep number
  * pseudo_talloc: Increment number of buffers from 10 to 20
  * card_emu: Factor out card_handle_reset() from card_emu_init()
  * cardem: Move card_emu_io_statechg() calls out of interrupt context
  * cardem: RST resets all state (including release of buffers)
  * host_communication: Send zero-length-packet on wMaxPacketSize
  * card_emu: Initialize PTSS state every time we start PTS
  * card_emu: Avoid recursive calls to card_set_state()
  * card_emu: Always print state names in string representation
  * card_emu: Remove extraneous code
  * card_emu: Remove extraneous initialization of ch->pts.state
  * cardem: Make card_emu_report_status() optionally use IRQ endpoint
  * cardem: Add SIMTRACE_MSGT_BD_CEMU_CONFIG
  * cardem: Implement support for CEMU_FEAT_F_STATUS_IRQ
  * simtrace2-sniff: Reformat value_string to pass our validation scripts
  * firmware: Reformat value_string to pass our validation scripts
  * jenkins.sh: Add verify_value_string_arrays_are_terminated.py
  * [lib] apdu_dispatch: Use DLGLOBAL and don't printf() directly
  * [lib] apdu_dispatch: Don't print APDU state to stdout
  * OSMO_ASSERT() on double-free or invalid pointer
  * Update .gitignore file for host
  * migrate to libosmousb
  * library: Add osmo_st2_compatible_dev_idsp[]
  * firmware: move printing of welcome banner to common function print_banner()
  * firmware: apps/cardem/main.c: Synchronize with apps/trace/main.c
  * host: Add COPYING file for host software (GPLv2)
  * host/lib/gsmtap.c: Add GPLv2 disclaimer
  * increase ringbuffer size from 512 to 1024 bytes
  * simtrace2_api: Add osmo_st2_cardem_request_config()
  * Disable interrupts during EEFC_ReadUniqueID()
  * cardem: Fix infinite loop + watchdog reset on long OUT message
  * extend osmo_st2_cardem_inst with fields required by osmo-remsim
  * cosmetic: Add missing CR to LF in dispatch_received_usb_msg()
  * USBD.c: Don't reset EP0 on SetConfiguration(0)
  * pio_it.c: Permit repeated calls to PIO_ConfigureIt()
  * simtrace2_siff: getopt_long() returns int, not char
  * Introduce support for asynchronous USB transmission
  * firmware: fix builds with gcc stack smashing protection enabled
  * dfu: Shrink code by 144 bytes (by not calling PIO_InitializeInterrupts)
  * dfu: Save another 60 bytes by changing the way we print horizontal lines
  * migrate from BSC_FD_* to OSMO_FD_*
  * remove usb2udp
  * rename simtrace2-remsim to simtrace2-cardem-pcsc
  * Update README
  * remove old pre-autoconf makefile
  * simtrace2-cardem-pcsc: Make it work again
  * Revert "add ISO 7816-3 library to remsim project"
  * Revert "add library providing ISO 7816-3 utilities"
  * card_emu: waiting_time is stored in etu, not clocks.
  * card_emu: Rename fi to Fi and di to Di
  * card_emu: Clarify and differentiate F/Fi/F_index/Fi_index
  * iso7816_fidi: Add iso7816_3_ prefix to symbols; fix terminology
  * card_emu: improve reset detection conditions
  * card_emu: explicitly initialize PTS and TPDU states
  * card_emu: Use USART timeout for waiting time
  * card_emu: Fix USART timer, particularly in re-start situations
  * card_emu: Fix computation of waiting time
  * contrib/jenkins.sh: Switch from rita -> ftp.osmocom.org
  * st2-cardem-pcsc: Fix goto-in-while mess
  * st2-cardem-pcsc: Use ATR of real card by default
  * simtrace board.h: Enable HAVE_CARDEM if we build the cardem firmware
  * jenkins.sh: build 'cardem' firmware also for simtrace board
  * Revert "cardem: disable upload for simtrace2"
  * simtrace2-cardem-pcsc: Decode STATUS flags to strings
  * simtrace2-cardem-pcsc: Reset the real card if reader resets cardem
  * assert: Use printf_sync() to ensure printing of assert / panic
  * Add usb product ID of sysmoOCTSIMTEST
  * octsimtest: remove lots of unused #defines
  * octsimtest: most code for support of this new board
  * octsimtest: Switch direction of I/O level shifter depending on uart tx / rx
  * cardem-pcsc: initialize libosmocore logging
  * octsimtest: Adjust VCC voltage thresholds (resistive VCC divider)
  * contrib/jenkins.sh: Build 'cardem' app for 'octsimtest' board
  * firmware: octsimtest: Fix IO_DIR pin definition
  * firmware: octsimtest: Make slot mux configurable via USB
  * firmware: octsimtest: mcp23017 initializaiton
  * firmware: cardem: re-factor CARDINSERT command processing
  * firmware: octsimtest: Support SIMTRACE_MSGT_DT_CEMU_CARDINSERT
  * firmware: octsimtest: use TRACE_* macros instead of direct printf
  * firmware: octsimtest: Fix disabling the card_insert signal
  * firmware: octsimtest: Add i/I command for setting card-insert via I2C GPIO
  * firmware: octsimtest: ensure all card_insert GPIO are 0 after reset
  * don't printf() directly from library code, go via libosmocore logging
  * simtrace2-list: Use osmo_st2_compatible_dev_ids[]
  * board_gpio.gnumeric: Add ngff-cardem pin-out
  * 99-simtrace2.rules: Add OCTSIMTEST
  * contrib/flash.py: Add OCTSIMTEST support
  * Introduce simtrace2-tool
  * introduce support for new ngff_cardem board
  * simtrace2.spec: Add simtrace2-tool binary to package
  * contrib/jenkins.sh: Build APP=cardem for BOARD=ngff_cardem
  * jenkins.sh: Build 'trace' firmware for ngff_cardem
  * Use osmo_libusb_{init,exit}() instead of libusb_{init,exit}()
  * simtrace2-cardem-pcsc: Remove double libusb initialization
  * simtrace2-tool: Initialize logging to avoid error on first log output
  * cardem-pcsc: Fix return of uninitialized variable
  * host: Upgrade libosmocore dependency to 1.4.0
-  [ Kévin Redon ]
+ -- Harald Welte <lafore@gnumonks.org>  Thu, 28 Nov 2019 00:44:57 +0100
  * minor: fix spacing
  * minor: updated copyright years
  * dfu: minor: make debug output only verbose in info level
  * minor: move USB debug output from info to debug level
  * minor: improve debug output
  * minor : fix typo in comment
  * better detect VCC and nRST changes on simtrace2 board
  * minor: ignore usbstring binary
  * simtrace2-remsim: Use simplest ATR
  * cardem: use simplest ATR as default ATR
  * minor: fix typo
  * DFU: increase USB reset duration to 50 ms
  * DFU: restart bootloader when USB conf failed
  * Makefile: add linker option showing memory usage
  * improve shared bootloader/application memory
  * minor: improve trace output
  * DFU: add DFU application
  * add script to flash latest firmware
  * minor: use same LED pattern for cardem as other applications
  * cardem: currently simtrace does not support cardem
  * add library providing ISO 7816-3 utilities
  * add ISO 7816-3 library to remsim project
  * rename PIN_PHONE_{CLK,IO} to PIN_USIM1_{CLK,IO}
  * minor add comments
  * make sim switch board specific
  [ Eric Wild ]
  * remsim: allow selecting pcsc reader number
  * cardem: disable upload for simtrace2
  * firmware: do not allow undefined symbols
  * firmware: allow verbose builds
  * cardem: choose a more reasonable default ATR
  * contrib: add a basic simtrace lua dissector for wireshark
  * cardem: free the buf
  * cardemu: support 1v8 for the tester
  * firmware: data sections
  * firmware: proper makefile deps
  * firmware: make the ngff beakout blink
  * simtrace2-cardem: use local sim on exit
  * contrib: more cardem dissection
  * firmware: trace for ngff
  * cardem: fix spurious NULL bytes during transfers
  * contrib/jenkins.sh: build ngff_Cardem dfu bootloader
  * contrib: allow manually forcing bulk simtrace dissection
  * contrib/jenkins.sh: lower trace to make bl fit
  * Revert "firmware: data sections"
  * add the ngff cardem to default build targets
  * drop unused exidx sections when linking
  * clang build support
  * fix bootloader led config crash
  * firmware: add bootloader update "app"
  * firmware: remove usb pullup that dates back to simtrace1
  * firmware: increase reset delay before usb reattach
  * firmware: drop cref printing
  * add our default clang-format file
  * firmware: add missing usb strings to blupdate that prevented building it
  * jenkins: build bootloader updater
  * firmware: remove dfu-dfu default target
  [ Oliver Smith ]
  * contrib: import RPM spec
  * contrib: integrate RPM spec
  * d/source/format: new file
  * firmware/Makefile: fix UNKNOWN in OBS packages
  * host: use git-version-gen/tarball-v. from topdir
  * gitignore: add firmware/apps/*/usb_strings.txt.patched
  * firmware: create duplicate files for upload only
  * contrib/prepare_upload.sh: fix cd problems
  * firmware: qmod-dfu: disable stack protector
  * firmware: disable stack protector by default
  * gitreview: new file
  [ Leonard Hübner ]
  * remsim: adding cli argument to set the atr
  [ Eric ]
  * dfu: let the device reset itself
 -- Harald Welte <laforge@osmocom.org>  Thu, 09 Dec 2021 08:12:56 +0100
 simtrace2 (0.5.1) unstable; urgency=medium
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,7 @@ Build-Depends: debhelper (>= 9),
               pkg-config,
               git,
               dh-autoreconf,
-               libosmocore-dev (>= 1.4.0),
+               libosmocore-dev,
               libpcsclite-dev,
               libnewlib-arm-none-eabi,
               libusb-1.0-0-dev,
@@ -33,11 +33,11 @@ Package: simtrace2-utils
 Section: devel
 Architecture: any
 Multi-Arch: same
-Depends: ${shlibs:Depends}, ${misc:Depends}, libosmo-simtrace2-1
+Depends: ${shlibs:Depends}, ${misc:Depends}, libosmo-simtrace2-0
 Recommends: simtrace2-firmware
 Description: Host utilities to communicate with SIMtrace2 USB Devices.
-Package: libosmo-simtrace2-1
+Package: libosmo-simtrace2-0
 Section: libs
 Architecture: any
 Multi-Arch: same
@@ -52,7 +52,7 @@ Package: libosmo-simtrace2-dev
 Section: libdevel
 Architecture: any
 Multi-Arch: same
-Depends: libosmo-simtrace2-1, ${misc:Depends}
+Depends: libosmo-simtrace2-0, ${misc:Depends}
 Description: Development headers for Osmocom SIMtrace2 library
  This library contains core "driver" functionality to interface with the
  Osmocom SIMtrace2 (and compatible) USB device firmware.  It enables
--- a/debian/libosmo-simtrace2-0.install
+++ b/debian/libosmo-simtrace2-0.install
--- a/debian/source/format
+++ b/debian/source/format
@@ -1 +0,0 @@
 3.0 (native)
--- a/firmware/Makefile
+++ b/firmware/Makefile
@@ -28,19 +28,11 @@
 #   Makefile for compiling the Getting Started with SAM3S Microcontrollers project
-GIT_VERSION=$(shell $(TOP)/git-version-gen $(TOP)/.tarball-version)
+GIT_VERSION=$(shell $(TOP)/git-version-gen $(TOP)/.tarvers)
 #-------------------------------------------------------------------------------
 #        User-modifiable options
 #-------------------------------------------------------------------------------
 # verbosity
 V ?= 0
 ifneq ("$(V)","0")
 SILENT :=
 else
 SILENT := @
 endif
 # Chip & board used for compilation
 # (can be overriden by adding CHIP=chip and BOARD=board to the command-line)
 CHIP  ?= sam3s4
@@ -50,7 +42,6 @@ APP ?= dfu
 # Defines which are the available memory targets for the SAM3S-EK board.
 ifeq ($(APP), dfu)
 MEMORIES ?= flash
 TRACE_LEVEL ?= 0
 else
 MEMORIES ?= dfu
 endif
@@ -73,20 +64,12 @@ AT91LIB_USB_DFU_PATH = $(AT91LIB)/usb/device/dfu
 # Tool suffix when cross-compiling
 CROSS_COMPILE = arm-none-eabi-
-USE_CLANG ?= 0
+LIBS = -Wl,--start-group -lgcc -Wl,--end-group -nostdlib
-ifneq ("$(USE_CLANG)","0")
+
-# --target=thumbv7m-none-eabi
+# Compilation tools
 CC = clang
 LD = ld.lld
 SIZE = llvm-size
 LIBS = -nostdlib
 else
 CC = $(CROSS_COMPILE)gcc
 LD = $(CROSS_COMPILE)ld
 SIZE = $(CROSS_COMPILE)size
 LIBS = -Wl,--start-group -lgcc -Wl,--end-group -nostdlib
 endif
 STRIP = $(CROSS_COMPILE)strip
 OBJCOPY = $(CROSS_COMPILE)objcopy
 GDB = $(CROSS_COMPILE)gdb
@@ -116,8 +99,7 @@ C_LIBCHIP  = $(notdir $(wildcard $(AT91LIB)/libchip_sam3s/source/*.c) $(wildcard
 C_LIBUSB     = USBDescriptors.c USBRequests.c USBD.c USBDCallbacks.c USBDDriver.c USBDDriverCallbacks.c
 C_LIBUSB_RT  = dfu.c dfu_runtime.c
 C_LIBUSB_DFU = dfu.c dfu_desc.c dfu_driver.c
-C_LIBCOMMON  = string.c stdio.c fputs.c usb_buf.c ringbuffer.c pseudo_talloc.c host_communication.c \
+C_LIBCOMMON  = string.c stdio.c fputs.c usb_buf.c ringbuffer.c pseudo_talloc.c host_communication.c
 	       main_common.c stack_check.c
 C_BOARD      = $(notdir $(wildcard libboard/common/source/*.c))
 C_BOARD     += $(notdir $(wildcard libboard/$(BOARD)/source/*.c))
@@ -147,11 +129,7 @@ ALLOW_PEER_ERASE?=0
 #CFLAGS+=-DUSB_NO_DEBUG=1
 # Optimization level, put in comment for debugging
 ifneq ("$(USE_CLANG)","0")
 OPTIMIZATION ?= -Oz
 else
 OPTIMIZATION ?= -Os
 endif
 # Flags
 INCLUDES_USB = -I$(AT91LIB)/usb/include -I$(AT91LIB)
@@ -165,11 +143,6 @@ INCLUDES += -Ilibosmocore/include
 INCLUDES += -Isrc_simtrace -Iinclude
 INCLUDES += -Iapps/$(APP)
 ifneq ("$(USE_CLANG)","0")
 CFLAGS += -Wno-unknown-warning-option -Wno-empty-body -fno-exceptions -fno-unwind-tables --config armv7em_soft_nofp_nosys
 else
 CFLAGS += -Wno-suggest-attribute=noreturn --param max-inline-insns-single=500
 endif
 CFLAGS += -Wall -Wchar-subscripts -Wcomment -Wimplicit-int -Wformat=2
 CFLAGS += -Werror-implicit-function-declaration -Wmain -Wparentheses
 CFLAGS += -Wsequence-point -Wreturn-type -Wswitch -Wtrigraphs #-Wunused
@@ -182,33 +155,22 @@ CFLAGS += -Wredundant-decls -Wnested-externs #-Winline -Wlong-long
 CFLAGS += -Wunreachable-code
 #CFLAGS += -Wcast-align
 #CFLAGS += -std=c11
-#CFLAGS += -Wmissing-noreturn
+CFLAGS += -Wmissing-noreturn
 #CFLAGS += -Wconversion
 CFLAGS += -Wno-unused-but-set-variable -Wno-unused-variable
-
+CFLAGS += -Wno-suggest-attribute=noreturn
 # -mlong-calls  -Wall
 #CFLAGS += -save-temps -fverbose-asm
 #CFLAGS += -Wa,-a,-ad
-CFLAGS += -D__ARM -fno-builtin
+CFLAGS += -D__ARM
-CFLAGS += -mcpu=cortex-m3 -mthumb # -mfix-cortex-m3-ldrd
+CFLAGS += --param max-inline-insns-single=500 -mcpu=cortex-m3 -mthumb # -mfix-cortex-m3-ldrd
 CFLAGS += -ffunction-sections -g $(OPTIMIZATION) $(INCLUDES) -D$(CHIP) -DTRACE_LEVEL=$(TRACE_LEVEL) -DALLOW_PEER_ERASE=$(ALLOW_PEER_ERASE)
 CFLAGS += -DGIT_VERSION=\"$(GIT_VERSION)\"
 CFLAGS += -DBOARD=\"$(BOARD)\" -DBOARD_$(BOARD)
 CFLAGS += -DAPPLICATION=\"$(APP)\" -DAPPLICATION_$(APP)
 # Disable stack protector by default (OS#5081)
 ifeq ($(STACK_PROTECTOR), 1)
 CFLAGS += -fstack-protector
 else
 CFLAGS += -fno-stack-protector
 endif
 ASFLAGS = -mcpu=cortex-m3 -mthumb -Wall -g $(OPTIMIZATION) $(INCLUDES) -D$(CHIP) -D__ASSEMBLY__
-LDFLAGS = -mcpu=cortex-m3 -mthumb -Wl,--check-sections -Wl,--gc-sections -Wl,--entry=ResetException -Wl,--unresolved-symbols=report-all -Wl,--warn-common -Wl,--no-undefined $(LIB)
+LDFLAGS = -mcpu=cortex-m3 -mthumb -Wl,--cref -Wl,--check-sections -Wl,--gc-sections -Wl,--entry=ResetException -Wl,--unresolved-symbols=report-all -Wl,--warn-common -Wl,--warn-section-align -Wl,--warn-unresolved-symbols $(LIB)
 ifeq ("$(USE_CLANG)","0")
 LDFLAGS += -Wl,--warn-section-align -Wl,--print-memory-usage
 endif
 #LD_OPTIONAL=-Wl,--print-gc-sections -Wl,--stats
 # Append BIN directories to output filename
@@ -218,7 +180,7 @@ OUTPUT := $(BIN)/$(OUTPUT)
 #		Rules
 #-------------------------------------------------------------------------------
-all: $(BIN) $(OBJ) $(MEMORIES)
+all: apps/$(APP)/usb_strings_generated.h $(BIN) $(OBJ) $(MEMORIES)
 combined: $(OUTPUT)-combined.bin
@@ -229,7 +191,7 @@ $(BIN)/$(BOARD)-dfu-flash-padded.bin: $(BIN)/$(BOARD)-dfu-flash.bin
 $(OUTPUT)-combined.bin: $(BIN)/$(BOARD)-dfu-flash-padded.bin $(OUTPUT)-dfu.bin
 	cat $^ > $@
-$(BIN) $(OBJ): apps/$(APP)/usb_strings_generated.h
+$(BIN) $(OBJ):
 	mkdir -p $@
 usbstring/usbstring: usbstring/usbstring.c
@@ -245,48 +207,30 @@ apps/$(APP)/usb_strings_generated.h: apps/$(APP)/usb_strings.txt.patched usbstri
 define RULES
 C_OBJECTS_$(1) = $(addprefix $(OBJ)/$(1)_, $(C_OBJECTS))
 ASM_OBJECTS_$(1) = $(addprefix $(OBJ)/$(1)_, $(ASM_OBJECTS))
 EXTRA_OBJECTS_$(1) = $(addprefix $(OBJ)/$(1)_, $(EXTRA_OBJECTS))
-build_$(1): $$(ASM_OBJECTS_$(1)) $$(C_OBJECTS_$(1)) $$(EXTRA_OBJECTS_$(1))
+$(1): $$(ASM_OBJECTS_$(1)) $$(C_OBJECTS_$(1))
-	$(SILENT)$(CC) $(CFLAGS) $(LDFLAGS) $(LD_OPTIONAL) -T"libboard/common/resources/$(CHIP)/$(1).ld" -Wl,-Map,$(OUTPUT)-$(1).map -o $(OUTPUT)-$(1).elf $$^ $(LIBS)
+	@$(CC) $(LDFLAGS) $(LD_OPTIONAL) -T"libboard/common/resources/$(CHIP)/$$@.ld" -Wl,-Map,$(OUTPUT)-$$@.map -o $(OUTPUT)-$$@.elf $$^ $(LIBS)
-	$(SILENT)$(NM) $(OUTPUT)-$(1).elf >$(OUTPUT)-$(1).elf.txt
+	cp $(OUTPUT)-$$@.elf $(OUTPUT)-$$@-$(GIT_VERSION).elf
-	$(SILENT)$(OBJCOPY) -O binary $(OUTPUT)-$(1).elf $(OUTPUT)-$(1).bin
+	cp $(OUTPUT)-$$@.elf $(OUTPUT)-$$@-latest.elf
-	$(SILENT)$(SIZE) $$^ $(OUTPUT)-$(1).elf
+	@$(NM) $(OUTPUT)-$$@.elf >$(OUTPUT)-$$@.elf.txt
 	@$(OBJCOPY) -O binary $(OUTPUT)-$$@.elf $(OUTPUT)-$$@.bin
 	cp $(OUTPUT)-$$@.bin $(OUTPUT)-$$@-$(GIT_VERSION).bin
 	cp $(OUTPUT)-$$@.bin $(OUTPUT)-$$@-latest.bin
 	@$(SIZE) $$^ $(OUTPUT)-$$@.elf
 $$(C_OBJECTS_$(1)): $(OBJ)/$(1)_%.o: %.c Makefile $(OBJ) $(BIN)
 	@echo [COMPILING $$<]
-	$(SILENT)$(CC) $(CFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -c -o $$@ $$<
+	@$(CC) $(CFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -Wa,-ahlms=$(BIN)/$$*.lst -c -o $$@ $$<
 $$(ASM_OBJECTS_$(1)): $(OBJ)/$(1)_%.o: %.S Makefile $(OBJ) $(BIN)
 	@echo [ASSEMBLING $$@]
-	$(SILENT)$(CC) $(ASFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -c -o $$@ $$<
+	@$(CC) $(ASFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -c -o $$@ $$<
 debug_$(1): $(1)
 	$(GDB) -x "$(BOARD_LIB)/resources/gcc/$(BOARD)_$(1).gdb" -ex "reset" -readnow -se $(OUTPUT)-$(1).elf
 endef
-ALL_MEMORIES = dfu flash ram
+$(foreach MEMORY, $(MEMORIES), $(eval $(call RULES,$(MEMORY))))
 $(foreach MEMORY, $(ALL_MEMORIES), $(eval $(call RULES,$(MEMORY))))
 # files with those names do exist..
 .PHONY: ram
 .PHONY: dfu
 .PHONY: flash
 ram: build_ram
 dfu: build_dfu
 ifeq ($(APP), blupdate)
 	$(info updating updater section with padded bootloader file..)
 	$(SILENT)dd if=/dev/zero bs=16384 count=1 of=$(BIN)/$(BOARD)-dfu-flash-padded.bin
 	$(SILENT)dd if=$(BIN)/$(BOARD)-dfu-flash.bin conv=notrunc of=$(BIN)/$(BOARD)-dfu-flash-padded.bin
 	$(SILENT)$(OBJCOPY) --update-section .blupdate=bin/$(BOARD)-dfu-flash-padded.bin bin/$(BOARD)-blupdate-dfu.elf
 	$(SILENT)$(OBJCOPY) -O binary bin/$(BOARD)-blupdate-dfu.elf bin/$(BOARD)-blupdate-dfu.bin
 endif
 flash: build_flash
 #alternate way of embedding: obj file
 #ifeq ($(APP), dfu)
 #	$(info bootloader bin file to obj..)
 #	$(SILENT)$(OBJCOPY) --rename-section .data=.fwupdate -I binary -O elf32-littlearm bin/$(BOARD)-dfu-flash.bin $(OBJ)/flash_fwupdate.o
 #endif
 program:
 	openocd -f openocd/openocd.cfg -c "init" -c "halt" -c "flash write_bank 0 ./bin/project-flash.bin 0" -c "reset" -c "shutdown"
--- a/firmware/apps/blupdate/Makefile
+++ b/firmware/apps/blupdate/Makefile
@@ -1,12 +0,0 @@
 C_FILES += $(C_LIBUSB_DFU)
 # Trace level used for compilation
 # (can be overridden by adding TRACE_LEVEL=#number to the command-line)
 # TRACE_LEVEL_DEBUG      5
 # TRACE_LEVEL_INFO       4
 # TRACE_LEVEL_WARNING    3
 # TRACE_LEVEL_ERROR      2
 # TRACE_LEVEL_FATAL      1
 # TRACE_LEVEL_NO_TRACE   0
 TRACE_LEVEL ?= 3
--- a/firmware/apps/blupdate/main.c
+++ b/firmware/apps/blupdate/main.c
@@ -1,134 +0,0 @@
 /* SIMtrace 2 firmware USB DFU bootloader
 *
 * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
 * (C) 2018-2019 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 */
 #include "board.h"
 #include "core_cm3.h"
 #include "flashd.h"
 #include "utils.h"
 #include "usb/device/dfu/dfu.h"
 #include "usb/common/dfu/usb_dfu.h"
 #include "manifest.h"
 #include "USBD_HAL.h"
 #include <osmocom/core/timer.h>
 /* actual section content must be replaced with the padded bootloader by running objcopy! */
 const uint32_t bl_update_data[BOARD_DFU_BOOT_SIZE / sizeof(uint32_t)] __attribute__((section(".fwupdate"))) = { 0xFF };
 unsigned int g_unique_id[4];
 /* remember if the watchdog has been configured in the main loop so we can kick it in the ISR */
 static bool watchdog_configured = false;
 extern uint32_t _end;
 extern uint32_t _srelocate;
 extern uint32_t _etext;
 void DFURT_SwitchToDFU(void)
 {
 }
 void USBDFU_Runtime_RequestHandler(const USBGenericRequest *request)
 {
 }
 int USBDFU_handle_dnload(uint8_t altif, unsigned int offset, uint8_t *data, unsigned int len)
 {
 	return 0;
 }
 int USBDFU_handle_upload(uint8_t altif, unsigned int offset, uint8_t *data, unsigned int req_len)
 {
 	return 0;
 }
 int USBDFU_OverrideEnterDFU(void)
 {
 	return 0;
 }
 __attribute__((section(".ramfunc"), noinline)) static uint32_t flash_wait_ready()
 {
 	Efc *efc = EFC;
 	uint32_t dwStatus;
 	do {
 		dwStatus = efc->EEFC_FSR;
 	} while ((dwStatus & EEFC_FSR_FRDY) != EEFC_FSR_FRDY);
 	return (dwStatus & (EEFC_FSR_FLOCKE | EEFC_FSR_FCMDE));
 }
 __attribute__((section(".ramfunc"), noinline)) static void flash_cmd(uint32_t dwCommand, uint32_t dwArgument)
 {
 	Efc *efc = EFC;
 	uint32_t dwStatus;
 	efc->EEFC_FCR = EEFC_FCR_FKEY(0x5A) | EEFC_FCR_FARG(dwArgument) | EEFC_FCR_FCMD(dwCommand);
 }
 __attribute__((section(".ramfunc"), noinline, noreturn)) static void erase_first_app_sector()
 {
 	/* page 64 */
 	uint32_t first_app_page = (BOARD_DFU_BOOT_SIZE / IFLASH_PAGE_SIZE);
 	uint32_t *first_app_address = (uint32_t *)(IFLASH_ADDR + first_app_page * IFLASH_PAGE_SIZE + 0);
 #if 1
 	/* overwrite first app sector so we don't keep booting this */
 	for (int i = 0; i < IFLASH_PAGE_SIZE / 4; i++)
 		first_app_address[i] = 0xffffffff;
 	flash_cmd(EFC_FCMD_EWP, first_app_page);
 #else
 	/* why does erasing the whole flash with a protected bootloader not work at all? */
 	flash_cmd(EFC_FCMD_EA, 0);
 #endif
 	flash_wait_ready();
 	for (;;)
 		NVIC_SystemReset();
 }
 #define MAX_USB_ITER BOARD_MCK / 72 // This should be around a second
 extern int main(void)
 {
 	uint8_t isUsbConnected = 0;
 	unsigned int i = 0;
 	uint32_t reset_cause = (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos;
 	/* Enable watchdog for 2000ms, with no window */
 	WDT_Enable(WDT, WDT_MR_WDRSTEN | WDT_MR_WDDBGHLT | WDT_MR_WDIDLEHLT | (WDT_GetPeriod(2000) << 16) |
 				WDT_GetPeriod(2000));
 	watchdog_configured = true;
 	EEFC_ReadUniqueID(g_unique_id);
 	printf("\n\r\n\r");
 	printf("bootloader updater %s for board %s\n\r"
 	       "(C) 2010-2017 by Harald Welte, 2018-2019 by Kevin Redon\n\r",
 	       manifest_revision, manifest_board);
 	/* clear g_dfu on power-up reset */
 	memset(g_dfu, 0, sizeof(*g_dfu));
 	TRACE_INFO("USB init...\n\r");
 	/* Signal USB reset by disabling the pull-up on USB D+ for at least 10 ms */
 	USBD_Disconnect();
 	/* Initialize the flash to be able to write it, using the IAP ROM code */
 	FLASHD_Initialize(BOARD_MCK, 1);
 	__disable_irq();
 	FLASHD_Unlock(IFLASH_ADDR, IFLASH_ADDR + IFLASH_SIZE - 1, 0, 0);
 	FLASHD_Write(IFLASH_ADDR, bl_update_data, BOARD_DFU_BOOT_SIZE);
 	erase_first_app_sector();
 }
--- a/firmware/apps/blupdate/usb_strings.txt
+++ b/firmware/apps/blupdate/usb_strings.txt
@@ -1,6 +0,0 @@
 sysmocom - s.f.m.c. GmbH
 PRODUCT_STRING
 bootloader updater
 RAM
 Flash (Application Partition)
 Flash (Bootloader Partition)
--- a/firmware/apps/cardem/Makefile
+++ b/firmware/apps/cardem/Makefile
@@ -1,3 +1,3 @@
 C_FILES += $(C_LIBUSB_RT)
-C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c usb.c
+C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c
--- a/firmware/apps/cardem/main.c
+++ b/firmware/apps/cardem/main.c
@@ -24,9 +24,10 @@
 #include "board.h"
 #include "simtrace.h"
 #include "utils.h"
 #include "main_common.h"
 #include <osmocom/core/timer.h>
 unsigned int g_unique_id[4];
 /*------------------------------------------------------------------------------
 *         Internal variables
 *------------------------------------------------------------------------------*/
@@ -39,7 +40,7 @@ typedef struct {
 	void (*exit) (void);
 	/* main loop content for given configuration */
 	void (*run) (void);
-	/* Interrupt handler for USART0 */
+	/* Interrupt handler for USART1 */
 	void (*usart0_irq) (void);
 	/* Interrupt handler for USART1 */
 	void (*usart1_irq) (void);
@@ -53,8 +54,6 @@ static const conf_func config_func_ptrs[] = {
 		.init = Sniffer_init,
 		.exit = Sniffer_exit,
 		.run = Sniffer_run,
 		.usart0_irq = Sniffer_usart0_irq,
 		.usart1_irq = Sniffer_usart1_irq,
 	},
 #endif
 #ifdef HAVE_CCID
@@ -71,13 +70,8 @@ static const conf_func config_func_ptrs[] = {
 		.init = mode_cardemu_init,
 		.exit = mode_cardemu_exit,
 		.run = mode_cardemu_run,
 #if defined (ngff_cardem)
 		.usart0_irq = mode_cardemu_usart1_irq,
 		.usart1_irq = mode_cardemu_usart0_irq,
 #else
 		.usart0_irq = mode_cardemu_usart0_irq,
 		.usart1_irq = mode_cardemu_usart1_irq,
 #endif
 	},
 #endif
 #ifdef HAVE_MITM
@@ -152,8 +146,7 @@ extern int main(void)
 	unsigned int i = 0;
 	led_init();
-	led_blink(LED_RED, BLINK_ALWAYS_ON);
+	led_blink(LED_RED, BLINK_3O_5F);
 	led_blink(LED_GREEN, BLINK_ALWAYS_ON);
 	/* Enable watchdog for 2000ms, with no window */
 	WDT_Enable(WDT, WDT_MR_WDRSTEN | WDT_MR_WDDBGHLT | WDT_MR_WDIDLEHLT |
@@ -161,7 +154,34 @@ extern int main(void)
 	PIO_InitializeInterrupts(0);
-	print_banner();
+	EEFC_ReadUniqueID(g_unique_id);
 		printf("\n\r\n\r"
 		"=============================================================================\n\r"
 		"SIMtrace2 firmware " GIT_VERSION "\n\r"
 		"(C) 2010-2017 by Harald Welte, 2018-2019 by Kevin Redon\n\r"
 		"=============================================================================\n\r");
 #if (TRACE_LEVEL >= TRACE_LEVEL_INFO)
 	TRACE_INFO("Chip ID: 0x%08lx (Ext 0x%08lx)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
 	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\n\r",
 		   g_unique_id[0], g_unique_id[1],
 		   g_unique_id[2], g_unique_id[3]);
 	uint8_t reset_cause = (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos;
 	static const char* reset_causes[] = {
 		"general reset (first power-up reset)",
 		"backup reset (return from backup mode)",
 		"watchdog reset (watchdog fault occurred)",
 		"software reset (processor reset required by the software)",
 		"user reset (NRST pin detected low)",
 	};
 	if (reset_cause < ARRAY_SIZE(reset_causes)) {
 		TRACE_INFO("Reset Cause: %s\n\r", reset_causes[reset_cause]);
 	} else {
 		TRACE_INFO("Reset Cause: 0x%lx\n\r", (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos);
 	}
 #endif
 	board_main_top();
 	TRACE_INFO("USB init...\n\r");
@@ -182,7 +202,8 @@ extern int main(void)
 	}
 	TRACE_INFO("calling configure of all configurations...\n\r");
-	for (i = 1; i < ARRAY_SIZE(config_func_ptrs); i++) {
+	for (i = 1; i < sizeof(config_func_ptrs) / sizeof(config_func_ptrs[0]);
 	     ++i) {
 		if (config_func_ptrs[i].configure)
 			config_func_ptrs[i].configure();
 	}
--- a/firmware/apps/dfu/main.c
+++ b/firmware/apps/dfu/main.c
@@ -26,15 +26,8 @@
 #include <osmocom/core/timer.h>
 /* USB alternate interface index used to identify which partition to flash */
 /** USB alternate interface index indicating RAM partition */
 #define ALTIF_RAM 0
 /** USB alternate interface index indicating flash partition */
 #if defined(ENVIRONMENT_flash)
 #define ALTIF_FLASH 1
 #elif defined(ENVIRONMENT_dfu)
 #define ALTIF_FLASH 2
 #endif
 unsigned int g_unique_id[4];
 /* remember if the watchdog has been configured in the main loop so we can kick it in the ISR */
@@ -51,18 +44,10 @@ static const Pin pinsLeds[] = { PINS_LEDS } ;
 *----------------------------------------------------------------------------*/
 #define RAM_ADDR(offset) (IRAM_ADDR + BOARD_DFU_RAM_SIZE + offset)
 #if defined(ENVIRONMENT_flash)
 #define FLASH_ADDR(offset) (IFLASH_ADDR + BOARD_DFU_BOOT_SIZE + offset)
 #elif defined(ENVIRONMENT_dfu)
 #define FLASH_ADDR(offset) (IFLASH_ADDR + offset)
 #endif
-#define IRAM_END ((uint8_t *)IRAM_ADDR + IRAM_SIZE)
+#define IFLASH_END	((uint8_t *)IFLASH_ADDR + IFLASH_SIZE)
-#if defined(ENVIRONMENT_flash)
+#define IRAM_END	((uint8_t *)IRAM_ADDR + IRAM_SIZE)
 #define IFLASH_END ((uint8_t *)IFLASH_ADDR + IFLASH_SIZE)
 #elif defined(ENVIRONMENT_dfu)
 #define IFLASH_END ((uint8_t *)IFLASH_ADDR + BOARD_DFU_BOOT_SIZE)
 #endif
 /* incoming call-back: Host has transferred 'len' bytes (stored at
 * 'data'), which we shall write to 'offset' into the partition
@@ -105,11 +90,7 @@ int USBDFU_handle_dnload(uint8_t altif, unsigned int offset,
 		break;
 	case ALTIF_FLASH:
 		addr = FLASH_ADDR(offset);
 #if defined(ENVIRONMENT_flash)
 		if (addr < IFLASH_ADDR || addr + len >= IFLASH_ADDR + IFLASH_SIZE) {
 #elif defined(ENVIRONMENT_dfu)
 		if (addr < IFLASH_ADDR || addr + len >= IFLASH_ADDR + BOARD_DFU_BOOT_SIZE) {
 #endif
 			g_dfu->state = DFU_STATE_dfuERROR;
 			g_dfu->status = DFU_STATUS_errADDRESS;
 			rc = DFU_RET_STALL;
@@ -243,17 +224,6 @@ static void check_exec_dbg_cmd(void)
 	//board_exec_dbg_cmd(ch);
 }
 /* print a horizontal line of '=' characters; Doing this in a loop vs. using a 'const'
 * string saves us ~60 bytes of executable size (matters particularly for DFU loader) */
 static void print_line(void)
 {
 	int i;
 	for (i = 0; i < 78; i++)
 		fputc('=', stdout);
 	fputc('\n', stdout);
 	fputc('\r', stdout);
 }
 /*------------------------------------------------------------------------------
 *        Main
 *------------------------------------------------------------------------------*/
@@ -271,50 +241,39 @@ extern int main(void)
 #ifdef PINS_LEDS
 	/* Configure LED */
-	PIO_Configure(pinsLeds, PIO_LISTSIZE(pinsLeds));
+	PIO_Configure(pinsLeds, sizeof(pinsLeds));
 	PIO_Set(&pinsLeds[LED_NUM_RED]);
 	PIO_Clear(&pinsLeds[LED_NUM_GREEN]);
 #endif
 	PIO_InitializeInterrupts(0);
 	EEFC_ReadUniqueID(g_unique_id);
-	printf("\n\r\n\r");
+	printf("\n\r\n\r"
-	print_line();
+		"=============================================================================\n\r"
-	printf("DFU bootloader %s for board %s\n\r"
+		"DFU bootloader %s for board %s\n\r"
-		"(C) 2010-2017 by Harald Welte, 2018-2019 by Kevin Redon\n\r",
+		"(C) 2010-2017 by Harald Welte, 2018-2019 by Kevin Redon\n\r"
 		"=============================================================================\n\r",
 		manifest_revision, manifest_board);
 	print_line();
-#if (TRACE_LEVEL >= TRACE_LEVEL_INFO)
+	TRACE_INFO("Chip ID: 0x%08x (Ext 0x%08x)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
 	TRACE_INFO("Chip ID: 0x%08lx (Ext 0x%08lx)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
 	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\n\r",
 		   g_unique_id[0], g_unique_id[1],
 		   g_unique_id[2], g_unique_id[3]);
-	static const char* reset_causes[] = {
+	TRACE_INFO("Reset Cause: 0x%lx\n\r", reset_cause);
 		"general reset (first power-up reset)",
 		"backup reset (return from backup mode)",
 		"watchdog reset (watchdog fault occurred)",
 		"software reset (processor reset required by the software)",
 		"user reset (NRST pin detected low)",
 	};
 	if (reset_cause < ARRAY_SIZE(reset_causes)) {
 		TRACE_INFO("Reset Cause: %s\n\r", reset_causes[reset_cause]);
 	} else {
 		TRACE_INFO("Reset Cause: 0x%lx\n\r", (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos);
 	}
 #endif
 #if (TRACE_LEVEL >= TRACE_LEVEL_INFO)
 	/* Find out why we are in the DFU bootloader, and not the main application */
 	TRACE_INFO("DFU bootloader start reason: ");
 	switch (USBDFU_OverrideEnterDFU()) {
 	case 0:
-		if (SCB->VTOR < IFLASH_ADDR + BOARD_DFU_BOOT_SIZE) {
+		/* 0 normally means that there is no override, but we are in the bootloader,
-			TRACE_INFO_WP("unknown\n\r");
+		 * thus the first check in board_cstartup_gnu did return something else than 0.
-		} else {
+		 * this can only be g_dfu->magic which is erased when the segment are
-			TRACE_INFO_WP("DFU is the main application\n\r");
+		 * relocated, which happens in board_cstartup_gnu just after USBDFU_OverrideEnterDFU.
-		}
+		 * no static variable can be used to store this case since this will also be overwritten
-		break;
+		 */
 	case 1:
 		TRACE_INFO_WP("DFU switch requested by main application\n\r");
 		break;
@@ -342,7 +301,16 @@ extern int main(void)
 	TRACE_INFO("USB init...\n\r");
 	/* Signal USB reset by disabling the pull-up on USB D+ for at least 10 ms */
 	USBD_Disconnect();
-	mdelay(500);
+#ifdef PIN_USB_PULLUP
 	const Pin usb_dp_pullup = PIN_USB_PULLUP;
 	PIO_Configure(&usb_dp_pullup, 1);
 	PIO_Set(&usb_dp_pullup);
 #endif
 	mdelay(50);
 #ifdef PIN_USB_PULLUP
 	PIO_Clear(&usb_dp_pullup);
 #endif
 	USBDFU_Initialize(&dfu_descriptors);
 	while (USBD_GetState() < USBD_STATE_CONFIGURED) {
--- a/firmware/apps/dfu/usb_strings.txt
+++ b/firmware/apps/dfu/usb_strings.txt
@@ -3,4 +3,3 @@ PRODUCT_STRING
 DFU (Device Firmware Upgrade)
 RAM
 Flash (Application Partition)
 Flash (Bootloader Partition)
--- a/firmware/apps/trace/Makefile
+++ b/firmware/apps/trace/Makefile
@@ -1,3 +1,3 @@
 C_FILES += $(C_LIBUSB_RT)
-C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c usb.c
+C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c
--- a/firmware/apps/trace/main.c
+++ b/firmware/apps/trace/main.c
@@ -24,9 +24,10 @@
 #include "board.h"
 #include "simtrace.h"
 #include "utils.h"
 #include "main_common.h"
 #include "osmocom/core/timer.h"
 unsigned int g_unique_id[4];
 /*------------------------------------------------------------------------------
 *         Internal variables
 *------------------------------------------------------------------------------*/
@@ -157,7 +158,20 @@ extern int main(void)
 	PIO_InitializeInterrupts(0);
-	print_banner();
+	EEFC_ReadUniqueID(g_unique_id);
 		printf("\n\r\n\r"
 		"=============================================================================\n\r"
 		"SIMtrace2 firmware " GIT_VERSION " (C) 2010-2016 by Harald Welte\n\r"
 		"=============================================================================\n\r");
 	TRACE_INFO("Chip ID: 0x%08lx (Ext 0x%08lx)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
 	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\n\r",
 		   g_unique_id[0], g_unique_id[1],
 		   g_unique_id[2], g_unique_id[3]);
 	TRACE_INFO("Reset Cause: 0x%lx\n\r", (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos);
 	TRACE_INFO("USB configuration used: %d\n\r", simtrace_config);
 	board_main_top();
 	TRACE_INFO("USB init...\n\r");
--- a/firmware/apps/triple_play/Makefile
+++ b/firmware/apps/triple_play/Makefile
@@ -1,3 +1,3 @@
 C_FILES += $(C_LIBUSB_RT)
-C_FILES += card_emu.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c usb.c
+C_FILES += card_emu.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c
--- a/firmware/apps/triple_play/main.c
+++ b/firmware/apps/triple_play/main.c
@@ -26,6 +26,8 @@
 #include "req_ctx.h"
 #include <osmocom/core/timer.h>
 unsigned int g_unique_id[4];
 /*------------------------------------------------------------------------------
 *         Internal variables
 *------------------------------------------------------------------------------*/
@@ -147,7 +149,17 @@ extern int main(void)
 	PIO_InitializeInterrupts(0);
-	print_banner();
+	EEFC_ReadUniqueID(g_unique_id);
 		printf("\r\n\r\n"
 		"=============================================================================\r\n"
 		"SIMtrace2 firmware " GIT_REVISION " (C) 2010-2017 by Harald Welte\r\n"
 		"=============================================================================\r\n");
 	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\r\n",
 		   g_unique_id[0], g_unique_id[1],
 		   g_unique_id[2], g_unique_id[3]);
 	board_main_top();
 	TRACE_INFO("USB init...\r\n");
--- a/firmware/atmel_softpack_libraries/libchip_sam3s/source/USBD_HAL.c
+++ b/firmware/atmel_softpack_libraries/libchip_sam3s/source/USBD_HAL.c
@@ -45,6 +45,11 @@
 *      Headers
 *---------------------------------------------------------------------------*/
 #ifdef TRACE_LEVEL
 #undef TRACE_LEVEL
 #endif
 #define TRACE_LEVEL TRACE_LEVEL_WARNING
 #include "chip.h"
 #include "USBD_HAL.h"
 #include <usb/device/dfu/dfu.h>
@@ -1077,14 +1082,6 @@ static inline uint8_t UDP_Read(uint8_t  bEndpoint,
 *      Exported functions
 *---------------------------------------------------------------------------*/
 uint16_t USBD_GetEndpointSize(uint8_t bEndpoint)
 {
    Endpoint *pEndpoint = &(endpoints[bEndpoint]);
    return pEndpoint->size;
 }
 /**
 * USBD (UDP) interrupt handler
 * Manages device resume, suspend, end of bus reset.
@@ -1141,7 +1138,7 @@ void USBD_IrqHandler(void)
    /* Resume (Wakeup) */
    if ((status & (UDP_ISR_WAKEUP | UDP_ISR_RXRSM)) != 0) {
-        TRACE_DEBUG_WP("Res ");
+        TRACE_INFO_WP("Res ");
        /* Clear and disable resume interrupts */
        UDP->UDP_ICR = UDP_ICR_WAKEUP | UDP_ICR_RXRSM | UDP_ICR_RXSUSP;
        UDP->UDP_IDR = UDP_IDR_WAKEUP | UDP_IDR_RXRSM;
@@ -1153,7 +1150,7 @@ void USBD_IrqHandler(void)
       This interrupt is always treated last (hence the '==') */
    if (status == UDP_ISR_RXSUSP) {
-        TRACE_DEBUG_WP("Susp ");
+        TRACE_INFO_WP("Susp ");
        /* Enable wakeup */
        UDP->UDP_IER = UDP_IER_WAKEUP | UDP_IER_RXRSM;
        /* Acknowledge interrupt */
@@ -1164,26 +1161,19 @@ void USBD_IrqHandler(void)
    /* End of bus reset */
    else if ((status & UDP_ISR_ENDBUSRES) != 0) {
-        TRACE_DEBUG_WP("EoBRes ");
+        TRACE_INFO_WP("EoBRes ");
 #if defined(BOARD_USB_DFU)
 #if defined(APPLICATION_dfu)
 	/* if we are currently in the DFU bootloader, and we are beyond
 	 * the MANIFEST stage, we shall switch to the normal
 	 * application */
-	if (g_dfu->past_manifest) {
+	if (g_dfu->past_manifest)
 #if defined(ENVIRONMENT_flash)
 		USBDFU_SwitchToApp();
 #elif defined(ENVIRONMENT_dfu)
 		USBDFU_SwitchToDFU();
 #endif
 	}
 #else
 	/* if we are currently in the main application, and we are in
-	 * appDETACH state or past downloading, switch into the DFU bootloader.
+	 * appDETACH state, switch into the DFU bootloader */
-	 */
+	if (g_dfu->state == DFU_STATE_appDETACH)
 	if (g_dfu->state == DFU_STATE_appDETACH || g_dfu->state == DFU_STATE_dfuMANIFEST)
 		DFURT_SwitchToDFU();
 #endif /* APPLICATION_dfu */
 #endif /* BOARD_USB_DFU */
@@ -1212,7 +1202,7 @@ void USBD_IrqHandler(void)
                if (status != 0) {
-                    TRACE_DEBUG_WP("\n\r  - ");
+                    TRACE_INFO_WP("\n\r  - ");
                }
            }
            eptnum++;
@@ -1221,7 +1211,7 @@ void USBD_IrqHandler(void)
    /* Toggle LED back to its previous state */
    TRACE_DEBUG_WP("!");
-    TRACE_DEBUG_WP("\n\r");
+    TRACE_INFO_WP("\n\r");
    if (USBD_GetState() >= USBD_STATE_POWERED) {
        //LED_Clear(USBD_LEDUSB);
@@ -1371,7 +1361,7 @@ uint8_t USBD_HAL_ConfigureEP(const USBEndpointDescriptor *pDescriptor)
        UDP->UDP_IER = (1 << bEndpoint);
    }
-    TRACE_DEBUG_WP("CfgEp%d ", bEndpoint);
+    TRACE_INFO_WP("CfgEp%d ", bEndpoint);
    return bEndpoint;
 }
@@ -1539,7 +1529,7 @@ void USBD_HAL_RemoteWakeUp(void)
    UDP_EnableUsbClock();
    UDP_EnableTransceiver();
-    TRACE_DEBUG_WP("RWUp ");
+    TRACE_INFO_WP("RWUp ");
    // Activates a remote wakeup (edge on ESR), then clear ESR
    UDP->UDP_GLB_STAT |= UDP_GLB_STAT_ESR;
@@ -1702,10 +1692,7 @@ void USBD_HAL_Suspend(void)
    /* The device enters the Suspended state */
    UDP_DisableTransceiver();
    UDP_DisableUsbClock();
-    /* Don't disable peripheral clock; this somehow breaks completion of any IN transfers
+    UDP_DisablePeripheralClock();
     * that have already been written to the peripheral, and which we expect to complete
     * after resume */
    //UDP_DisablePeripheralClock();
 }
 /**
--- a/firmware/atmel_softpack_libraries/libchip_sam3s/source/efc.c
+++ b/firmware/atmel_softpack_libraries/libchip_sam3s/source/efc.c
@@ -163,7 +163,7 @@ extern void EFC_TranslateAddress( Efc** ppEfc, uint32_t dwAddress, uint16_t* pwP
    wPage = (dwAddress - IFLASH_ADDR) / IFLASH_PAGE_SIZE;
    wOffset = (dwAddress - IFLASH_ADDR) % IFLASH_PAGE_SIZE;
-    TRACE_DEBUG( "Translated 0x%08lX to page=%d and offset=%d\n\r", dwAddress, wPage, wOffset ) ;
+    TRACE_DEBUG( "Translated 0x%08X to page=%d and offset=%d\n\r", dwAddress, wPage, wOffset ) ;
    /* Store values */
    if ( pEfc )
    {
--- a/firmware/atmel_softpack_libraries/libchip_sam3s/source/exceptions.c
+++ b/firmware/atmel_softpack_libraries/libchip_sam3s/source/exceptions.c
@@ -151,7 +151,8 @@ WEAK void HardFault_Handler( void )
 		" mrseq r0, msp		\n"
 		" mrsne r0, psp		\n"
 		//" ldr r1, [r0, #24] 	\n"
-		" b hard_fault_handler_c\n");
+		" b hard_fault_handler_c\n"
 		".syntax divided	\n");
 }
 /**
--- a/firmware/atmel_softpack_libraries/libchip_sam3s/source/flashd.c
+++ b/firmware/atmel_softpack_libraries/libchip_sam3s/source/flashd.c
@@ -134,7 +134,7 @@ static void ComputeLockRange( uint32_t dwStart, uint32_t dwEnd, uint32_t *pdwAct
    // Store actual page numbers
    EFC_ComputeAddress( pStartEfc, wActualStartPage, 0, pdwActualStart ) ;
    EFC_ComputeAddress( pEndEfc, wActualEndPage, 0, pdwActualEnd ) ;
-    TRACE_DEBUG( "Actual lock range is 0x%06lX - 0x%06lX\n\r", *pdwActualStart, *pdwActualEnd ) ;
+    TRACE_DEBUG( "Actual lock range is 0x%06X - 0x%06X\n\r", *pdwActualStart, *pdwActualEnd ) ;
 }
--- a/firmware/atmel_softpack_libraries/libchip_sam3s/source/pio_it.c
+++ b/firmware/atmel_softpack_libraries/libchip_sam3s/source/pio_it.c
@@ -211,16 +211,6 @@ extern void PIO_InitializeInterrupts( uint32_t dwPriority )
    NVIC_EnableIRQ( PIOC_IRQn ) ;
 }
 static InterruptSource *find_intsource4pin(const Pin *pPin)
 {
    unsigned int i ;
    for (i = 0; i < _dwNumSources; i++) {
        if (_aIntSources[i].pPin == pPin)
 	    return &_aIntSources[i];
    }
    return NULL;
 }
 /**
 * Configures a PIO or a group of PIO to generate an interrupt on status
 * change. The provided interrupt handler will be called with the triggering
@@ -238,17 +228,15 @@ extern void PIO_ConfigureIt( const Pin *pPin, void (*handler)( const Pin* ) )
    assert( pPin ) ;
    pio = pPin->pio ;
    assert( _dwNumSources < MAX_INTERRUPT_SOURCES ) ;
-    pSource = find_intsource4pin(pPin);
+    /* Define new source */
-    if (!pSource) {
+    TRACE_DEBUG( "PIO_ConfigureIt: Defining new source #%" PRIu32 ".\n\r",  _dwNumSources ) ;
-        /* Define new source */
+
-        TRACE_DEBUG( "PIO_ConfigureIt: Defining new source #%" PRIu32 ".\n\r",  _dwNumSources ) ;
+    pSource = &(_aIntSources[_dwNumSources]) ;
-        assert( _dwNumSources < MAX_INTERRUPT_SOURCES ) ;
+    pSource->pPin = pPin ;
        pSource = &(_aIntSources[_dwNumSources]) ;
        pSource->pPin = pPin ;
        _dwNumSources++ ;
    }
    pSource->handler = handler ;
    _dwNumSources++ ;
    /* PIO3 with additional interrupt support
     * Configure additional interrupt mode registers */
--- a/firmware/atmel_softpack_libraries/libchip_sam3s/source/unique_id.c
+++ b/firmware/atmel_softpack_libraries/libchip_sam3s/source/unique_id.c
@@ -8,11 +8,6 @@ void EEFC_ReadUniqueID(unsigned int *pdwUniqueID)
 {
 	unsigned int status;
 	/* disable interrupts, as interrupt vectors are stored in flash,
 	 * and after STUI was issued, we can no longer access flassh until
 	 * SPUI complets */
 	__disable_irq();
 	/* Errata / Workaround: Set bit 16 of EEFC Flash Mode Register
 	 * to 1 */
 	EFC->EEFC_FMR |= (1 << 16);
@@ -45,6 +40,4 @@ void EEFC_ReadUniqueID(unsigned int *pdwUniqueID)
 	do {
 		status = EFC->EEFC_FSR;
 	} while ((status & EEFC_FSR_FRDY) != EEFC_FSR_FRDY);
 	__enable_irq();
 }
--- a/firmware/atmel_softpack_libraries/usb/device/core/USBD.c
+++ b/firmware/atmel_softpack_libraries/usb/device/core/USBD.c
@@ -300,7 +300,7 @@ void USBD_SetConfiguration(uint8_t cfgnum)
    else {
        deviceState = USBD_STATE_ADDRESS;
        /* Reset all endpoints */
-        USBD_HAL_ResetEPs(0xFFFFFFFE, USBD_STATUS_RESET, 0);
+        USBD_HAL_ResetEPs(0xFFFFFFFF, USBD_STATUS_RESET, 0);
    }
 }
--- a/firmware/atmel_softpack_libraries/usb/device/dfu/dfu.h
+++ b/firmware/atmel_softpack_libraries/usb/device/dfu/dfu.h
@@ -39,8 +39,8 @@ struct dfu_desc {
 #define DFU_FUNC_DESC  {						\
 	.bLength		= USB_DT_DFU_SIZE,			\
 	.bDescriptorType	= USB_DT_DFU,				\
-	.bmAttributes		= USB_DFU_CAN_UPLOAD | USB_DFU_CAN_DOWNLOAD | USB_DFU_WILL_DETACH, \
+	.bmAttributes		= USB_DFU_CAN_UPLOAD | USB_DFU_CAN_DOWNLOAD, \
-	.wDetachTimeOut		= 0x00,				\
+	.wDetachTimeOut		= 0xff00,				\
 	.wTransferSize		= BOARD_DFU_PAGE_SIZE,			\
 	.bcdDFUVersion		= 0x0100,				\
 }
@@ -124,9 +124,6 @@ void USBDFU_Initialize(const USBDDriverDescriptors *pDescriptors);
 /* USBD tells us to switch from DFU mode to application mode */
 void USBDFU_SwitchToApp(void);
 /* USBD tells us to switch from to DFU mode */
 void USBDFU_SwitchToDFU(void);
 /* Return values to be used by USBDFU_handle_{dn,up}load */
 #define DFU_RET_NOTHING	0
 #define DFU_RET_ZLP	1
--- a/firmware/atmel_softpack_libraries/usb/device/dfu/dfu_desc.c
+++ b/firmware/atmel_softpack_libraries/usb/device/dfu/dfu_desc.c
@@ -19,10 +19,9 @@ enum {
 	STR_MANUF	= 1,
 	STR_PROD,
 	STR_CONFIG,
 	// strings for the first alternate interface (e.g. DFU)
 	_STR_FIRST_ALT,
 	// serial string
-	STR_SERIAL	= (_STR_FIRST_ALT + BOARD_DFU_NUM_IF),
+	STR_SERIAL	= (_STR_FIRST_ALT+BOARD_DFU_NUM_IF),
 	// version string (on additional interface)
 	VERSION_CONF_STR,
 	VERSION_STR,
@@ -30,25 +29,6 @@ enum {
 	STRING_DESC_CNT,
 };
 /* string used to replace one of both DFU flash partition atlsettings */
 static const unsigned char usb_string_notavailable[] = {
 	USBStringDescriptor_LENGTH(13),
 	USBGenericDescriptor_STRING,
 	USBStringDescriptor_UNICODE('n'),
 	USBStringDescriptor_UNICODE('o'),
 	USBStringDescriptor_UNICODE('t'),
 	USBStringDescriptor_UNICODE(' '),
 	USBStringDescriptor_UNICODE('a'),
 	USBStringDescriptor_UNICODE('v'),
 	USBStringDescriptor_UNICODE('a'),
 	USBStringDescriptor_UNICODE('i'),
 	USBStringDescriptor_UNICODE('l'),
 	USBStringDescriptor_UNICODE('a'),
 	USBStringDescriptor_UNICODE('b'),
 	USBStringDescriptor_UNICODE('l'),
 	USBStringDescriptor_UNICODE('e'),
 };
 /* USB string for the serial (using 128-bit device ID) */
 static unsigned char usb_string_serial[] = {
 	USBStringDescriptor_LENGTH(32),
@@ -141,7 +121,7 @@ static const USBDeviceDescriptor fsDevice = {
 		.bNumEndpoints =	0,					\
 		.bInterfaceClass =	0xfe,					\
 		.bInterfaceSubClass =	1,					\
-		.iInterface =		(_STR_FIRST_ALT + ALT),			\
+		.iInterface =		(_STR_FIRST_ALT+ALT),			\
 		.bInterfaceProtocol =	2,					\
 	}
@@ -200,11 +180,6 @@ void set_usb_serial_str(void)
 	for (i = 0; i < ARRAY_SIZE(usb_strings) && i < ARRAY_SIZE(usb_strings_extended); i++) {
 		usb_strings_extended[i] = usb_strings[i];
 	}
 #if defined(ENVIRONMENT_dfu)
 	usb_strings_extended[_STR_FIRST_ALT + 1] = usb_string_notavailable;
 #elif defined(ENVIRONMENT_flash)
 	usb_strings_extended[_STR_FIRST_ALT + 2] = usb_string_notavailable;
 #endif
 	usb_strings_extended[STR_SERIAL] = usb_string_serial;
 	usb_strings_extended[VERSION_CONF_STR] = usb_string_version_conf;
 	usb_strings_extended[VERSION_STR] = usb_string_version;
--- a/firmware/atmel_softpack_libraries/usb/device/dfu/dfu_driver.c
+++ b/firmware/atmel_softpack_libraries/usb/device/dfu/dfu_driver.c
@@ -33,7 +33,8 @@
 #include <usb/common/dfu/usb_dfu.h>
 #include <usb/device/dfu/dfu.h>
-/** specific memory location shared across bootloader and application */
+/* FIXME: this was used for a special ELF section which then got called
 * by DFU code and Application code, across flash partitions */
 #define __dfudata __attribute__ ((section (".dfudata")))
 #define __dfufunc
@@ -41,14 +42,11 @@
 static USBDDriver usbdDriver;
 static unsigned char if_altsettings[1];
 /** structure containing the DFU state and magic value to know if DFU or application should be started */
 __dfudata struct dfudata _g_dfu = {
-	.state = DFU_STATE_dfuIDLE,
+  	.state = DFU_STATE_appIDLE,
 	.past_manifest = 0,
 	.total_bytes = 0,
 };
 /** variable to structure containing DFU state */
 struct dfudata *g_dfu = &_g_dfu;
 WEAK void dfu_drv_updstatus(void)
@@ -85,7 +83,7 @@ static void __dfufunc handle_getstate(void)
 {
 	uint8_t u8 = g_dfu->state;
-	TRACE_DEBUG("handle_getstate(%ld)\n\r", g_dfu->state);
+	TRACE_DEBUG("handle_getstate(%u)\n\r", g_dfu->state);
 	USBD_Write(0, (char *)&u8, sizeof(u8), NULL, 0);
 }
@@ -463,20 +461,7 @@ void USBDFU_SwitchToApp(void)
 	/* make sure the MAGIC is not set to enter DFU again */
 	g_dfu->magic = 0;
-	/* disconnect from USB to ensure re-enumeration */
+	printf("switching to app\r\n");
 	USBD_Disconnect();
 	/* disable any interrupts during transition */
 	__disable_irq();
 	/* Tell the hybrid to execute FTL JUMP! */
 	NVIC_SystemReset();
 }
 void USBDFU_SwitchToDFU(void)
 {
 	/* make sure the MAGIC is not set to enter DFU again */
 	g_dfu->magic = USB_DFU_MAGIC;
 	/* disconnect from USB to ensure re-enumeration */
 	USBD_Disconnect();
--- a/firmware/atmel_softpack_libraries/usb/device/dfu/dfu_runtime.c
+++ b/firmware/atmel_softpack_libraries/usb/device/dfu/dfu_runtime.c
@@ -36,12 +36,7 @@
 #include <usb/common/dfu/usb_dfu.h>
 #include <usb/device/dfu/dfu.h>
-/** specific memory location shared across bootloader and application */
+struct dfudata *g_dfu = (struct dfudata *) IRAM_ADDR;
 #define __dfudata __attribute__ ((section (".dfudata")))
 /** structure containing the magic value to know if DFU or application should be started */
 __dfudata struct dfudata _g_dfu;
 /** variable to structure containing the magic value to know if DFU or application should be started */
 struct dfudata *g_dfu = &_g_dfu;
 /* FIXME: this was used for a special ELF section which then got called
 * by DFU code and Application code, across flash partitions */
@@ -68,7 +63,7 @@ static void __dfufunc handle_getstate(void)
 {
 	uint8_t u8 = g_dfu->state;
-	TRACE_DEBUG("handle_getstate(%lu)\n\r", g_dfu->state);
+	TRACE_DEBUG("handle_getstate(%u)\n\r", g_dfu->state);
 	USBD_Write(0, (char *)&u8, sizeof(u8), NULL, 0);
 }
@@ -165,8 +160,6 @@ void USBDFU_Runtime_RequestHandler(const USBGenericRequest *request)
 			 * will then trigger DFURT_SwitchToDFU() below */
 			TRACE_DEBUG("\r\n====dfu_detach\n\r");
 			g_dfu->state = DFU_STATE_appDETACH;
 			USBD_Write(0, 0, 0, 0, 0);
 			DFURT_SwitchToDFU();
 			ret = DFU_RET_ZLP;
 			goto out;
 			break;
@@ -211,14 +204,13 @@ out:
 void DFURT_SwitchToDFU(void)
 {
 	__disable_irq();
 	/* store the magic value that the DFU loader can detect and
 	 * activate itself, rather than boot into the application */
 	g_dfu->magic = USB_DFU_MAGIC;
-	__DMB();
+
 	/* Disconnect the USB by removing the pull-up */
 	USBD_Disconnect();
 	__disable_irq();
 	/* reset the processor, we will start execution with the
 	 * ResetVector of the bootloader */
--- a/firmware/atmel_softpack_libraries/usb/include/USBD.h
+++ b/firmware/atmel_softpack_libraries/usb/include/USBD.h
@@ -214,8 +214,6 @@ typedef void (*MblTransferCallback)(void *pArg,
 *         Exported functions
 *------------------------------------------------------------------------------*/
 extern uint16_t USBD_GetEndpointSize(uint8_t bEndpoint);
 //extern void USBD_IrqHandler(void);
 extern void USBD_Init(void);
--- a/firmware/libboard/common/include/board_common.h
+++ b/firmware/libboard/common/include/board_common.h
@@ -112,13 +112,10 @@
 #define BOARD_USB_UDP
 #define BOARD_USB_DFU
 #define BOARD_DFU_BOOT_SIZE	(16 * 1024)
 #define BOARD_DFU_RAM_SIZE	(2 * 1024)
 #define BOARD_DFU_PAGE_SIZE	512
-/** number of DFU interfaces (used to flash specific partitions) */
+#define BOARD_DFU_NUM_IF	2
 #define BOARD_DFU_NUM_IF	3
 extern void board_exec_dbg_cmd(int ch);
 extern void board_main_top(void);
--- a/firmware/libboard/common/include/led.h
+++ b/firmware/libboard/common/include/led.h
@@ -31,8 +31,7 @@ enum led_pattern {
 	BLINK_200O_F		= 7,
 	BLINK_600O_F		= 8,
 	BLINK_CUSTOM		= 9,
-	BLINK_2F_O		= 10,
+	BLINK_2F_O,
 	BLINK_5O_5F		= 11,
 	_NUM_LED_BLINK
 };
--- a/firmware/libboard/common/include/sim_switch.h
+++ b/firmware/libboard/common/include/sim_switch.h
@@ -14,13 +14,5 @@
 */
 #pragma once
 /** switch card lines to use physical or emulated card
 *  @param[in] nr card interface number (i.e. slot)
 *  @param[in] physical which physical interface to switch to (e.g. 0: physical, 1: virtual)
 *  @return 0 on success, negative else
 */
 int sim_switch_use_physical(unsigned int nr, int physical);
 /** initialise card switching capabilities
 *  @return number of switchable card interfaces
 */
 int sim_switch_init(void);
--- a/firmware/libboard/common/resources/sam3s4/dfu.ld
+++ b/firmware/libboard/common/resources/sam3s4/dfu.ld
@@ -39,9 +39,9 @@ SEARCH_DIR(.)
 MEMORY
 {
 	/* reserve the first 16k (= 0x4000) for the DFU bootloader */
-	rom (rx)  : ORIGIN = 0x00400000 + 16K, LENGTH = 256K - 16K /* flash, 256K */
+	rom (rx)  : ORIGIN = 0x00404000, LENGTH = 0x0003c000 /* flash, 256K */
-	/* note: dfudata will be at the start */
+	/* reserve the first 32 (= 0x20) bytes for the _g_dfu struct */
-	ram (rwx) : ORIGIN = 0x20000000, LENGTH = 48K /* SRAM, 48K */
+	ram (rwx) : ORIGIN = 0x20000020, LENGTH = 0x0000bfe0 /* sram, 48K */
 }
 /* Section Definitions */ 
@@ -96,18 +96,13 @@ SECTIONS
        _efixed = .;            /* End of text section */
    } > rom
-    /DISCARD/ :
+    /* .ARM.exidx is sorted, so has to go in its own output section.  */
    PROVIDE_HIDDEN (__exidx_start = .);
    .ARM.exidx :
    {
-        *(.ARM.exidx)
+      *(.ARM.exidx* .gnu.linkonce.armexidx.*)
    }
    .blupdate :
    {
        . = ALIGN(4);
        _blupdate_start = .;
        KEEP(*(.fwupdate .fwupdate.*));
        _blupdate_end = .;
    } > rom
    PROVIDE_HIDDEN (__exidx_end = .);
    . = ALIGN(4); 
    _etext = .;
@@ -116,8 +111,6 @@ SECTIONS
    {
        . = ALIGN(4);
        _srelocate = .;
        /* we must make sure the .dfudata is linked to start of RAM */
        *(.dfudata .dfudata.*);
        *(.ramfunc .ramfunc.*);
        *(.data .data.*);
        . = ALIGN(4);
--- a/firmware/libboard/common/resources/sam3s4/flash.ld
+++ b/firmware/libboard/common/resources/sam3s4/flash.ld
@@ -38,8 +38,8 @@ SEARCH_DIR(.)
 /* Memory Spaces Definitions */
 MEMORY
 {
-	rom (rx)  : ORIGIN = 0x00400000, LENGTH = 16K /* flash, 256K, but only the first 16K should be used for the bootloader */
+	rom (rx)  : ORIGIN = 0x00400000, LENGTH = 0x00040000 /* flash, 256K */
-	ram (rwx) : ORIGIN = 0x20000000, LENGTH = 48K /* SRAM, 48K */
+	ram (rwx) : ORIGIN = 0x20000000, LENGTH = 0x0000c000 /* sram, 48K */
 }
 /* Section Definitions */ 
@@ -94,10 +94,13 @@ SECTIONS
        _efixed = .;            /* End of text section */
    } > rom
-    /DISCARD/ :
+    /* .ARM.exidx is sorted, so has to go in its own output section.  */
    PROVIDE_HIDDEN (__exidx_start = .);
    .ARM.exidx :
    {
-        *(.ARM.exidx)
+      *(.ARM.exidx* .gnu.linkonce.armexidx.*)
-    }
+    } > rom
    PROVIDE_HIDDEN (__exidx_end = .);
    . = ALIGN(4); 
    _etext = .;
--- a/firmware/libboard/common/source/board_cstartup_gnu.c
+++ b/firmware/libboard/common/source/board_cstartup_gnu.c
@@ -126,7 +126,7 @@ IntFunc exception_table[] = {
 	IrqHandlerNotUsed   /* 35 not used */
 };
-#if defined(BOARD_USB_DFU) && defined(APPLICATION_dfu) && defined(ENVIRONMENT_flash)
+#if defined(BOARD_USB_DFU) && defined(APPLICATION_dfu)
 #include "usb/device/dfu/dfu.h"
 static void BootIntoApp(void)
 {
@@ -159,9 +159,8 @@ void ResetException( void )
 	LowLevelInit() ;
-#if defined(BOARD_USB_DFU) && defined(APPLICATION_dfu) && defined(ENVIRONMENT_flash)
+#if defined(BOARD_USB_DFU) && defined(APPLICATION_dfu)
-	// boot application if there is not DFU override
+	if (!USBDFU_OverrideEnterDFU()) {
 	if (!USBDFU_OverrideEnterDFU() && SCB->VTOR < IFLASH_ADDR + BOARD_DFU_BOOT_SIZE) {
 		UART_Exit();
 		__disable_irq();
 		BootIntoApp();
--- a/firmware/libboard/common/source/board_lowlevel.c
+++ b/firmware/libboard/common/source/board_lowlevel.c
@@ -218,8 +218,3 @@ void mdelay(unsigned int msecs)
 	do {
 	} while ((jiffies - jiffies_start) < msecs);
 }
 void abort() {
 	NVIC_SystemReset();
 	while(1) {};
 }
--- a/firmware/libboard/common/source/led.c
+++ b/firmware/libboard/common/source/led.c
@@ -58,10 +58,6 @@ static const struct blink_state bs_on[] = {
 	{ 0, 1 }
 };
 static const struct blink_state bs_5on_5off[] = {
 	{ 500, 1 }, { 500, 0 }
 };
 static const struct blink_state bs_3on_5off[] = {
 	{ 300, 1 }, { 500, 0 }
 };
@@ -111,10 +107,6 @@ static const struct blink_pattern patterns[] = {
 		.states = bs_on,
 		.size = ARRAY_SIZE(bs_on),
 	},
 	[BLINK_5O_5F] = {
 		.states = bs_5on_5off,
 		.size = ARRAY_SIZE(bs_5on_5off),
 	},
 	[BLINK_3O_5F] = {
 		.states = bs_3on_5off,
 		.size = ARRAY_SIZE(bs_3on_5off),
--- a/firmware/libboard/common/source/sim_switch.c
+++ b/firmware/libboard/common/source/sim_switch.c
--- a/firmware/libboard/ngff_cardem/include/board.h
+++ b/firmware/libboard/ngff_cardem/include/board.h
@@ -1,166 +0,0 @@
 /* Osmocom ngff-cardem board definition
 *
 * (C) 2021 by Harald Welte <laforge@osmocom.org>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
 */
 #pragma once
 #include "board_common.h"
 #include "simtrace_usb.h"
 /** Name of the board */
 #define BOARD_NAME "NGFF-CARDEM"
 /** Board definition */
 #define ngff_cardem
 /** oscillator used as main clock source (in Hz) */
 #define BOARD_MAINOSC 12000000
 /** desired main clock frequency (in Hz, based on BOARD_MAINOSC) */
 #define BOARD_MCK 58000000 // 12.000 * 29 / 6
 /** MCU pin connected to red LED */
 #define PIO_LED_RED     PIO_PA17
 /** MCU pin connected to green LED */
 #define PIO_LED_GREEN   PIO_PA18
 /** red LED pin definition */
 #define PIN_LED_RED     {PIO_LED_RED, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 /** green LED pin definition */
 #define PIN_LED_GREEN   {PIO_LED_GREEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 /** LEDs pin definition */
 #define PINS_LEDS       PIN_LED_RED, PIN_LED_GREEN 
 /** index for red LED in LEDs pin definition array */
 #define LED_NUM_RED     0
 /** index for green LED in LEDs pin definition array */
 #define LED_NUM_GREEN   1
 /** the green LED is actually red and used as indication for USIM1 */
 #define LED_USIM1	LED_GREEN
 /* USIM 2 interface (USART) */
 #define PIN_USIM2_CLK		{PIO_PA2, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
 #define PIN_USIM2_IO		{PIO_PA6, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 #define PINS_ISO7816_USIM2	PIN_USIM2_CLK, PIN_USIM2_IO
 /* USIM 2 interface (TC) */
 #define PIN_USIM2_IO_TC		{PIO_PA1, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
 #define PIN_USIM2_CLK_TC	{PIO_PA4, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
 #define PINS_TC_USIM2		PIN_USIM2_IO_TC, PIN_USIM2_CLK_TC
 /* USIM 1 interface (USART) */
 #define PIN_USIM1_IO		{PIO_PA22, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 #define PIN_USIM1_CLK		{PIO_PA23, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 #define PINS_ISO7816_USIM1	PIN_USIM1_CLK, PIN_USIM1_IO
 /* USIM 1 interface (TC) */
 #define PIN_USIM1_IO_TC		{PIO_PA27, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
 #define PIN_USIM1_CLK_TC	{PIO_PA29, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
 #define PINS_TC_USIM1		PIN_USIM1_IO_TC, PIN_USIM1_CLK_TC
 #define PIN_USIM1_nRST		{PIO_PA24, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
 #define PIN_USIM1_VCC		{PIO_PB3, PIOB, ID_PIOB, PIO_INPUT, PIO_DEFAULT}
 #define PIN_USIM2_nRST		{PIO_PA7, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
 //#define PIN_USIM2_VCC		{PIO_PB2, PIOB, ID_PIOB, PIO_INPUT, PIO_DEFAULT}
 #define PINS_USIM1		PINS_TC_USIM1, PINS_ISO7816_USIM1, PIN_USIM1_nRST
 #define PINS_USIM2		PINS_TC_USIM2, PINS_ISO7816_USIM2, PIN_USIM2_nRST
 /* from v3 and onwards only (!) */
 #define PIN_DET_USIM1_PRES	{PIO_PA8, PIOA, ID_PIOA, PIO_INPUT, PIO_DEGLITCH | PIO_IT_EDGE}
 /* inputs reading the WWAN LED level */
 #define PIN_WWAN1		{PIO_PA15, PIOA, ID_PIOA, PIO_INPUT, PIO_PULLUP | PIO_DEGLITCH | PIO_IT_EDGE}
 #define PINS_WWAN_IN		{ PIN_WWAN1 }
 #define PIN_MODEM_EN {PIO_PA11, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 #define PIN_N_MODEM_PWR_ON {PIO_PA26, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 /* outputs controlling RESET input of modems */
 #define PIN_PERST1		{PIO_PA25, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 #define PINS_PERST		{ PIN_PERST1 }
 #define PIN_VERSION_DET		{PIO_PA19, PIOA, ID_PIOA, PIO_PERIPH_D, PIO_DEFAULT}
 /* GPIO towards SPDT switches between real SIM and SAM3 */
 //#define PIN_SIM_SWITCH1 {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 //#define PIN_SIM_SWITCH2 {PIO_PA28, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 #define BOARD_USB_BMATTRIBUTES	USBConfigurationDescriptor_SELFPOWERED_NORWAKEUP
 #define BOARD_USB_VENDOR_ID	USB_VENDOR_OPENMOKO
 #define BOARD_USB_PRODUCT_ID	USB_PRODUCT_NGFF_CARDEM
 #define BOARD_DFU_USB_PRODUCT_ID USB_PRODUCT_NGFF_CARDEM
 #define BOARD_USB_RELEASE	0x010
 #define DETECT_VCC_BY_ADC
 #define VCC_UV_THRESH_1V8	1500000
 #define VCC_UV_THRESH_3V	VCC_UV_THRESH_1V8
 #ifdef APPLICATION_cardem
 #define HAVE_CARDEM
 #define HAVE_BOARD_CARDINSERT
 struct cardem_inst;
 void board_set_card_insert(struct cardem_inst *ci, bool card_insert);
 #endif
 #ifdef APPLICATION_trace
 #define HAVE_SNIFFER
 #endif
 /* Card I/O data signal input/output (I/O_SIM in schematic) */
 #define PIN_SIM_IO             {PIO_PA6A_TXD0, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Card CLK clock input (CLK_SIM in schematic) */
 #define PIN_SIM_CLK            {PIO_PA2B_SCK0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
 /* Card RST reset signal input (use as input since the phone will drive it) */
 #define PIN_SIM_RST_SNIFF      {PIO_PA7, PIOA, ID_PIOA, PIO_INPUT, PIO_DEGLITCH | PIO_IT_EDGE}
 /* Pins used to sniff phone-card communication */
 #define PINS_SIM_SNIFF          PIN_SIM_IO, PIN_SIM_CLK, PIN_SIM_RST_SNIFF
 /* Pin to measure card I/O timing (to start measuring the ETU on I/O activity; connected I/O_SIM in schematic) */
 #define PIN_SIM_IO_INPUT       {PIO_PA1B_TIOB0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
 /* Pin used as clock input (to measure the ETU duration; connected to CLK_SIM in schematic) */
 #define PIN_SIM_CLK_INPUT      {PIO_PA4B_TCLK0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
 /* Pins used to measure ETU timing (using timer counter) */ 
 #define PINS_TC                 PIN_SIM_IO_INPUT, PIN_SIM_CLK_INPUT
 //default state: NO uart connected, modem connected to physical sim, NO sim presence override, modem powers sim slot
 #define pin_conn_usim1_default {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 #define pin_conn_usim2_default {PIO_PA28, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 #define pin_conn_mdm_sim_default {PIO_PA0, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 #define pin_conn_set_sim_det_default {PIO_PA13, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 #define pin_en_st_sim_vdd_default {PIO_PB2, PIOB, ID_PIOB, PIO_OUTPUT_0, PIO_DEFAULT}
 #define pin_en_mdm_sim_vdd_default {PIO_PA16, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 //cardem state: uart2 (!) connected, NO modem connected to physical sim, sim presence override, NOTHING powers sim slot
 #define pin_conn_usim1_cem {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 #define pin_conn_usim2_cem {PIO_PA28, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 #define pin_conn_mdm_sim_cem {PIO_PA0, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 #define pin_en_st_sim_vdd_cem {PIO_PB2, PIOB, ID_PIOB, PIO_OUTPUT_0, PIO_DEFAULT}
 #define pin_en_mdm_sim_vdd_cem {PIO_PA16, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 //trace state: uart2 (!) connected, modem connected to physical sim, st powers sim slot
 #define pin_conn_usim1_trace {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 #define pin_conn_usim2_trace {PIO_PA28, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 #define pin_conn_mdm_sim_trace {PIO_PA0, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 #define pin_conn_set_sim_det_trace {PIO_PA13, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 #define pin_en_st_sim_vdd_trace {PIO_PB2, PIOB, ID_PIOB, PIO_OUTPUT_1, PIO_DEFAULT}
 #define pin_en_mdm_sim_vdd_trace {PIO_PA16, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 #define PIN_MODEM_EN_off {PIO_PA11, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 #define PINS_SIM_DEFAULT pin_conn_usim1_default, pin_conn_usim2_default, pin_conn_mdm_sim_default, pin_conn_set_sim_det_default, PIN_N_MODEM_PWR_ON, PIN_MODEM_EN, pin_en_st_sim_vdd_default, pin_en_mdm_sim_vdd_default
 #define PINS_SIM_CARDEM pin_conn_usim1_cem, pin_conn_usim2_cem, pin_conn_mdm_sim_cem, pin_en_mdm_sim_vdd_cem, pin_en_st_sim_vdd_cem// , pin_conn_set_sim_det_cem
 #define PINS_BUS_SNIFF pin_conn_usim1_trace, pin_conn_usim2_trace, pin_conn_mdm_sim_trace, pin_conn_set_sim_det_trace,PIN_MODEM_EN_off
 #define PINS_PWR_SNIFF PIN_N_MODEM_PWR_ON, PIN_MODEM_EN, pin_en_st_sim_vdd_trace, pin_en_mdm_sim_vdd_trace
--- a/firmware/libboard/ngff_cardem/include/card_pres.h
+++ b/firmware/libboard/ngff_cardem/include/card_pres.h
@@ -1,22 +0,0 @@
 /* card presence utilities
 *
 * (C) 2016-2017 by Harald Welte <hwelte@hmw-consulting.de>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
 */
 #pragma once
 int is_card_present(int port);
 int card_present_init(void);
--- a/firmware/libboard/ngff_cardem/include/wwan_led.h
+++ b/firmware/libboard/ngff_cardem/include/wwan_led.h
@@ -1,20 +0,0 @@
 /* Code to read/track the status of the WWAN LEDs of attached modems
 * 
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
 */
 #pragma once
 int wwan_led_active(int wwan);
 int wwan_led_init(void);
--- a/firmware/libboard/ngff_cardem/include/wwan_perst.h
+++ b/firmware/libboard/ngff_cardem/include/wwan_perst.h
@@ -1,21 +0,0 @@
 /* Code to control the PERST lines of attached modems
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
 */
 #pragma once
 int wwan_perst_set(int modem_nr, int active);
 int wwan_perst_do_reset_pulse(int modem_nr, unsigned int duration_ms);
 int wwan_perst_init(void);
--- a/firmware/libboard/ngff_cardem/product_string.txt
+++ b/firmware/libboard/ngff_cardem/product_string.txt
@@ -1 +0,0 @@
 ngff-cardem
--- a/firmware/libboard/ngff_cardem/source/board_ngff_cardem.c
+++ b/firmware/libboard/ngff_cardem/source/board_ngff_cardem.c
@@ -1,159 +0,0 @@
 /* sysmocom ngff-cardem application code
 *
 * (C) 2021 Harald Welte <laforge@osmocom.org>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
 */
 #include "board.h"
 #include "simtrace.h"
 #include "utils.h"
 #include "led.h"
 #include "wwan_led.h"
 #include "wwan_perst.h"
 #include "sim_switch.h"
 #include "boardver_adc.h"
 #include "card_pres.h"
 #include <osmocom/core/timer.h>
 #include "usb_buf.h"
 /* array of generated USB Strings */
 extern unsigned char *usb_strings[];
 /* returns '1' in case we should break any endless loop */
 void board_exec_dbg_cmd(int ch)
 {
 	switch (ch) {
 	case '?':
 		printf("\t?\thelp\n\r");
 		printf("\tR\treset SAM3\n\r");
 		printf("\tl\tswitch off LED 1\n\r");
 		printf("\tL\tswitch on  LED 1\n\r");
 		printf("\tg\tswitch off LED 2\n\r");
 		printf("\tG\tswitch on  LED 2\n\r");
 		printf("\t1\tGenerate 1ms reset pulse on WWAN1\n\r");
 		printf("\t!\tSwitch Channel A from physical -> remote\n\r");
 		printf("\tt\t(pseudo)talloc report\n\r");
 		break;
 	case 'R':
 		printf("Asking NVIC to reset us\n\r");
 		USBD_Disconnect();
 		NVIC_SystemReset();
 		break;
 	case 'l':
 		led_blink(LED_GREEN, BLINK_ALWAYS_OFF);
 		printf("LED 1 switched off\n\r");
 		break;
 	case 'L':
 		led_blink(LED_GREEN, BLINK_ALWAYS_ON);
 		printf("LED 1 switched on\n\r");
 		break;
 	case 'g':
 		led_blink(LED_RED, BLINK_ALWAYS_OFF);
 		printf("LED 2 switched off\n\r");
 		break;
 	case 'G':
 		led_blink(LED_RED, BLINK_ALWAYS_ON);
 		printf("LED 2 switched on\n\r");
 		break;
 	case '1':
 		printf("Resetting Modem\n\r");
 		wwan_perst_do_reset_pulse(0, 300);
 		break;
 	case '!':
 		sim_switch_use_physical(0, 0);
 		break;
 	case 't':
 		talloc_report(NULL, stdout);
 		break;
 	default:
 		printf("Unknown command '%c'\n\r", ch);
 		break;
 	}
 }
 void board_main_top(void)
 {
 #ifndef APPLICATION_dfu
 	usb_buf_init();
 	wwan_led_init();
 	wwan_perst_init();
 	sim_switch_init();
 #endif
 	/* Obtain the circuit board version (currently just prints voltage) */
 	get_board_version_adc();
 #ifndef APPLICATION_dfu
 	/* Initialize checking for card insert/remove events */
 	card_present_init();
 #endif
 	wwan_perst_set(0, 0);
 }
 static int uart_has_loopback_jumper(void)
 {
 	unsigned int i;
 	const Pin uart_loopback_pins[] = {
 		{PIO_PA9A_URXD0, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT},
 		{PIO_PA10A_UTXD0, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 	};
 	/* Configure UART pins as I/O */
 	PIO_Configure(uart_loopback_pins, PIO_LISTSIZE(uart_loopback_pins));
 	/* Send pattern over UART TX and check if it is received on RX
 	 * If the loop doesn't get interrupted, RxD always follows TxD and thus a
 	 * loopback jumper has been placed on RxD/TxD, and we will boot
 	 * into DFU unconditionally
 	 */
 	int has_loopback_jumper = 1;
 	for (i = 0; i < 10; i++) {
 		/* Set TxD high; abort if RxD doesn't go high either */
 		PIO_Set(&uart_loopback_pins[1]);
 		if (!PIO_Get(&uart_loopback_pins[0])) {
 			has_loopback_jumper = 0;
 			break;
 		}
 		/* Set TxD low, abort if RxD doesn't go low either */
 		PIO_Clear(&uart_loopback_pins[1]);
 		if (PIO_Get(&uart_loopback_pins[0])) {
 			has_loopback_jumper = 0;
 			break;
 		}
 	}
 	/* Put pins back to UART mode */
 	const Pin uart_pins[] = {PINS_UART};
 	PIO_Configure(uart_pins, PIO_LISTSIZE(uart_pins));
 	return has_loopback_jumper;
 }
 int board_override_enter_dfu(void)
 {
 	/* If the loopback jumper is set, we enter DFU mode */
 	if (uart_has_loopback_jumper())
 		return 1;
 	return 0;
 }
 static const Pin deton = {PIO_PA13, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
 static const Pin detoff = {PIO_PA13, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT};
 void board_set_card_insert(struct cardem_inst *ci, bool card_insert)
 {
 	PIO_Configure(card_insert ? &deton : &detoff, 1);
 }
--- a/firmware/libboard/ngff_cardem/source/card_pres.c
+++ b/firmware/libboard/ngff_cardem/source/card_pres.c
@@ -1,76 +0,0 @@
 /* card presence utilities
 *
 * (C) 2016-2021 by Harald Welte <hwelte@hmw-consulting.de>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
 */
 #include <osmocom/core/timer.h>
 #include "board.h"
 #include "utils.h"
 #include "card_pres.h"
 #define NUM_CARDPRES	1
 #define TIMER_INTERVAL_MS	500
 static const Pin pin_cardpres[NUM_CARDPRES] = { PIN_DET_USIM1_PRES };
 static int last_state[NUM_CARDPRES] = { -1 };
 static struct osmo_timer_list cardpres_timer;
 /* Determine if a SIM card is present in the given slot */
 int is_card_present(int port)
 {
 	const Pin *pin;
 	int present;
 	if (port < 0 || port >= NUM_CARDPRES)
 		return -1;
 	pin = &pin_cardpres[port];
 	/* high active here */
 	present = PIO_Get(pin);
 	return present;
 }
 static void cardpres_tmr_cb(void *data)
 {
 	unsigned int i;
 	for (i = 0; i < ARRAY_SIZE(pin_cardpres); i++) {
 		int state = is_card_present(i);
 		if (state != last_state[i]) {
 			TRACE_INFO("%u: Card Detect Status %d -> %d\r\n", i, last_state[i], state);
 			/* FIXME: report to USB host */
 			last_state[i] = state;
 		}
 	}
 	osmo_timer_schedule(&cardpres_timer, 0, TIMER_INTERVAL_MS*1000);
 }
 int card_present_init(void)
 {
 	unsigned int i;
 	PIO_Configure(pin_cardpres, ARRAY_SIZE(pin_cardpres));
 	/* start timer */
 	cardpres_timer.cb = cardpres_tmr_cb;
 	osmo_timer_schedule(&cardpres_timer, 0, TIMER_INTERVAL_MS*1000);
 	return 2;
 }
--- a/firmware/libboard/ngff_cardem/source/sim_switch.c
+++ b/firmware/libboard/ngff_cardem/source/sim_switch.c
@@ -1,81 +0,0 @@
 /* Code to switch between local (physical) and remote (emulated) SIM
 *
 * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
 */
 #include "board.h"
 #include "trace.h"
 #include "led.h"
 #include "sim_switch.h"
 //uart12bus	2-20e pa20
 //uart22bus	1-20e pa28
 //usim2bus	1-10e pa0  pivot
 //sim det	2-10e pa13
 static const Pin pins_default[]	= {PINS_SIM_DEFAULT};
 static const Pin pins_cem[]	= {PINS_SIM_CARDEM};
 static int initialized = 0;
 int sim_switch_use_physical(unsigned int nr, int physical)
 {
 	const Pin pin = PIN_MODEM_EN;// PIN_N_MODEM_PWR_ON;
 	enum led led;
 	if (!initialized) {
 		TRACE_ERROR("Somebody forgot to call sim_switch_init()\r\n");
 		sim_switch_init();
 	}
 	TRACE_INFO("Modem %d: %s SIM\n\r", nr,
 		   physical ? "physical" : "virtual");
 	switch (nr) {
 	case 0:
 		led = LED_USIM1;
 		break;
 	default:
 		TRACE_ERROR("Invalid SIM%u\n\r", nr);
 		return -1;
 	}
 	if (physical) {
 		TRACE_INFO("%u: Use local/physical SIM\r\n", nr);
 		PIO_Configure(pins_default, PIO_LISTSIZE(pins_default));
 		led_blink(led, BLINK_ALWAYS_ON);
 	} else {
 		TRACE_INFO("%u: Use remote/emulated SIM\r\n", nr);
 		PIO_Configure(pins_cem, PIO_LISTSIZE(pins_cem));
 		led_blink(led, BLINK_5O_5F);
 	}
 	/* just power cycle the modem because this circumvents weird issues with unreliable signals */
 	PIO_Clear(&pin);
 	mdelay(200);
 	PIO_Set(&pin);
 	return 0;
 }
 int sim_switch_init(void)
 {
 	PIO_Configure(pins_default, PIO_LISTSIZE(pins_default));
 	initialized = 1;
 	return 1;
 }
--- a/firmware/libboard/ngff_cardem/source/wwan_led.c
+++ b/firmware/libboard/ngff_cardem/source/wwan_led.c
@@ -1,93 +0,0 @@
 /* Code to read/track the status of the WWAN LEDs of attached modems
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
 */
 /* Depending on the board this is running on,  it might be possible
 * for the controller to read the status of the WWAN LED output lines of
 * the cellular modem.  If the board supports this, it sets the
 * PIN_WWAN1 and/or PIN_WWAN2 defines in its board.h file.
 */
 #include "board.h"
 #include "wwan_led.h"
 #ifdef PIN_WWAN1
 static const Pin pin_wwan1 = PIN_WWAN1;
 static void wwan1_irqhandler(const Pin *pPin)
 {
 	int active = wwan_led_active(0);
 	TRACE_INFO("0: WWAN LED %u\r\n", active);
 	/* TODO: notify host via USB */
 }
 #endif
 #ifdef PIN_WWAN2
 static const Pin pin_wwan2 = PIN_WWAN2;
 static void wwan2_irqhandler(const Pin *pPin)
 {
 	int active = wwan_led_active(1);
 	TRACE_INFO("1: WWAN LED %u\r\n", active);
 	/* TODO: notify host via USB */
 }
 #endif
 /* determine if a given WWAN led is currently active or not */
 int wwan_led_active(int wwan)
 {
 	const Pin *pin;
 	int active;
 	switch (wwan) {
 #ifdef PIN_WWAN1
 	case 0:
 		pin = &pin_wwan1;
 		break;
 #endif
 #ifdef PIN_WWAN2
 	case 1:
 		pin = &pin_wwan2;
 		break;
 #endif
 	default:
 		return -1;
 	}
 	active = PIO_Get(pin) ? 0 : 1;
 	return active;
 }
 int wwan_led_init(void)
 {
 	int num_leds = 0;
 #ifdef PIN_WWAN1
 	PIO_Configure(&pin_wwan1, 1);
 	PIO_ConfigureIt(&pin_wwan1, wwan1_irqhandler);
 	PIO_EnableIt(&pin_wwan1);
 	num_leds++;
 #endif
 #ifdef PIN_WWAN2
 	PIO_Configure(&pin_wwan2, 1);
 	PIO_ConfigureIt(&pin_wwan2, wwan2_irqhandler);
 	PIO_EnableIt(&pin_wwan2);
 	num_leds++;
 #endif
 	return num_leds;
 }
--- a/firmware/libboard/ngff_cardem/source/wwan_perst.c
+++ b/firmware/libboard/ngff_cardem/source/wwan_perst.c
@@ -1,127 +0,0 @@
 /* Code to control the PERST lines of attached modems
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
 */
 /* Depending on the board this is running on,  it might be possible
 * for the controller to set the status of the PERST input line of
 * the cellular modem.  If the board supports this, it sets the
 * PIN_PERST1 and/or PIN_PERST2 defines in its board.h file.
 */
 #include "board.h"
 #include "trace.h"
 #include "wwan_perst.h"
 #include <osmocom/core/timer.h>
 struct wwan_perst {
 	uint8_t idx;
 	const Pin pin;
 	struct osmo_timer_list timer;
 };
 #ifdef PIN_PERST1
 static struct wwan_perst perst1 = {
 	.idx = 0,
 	.pin = PIN_PERST1,
 };
 #endif
 #ifdef PIN_PERST2
 static struct wwan_perst perst2 = {
 	.idx = 1,
 	.pin = PIN_PERST2,
 };
 #endif
 static int initialized = 0;
 static void perst_tmr_cb(void *data)
 {
 	struct wwan_perst *perst = data;
 	/* release the (low-active) reset */
 	TRACE_INFO("%u: De-asserting modem reset\r\n", perst->idx);
 	PIO_Clear(&perst->pin);
 }
 static struct wwan_perst *get_perst_for_modem(int modem_nr)
 {
 	if (!initialized) {
 		TRACE_ERROR("Somebody forgot to call wwan_perst_init()\r\n");
 		wwan_perst_init();
 	}
 	switch (modem_nr) {
 #ifdef PIN_PERST1
 	case 0:
 		return &perst1;
 #endif
 #ifdef PIN_PERST2
 	case 1:
 		return &perst2;
 #endif
 	default:
 		return NULL;
 	}
 }
 int wwan_perst_do_reset_pulse(int modem_nr, unsigned int duration_ms)
 {
 	struct wwan_perst *perst = get_perst_for_modem(modem_nr);
 	if (!perst)
 		return -1;
 	TRACE_INFO("%u: Asserting modem reset\r\n", modem_nr);
 	PIO_Set(&perst->pin);
 	osmo_timer_schedule(&perst->timer, duration_ms/1000, (duration_ms%1000)*1000);
 	return 0;
 }
 int wwan_perst_set(int modem_nr, int active)
 {
 	struct wwan_perst *perst = get_perst_for_modem(modem_nr);
 	if (!perst)
 		return -1;
 	osmo_timer_del(&perst->timer);
 	if (active) {
 		TRACE_INFO("%u: Asserting modem reset\r\n", modem_nr);
 		PIO_Set(&perst->pin);
 	} else {
 		TRACE_INFO("%u: De-asserting modem reset\r\n", modem_nr);
 		PIO_Clear(&perst->pin);
 	}
 	return 0;
 }
 int wwan_perst_init(void)
 {
 	int num_perst = 0;
 #ifdef PIN_PERST1
 	PIO_Configure(&perst1.pin, 1);
 	perst1.timer.cb = perst_tmr_cb;
 	perst1.timer.data = (void *) &perst1;
 	num_perst++;
 #endif
 #ifdef PIN_PERST2
 	PIO_Configure(&perst2.pin, 1);
 	perst2.timer.cb = perst_tmr_cb;
 	perst2.timer.data = (void *) &perst2;
 	num_perst++;
 #endif
 	initialized = 1;
 	return num_perst;
 }
--- a/firmware/libboard/octsimtest/include/board.h
+++ b/firmware/libboard/octsimtest/include/board.h
@@ -50,28 +50,81 @@
 /* Button to force bootloader start (shorted to ground when pressed */
 #define PIN_BOOTLOADER_SW      {PIO_PA5, PIOA, ID_PIOA, PIO_INPUT, PIO_PULLUP}
 //FIXME SIM_PWEN_PIN collides with PA5/bootloader_sw on octsimtest
 /* Enable powering the card using the second 3.3 V output of the LDO (active high) */
 #define SIM_PWEN_PIN           {PIO_PA12, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 /* Enable powering the SIM card */
 #define PWR_PINS                SIM_PWEN_PIN
 // FIXME PA8 is 32khz xtal on octsimtest
 /* Card presence pin */
 #define SW_SIM                  PIO_PA11
 /* Pull card presence pin high (shorted to ground in card slot when card is present) */
 #define SMARTCARD_CONNECT_PIN  {SW_SIM, PIOA, ID_PIOA, PIO_INPUT, PIO_PULLUP | PIO_DEBOUNCE | PIO_DEGLITCH | PIO_IT_EDGE }
 /** Smart card connection **/
 //FIXME
 /* Card RST reset signal input (active low; RST_SIM in schematic) */
 #define PIN_SIM_RST            {PIO_PA13, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 /* Card I/O data signal input/output (I/O_SIM in schematic) */
 #define PIN_SIM_IO             {PIO_PA6A_TXD0, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Card CLK clock input (CLK_SIM in schematic) */
 #define PIN_SIM_CLK            {PIO_PA2B_SCK0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
 /* Pin to measure card I/O timing (to start measuring the ETU on I/O activity; connected I/O_SIM in schematic) */
 #define PIN_SIM_IO_INPUT       {PIO_PA1B_TIOB0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
 //FIXME PIO_PA4B_TCLK0 PA4 is LED on octsimtest
 /* Pin used as clock input (to measure the ETU duration; connected to CLK_SIM in schematic) */
 #define PIN_SIM_CLK_INPUT      {PIO_PA14, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
 /* Pins used to measure ETU timing (using timer counter) */ 
 #define PINS_TC                 PIN_SIM_IO_INPUT, PIN_SIM_CLK_INPUT
 /** Phone connection **/
 /* Phone USIM slot 1 VCC pin (VCC_PHONE in schematic) */
 #define PIN_USIM1_VCC          {PIO_PA25, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
 /* Phone USIM slot 1 RST pin (active low; RST_PHONE in schematic) */
-#define PIN_USIM1_nRST         {PIO_PA24, PIOA, ID_PIOA, PIO_INPUT, PIO_IT_EDGE | PIO_DEGLITCH }
+#define PIN_USIM1_nRST         {PIO_PA24, PIOA, ID_PIOA, PIO_INPUT, PIO_IT_RISE_EDGE | PIO_DEGLITCH }
 /* Phone I/O data signal input/output (I/O_PHONE in schematic) */
 #define PIN_PHONE_IO           {PIO_PA22A_TXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Phone CLK clock input (CLK_PHONE in schematic) */
 #define PIN_PHONE_CLK          {PIO_PA23A_SCK1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Pin used to switch level shifter in I/O line between rx (0) and tx (1) */
 #define PIN_USIM1_IO_DIR	{PIO_PA26, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 /* Pin used for phone USIM slot 1 communication */
-#define PINS_USIM1              PIN_PHONE_IO, PIN_PHONE_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST, PIN_USIM1_IO_DIR
+#define PINS_USIM1              PIN_PHONE_IO, PIN_PHONE_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST
 /* Phone I/O data signal input/output (unused USART RX input; connected to I/O_PHONE in schematic) */
 #define PIN_PHONE_IO_INPUT     {PIO_PA21A_RXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Pin used as clock input (to measure the ETU duration; connected to CLK_PHONE in schematic) */
 #define PIN_PHONE_CLK_INPUT    {PIO_PA29B_TCLK2, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
 /** Default pin configuration **/
 /* Disconnect VPP, CLK, and RST lines between card and phone using bus switch (high sets bus switch to high-impedance) */
 #define PIN_SC_SW_DEFAULT      {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 /* Disconnect I/O line between card and phone using bus switch (high sets bus switch to high-impedance) */
 #define PIN_IO_SW_DEFAULT      {PIO_PA19, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 /* Disconnect all lines (VPP, CLK, RST, and I/O) between card and phone */
 #define PINS_BUS_DEFAULT        PIN_SC_SW_DEFAULT, PIN_IO_SW_DEFAULT
 /** Sniffer configuration **/
 /* Connect VPP, CLK, and RST lines between card and phone using bus switch (low connects signals on bus switch) */
 #define PIN_SC_SW_SNIFF        {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 /* Connect I/O line between card and phone using bus switch (low connects signals on bus switch) */
 #define PIN_IO_SW_SNIFF        {PIO_PA19, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 /* Connect all lines (VPP, CLK, RST, and I/O) between card and phone */
 #define PINS_BUS_SNIFF          PIN_SC_SW_SNIFF, PIN_IO_SW_SNIFF
 /* Card RST reset signal input (use as input since the phone will drive it) */
 #define PIN_SIM_RST_SNIFF      {PIO_PA7, PIOA, ID_PIOA, PIO_INPUT, PIO_DEGLITCH | PIO_IT_EDGE}
 /* Pins used to sniff phone-card communication */
 #define PINS_SIM_SNIFF          PIN_SIM_IO, PIN_SIM_CLK, PIN_SIM_RST_SNIFF
 /* Disable power converter 4.5-6V to 3.3V (active high) */
 #define PIN_SIM_PWEN_SNIFF     {SIM_PWEN, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 /* Enable power switch to forward VCC_PHONE to VCC_SIM (active high) */
 #define PIN_VCC_FWD_SNIFF      {VCC_FWD, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 /* Use phone VCC to power card */
 #define PINS_PWR_SNIFF          PIN_SIM_PWEN_SNIFF, PIN_VCC_FWD_SNIFF
 /** CCID configuration */
 /* Card RST reset signal input (active low; RST_SIM in schematic) */
 #define PIN_ISO7816_RSTMC      {PIO_PA7, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 /* ISO7816-communication related pins */
 #define PINS_ISO7816            PIN_SIM_IO,  PIN_SIM_CLK,  PIN_ISO7816_RSTMC // SIM_PWEN_PIN, PIN_SIM_IO2, PIN_SIM_CLK2
 /** External SPI flash interface   **/
 /* SPI MISO pin definition */
@@ -87,36 +140,30 @@
 /* SPI flash write protect pin (active low, pulled low) */
 #define PIN_SPI_WP    {PA15, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 /** Pin configuration to control USB pull-up on D+
 *  @details the USB pull-up on D+ is enable by default on the board but can be disabled by setting PA16 high
 */
 #define PIN_USB_PULLUP  {PIO_PA16, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 /** USB definitions */
 /* OpenMoko SIMtrace 2 USB vendor ID */
 #define BOARD_USB_VENDOR_ID	USB_VENDOR_OPENMOKO
 /* OpenMoko SIMtrace 2 USB product ID (main application/runtime mode) */
-#define BOARD_USB_PRODUCT_ID	USB_PRODUCT_OCTSIMTEST
+#define BOARD_USB_PRODUCT_ID	USB_PRODUCT_SIMTRACE2
 /* OpenMoko SIMtrace 2 DFU USB product ID (DFU bootloader/DFU mode) */
-#define BOARD_DFU_USB_PRODUCT_ID USB_PRODUCT_OCTSIMTEST
+#define BOARD_DFU_USB_PRODUCT_ID USB_PRODUCT_SIMTRACE2_DFU
 /* USB release number (bcdDevice, shown as 0.00) */
 #define BOARD_USB_RELEASE	0x000
 /* Indicate SIMtrace is bus power in USB attributes */
 #define BOARD_USB_BMATTRIBUTES	USBConfigurationDescriptor_BUSPOWERED_NORWAKEUP
 #define DETECT_VCC_BY_ADC
 /* we have a resistive voltage divider of 47 + 30 kOhms to also detect 5V supply power */
 #define VCC_UV_THRESH_1V8	(1500000*47)/(47+30)
 #define VCC_UV_THRESH_3V	(2500000*47)/(47+30)
 #define HAVE_SLOT_MUX
 #define HAVE_BOARD_CARDINSERT
 struct cardem_inst;
 void board_set_card_insert(struct cardem_inst *ci, bool card_insert);
 /** Supported modes */
 /* SIMtrace board supports sniffer mode */
 //#define HAVE_SNIFFER
 /* SIMtrace board supports CCID mode */
 //#define HAVE_CCID
 /* SIMtrace board supports card emulation mode */
-#define HAVE_CARDEM
+//#define HAVE_CARDEM
 /* SIMtrace board supports man-in-the-middle mode */
 //#define HAVE_MITM
 /* octsimtest board supports gpio_test mode */
--- a/firmware/libboard/octsimtest/include/mcp23017.h
+++ b/firmware/libboard/octsimtest/include/mcp23017.h
@@ -18,10 +18,8 @@
 #define MCP23017_ADDRESS 0x20
-int mcp23017_init(uint8_t slave, uint8_t iodira, uint8_t iodirb);
+int mcp23017_init(uint8_t slave);
 int mcp23017_test(uint8_t slave);
 int mcp23017_toggle(uint8_t slave);
 int mcp23017_set_output_a(uint8_t slave, uint8_t val);
 int mcp23017_set_output_b(uint8_t slave, uint8_t val);
 //int mcp23017_write_byte(uint8_t slave, uint8_t addr, uint8_t byte);
 //int mcp23017_read_byte(uint8_t slave, uint8_t addr);
--- a/firmware/libboard/octsimtest/include/mux.h
+++ b/firmware/libboard/octsimtest/include/mux.h
@@ -1,17 +0,0 @@
 #pragma once
 void mux_init(void);
 int mux_set_slot(uint8_t s);
 int mux_get_slot(void);
 void mux_set_freq(uint8_t s);
 /* this reflects the wiring between U5 and U4 */
 #define MUX_FREQ_DIV_2		0
 #define MUX_FREQ_DIV_4		1
 #define MUX_FREQ_DIV_16		2
 #define MUX_FREQ_DIV_32		3
 #define MUX_FREQ_DIV_32		3
 #define MUX_FREQ_DIV_128	4
 #define MUX_FREQ_DIV_512	5
 #define MUX_FREQ_DIV_2048	6
 #define MUX_FREQ_DIV_4096	7
--- a/firmware/libboard/octsimtest/source/board_octsimtest.c
+++ b/firmware/libboard/octsimtest/source/board_octsimtest.c
@@ -17,7 +17,6 @@
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
 */
 #include <stdbool.h>
 #include "board.h"
 #include "simtrace.h"
 #include "utils.h"
@@ -26,29 +25,16 @@
 #include "usb_buf.h"
 #include "i2c.h"
 #include "mcp23017.h"
 #include "mux.h"
 static bool mcp2317_present = false;
 void board_exec_dbg_cmd(int ch)
 {
 	switch (ch) {
 	case '?':
 		printf("\t?\thelp\n\r");
 		printf("\t0-8\tselect physical SIM slot\n\r");
 		printf("\tR\treset SAM3\n\r");
 		printf("\tm\trun mcp23017 test\n\r");
-		printf("\ti\tset card insert via I2C\n\r");
+		printf("\tR\ttoggle MSB of gpio on mcp23017\n\r");
 		printf("\tI\tdisable card insert\n\r");
 		break;
 	case '0': mux_set_slot(0); break;
 	case '1': mux_set_slot(1); break;
 	case '2': mux_set_slot(2); break;
 	case '3': mux_set_slot(3); break;
 	case '4': mux_set_slot(4); break;
 	case '5': mux_set_slot(5); break;
 	case '6': mux_set_slot(6); break;
 	case '7': mux_set_slot(7); break;
 	case 'R':
 		printf("Asking NVIC to reset us\n\r");
 		USBD_Disconnect();
@@ -57,13 +43,8 @@ void board_exec_dbg_cmd(int ch)
 	case 'm':
 		mcp23017_test(MCP23017_ADDRESS);
 		break;
-	case 'i':
+	case 't':
-		printf("Setting card insert (slot=%u)\r\n", mux_get_slot());
+		mcp23017_toggle(MCP23017_ADDRESS);
 		mcp23017_set_output_a(MCP23017_ADDRESS, (1 << mux_get_slot()));
 		break;
 	case 'I':
 		printf("Releasing card insert (slot=%u)\r\n", mux_get_slot());
 		mcp23017_set_output_a(MCP23017_ADDRESS, 0);
 		break;
 	default:
 		printf("Unknown command '%c'\n\r", ch);
@@ -76,13 +57,9 @@ void board_main_top(void)
 #ifndef APPLICATION_dfu
 	usb_buf_init();
 	mux_init();
 	i2c_pin_init();
-	/* PORT A: all outputs, Port B0 output, B1..B7 unused */
+	if (!mcp23017_init(MCP23017_ADDRESS))
-	if (mcp23017_init(MCP23017_ADDRESS, 0x00, 0xfe) == 0) {
+		printf("mcp23017 not found!\n\r");
 		mcp2317_present = true;
 		mcp23017_set_output_a(MCP23017_ADDRESS, 0);
 	}
 	/* Initialize checking for card insert/remove events */
 	//card_present_init();
 #endif
@@ -102,23 +79,3 @@ int board_override_enter_dfu(void)
 	} else
 		return 0;
 }
 void board_set_card_insert(struct cardem_inst *ci, bool card_insert)
 {
 	int s = mux_get_slot();
 	/* A0 .. A7 of the MCP are each connected to the gate of a FET which closes
 	 * the sim-present signal of the respective slot */
 	if (mcp2317_present) {
 		if (card_insert) {
 			/* we must enable card-presence of the active slot and disable it on all others */
 			mcp23017_set_output_a(MCP23017_ADDRESS, (1 << s));
 		} else {
 			/* we disable all card insert signals */
 			mcp23017_set_output_a(MCP23017_ADDRESS, 0);
 		}
 	} else {
 		TRACE_WARNING("No MCP23017 present; cannot set CARD_INSERT\r\n");
 	}
 }
--- a/firmware/libboard/octsimtest/source/mcp23017.c
+++ b/firmware/libboard/octsimtest/source/mcp23017.c
@@ -92,25 +92,19 @@ out_stop:
 		return 0;
 }
-int mcp23017_init(uint8_t slave, uint8_t iodira, uint8_t iodirb)
+int mcp23017_init(uint8_t slave)
 {
-	TRACE_DEBUG("mcp23017_init\n\r");
+	printf("mcp23017_init\n\r");
 	// all gpio input
-	if (mcp23017_write_byte(slave, MCP23017_IODIRA, iodira))
+	if (mcp23017_write_byte(slave, MCP23017_IODIRA, 0xff))
-		goto out_err;
+		return false;
 	// msb of portb output, rest input
-	if (mcp23017_write_byte(slave, MCP23017_IODIRB, iodirb))
+	if (mcp23017_write_byte(slave, MCP23017_IODIRB, 0x7f))
-		goto out_err;
+		return false;
 	if (mcp23017_write_byte(slave, MCP23017_IOCONA, 0x20)) //disable SEQOP (autoinc addressing)
-		goto out_err;
+		return false;
-
+	printf("mcp23017 found\n\r");
-	TRACE_DEBUG("mcp23017 found\n\r");
+	return true;
 	return 0;
 out_err:
 	TRACE_WARNING("mcp23017 NOT found!\n\r");
 	return -1;
 }
 int mcp23017_test(uint8_t slave)
@@ -126,16 +120,6 @@ int mcp23017_test(uint8_t slave)
 	return 0;
 }
 int mcp23017_set_output_a(uint8_t slave, uint8_t val)
 {
 	return mcp23017_write_byte(slave, MCP23017_OLATA, val);
 }
 int mcp23017_set_output_b(uint8_t slave, uint8_t val)
 {
 	return mcp23017_write_byte(slave, MCP23017_OLATB, val);
 }
 int mcp23017_toggle(uint8_t slave)
 {
 	// example writing MSB of gpio
--- a/firmware/libboard/octsimtest/source/mux.c
+++ b/firmware/libboard/octsimtest/source/mux.c
@@ -1,113 +0,0 @@
 /* sysmoOCTSIMTEST support for multiplexers
 *
 * (C) 2021 by Harald Welte <laforge@gnumonks.org>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
 */
 #include "board.h"
 #include "mux.h"
 #include <stdbool.h>
 #include <errno.h>
 /* 3-bit S0..S2 signal for slot selection */
 static const Pin pin_in_sel[3] = {
 	{ PIO_PA1, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT },
 	{ PIO_PA2, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT },
 	{ PIO_PA3, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT },
 };
 /* 3-bit S0..S2 signal for frequency divider selection */
 static const Pin pin_freq_sel[3] = {
 	{ PIO_PA16, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT },
 	{ PIO_PA17, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT },
 	{ PIO_PA18, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT },
 };
 /* low-active output enable for all muxes */
 static const Pin pin_oe = { PIO_PA19, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT };
 static uint8_t g_mux_slot = 0;
 /* initialize the external 1:8 multiplexers */
 void mux_init(void)
 {
 	PIO_Configure(&pin_oe, PIO_LISTSIZE(pin_oe));
 	PIO_Configure(pin_in_sel, PIO_LISTSIZE(pin_in_sel));
 	PIO_Configure(pin_freq_sel, PIO_LISTSIZE(pin_freq_sel));
 	mux_set_slot(0);
 }
 /* set the slot selection mux */
 int mux_set_slot(uint8_t s)
 {
 	TRACE_INFO("%s(%u)\r\n", __func__, s);
 	if (s > 7)
 		return -EINVAL;
 	/* !OE = H: disconnect input and output of muxes */
 	PIO_Set(&pin_oe);
 	if (s & 1)
 		PIO_Set(&pin_in_sel[0]);
 	else
 		PIO_Clear(&pin_in_sel[0]);
 	if (s & 2)
 		PIO_Set(&pin_in_sel[1]);
 	else
 		PIO_Clear(&pin_in_sel[1]);
 	if (s & 4)
 		PIO_Set(&pin_in_sel[2]);
 	else
 		PIO_Clear(&pin_in_sel[2]);
 	/* !OE = L: (re-)enable the output of muxes */
 	PIO_Clear(&pin_oe);
 	g_mux_slot = s;
 	return s;
 }
 int mux_get_slot(void)
 {
 	return g_mux_slot;
 }
 /* set the frequency divider mux */
 void mux_set_freq(uint8_t s)
 {
 	TRACE_INFO("%s(%u)\r\n", __func__, s);
 	/* no need for 'break before make' here, this would also affect
 	 * the SIM card I/O signals which we don't want to disturb */
 	if (s & 1)
 		PIO_Set(&pin_freq_sel[0]);
 	else
 		PIO_Clear(&pin_freq_sel[0]);
 	if (s & 2)
 		PIO_Set(&pin_freq_sel[1]);
 	else
 		PIO_Clear(&pin_freq_sel[1]);
 	if (s & 4)
 		PIO_Set(&pin_freq_sel[2]);
 	else
 		PIO_Clear(&pin_freq_sel[2]);
 	/* !OE = L: ensure enable the output of muxes */
 	PIO_Clear(&pin_oe);
 }
--- a/firmware/libboard/octsimtest/source/sim_switch.c
+++ b/firmware/libboard/octsimtest/source/sim_switch.c
@@ -1,37 +0,0 @@
 /* Code to switch between local (physical) and remote (emulated) SIM
 *
 * (C) 2021 by Harald Welte <hwelte@hmw-consulting.de>
 * 
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
 */
 #include "board.h"
 #include "trace.h"
 #include "sim_switch.h"
 int sim_switch_use_physical(unsigned int nr, int physical)
 {
 	if (physical) {
 		TRACE_ERROR("%u: Use local/physical SIM - UNSUPPORTED!\r\n", nr);
 	} else {
 		TRACE_INFO("%u: Use remote/emulated SIM\r\n", nr);
 	}
 	return 0;
 }
 int sim_switch_init(void)
 {
 	return 1; // SIMtrace hardware has only one switchable interface
 }
--- a/firmware/libboard/qmod/include/board.h
+++ b/firmware/libboard/qmod/include/board.h
@@ -109,9 +109,6 @@
 #define BOARD_USB_RELEASE	0x010
 #define CARDEMU_SECOND_UART
 #define DETECT_VCC_BY_ADC
 #define VCC_UV_THRESH_1V8	1500000
 #define VCC_UV_THRESH_3V	2500000
 #define HAVE_CARDEM
--- a/firmware/libboard/qmod/source/board_qmod.c
+++ b/firmware/libboard/qmod/source/board_qmod.c
@@ -194,7 +194,7 @@ void board_exec_dbg_cmd(int ch)
 	   this is done to prevent accidental ERASE on noisy serial input since only one character can trigger the ERASE.
 	 */
 	static bool allow_erase = false;
-#endif /* ALLOW_PEER_ERASE */
+#endif
 	switch (ch) {
 	case '?':
@@ -205,17 +205,13 @@ void board_exec_dbg_cmd(int ch)
 		printf("\tg\tswitch off LED 2\n\r");
 		printf("\tG\tswitch off LED 2\n\r");
 		if (qmod_sam3_is_12()) {
 #if (ALLOW_PEER_ERASE > 0)
 			printf("\tE\tprogram EEPROM\n\r");
 			printf("\te\tErase EEPROM\n\r");
 #endif /* ALLOW_PEER_ERASE */
 			printf("\tO\tEnable PRTPWR_OVERRIDE\n\r");
 			printf("\to\tDisable PRTPWR_OVERRIDE\n\r");
 #if (ALLOW_PEER_ERASE > 0)
 			printf("\tH\tRelease HUB RESET (high)\n\r");
 			printf("\th\tAssert HUB RESET (low)\n\r");
 			printf("\tw\tWrite single byte in EEPROM\n\r");
 #endif /* ALLOW_PEER_ERASE */
 			printf("\tr\tRead single byte from EEPROM\n\r");
 		}
 		printf("\tX\tRelease peer SAM3 from reset\n\r");
@@ -224,13 +220,10 @@ void board_exec_dbg_cmd(int ch)
 		printf("\tY\tRelease peer SAM3 ERASE signal\n\r");
 		printf("\ta\tAllow asserting peer SAM3 ERASE signal\n\r");
 		printf("\ty\tAssert peer SAM3 ERASE signal\n\r");
-#endif /* ALLOW_PEER_ERASE */
+#endif
 		printf("\tU\tProceed to USB Initialization\n\r");
 		printf("\t1\tGenerate 1ms reset pulse on WWAN1\n\r");
 		printf("\t2\tGenerate 1ms reset pulse on WWAN2\n\r");
 		printf("\t!\tSwitch Channel A from physical -> remote\n\r");
 		printf("\t@\tSwitch Channel B from physical -> remote\n\r");
 		printf("\tt\t(pseudo)talloc report\n\r");
 		break;
 	case 'R':
 		printf("Asking NVIC to reset us\n\r");
@@ -278,7 +271,7 @@ void board_exec_dbg_cmd(int ch)
 			printf("Please first allow setting SIMTRACExx_ERASE\n\r");
 		}
 		break;
-#endif /* ALLOW_PEER_ERASE */
+#endif
 	case '1':
 		printf("Resetting Modem 1 (of this SAM3)\n\r");
 		wwan_perst_do_reset_pulse(0, 300);
@@ -293,9 +286,6 @@ void board_exec_dbg_cmd(int ch)
 	case '@':
 		sim_switch_use_physical(0, 0);
 		break;
 	case 't':
 		talloc_report(NULL, stdout);
 		break;
 	default:
 		if (!qmod_sam3_is_12())
 			printf("Unknown command '%c'\n\r", ch);
@@ -309,7 +299,7 @@ void board_exec_dbg_cmd(int ch)
 	if ('a' != ch) {
 		allow_erase = false;
 	}
-#endif /* ALLOW_PEER_ERASE */
+#endif
 }
 void board_main_top(void)
--- a/firmware/libboard/qmod/source/sim_switch.c
+++ b/firmware/libboard/qmod/source/sim_switch.c
@@ -1,90 +0,0 @@
 /* Code to switch between local (physical) and remote (emulated) SIM
 *
 * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
 */
 #include "board.h"
 #include "trace.h"
 #include "led.h"
 #include "sim_switch.h"
 #ifdef PIN_SIM_SWITCH1
 static const Pin pin_conn_usim1 = {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
 #endif
 #ifdef PIN_SIM_SWITCH2
 static const Pin pin_conn_usim2 = {PIO_PA28, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
 #endif
 static int initialized = 0;
 int sim_switch_use_physical(unsigned int nr, int physical)
 {
 	const Pin *pin;
 	enum led led;
 	if (!initialized) {
 		TRACE_ERROR("Somebody forgot to call sim_switch_init()\r\n");
 		sim_switch_init();
 	}
 	TRACE_INFO("Modem %d: %s SIM\n\r", nr,
 		   physical ? "physical" : "virtual");
 	switch (nr) {
 #ifdef PIN_SIM_SWITCH1
 	case 0:
 		pin = &pin_conn_usim1;
 		led = LED_USIM1;
 		break;
 #endif
 #ifdef PIN_SIM_SWITCH2
 	case 1:
 		pin = &pin_conn_usim2;
 		led = LED_USIM2;
 		break;
 #endif
 	default:
 		TRACE_ERROR("Invalid SIM%u\n\r", nr);
 		return -1;
 	}
 	if (physical) {
 		TRACE_INFO("%u: Use local/physical SIM\r\n", nr);
 		PIO_Clear(pin);
 		led_blink(led, BLINK_ALWAYS_ON);
 	} else {
 		TRACE_INFO("%u: Use remote/emulated SIM\r\n", nr);
 		PIO_Set(pin);
 		led_blink(led, BLINK_ALWAYS_OFF);
 	}
 	return 0;
 }
 int sim_switch_init(void)
 {
 	int num_switch = 0;
 #ifdef PIN_SIM_SWITCH1
 	PIO_Configure(&pin_conn_usim1, 1);
 	num_switch++;
 #endif
 #ifdef PIN_SIM_SWITCH2
 	PIO_Configure(&pin_conn_usim2, 1);
 	num_switch++;
 #endif
 	initialized = 1;
 	return num_switch;
 }
--- a/firmware/libboard/sam3p256/include/board.h
+++ b/firmware/libboard/sam3p256/include/board.h
@@ -135,6 +135,11 @@
 #define PIN_SPI_WP    {PA15, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 #endif
 /** Pin configuration to control USB pull-up on D+
 *  @details the USB pull-up on D+ is enable by default on the board but can be disabled by setting PA16 high
 */
 #define PIN_USB_PULLUP  {PIO_PA16, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 /** USB definitions */
 /* OpenMoko SIMtrace 2 USB vendor ID */
 #define BOARD_USB_VENDOR_ID	USB_VENDOR_OPENMOKO
--- a/firmware/libboard/simtrace/include/board.h
+++ b/firmware/libboard/simtrace/include/board.h
@@ -40,7 +40,7 @@
 /** green LED pin definition */
 #define PIN_LED_GREEN   {PIO_LED_GREEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 /** LEDs pin definition */
-#define PINS_LEDS       PIN_LED_RED, PIN_LED_GREEN
+#define PINS_LEDS       PIN_LED_RED, PIN_LED_GREEN 
 /** index for red LED in LEDs pin definition array */
 #define LED_NUM_RED     0
 /** index for green LED in LEDs pin definition array */
@@ -78,11 +78,11 @@
 /* Phone USIM slot 1 RST pin (active low; RST_PHONE in schematic) */
 #define PIN_USIM1_nRST         {PIO_PA24, PIOA, ID_PIOA, PIO_INPUT, PIO_IT_EDGE | PIO_DEGLITCH }
 /* Phone I/O data signal input/output (I/O_PHONE in schematic) */
-#define PIN_USIM1_IO           {PIO_PA22A_TXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+#define PIN_PHONE_IO           {PIO_PA22A_TXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Phone CLK clock input (CLK_PHONE in schematic) */
-#define PIN_USIM1_CLK          {PIO_PA23A_SCK1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+#define PIN_PHONE_CLK          {PIO_PA23A_SCK1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Pin used for phone USIM slot 1 communication */
-#define PINS_USIM1              PIN_USIM1_IO, PIN_USIM1_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST
+#define PINS_USIM1              PIN_PHONE_IO, PIN_PHONE_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST
 /* Phone I/O data signal input/output (unused USART RX input; connected to I/O_PHONE in schematic) */
 #define PIN_PHONE_IO_INPUT     {PIO_PA21A_RXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Pin used as clock input (to measure the ETU duration; connected to CLK_PHONE in schematic) */
@@ -134,6 +134,11 @@
 /* SPI flash write protect pin (active low, pulled low) */
 #define PIN_SPI_WP    {PA15, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 /** Pin configuration to control USB pull-up on D+
 *  @details the USB pull-up on D+ is enable by default on the board but can be disabled by setting PA16 high
 */
 #define PIN_USB_PULLUP  {PIO_PA16, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 /** USB definitions */
 /* OpenMoko SIMtrace 2 USB vendor ID */
 #define BOARD_USB_VENDOR_ID	USB_VENDOR_OPENMOKO
@@ -148,14 +153,10 @@
 /** Supported modes */
 /* SIMtrace board supports sniffer mode */
 #ifdef APPLICATION_trace
 #define HAVE_SNIFFER
 #endif
 /* SIMtrace board supports CCID mode */
 //#define HAVE_CCID
 /* SIMtrace board supports card emulation mode */
-#ifdef APPLICATION_cardem
+//#define HAVE_CARDEM
 #define HAVE_CARDEM
 #endif
 /* SIMtrace board supports man-in-the-middle mode */
 //#define HAVE_MITM
--- a/firmware/libboard/simtrace/source/sim_switch.c
+++ b/firmware/libboard/simtrace/source/sim_switch.c
@@ -1,54 +0,0 @@
 /* Code to switch between local (physical) and remote (emulated) SIM
 *
 * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
 * (C) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
 * 
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
 */
 #include "board.h"
 #include "trace.h"
 #include "led.h"
 #include "sim_switch.h"
 int sim_switch_use_physical(unsigned int nr, int physical)
 {
 	const Pin pin_sc = PIN_SC_SW_DEFAULT; // pin to control bus switch for VCC/RST/CLK signals
 	const Pin pin_io = PIN_IO_SW_DEFAULT; // pin to control bus switch for I/O signal
 	if (nr > 0) {
 		TRACE_ERROR("SIM interface for Modem %d can't be switched\r\n", nr);
 		return -1;
 	}
 	TRACE_INFO("Modem %u: %s SIM\n\r", nr, physical ? "physical" : "virtual");
 	if (physical) {
 		TRACE_INFO("%u: Use local/physical SIM\r\n", nr);
 		PIO_Set(&pin_sc);
 		PIO_Set(&pin_io);
 	} else {
 		TRACE_INFO("%u: Use remote/emulated SIM\r\n", nr);
 		PIO_Clear(&pin_sc);
 		PIO_Clear(&pin_io);
 	}
 	return 0;
 }
 int sim_switch_init(void)
 {
 	// the bus switch is already initialised
 	return 1; // SIMtrace hardware has only one switchable interface
 }
--- a/firmware/libcommon/include/assert.h
+++ b/firmware/libcommon/include/assert.h
@@ -89,7 +89,7 @@
 		/// \param condition  Condition to verify.
 		#define ASSERT(condition)  { \
 			if (!(condition)) { \
-				printf_sync("-F- ASSERT: %s %s:%d\n\r", #condition, __BASE_FILE__, __LINE__); \
+				printf("-F- ASSERT: %s %s:%d\n\r", #condition, __BASE_FILE__, __LINE__); \
 				while (1); \
 			} \
 		}
--- a/firmware/libcommon/include/card_emu.h
+++ b/firmware/libcommon/include/card_emu.h
@@ -31,6 +31,7 @@ enum card_io {
 /** initialise card slot
 *  @param[in] slot_num slot number (arbitrary number)
 *  @param[in] tc_chan timer counter channel (to measure the ETU)
 *  @param[in] uart_chan UART peripheral channel
 *  @param[in] in_ep USB IN end point number
 *  @param[in] irq_ep USB INTerrupt end point number
@@ -39,7 +40,7 @@ enum card_io {
 *  @param[in] clocked initial CLK signat state (true = active)
 *  @return main card handle reference
 */
-struct card_handle *card_emu_init(uint8_t slot_num, uint8_t uart_chan, uint8_t in_ep, uint8_t irq_ep, bool vcc_active, bool in_reset, bool clocked);
+struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uart_chan, uint8_t in_ep, uint8_t irq_ep, bool vcc_active, bool in_reset, bool clocked);
 /* process a single byte received from the reader */
 void card_emu_process_rx_byte(struct card_handle *ch, uint8_t byte);
@@ -55,24 +56,13 @@ int card_emu_set_atr(struct card_handle *ch, const uint8_t *atr, uint8_t len);
 struct llist_head *card_emu_get_uart_tx_queue(struct card_handle *ch);
 void card_emu_have_new_uart_tx(struct card_handle *ch);
-void card_emu_report_status(struct card_handle *ch, bool report_on_irq);
+void card_emu_report_status(struct card_handle *ch);
-void card_emu_wtime_half_expired(void *ch);
+#define ENABLE_TX	0x01
-void card_emu_wtime_expired(void *ch);
+#define ENABLE_RX	0x02
 #define ENABLE_TX		0x01
 #define ENABLE_RX		0x02
 #define ENABLE_TX_TIMER_ONLY	0x03
 int card_emu_uart_update_fidi(uint8_t uart_chan, unsigned int fidi);
 void card_emu_uart_update_wt(uint8_t uart_chan, uint32_t wt);
 void card_emu_uart_reset_wt(uint8_t uart_chan);
 int card_emu_uart_tx(uint8_t uart_chan, uint8_t byte);
 void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx);
 void card_emu_uart_wait_tx_idle(uint8_t uart_chan);
 void card_emu_uart_interrupt(uint8_t uart_chan);
 struct cardemu_usb_msg_config;
 int card_emu_set_config(struct card_handle *ch, const struct cardemu_usb_msg_config *scfg,
 			unsigned int scfg_len);
--- a/firmware/libcommon/include/iso7816_fidi.h
+++ b/firmware/libcommon/include/iso7816_fidi.h
@@ -21,10 +21,10 @@
 #include <stdint.h>
 /* Table 7 of ISO 7816-3:2006 */
-extern const uint16_t iso7816_3_fi_table[16];
+extern const uint16_t fi_table[];
 /* Table 8 from ISO 7816-3:2006 */
-extern const uint8_t iso7816_3_di_table[16];
+extern const uint8_t di_table[];
-/* compute the F/D ratio based on F_index and D_index values */
+/* compute the F/D ratio based on Fi and Di values */
-int iso7816_3_compute_fd_ratio(uint8_t f_index, uint8_t d_index);
+int compute_fidi_ratio(uint8_t fi, uint8_t di);
--- a/firmware/libcommon/include/main_common.h
+++ b/firmware/libcommon/include/main_common.h
@@ -1,3 +0,0 @@
 #pragma once
 void print_banner(void);
--- a/firmware/libcommon/include/ringbuffer.h
+++ b/firmware/libcommon/include/ringbuffer.h
@@ -21,7 +21,7 @@
 #include <stdbool.h>
 #include <sys/types.h>
-#define RING_BUFLEN 1024
+#define RING_BUFLEN 512
 typedef struct ringbuf {
 	uint8_t buf[RING_BUFLEN];
--- a/firmware/libcommon/include/simtrace_prot.h
+++ b/firmware/libcommon/include/simtrace_prot.h
@@ -62,8 +62,6 @@ enum simtrace_msg_type_cardem {
 	SIMTRACE_MSGT_DO_CEMU_RX_DATA,
 	/* Indicate PTS request from phone */
 	SIMTRACE_MSGT_DO_CEMU_PTS,
 	/* Set configurable parameters */
 	SIMTRACE_MSGT_BD_CEMU_CONFIG,
 };
 /* SIMTRACE_MSGC_MODEM */
@@ -230,17 +228,11 @@ struct cardemu_usb_msg_status {
 	uint32_t flags;
 	/* phone-applied target voltage in mV */
 	uint16_t voltage_mv;
-	/* F/D related information. Not actual Fn/Dn values but indexes into tables! */
+	/* Fi/Di related information */
-	union {
+	uint8_t fi;
-		uint8_t F_index;	/* <! Index to ISO7816-3 Table 7 (F and f_max values) */
+	uint8_t di;
-		uint8_t fi;		/* <! old, wrong name for API compatibility */
+	uint8_t wi;
-	};
+	uint32_t waiting_time;
 	union {
 		uint8_t D_index;	/* <! Index to ISO7816-3 Table 8 (D value) */
 		uint8_t di;		/* <! old, wrong name for API compatibility */
 	};
 	uint8_t wi;		/* <! Waiting Integer as defined in ISO7816-3 Section 10.2 */
 	uint32_t waiting_time;	/* <! Waiting Time in etu as defined in ISO7816-3 Section 8.1 */
 } __attribute__ ((packed));
 /* CEMU_USB_MSGT_DO_PTS */
@@ -262,17 +254,6 @@ struct cardemu_usb_msg_error {
 	uint8_t msg[0];
 } __attribute__ ((packed));
 /* enable/disable the generation of DO_STATUS on IRQ endpoint */
 #define CEMU_FEAT_F_STATUS_IRQ	0x00000001
 /* SIMTRACE_MSGT_BD_CEMU_CONFIG */
 struct cardemu_usb_msg_config {
 	/* bit-mask of CEMU_FEAT_F flags */
 	uint32_t features;
 	/* the selected slot number (if an external mux is present) */
 	uint8_t slot_mux_nr;
 } __attribute__ ((packed));
 /***********************************************************************
 * MODEM CONTROL
 ***********************************************************************/
--- a/firmware/libcommon/include/simtrace_usb.h
+++ b/firmware/libcommon/include/simtrace_usb.h
@@ -25,8 +25,6 @@
 #define USB_PRODUCT_QMOD_SAM3		0x4004
 #define USB_PRODUCT_SIMTRACE2_DFU	0x60e3	/* was 0x60e2 */
 #define USB_PRODUCT_SIMTRACE2		0x60e3
 #define USB_PRODUCT_OCTSIMTEST		0x616d
 #define USB_PRODUCT_NGFF_CARDEM		0x616e
 /* USB proprietary class */
 #define USB_CLASS_PROPRIETARY			0xff
@@ -66,4 +64,4 @@
 #define SIMTRACE_CARDEM_USB_EP_USIM2_INT		3
 /*! Maximum number of endpoints */
-#define BOARD_USB_NUMENDPOINTS		7 /* 0 (control) + 2 (interfaces) * 3 (endpoints) */
+#define BOARD_USB_NUMENDPOINTS		6
--- a/firmware/libcommon/include/talloc.h
+++ b/firmware/libcommon/include/talloc.h
@@ -17,7 +17,6 @@
 #pragma once
 #include <stdlib.h>
 #include <stdio.h>
 #include <stdarg.h>
 /* minimalistic emulation of core talloc API functions used by msgb.c */
@@ -40,4 +39,3 @@ void *talloc_named_const(const void *context, size_t size, const char *name);
 void talloc_set_name_const(const void *ptr, const char *name);
 char *talloc_strdup(const void *t, const char *p);
 void *talloc_pool(const void *context, size_t size);
 void talloc_report(const void *ptr, FILE *f);
--- a/firmware/libcommon/include/usb_buf.h
+++ b/firmware/libcommon/include/usb_buf.h
@@ -29,8 +29,6 @@ struct usb_buffered_ep {
 	volatile uint32_t in_progress;
 	/* Tx queue (IN) / Rx queue (OUT) */
 	struct llist_head queue;
 	/* current length of queue */
 	unsigned int queue_len;
 };
 struct msgb *usb_buf_alloc(uint8_t ep);
--- a/firmware/libcommon/source/card_emu.c
+++ b/firmware/libcommon/source/card_emu.c
@@ -1,6 +1,6 @@
 /* ISO7816-3 state machine for the card side
 *
- * (C) 2010-2021 by Harald Welte <laforge@gnumonks.org>
+ * (C) 2010-2017 by Harald Welte <laforge@gnumonks.org>
 * (C) 2018 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
 *
 * This program is free software; you can redistribute it and/or modify
@@ -27,21 +27,16 @@
 #include "utils.h"
 #include "trace.h"
 #include "iso7816_fidi.h"
 #include "tc_etu.h"
 #include "card_emu.h"
 #include "simtrace_prot.h"
 #include "usb_buf.h"
 #include <osmocom/core/linuxlist.h>
 #include <osmocom/core/msgb.h>
 #ifdef HAVE_SLOT_MUX
 #include "mux.h"
 #endif
 #define NUM_SLOTS		2
 /* bit-mask of supported CEMU_FEAT_F_ flags */
 #define SUPPORTED_FEATURES	(CEMU_FEAT_F_STATUS_IRQ)
 #define	ISO7816_3_INIT_WTIME	9600
 #define ISO7816_3_DEFAULT_WI	10
 #define ISO7816_3_ATR_LEN_MAX	(1+32)	/* TS plus 32 chars */
@@ -60,15 +55,42 @@ enum iso7816_3_card_state {
 };
 const struct value_string iso7816_3_card_state_names[] = {
-	{ ISO_S_WAIT_POWER,	"WAIT_POWER" },
+	{
-	{ ISO_S_WAIT_CLK,	"WAIT_CLK" },
+		.value = ISO_S_WAIT_POWER,
-	{ ISO_S_WAIT_RST,	"WAIT_RST" },
+		.str = "WAIT_POWER",
-	{ ISO_S_WAIT_ATR,	"WAIT_ATR" },
+	},
-	{ ISO_S_IN_ATR,		"IN_ATR" },
+	{
-	{ ISO_S_IN_PTS,		"IN_PTS" },
+		.value = ISO_S_WAIT_CLK,
-	{ ISO_S_WAIT_TPDU,	"WAIT_TPDU" },
+		.str = "WAIT_CLK",
-	{ ISO_S_IN_TPDU,	"IN_TPDU" },
+	},
-	{ 0, NULL }
+	{
 		.value = ISO_S_WAIT_RST,
 		.str = "WAIT_RST",
 	},
 	{
 		.value = ISO_S_WAIT_ATR,
 		.str = "WAIT_ATR",
 	},
 	{
 		.value = ISO_S_IN_ATR,
 		.str = "IN_ATR",
 	},
 	{
 		.value = ISO_S_IN_PTS,
 		.str = "IN_PTS",
 	},
 	{
 		.value = ISO_S_WAIT_TPDU,
 		.str = "WAIT_TPDU",
 	},
 	{
 		.value = ISO_S_IN_TPDU,
 		.str = "IN_TPDU",
 	},
 	{
 		.value = 0,
 		.str = NULL,
 	},
 };
@@ -88,22 +110,6 @@ enum pts_state {
 	PTS_S_WAIT_RESP_PCK = PTS_S_WAIT_REQ_PCK | 0x10,
 };
 const struct value_string pts_state_names[] = {
 	{ PTS_S_WAIT_REQ_PTSS,	"WAIT_REQ_PTSS" },
 	{ PTS_S_WAIT_REQ_PTS0,	"WAIT_REQ_PTS0" },
 	{ PTS_S_WAIT_REQ_PTS1,	"WAIT_REQ_PTS1" },
 	{ PTS_S_WAIT_REQ_PTS2,	"WAIT_REQ_PTS2" },
 	{ PTS_S_WAIT_REQ_PTS3,	"WAIT_REQ_PTS3" },
 	{ PTS_S_WAIT_REQ_PCK,	"WAIT_REQ_PCK" },
 	{ PTS_S_WAIT_RESP_PTSS,	"WAIT_RESP_PTSS" },
 	{ PTS_S_WAIT_RESP_PTS0,	"WAIT_RESP_PTS0" },
 	{ PTS_S_WAIT_RESP_PTS1,	"WAIT_RESP_PTS1" },
 	{ PTS_S_WAIT_RESP_PTS2,	"WAIT_RESP_PTS2" },
 	{ PTS_S_WAIT_RESP_PTS3,	"WAIT_RESP_PTS3" },
 	{ PTS_S_WAIT_RESP_PCK,	"WAIT_RESP_PCK" },
 	{ 0, NULL }
 };
 /* PTS field byte index */
 #define _PTSS	0
 #define _PTS0	1
@@ -125,15 +131,42 @@ enum tpdu_state {
 };
 const struct value_string tpdu_state_names[] = {
-	{ TPDU_S_WAIT_CLA,	"WAIT_CLA" },
+	{
-	{ TPDU_S_WAIT_INS,	"WAIT_INS" },
+		.value = TPDU_S_WAIT_CLA,
-	{ TPDU_S_WAIT_P1,	"WAIT_P1" },
+		.str = "WAIT_CLA",
-	{ TPDU_S_WAIT_P2,	"WAIT_P2" },
+	},
-	{ TPDU_S_WAIT_P3,	"WAIT_P3" },
+	{
-	{ TPDU_S_WAIT_PB,	"WAIT_PB" },
+		.value = TPDU_S_WAIT_INS,
-	{ TPDU_S_WAIT_RX, 	"WAIT_RX" },
+		.str = "WAIT_INS",
-	{ TPDU_S_WAIT_TX,	"WAIT_TX" },
+	},
-	{ 0, NULL }
+	{
 		.value = TPDU_S_WAIT_P1,
 		.str = "WAIT_P1",
 	},
 	{
 		.value = TPDU_S_WAIT_P2,
 		.str = "WAIT_P2",
 	},
 	{
 		.value = TPDU_S_WAIT_P3,
 		.str = "WAIT_P3",
 	},
 	{
 		.value = TPDU_S_WAIT_PB,
 		.str = "WAIT_PB",
 	},
 	{
 		.value = TPDU_S_WAIT_RX,
 		.str = "WAIT_RX",
 	},
 	{
 		.value = TPDU_S_WAIT_TX,
 		.str = "WAIT_TX",
 	},
 	{
 		.value = 0,
 		.str = NULL,
 	},
 };
 /* TPDU field byte index */
@@ -146,9 +179,6 @@ const struct value_string tpdu_state_names[] = {
 struct card_handle {
 	unsigned int num;
 	/* bit-mask of enabled optional features (CEMU_FEAT_F_*) */
 	uint32_t features;
 	enum iso7816_3_card_state state;
 	/* signal levels */
@@ -156,34 +186,19 @@ struct card_handle {
 	bool in_reset;	/*< if card is in reset (true = RST low/asserted, false = RST high/ released) */
 	bool clocked;	/*< if clock is active ( true = active, false = inactive) */
-	/* All below variables with _index suffix are indexes from 0..15 into Tables 7 + 8
+	/* timing parameters, from PTS */
-	 * of ISO7816-3. */
+	uint8_t fi;
-
+	uint8_t di;
 	/*! Index to clock rate conversion integer Fi (ISO7816-3 Table 7).
 	 *  \note this represents the maximum value supported by the card, and can be indicated in TA1 */
 	uint8_t Fi_index;
 	/*! Current value of index to clock rate conversion integer F (ISO 7816-3 Section 7.1). */
 	uint8_t F_index;
 	/*! Index to baud rate adjustment factor Di (ISO7816-3 Table 8).
 	 *  \note this represents the maximum value supported by the card, and can be indicated in TA1 */
 	uint8_t Di_index;
 	/*! Current value of index to baud rate adjustment factor D (ISO 7816-3 Section 7.1). */
 	uint8_t D_index;
 	/*! Waiting Integer (ISO7816-3 Section 10.2).
 	 *  \note this value can be set in TA2 */
 	uint8_t wi;
-	/*! Waiting Time, in ETU (ISO7816-3 Section 8.1).
+	uint8_t tc_chan;	/* TC channel number */
 	 *  \note this depends on Fi, Di, and WI if T=0 is used */
 	uint32_t waiting_time;	/* in etu */
 	uint8_t uart_chan;	/* UART channel */
 	uint8_t in_ep;		/* USB IN EP */
 	uint8_t irq_ep;		/* USB IN EP */
 	uint32_t waiting_time;	/* in clocks */
 	/* ATR state machine */
 	struct {
 		uint8_t idx;
@@ -218,27 +233,6 @@ struct card_handle {
 	} stats;
 };
 /* reset all the 'dynamic' state of the card handle to the initial/default values */
 static void card_handle_reset(struct card_handle *ch)
 {
 	struct msgb *msg;
 	card_emu_uart_update_wt(ch->uart_chan, 0);
 	/* release any buffers we may still own */
 	if (ch->uart_tx_msg) {
 		usb_buf_free(ch->uart_tx_msg);
 		ch->uart_tx_msg = NULL;
 	}
 	if (ch->uart_rx_msg) {
 		usb_buf_free(ch->uart_rx_msg);
 		ch->uart_rx_msg = NULL;
 	}
 	while ((msg = msgb_dequeue(&ch->uart_tx_queue))) {
 		usb_buf_free(msg);
 	}
 }
 struct llist_head *card_emu_get_uart_tx_queue(struct card_handle *ch)
 {
 	return &ch->uart_tx_queue;
@@ -266,18 +260,18 @@ struct msgb *usb_buf_alloc_st(uint8_t ep, uint8_t msg_class, uint8_t msg_type)
 	while (!msg) {
 		msg = usb_buf_alloc(ep); // try to allocate some memory
 		if (!msg) { // allocation failed, we might be out of memory
-			struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
+			struct llist_head *queue = usb_get_queue(ep);
-			if (!bep) {
+			if (!queue) {
 				TRACE_ERROR("ep %u: %s queue does not exist\n\r",
 				            ep, __func__);
 				return NULL;
 			}
-			if (llist_empty(&bep->queue)) {
+			if (llist_empty(queue)) {
 				TRACE_ERROR("ep %u: %s EOMEM (queue already empty)\n\r",
 				            ep, __func__);
 				return NULL;
 			}
-			msg = msgb_dequeue_count(&bep->queue, &bep->queue_len);
+			msg = msgb_dequeue(queue);
 			if (!msg) {
 				TRACE_ERROR("ep %u: %s no msg in non-empty queue\n\r",
 				            ep, __func__);
@@ -378,14 +372,16 @@ static void emu_update_fidi(struct card_handle *ch)
 {
 	int rc;
-	rc = iso7816_3_compute_fd_ratio(ch->F_index, ch->D_index);
+	rc = compute_fidi_ratio(ch->fi, ch->di);
 	if (rc > 0 && rc < 0x400) {
-		TRACE_INFO("%u: computed F(%u)/D(%u) ratio: %d\r\n", ch->num,
+		TRACE_INFO("%u: computed Fi(%u) Di(%u) ratio: %d\r\n",
-			   ch->F_index, ch->D_index, rc);
+			    ch->num, ch->fi, ch->di, rc);
 		/* make sure UART uses new F/D ratio */
 		card_emu_uart_update_fidi(ch->uart_chan, rc);
 		/* notify ETU timer about this */
 		tc_etu_set_etu(ch->tc_chan, rc);
 	} else
-		TRACE_INFO("%u: computed F/D ratio %d unsupported\r\n",
+		TRACE_INFO("%u: computed FiDi ration %d unsupported\r\n",
 			   ch->num, rc);
 }
@@ -407,23 +403,26 @@ static void card_set_state(struct card_handle *ch,
 	case ISO_S_WAIT_RST:
 		/* disable Rx and Tx of UART */
 		card_emu_uart_enable(ch->uart_chan, 0);
-		/* disable timeout */
+		/* check end activation state (only necessary if the reader to not respect the activation sequence) */
-		card_emu_uart_update_wt(ch->uart_chan, 0);
+		if (ch->vcc_active && ch->clocked && !ch->in_reset) {
 			/* enable the TC/ETU counter once reset has been released */
 			tc_etu_enable(ch->tc_chan);
 			/* prepare to send the ATR */
 			card_set_state(ch, ISO_S_WAIT_ATR);
 		}
 		break;
 	case ISO_S_WAIT_ATR:
 		/* Reset to initial Fi / Di ratio */
-		ch->Fi_index = ch->F_index = 1;
+		ch->fi = 1;
-		ch->Di_index = ch->D_index = 1;
+		ch->di = 1;
 		ch->wi = ISO7816_3_DEFAULT_WI;
 		ch->waiting_time = ISO7816_3_INIT_WTIME;
 		emu_update_fidi(ch);
 		/* enable TX to be able to use the timeout */
 		card_emu_uart_enable(ch->uart_chan, ENABLE_TX_TIMER_ONLY);
 		/* the ATR should only be sent 400 to 40k clock cycles after the RESET.
-		 * we use the UART timeout mechanism to wait this time.
+		 * we use the tc_etu mechanism to wait this time.
 		 * since the initial ETU is Fd=372/Dd=1 clock cycles long, we have to wait 2-107 ETU.
 		 */
-		card_emu_uart_update_wt(ch->uart_chan, 2);
+		tc_etu_set_wtime(ch->tc_chan, 2);
 		/* ensure the TC_ETU timer is enabled */
 		tc_etu_enable(ch->tc_chan);
 		break;
 	case ISO_S_IN_ATR:
 		/* initialize to default WI, this will be overwritten if we
@@ -433,7 +432,7 @@ static void card_set_state(struct card_handle *ch,
 		/* update waiting time to initial waiting time */
 		ch->waiting_time = ISO7816_3_INIT_WTIME;
 		/* set initial waiting time */
-		card_emu_uart_update_wt(ch->uart_chan, ch->waiting_time);
+		tc_etu_set_wtime(ch->tc_chan, ch->waiting_time);
 		/* Set ATR sub-state to initial state */
 		ch->atr.idx = 0;
 		/* enable USART transmission to reader */
@@ -508,11 +507,11 @@ static int tx_byte_atr(struct card_handle *ch)
 				}
 			}
 		}
-		/* update waiting time (see ISO 7816-3 10.2). We can drop the Fi
+		/* update waiting time (see ISO 7816-3 10.2) */
-		 * multiplier as we store the waiting time in units of 'etu', and
+		ch->waiting_time = ch->wi * 960 * ch->fi;
-		 * don't really care what the number of clock cycles or the absolute
+		tc_etu_set_wtime(ch->tc_chan, ch->waiting_time);
-		 * wall clock time is */
+		/* reset PTS to initial state */
-		ch->waiting_time = ch->wi * 960;
+		set_pts_state(ch, PTS_S_WAIT_REQ_PTSS);
 		/* go to next state */
 		card_set_state(ch, ISO_S_WAIT_TPDU);
 		return 0;
@@ -529,9 +528,8 @@ static int tx_byte_atr(struct card_handle *ch)
 /* Update the PTS sub-state */
 static void set_pts_state(struct card_handle *ch, enum pts_state new_ptss)
 {
-	TRACE_DEBUG("%u: 7816 PTS state %s -> %s\r\n", ch->num,
+	TRACE_DEBUG("%u: 7816 PTS state %u -> %u\r\n",
-		    get_value_string(pts_state_names, ch->pts.state),
+		    ch->num, ch->pts.state, new_ptss);
 		    get_value_string(pts_state_names, new_ptss));
 	ch->pts.state = new_ptss;
 }
@@ -611,8 +609,8 @@ process_byte_pts(struct card_handle *ch, uint8_t byte)
 		memcpy(ch->pts.resp, ch->pts.req, sizeof(ch->pts.resp));
 		break;
 	default:
-		TRACE_ERROR("%u: process_byte_pts() in invalid PTS state %s\r\n", ch->num,
+		TRACE_ERROR("%u: process_byte_pts() in invalid state %u\r\n",
-			    get_value_string(pts_state_names, ch->pts.state));
+			    ch->num, ch->pts.state);
 		break;
 	}
 	/* calculate the next state and set it */
@@ -647,11 +645,10 @@ static int tx_byte_pts(struct card_handle *ch)
 	case PTS_S_WAIT_RESP_PTS1:
 		byte = ch->pts.resp[_PTS1];
 		/* This must be TA1 */
-		ch->F_index = byte >> 4;
+		ch->fi = byte >> 4;
-		ch->D_index = byte & 0xf;
+		ch->di = byte & 0xf;
-		TRACE_DEBUG("%u: found F=%u D=%u\r\n", ch->num,
+		TRACE_DEBUG("%u: found Fi=%u Di=%u\r\n", ch->num,
-			    iso7816_3_fi_table[ch->F_index], iso7816_3_di_table[ch->D_index]);
+			    ch->fi, ch->di);
 		/* FIXME: if F or D are 0, become unresponsive to signal error condition */
 		break;
 	case PTS_S_WAIT_RESP_PTS2:
 		byte = ch->pts.resp[_PTS2];
@@ -663,8 +660,8 @@ static int tx_byte_pts(struct card_handle *ch)
 		byte = ch->pts.resp[_PCK];
 		break;
 	default:
-		TRACE_ERROR("%u: get_byte_pts() in invalid PTS state %s\r\n", ch->num,
+		TRACE_ERROR("%u: get_byte_pts() in invalid state %u\r\n",
-			    get_value_string(pts_state_names, ch->pts.state));
+			    ch->num, ch->pts.state);
 		return 0;
 	}
@@ -676,7 +673,7 @@ static int tx_byte_pts(struct card_handle *ch)
 	switch (ch->pts.state) {
 	case PTS_S_WAIT_RESP_PCK:
 		card_emu_uart_wait_tx_idle(ch->uart_chan);
-		/* update baud rate generator with F/D */
+		/* update baud rate generator with Fi/Di */
 		emu_update_fidi(ch);
 		/* Wait for the next TPDU */
 		card_set_state(ch, ISO_S_WAIT_TPDU);
@@ -756,28 +753,14 @@ static void set_tpdu_state(struct card_handle *ch, enum tpdu_state new_ts)
 	switch (new_ts) {
 	case TPDU_S_WAIT_CLA:
 		/* switch back to receiving mode */
 		card_emu_uart_enable(ch->uart_chan, ENABLE_RX);
 		/* disable waiting time since we don't expect any data */
 		card_emu_uart_update_wt(ch->uart_chan, 0);
 		break;
 	case TPDU_S_WAIT_INS:
 		/* start waiting for the rest of the header/body */
 		card_emu_uart_update_wt(ch->uart_chan, ch->waiting_time);
 		break;
 	case TPDU_S_WAIT_RX:
 		/* switch to receive mode to receive the body */
 		card_emu_uart_enable(ch->uart_chan, ENABLE_RX);
 		/* start waiting for the body */
 		card_emu_uart_update_wt(ch->uart_chan, ch->waiting_time);
 		break;
 	case TPDU_S_WAIT_PB:
 		/* we just completed the TPDU header from reader to card
 		 * and now need to disable the receiver, enable the
 		 * transmitter and transmit the procedure byte */
 		card_emu_uart_enable(ch->uart_chan, ENABLE_TX);
 		/* prepare to extend the waiting time once half of it is reached */
 		card_emu_uart_update_wt(ch->uart_chan, ch->waiting_time);
 		break;
 	default:
 		break;
@@ -884,8 +867,8 @@ process_byte_tpdu(struct card_handle *ch, uint8_t byte)
 		add_tpdu_byte(ch, byte);
 		break;
 	default:
-		TRACE_ERROR("%u: process_byte_tpdu() in invalid TPDU state %s\r\n", ch->num,
+		TRACE_ERROR("%u: process_byte_tpdu() in invalid state %u\r\n",
-			    get_value_string(tpdu_state_names, ch->tpdu.state));
+			    ch->num, ch->tpdu.state);
 	}
 	/* ensure we stay in TPDU ISO state */
@@ -922,7 +905,6 @@ static int tx_byte_tpdu(struct card_handle *ch)
 	byte = msgb_pull_u8(msg);
 	card_emu_uart_tx(ch->uart_chan, byte);
 	card_emu_uart_reset_wt(ch->uart_chan);
 	/* this must happen _after_ the byte has been transmitted */
 	switch (ch->tpdu.state) {
@@ -973,8 +955,6 @@ void card_emu_process_rx_byte(struct card_handle *ch, uint8_t byte)
 	switch (ch->state) {
 	case ISO_S_WAIT_TPDU:
 		if (byte == 0xff) {
 			/* reset PTS to initial state */
 			set_pts_state(ch, PTS_S_WAIT_REQ_PTSS);
 			new_state = process_byte_pts(ch, byte);
 			ch->stats.pps++;
 			goto out_silent;
@@ -987,8 +967,8 @@ void card_emu_process_rx_byte(struct card_handle *ch, uint8_t byte)
 		new_state = process_byte_pts(ch, byte);
 		goto out_silent;
 	default:
-		TRACE_ERROR("%u: Received UART char in invalid 7816 state %s\r\n", ch->num,
+		TRACE_ERROR("%u: Received UART char in invalid 7816 state "
-			    get_value_string(iso7816_3_card_state_names, ch->state));
+			    "%u\r\n", ch->num, ch->state);
 		break;
 	}
@@ -1041,16 +1021,13 @@ void card_emu_have_new_uart_tx(struct card_handle *ch)
 	}
 }
-void card_emu_report_status(struct card_handle *ch, bool report_on_irq)
+void card_emu_report_status(struct card_handle *ch)
 {
 	struct msgb *msg;
 	struct cardemu_usb_msg_status *sts;
 	uint8_t ep = ch->in_ep;
-	if (report_on_irq)
+	msg = usb_buf_alloc_st(ch->in_ep, SIMTRACE_MSGC_CARDEM,
-		ep = ch->irq_ep;
+				SIMTRACE_MSGT_BD_CEMU_STATUS);
 	msg = usb_buf_alloc_st(ep, SIMTRACE_MSGC_CARDEM, SIMTRACE_MSGT_BD_CEMU_STATUS);
 	if (!msg)
 		return;
@@ -1063,52 +1040,26 @@ void card_emu_report_status(struct card_handle *ch, bool report_on_irq)
 	if (ch->in_reset)
 		sts->flags |= CEMU_STATUS_F_RESET_ACTIVE;
 	/* FIXME: voltage + card insert */
-	sts->F_index = ch->F_index;
+	sts->fi = ch->fi;
-	sts->D_index = ch->D_index;
+	sts->di = ch->di;
 	sts->wi = ch->wi;
 	sts->waiting_time = ch->waiting_time;
 	usb_buf_upd_len_and_submit(msg);
 }
 static void card_emu_report_config(struct card_handle *ch)
 {
 	struct msgb *msg;
 	struct cardemu_usb_msg_config *cfg;
 	uint8_t ep = ch->in_ep;
 	msg = usb_buf_alloc_st(ch->in_ep, SIMTRACE_MSGC_CARDEM, SIMTRACE_MSGT_BD_CEMU_CONFIG);
 	if (!msg)
 		return;
 	cfg = (struct cardemu_usb_msg_config *) msgb_put(msg, sizeof(*cfg));
 	cfg->features = ch->features;
 #ifdef HAVE_SLOT_MUX
 	cfg->slot_mux_nr = mux_get_slot();
 #else
 	cfg->slot_mux_nr = 0;
 #endif
 	usb_buf_upd_len_and_submit(msg);
 }
 /* hardware driver informs us that a card I/O signal has changed */
 void card_emu_io_statechg(struct card_handle *ch, enum card_io io, int active)
 {
 	uint32_t chg_mask = 0;
 	switch (io) {
 	case CARD_IO_VCC:
 		if (active == 0 && ch->vcc_active == 1) {
 			TRACE_INFO("%u: VCC deactivated\r\n", ch->num);
-			card_handle_reset(ch);
+			tc_etu_disable(ch->tc_chan);
 			card_set_state(ch, ISO_S_WAIT_POWER);
 			chg_mask |= CEMU_STATUS_F_VCC_PRESENT;
 		} else if (active == 1 && ch->vcc_active == 0) {
 			TRACE_INFO("%u: VCC activated\r\n", ch->num);
 			card_set_state(ch, ISO_S_WAIT_CLK);
 			chg_mask |= CEMU_STATUS_F_VCC_PRESENT;
 		}
 		ch->vcc_active = active;
 		break;
@@ -1117,49 +1068,27 @@ void card_emu_io_statechg(struct card_handle *ch, enum card_io io, int active)
 			TRACE_INFO("%u: CLK activated\r\n", ch->num);
 			if (ch->state == ISO_S_WAIT_CLK)
 				card_set_state(ch, ISO_S_WAIT_RST);
 			chg_mask |= CEMU_STATUS_F_CLK_ACTIVE;
 		} else if (active == 0 && ch->clocked == 1) {
 			TRACE_INFO("%u: CLK deactivated\r\n", ch->num);
 			chg_mask |= CEMU_STATUS_F_CLK_ACTIVE;
 		}
 		ch->clocked = active;
 		break;
 	case CARD_IO_RST:
 		if (active == 0 && ch->in_reset) {
 			TRACE_INFO("%u: RST released\r\n", ch->num);
-			if (ch->vcc_active && ch->clocked && ch->state == ISO_S_WAIT_RST) {
+			if (ch->vcc_active && ch->clocked) {
 				/* enable the TC/ETU counter once reset has been released */
 				tc_etu_enable(ch->tc_chan);
 				/* prepare to send the ATR */
 				card_set_state(ch, ISO_S_WAIT_ATR);
 			}
 			chg_mask |= CEMU_STATUS_F_RESET_ACTIVE;
 		} else if (active && !ch->in_reset) {
 			TRACE_INFO("%u: RST asserted\r\n", ch->num);
-			card_handle_reset(ch);
+			tc_etu_disable(ch->tc_chan);
 			chg_mask |= CEMU_STATUS_F_RESET_ACTIVE;
 			card_set_state(ch, ISO_S_WAIT_RST);
 		}
 		ch->in_reset = active;
 		break;
 	}
 	switch (ch->state) {
 	case ISO_S_WAIT_POWER:
 	case ISO_S_WAIT_CLK:
 	case ISO_S_WAIT_RST:
 		/* check end activation state (even if the reader does
 		 * not respect the activation sequence) */
 		if (ch->vcc_active && ch->clocked && !ch->in_reset) {
 			/* prepare to send the ATR */
 			card_set_state(ch, ISO_S_WAIT_ATR);
 		}
 		break;
 	default:
 		break;
 	}
 	/* notify the host about the state change */
 	if ((ch->features & CEMU_FEAT_F_STATUS_IRQ) && chg_mask)
 		card_emu_report_status(ch, true);
 }
 /* User sets a new ATR to be returned during next card reset */
@@ -1186,7 +1115,7 @@ int card_emu_set_atr(struct card_handle *ch, const uint8_t *atr, uint8_t len)
 }
 /* hardware driver informs us that one (more) ETU has expired */
-void card_emu_wtime_half_expired(void *handle)
+void tc_etu_wtime_half_expired(void *handle)
 {
 	struct card_handle *ch = handle;
 	/* transmit NULL procedure byte well before waiting time expires */
@@ -1196,10 +1125,7 @@ void card_emu_wtime_half_expired(void *handle)
 		case TPDU_S_WAIT_PB:
 		case TPDU_S_WAIT_TX:
 			putchar('N');
 			/* we are waiting for data from the user. Send a procedure byte to ask the
 			 * reader to wait more time */
 			card_emu_uart_tx(ch->uart_chan, ISO7816_3_PB_NULL);
 			card_emu_uart_reset_wt(ch->uart_chan);
 			break;
 		default:
 			break;
@@ -1211,7 +1137,7 @@ void card_emu_wtime_half_expired(void *handle)
 }
 /* hardware driver informs us that one (more) ETU has expired */
-void card_emu_wtime_expired(void *handle)
+void tc_etu_wtime_expired(void *handle)
 {
 	struct card_handle *ch = handle;
 	switch (ch->state) {
@@ -1225,45 +1151,12 @@ void card_emu_wtime_expired(void *handle)
 	}
 }
-/* reasonable ATR offering all protocols and voltages
+/* shortest ATR possible (uses default speed and no options) */
- * smartphones might not care, but other readers do
+static const uint8_t default_atr[] = { 0x3B, 0x00 };
 *
 * TS =		0x3B	Direct Convention
 * T0 =		0x80	Y(1): b1000, K: 0 (historical bytes)
 * TD(1) =	0x80	Y(i+1) = b1000, Protocol T=0
 * ----
 * TD(2) =	0x81	Y(i+1) = b1000, Protocol T=1
 * ----
 * TD(3) =	0x1F	Y(i+1) = b0001, Protocol T=15
 * ----
 * TA(4) =	0xC7	Clock stop: no preference - Class accepted by the card: (3G) A 5V B 3V C 1.8V
 * ----
 * Historical bytes
 * TCK =	0x59 	correct checksum
 */
 static const uint8_t default_atr[] = { 0x3B, 0x80, 0x80, 0x81 , 0x1F, 0xC7, 0x59 };
 static struct card_handle card_handles[NUM_SLOTS];
-int card_emu_set_config(struct card_handle *ch, const struct cardemu_usb_msg_config *scfg,
+struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uart_chan, uint8_t in_ep, uint8_t irq_ep, bool vcc_active, bool in_reset, bool clocked)
 			unsigned int scfg_len)
 {
 	if (scfg_len >= sizeof(uint32_t))
 		ch->features = (scfg->features & SUPPORTED_FEATURES);
 #ifdef HAVE_SLOT_MUX
 	if (scfg_len >= sizeof(uint32_t)+sizeof(uint8_t)) {
 		mux_set_slot(scfg->slot_mux_nr);
 	}
 #endif
 	/* send back a report of our current configuration */
 	card_emu_report_config(ch);
 	return 0;
 }
 struct card_handle *card_emu_init(uint8_t slot_num, uint8_t uart_chan, uint8_t in_ep, uint8_t irq_ep, bool vcc_active, bool in_reset, bool clocked)
 {
 	struct card_handle *ch;
@@ -1284,10 +1177,11 @@ struct card_handle *card_emu_init(uint8_t slot_num, uint8_t uart_chan, uint8_t i
 	ch->in_reset = in_reset;
 	ch->clocked = clocked;
-	ch->Fi_index = ch->F_index = 1;
+	ch->fi = 0;
-	ch->Di_index = ch->D_index = 1;
+	ch->di = 1;
 	ch->wi = ISO7816_3_DEFAULT_WI;
 	ch->tc_chan = tc_chan;
 	ch->uart_chan = uart_chan;
 	ch->waiting_time = ISO7816_3_INIT_WTIME;
@@ -1298,7 +1192,7 @@ struct card_handle *card_emu_init(uint8_t slot_num, uint8_t uart_chan, uint8_t i
 	ch->pts.state = PTS_S_WAIT_REQ_PTSS;
 	ch->tpdu.state = TPDU_S_WAIT_CLA;
-	card_handle_reset(ch);
+	tc_etu_init(ch->tc_chan, ch);
 	return ch;
 }
--- a/firmware/libcommon/source/cciddriver.c
+++ b/firmware/libcommon/source/cciddriver.c
@@ -428,7 +428,7 @@ static void PCtoRDRXfrBlock( void )
 	uint16_t msglen = 0;
 	uint32_t ret;
-	TRACE_DEBUG("PCtoRDRXfrBlock\n\r");
+	TRACE_DEBUG("PCtoRDRXfrBlock\n");
 	// Check the block length
 	if ( ccidDriver.sCcidCommand.wLength > (configurationDescriptorsFS->ccid.dwMaxCCIDMessageLength-10) ) {
@@ -921,7 +921,7 @@ void USBDCallbacks_RequestReceived(const USBGenericRequest *request)
 void CCID_SmartCardRequest( void )
 {
 	unsigned char bStatus;
-	TRACE_DEBUG("CCID_req\n\r");
+	TRACE_DEBUG("CCID_req\n");
 	do {
--- a/firmware/libcommon/source/host_communication.c
+++ b/firmware/libcommon/source/host_communication.c
@@ -27,36 +27,27 @@
 * USBD Integration API
 ***********************************************************************/
-/* call-back after (successful?) transfer of a write buffer on IN EP */
+/* call-back after (successful?) transfer of a buffer */
 static void usb_write_cb(uint8_t *arg, uint8_t status, uint32_t transferred,
 			 uint32_t remaining)
 {
 	struct msgb *msg = (struct msgb *) arg;
 	struct usb_buffered_ep *bep = msg->dst;
 	uint16_t ep_size = USBD_GetEndpointSize(bep->ep);
 	unsigned long x;
 	TRACE_DEBUG("%s (EP=0x%02x)\r\n", __func__, bep->ep);
 	if (((msgb_length(msg) % ep_size) == 0) && (transferred == ep_size)) {
 		/* terminate with ZLP; pass in 'msg' again as 'arg' so we get
 		 * called the second time and proceed with usb_buf_free below */
 		USBD_Write(bep->ep, 0, 0, (TransferCallback) &usb_write_cb, msg);
 		return;
 	}
 	local_irq_save(x);
 	bep->in_progress--;
 	local_irq_restore(x);
-	TRACE_DEBUG("%u: in_progress=%lu\r\n", bep->ep, bep->in_progress);
+	TRACE_DEBUG("%u: in_progress=%d\n", bep->ep, bep->in_progress);
 	if (status != USBD_STATUS_SUCCESS)
-		TRACE_ERROR("%s error, status=%d\r\n", __func__, status);
+		TRACE_ERROR("%s error, status=%d\n", __func__, status);
 	usb_buf_free(msg);
 }
 /* check if the spcified IN endpoint is idle and submit the next buffer from queue */
 int usb_refill_to_host(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
@@ -84,44 +75,44 @@ int usb_refill_to_host(uint8_t ep)
 	bep->in_progress++;
-	msg = msgb_dequeue_count(&bep->queue, &bep->queue_len);
+	msg = msgb_dequeue(&bep->queue);
 	local_irq_restore(x);
-	TRACE_DEBUG("%s (EP=0x%02x), in_progress=%lu\r\n", __func__, ep, bep->in_progress);
+	TRACE_DEBUG("%s (EP=0x%02x), in_progress=%d\r\n", __func__, ep, bep->in_progress);
 	msg->dst = bep;
 	rc = USBD_Write(ep, msgb_data(msg), msgb_length(msg),
 			(TransferCallback) &usb_write_cb, msg);
 	if (rc != USBD_STATUS_SUCCESS) {
-		TRACE_ERROR("%s error %x\r\n", __func__, rc);
+		TRACE_ERROR("%s error %x\n", __func__, rc);
 		/* re-insert to head of queue */
 		llist_add_irqsafe(&msg->list, &bep->queue);
 		local_irq_save(x);
 		bep->in_progress--;
 		local_irq_restore(x);
-		TRACE_DEBUG("%02x: in_progress=%lu\r\n", bep->ep, bep->in_progress);
+		TRACE_DEBUG("%02x: in_progress=%d\n", bep->ep, bep->in_progress);
 		return 0;
 	}
 	return 1;
 }
-/* call-back after (successful?) read transfer of a buffer on OUT EP */
+/* call-back after (successful?) transfer of a buffer */
 static void usb_read_cb(uint8_t *arg, uint8_t status, uint32_t transferred,
 			uint32_t remaining)
 {
 	struct msgb *msg = (struct msgb *) arg;
 	struct usb_buffered_ep *bep = msg->dst;
-	TRACE_DEBUG("%s (EP=%u, len=%lu, q=%p)\r\n", __func__,
+	TRACE_DEBUG("%s (EP=%u, len=%u, q=%p)\r\n", __func__,
 			bep->ep, transferred, &bep->queue);
 	bep->in_progress = 0;
 	if (status != USBD_STATUS_SUCCESS) {
-		TRACE_ERROR("%s error, status=%d\r\n", __func__, status);
+		TRACE_ERROR("%s error, status=%d\n", __func__, status);
 		usb_buf_free(msg);
 		return;
 	}
@@ -129,7 +120,6 @@ static void usb_read_cb(uint8_t *arg, uint8_t status, uint32_t transferred,
 	llist_add_tail_irqsafe(&msg->list, &bep->queue);
 }
 /* refill the read queue for data received from host PC on OUT EP, if needed */
 int usb_refill_from_host(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
@@ -160,7 +150,7 @@ int usb_refill_from_host(uint8_t ep)
 	rc = USBD_Read(ep, msg->head, msgb_tailroom(msg),
 			(TransferCallback) &usb_read_cb, msg);
 	if (rc != USBD_STATUS_SUCCESS) {
-		TRACE_ERROR("%s error %d\r\n", __func__, rc);
+		TRACE_ERROR("%s error %d\n", __func__, rc);
 		usb_buf_free(msg);
 		bep->in_progress = 0;
 	}
@@ -168,7 +158,6 @@ int usb_refill_from_host(uint8_t ep)
 	return 1;
 }
 /* drain any buffers from the queue of the endpoint and release their memory */
 int usb_drain_queue(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
@@ -188,7 +177,7 @@ int usb_drain_queue(uint8_t ep)
 	}
 	/* free all queued msgbs */
-	while ((msg = msgb_dequeue_count(&bep->queue, &bep->queue_len))) {
+	while ((msg = msgb_dequeue(&bep->queue))) {
 		usb_buf_free(msg);
 		ret++;
 	}
--- a/firmware/libcommon/source/iso7816_fidi.c
+++ b/firmware/libcommon/source/iso7816_fidi.c
@@ -23,38 +23,38 @@
 #include "iso7816_fidi.h"
 /* Table 7 of ISO 7816-3:2006 */
-const uint16_t iso7816_3_fi_table[] = {
+const uint16_t fi_table[] = {
 	372, 372, 558, 744, 1116, 1488, 1860, 0,
 	0, 512, 768, 1024, 1536, 2048, 0, 0
 };
 /* Table 8 from ISO 7816-3:2006 */
-const uint8_t iso7816_3_di_table[] = {
+const uint8_t di_table[] = {
 	0, 1, 2, 4, 8, 16, 32, 64,
 	12, 20, 2, 4, 8, 16, 32, 64,
 };
 /* compute the F/D ratio based on Fi and Di values */
-int iso7816_3_compute_fd_ratio(uint8_t f_index, uint8_t d_index)
+int compute_fidi_ratio(uint8_t fi, uint8_t di)
 {
 	uint16_t f, d;
 	int ret;
-	if (f_index >= ARRAY_SIZE(iso7816_3_fi_table) ||
+	if (fi >= ARRAY_SIZE(fi_table) ||
-	    d_index >= ARRAY_SIZE(iso7816_3_di_table))
+	    di >= ARRAY_SIZE(di_table))
 		return -EINVAL;
-	f = iso7816_3_fi_table[f_index];
+	f = fi_table[fi];
 	if (f == 0)
 		return -EINVAL;
-	d = iso7816_3_di_table[d_index];
+	d = di_table[di];
 	if (d == 0)
 		return -EINVAL;
 	/* See table 7 of ISO 7816-3: From 1000 on we divide by 1/d,
 	 * which equals a multiplication by d */
-	if (d_index < 8)
+	if (di < 8)
 		ret = f / d;
 	else
 		ret = f * d;
--- a/firmware/libcommon/source/main_common.c
+++ b/firmware/libcommon/source/main_common.c
@@ -1,54 +0,0 @@
 /* SIMtrace 2 firmware common main helpers
 *
 * (C) 2015-2019 by Harald Welte <hwelte@hmw-consulting.de>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
 #include "board.h"
 #include "utils.h"
 void print_banner(void)
 {
 	printf("\n\r\n\r"
 		"=============================================================================\n\r"
 		"SIMtrace2 firmware " GIT_VERSION ", BOARD=" BOARD ", APP=" APPLICATION "\n\r"
 		"(C) 2010-2019 by Harald Welte, 2018-2019 by Kevin Redon\n\r"
 		"=============================================================================\n\r");
 #if (TRACE_LEVEL >= TRACE_LEVEL_INFO)
 	/* print chip-unique ID */
 	unsigned int unique_id[4];
 	EEFC_ReadUniqueID(unique_id);
 	TRACE_INFO("Chip ID: 0x%08lx (Ext 0x%08lx)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
 	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\n\r",
 		   unique_id[0], unique_id[1], unique_id[2], unique_id[3]);
 	/* print reset cause */
 	uint8_t reset_cause = (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos;
 	static const char* reset_causes[] = {
 		"general reset (first power-up reset)",
 		"backup reset (return from backup mode)",
 		"watchdog reset (watchdog fault occurred)",
 		"software reset (processor reset required by the software)",
 		"user reset (NRST pin detected low)",
 	};
 	if (reset_cause < ARRAY_SIZE(reset_causes)) {
 		TRACE_INFO("Reset Cause: %s\n\r", reset_causes[reset_cause]);
 	} else {
 		TRACE_INFO("Reset Cause: 0x%lx\n\r", (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos);
 	}
 #endif
 }
--- a/firmware/libcommon/source/mode_cardemu.c
+++ b/firmware/libcommon/source/mode_cardemu.c
@@ -1,7 +1,7 @@
 /* card emulation mode
 *
 * (C) 2015-2017 by Harald Welte <laforge@gnumonks.org>
- * (C) 2018-2019 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * (C) 2018 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -39,26 +39,10 @@ static const Pin pins_cardsim[] = PINS_CARDSIM;
 #endif
 /* UART pins */
 #if defined(ngff_cardem)
 static const Pin pins_usim1[]	= {PINS_USIM2};
 static const Pin pin_usim1_rst	= PIN_USIM2_nRST;
 #define FIRST_USART_BASE USART0
 #define FIRST_USART_ID ID_USART0
 #define FIRST_USART_IRQ USART0_IRQn
 #else
 static const Pin pins_usim1[]	= {PINS_USIM1};
 static const Pin pin_usim1_rst	= PIN_USIM1_nRST;
 #define FIRST_USART_BASE USART1
 #define FIRST_USART_ID ID_USART1
 #define FIRST_USART_IRQ USART1_IRQn
 #endif
 static const Pin pin_usim1_vcc	= PIN_USIM1_VCC;
 #ifdef PIN_USIM1_IO_DIR
 static const Pin pin_io_dir 	= PIN_USIM1_IO_DIR;
 #endif
 #ifdef CARDEMU_SECOND_UART
 static const Pin pins_usim2[]	= {PINS_USIM2};
 static const Pin pin_usim2_rst	= PIN_USIM2_nRST;
@@ -71,34 +55,21 @@ struct cardem_inst {
 	struct llist_head usb_out_queue;
 	struct ringbuf rb;
 	struct Usart_info usart_info;
 	struct {
 		/*! receiver waiting time to trigger timeout (0 to deactivate it) */
 		uint32_t total;
 		/*! remaining waiting time (we may need multiple timer runs to reach total */
 		uint32_t remaining;
 		/*! did we already notify about half the time having expired? */
 		bool half_time_notified;
 	} wt;
 	int usb_pending_old;
 	uint8_t ep_out;
 	uint8_t ep_in;
 	uint8_t ep_int;
 	const Pin pin_insert;
 #ifdef DETECT_VCC_BY_ADC
 	uint32_t vcc_uv;
-#endif
+	uint32_t vcc_uv_last;
 	bool vcc_active;
 	bool vcc_active_last;
 	bool rst_active;
 	bool rst_active_last;
 };
 struct cardem_inst cardem_inst[] = {
 	{
 		.num = 0,
 		.usart_info = 	{
-			.base = FIRST_USART_BASE,
+			.base = USART1,
-			.id = FIRST_USART_ID,
+			.id = ID_USART1,
 			.state = USART_RCV
 		},
 		.ep_out = SIMTRACE_CARDEM_USB_EP_USIM1_DATAOUT,
@@ -158,44 +129,18 @@ void card_emu_uart_wait_tx_idle(uint8_t uart_chan)
 	wait_tx_idle(usart);
 }
 static void card_emu_uart_set_direction(uint8_t uart_chan, bool tx)
 {
 	/* only on some boards (octsimtest) we hae an external level
 	 * shifter that requires us to switch the direction between RX and TX */
 #ifdef PIN_USIM1_IO_DIR
 	if (uart_chan == 0) {
 		if (tx)
 			PIO_Set(&pin_io_dir);
 		else
 			PIO_Clear(&pin_io_dir);
 	}
 #endif
 }
 /* call-back from card_emu.c to enable/disable transmit and/or receive */
 void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx)
 {
 	Usart *usart = get_usart_by_chan(uart_chan);
 	switch (rxtx) {
 	case ENABLE_TX:
-		card_emu_uart_set_direction(uart_chan, true);
+		USART_DisableIt(usart, ~US_IER_TXRDY);
 		USART_DisableIt(usart, ~(US_IER_TXRDY | US_IER_TIMEOUT));
 		/* as irritating as it is, we actually want to keep the
 		 * receiver enabled during transmit */
 		USART_SetReceiverEnabled(usart, 1);
 		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
-		USART_EnableIt(usart, US_IER_TXRDY | US_IER_TIMEOUT);
+		USART_EnableIt(usart, US_IER_TXRDY);
 		USART_SetTransmitterEnabled(usart, 1);
 		break;
 	case ENABLE_TX_TIMER_ONLY:
 		/* enable the transmitter without generating TXRDY interrupts
 		 * just so that the timer can run */
 		USART_DisableIt(usart, ~US_IER_TIMEOUT);
 		/* as irritating as it is, we actually want to keep the
 		 * receiver enabled during transmit */
 		USART_SetReceiverEnabled(usart, 1);
 		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
 		USART_EnableIt(usart, US_IER_TIMEOUT);
 		USART_SetTransmitterEnabled(usart, 1);
 		break;
 	case ENABLE_RX:
@@ -204,7 +149,6 @@ void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx)
 		 * transmitter enabled during receive */
 		USART_SetTransmitterEnabled(usart, 1);
 		wait_tx_idle(usart);
 		card_emu_uart_set_direction(uart_chan, false);;
 		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
 		USART_EnableIt(usart, US_IER_RXRDY);
 		USART_SetReceiverEnabled(usart, 1);
@@ -244,25 +188,8 @@ int card_emu_uart_tx(uint8_t uart_chan, uint8_t byte)
 	return 1;
 }
 static uint16_t compute_next_timeout(struct cardem_inst *ci)
 {
 	uint32_t want_to_expire;
-	if (ci->wt.total == 0)
+/* FIXME: integrate this with actual irq handler */
 		return 0;
 	if (!ci->wt.half_time_notified) {
 		/* we need to make sure to expire after half the total waiting time */
 		OSMO_ASSERT(ci->wt.remaining > (ci->wt.total / 2));
 		want_to_expire = ci->wt.remaining - (ci->wt.total / 2);
 	} else
 		want_to_expire = ci->wt.remaining;
 	/* if value exceeds the USART TO range, use the maximum possible value for one round */
 	return OSMO_MIN(want_to_expire, 0xffff);
 }
 /*! common handler if interrupt was received.
 *  \param[in] inst_num Instance number, range 0..1 (some boards only '0' permitted) */
 static void usart_irq_rx(uint8_t inst_num)
 {
 	Usart *usart = get_usart_by_chan(inst_num);
@@ -270,84 +197,32 @@ static void usart_irq_rx(uint8_t inst_num)
 	uint32_t csr;
 	uint8_t byte = 0;
 	/* get one atomic snapshot of state/flags before they get changed */
 	csr = usart->US_CSR & usart->US_IMR;
 	/* check if one byte has been completely received and is now in the holding register */
 	if (csr & US_CSR_RXRDY) {
 		/* read the bye from the holding register */
 		byte = (usart->US_RHR) & 0xFF;
 		/* append it to the buffer */
 		if (rbuf_write(&ci->rb, byte) < 0)
 			TRACE_ERROR("rbuf overrun\r\n");
 	}
 	/* check if the transmitter is ready for the next byte */
 	if (csr & US_CSR_TXRDY) {
-		/* transmit next byte and check if more bytes are to be transmitted */
+		if (card_emu_tx_byte(ci->ch) == 0)
 		if (card_emu_tx_byte(ci->ch) == 0) {
 			/* stop the TX ready interrupt of no more bytes to transmit */
 			USART_DisableIt(usart, US_IER_TXRDY);
 		}
 	}
-	/* check if any error flags are set */
+	if (csr & (US_CSR_OVRE|US_CSR_FRAME|US_CSR_PARE|
-	if (csr & (US_CSR_OVRE|US_CSR_FRAME|US_CSR_PARE|US_CSR_NACK|(1<<10))) {
+		   US_CSR_TIMEOUT|US_CSR_NACK|(1<<10))) {
 		/* clear any error flags */
 		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
-		TRACE_ERROR("%u USART error on 0x%x status: 0x%lx\n", ci->num, byte, csr);
+		TRACE_ERROR("%u e 0x%x st: 0x%lx\n", ci->num, byte, csr);
 	}
 	/* check if the timeout has expired. We "abuse" the receive timer for tracking
 	 * how many etu have expired since we last sent a byte.  See section
 	 * 33.7.3.11 "Receiver Time-out" of the SAM3S8 Data Sheet */
 	if (csr & US_CSR_TIMEOUT) {
 		/* clear timeout flag (and stop timeout until next character is received) */
 		usart->US_CR |= US_CR_STTTO;
 		/* RX has been inactive for some time */
 		if (ci->wt.remaining <= (usart->US_RTOR & 0xffff)) {
 			/* waiting time is over; will stop the timer */
 			ci->wt.remaining = 0;
 		} else {
 			/* subtract the actual timeout since the new might not have been set and
 			 * reloaded yet */
 			ci->wt.remaining -= (usart->US_RTOR & 0xffff);
 		}
 		if (ci->wt.remaining == 0) {
 			/* let the FSM know that WT has expired */
 			card_emu_wtime_expired(ci->ch);
 			/* don't automatically re-start in this case */
 		} else {
 			bool half_time_just_reached = false;
 			if (ci->wt.remaining <= ci->wt.total / 2 && !ci->wt.half_time_notified) {
 				ci->wt.half_time_notified = true;
 				/* don't immediately call card_emu_wtime_half_expired(), as that
 				 * in turn may calls card_emu_uart_update_wt() which will change
 				 * the timeout but would be overridden 4 lines below */
 				half_time_just_reached = true;
 			}
 			/* update the counter no matter if we reached half time or not */
 			usart->US_RTOR = compute_next_timeout(ci);
 			/* restart the counter (if wt is 0, the timeout is not started) */
 			usart->US_CR |= US_CR_RETTO;
 			if (half_time_just_reached)
 				card_emu_wtime_half_expired(ci->ch);
 		}
 	}
 }
 /*! ISR called for USART0 */
 void mode_cardemu_usart0_irq(void)
 {
 	/* USART0 == Instance 1 == USIM 2 */
 	usart_irq_rx(1);
 }
 /*! ISR called for USART1 */
 void mode_cardemu_usart1_irq(void)
 {
 	/* USART1 == Instance 0 == USIM 1 */
@@ -366,41 +241,6 @@ int card_emu_uart_update_fidi(uint8_t uart_chan, unsigned int fidi)
 	return 0;
 }
 /*! Update WT on USART peripheral.  Will automatically re-start timer with new value.
 *  \param[in] usart USART peripheral to configure
 *  \param[in] wt inactivity Waiting Time before card_emu_wtime_expired is called (0 to disable) */
 void card_emu_uart_update_wt(uint8_t uart_chan, uint32_t wt)
 {
 	OSMO_ASSERT(uart_chan < ARRAY_SIZE(cardem_inst));
 	struct cardem_inst *ci = &cardem_inst[uart_chan];
 	Usart *usart = get_usart_by_chan(uart_chan);
 	if (ci->wt.total != wt) {
 		TRACE_DEBUG("%u: USART WT changed from %lu to %lu ETU\r\n", uart_chan,
 			    ci->wt.total, wt);
 	}
 	ci->wt.total = wt;
 	/* reset and start the timer */
 	card_emu_uart_reset_wt(uart_chan);
 }
 /*! Reset and re-start waiting timeout count down on USART peripheral.
 *  \param[in] usart USART peripheral to configure */
 void card_emu_uart_reset_wt(uint8_t uart_chan)
 {
 	OSMO_ASSERT(uart_chan < ARRAY_SIZE(cardem_inst));
 	struct cardem_inst *ci = &cardem_inst[uart_chan];
 	Usart *usart = get_usart_by_chan(uart_chan);
 	/* FIXME: guard against race with interrupt handler */
 	ci->wt.remaining = ci->wt.total;
 	ci->wt.half_time_notified = false;
 	usart->US_RTOR = compute_next_timeout(ci);
 	/* restart the counter (if wt is 0, the timeout is not started) */
 	usart->US_CR |= US_CR_RETTO;
 }
 /* call-back from card_emu.c to force a USART interrupt */
 void card_emu_uart_interrupt(uint8_t uart_chan)
 {
@@ -420,11 +260,8 @@ void card_emu_uart_interrupt(uint8_t uart_chan)
 ***********************************************************************/
 #ifdef DETECT_VCC_BY_ADC
 #if !defined(VCC_UV_THRESH_1V8) || !defined(VCC_UV_THRESH_3V)
 #error "You must define VCC_UV_THRESH_{1V1,3V} if you use ADC VCC detection"
 #endif
-static volatile int adc_triggered = 0;
+static int adc_triggered = 0;
 static int adc_sam3s_reva_errata = 0;
 static int card_vcc_adc_init(void)
@@ -471,16 +308,23 @@ static int card_vcc_adc_init(void)
 	return 0;
 }
 #define VCC_UV_THRESH_1V8	1500000
 #define VCC_UV_THRESH_3V	2500000
 static void process_vcc_adc(struct cardem_inst *ci)
 {
-#ifdef octsimtest
+	if (ci->vcc_uv >= VCC_UV_THRESH_3V &&
-	if (ci->vcc_uv >= VCC_UV_THRESH_1V8)
+	    ci->vcc_uv_last < VCC_UV_THRESH_3V) {
-#else
+		card_emu_io_statechg(ci->ch, CARD_IO_VCC, 1);
-	if (ci->vcc_uv >= VCC_UV_THRESH_3V)
+		/* FIXME do this for real */
-#endif
+		card_emu_io_statechg(ci->ch, CARD_IO_CLK, 1);
-		ci->vcc_active = true;
+	} else if (ci->vcc_uv < VCC_UV_THRESH_3V &&
-	else
+		 ci->vcc_uv_last >= VCC_UV_THRESH_3V) {
-		ci->vcc_active = false;
+		/* FIXME do this for real */
 		card_emu_io_statechg(ci->ch, CARD_IO_CLK, 0);
 		card_emu_io_statechg(ci->ch, CARD_IO_VCC, 0);
 	}
 	ci->vcc_uv_last = ci->vcc_uv;
 }
 void ADC_IrqHandler(void)
@@ -503,54 +347,44 @@ void ADC_IrqHandler(void)
 		cardem_inst[0].vcc_uv = adc2uv(val);
 		process_vcc_adc(&cardem_inst[0]);
 		ADC->ADC_CR |= ADC_CR_START;
 		adc_triggered = 1;
 	}
 }
 #endif /* DETECT_VCC_BY_ADC */
 /* called from main loop; dispatches card I/O state changes to card_emu from main loop */
 static void process_io_statechg(struct cardem_inst *ci)
 {
 	if (ci->vcc_active != ci->vcc_active_last) {
 		card_emu_io_statechg(ci->ch, CARD_IO_VCC, ci->vcc_active);
 		/* FIXME do this for real */
 		card_emu_io_statechg(ci->ch, CARD_IO_CLK, ci->vcc_active);
 		ci->vcc_active_last = ci->vcc_active;
 	}
 	if (ci->rst_active != ci->rst_active_last) {
 		card_emu_io_statechg(ci->ch, CARD_IO_RST, ci->rst_active);
 		ci->rst_active_last = ci->rst_active;
 	}
 }
 /***********************************************************************
 * Core USB  / main loop integration
 ***********************************************************************/
 static void usim1_rst_irqhandler(const Pin *pPin)
 {
-	cardem_inst[0].rst_active = PIO_Get(&pin_usim1_rst) ? false : true;
+	bool active = PIO_Get(&pin_usim1_rst) ? false : true;
 	card_emu_io_statechg(cardem_inst[0].ch, CARD_IO_RST, active);
 }
 #ifndef DETECT_VCC_BY_ADC
 static void usim1_vcc_irqhandler(const Pin *pPin)
 {
-	cardem_inst[0].vcc_active = PIO_Get(&pin_usim1_vcc) ? true : false;
+	bool active = PIO_Get(&pin_usim1_vcc) ? true : false;
 	card_emu_io_statechg(cardem_inst[0].ch, CARD_IO_VCC, active);
 	/* FIXME do this for real */
 	card_emu_io_statechg(cardem_inst[0].ch, CARD_IO_CLK, active);
 }
 #endif /* !DETECT_VCC_BY_ADC */
 #ifdef CARDEMU_SECOND_UART
 static void usim2_rst_irqhandler(const Pin *pPin)
 {
-	cardem_inst[1].rst_active = PIO_Get(&pin_usim2_rst) ? false : true;
+	bool active = PIO_Get(&pin_usim2_rst) ? false : true;
 	card_emu_io_statechg(cardem_inst[1].ch, CARD_IO_RST, active);
 }
 #ifndef DETECT_VCC_BY_ADC
 static void usim2_vcc_irqhandler(const Pin *pPin)
 {
-	cardem_inst[1].vcc_active = PIO_Get(&pin_usim2_vcc) ? true : false;
+	bool active = PIO_Get(&pin_usim2_vcc) ? true : false;
 	card_emu_io_statechg(cardem_inst[1].ch, CARD_IO_VCC, active);
 	/* FIXME do this for real */
 	card_emu_io_statechg(cardem_inst[1].ch, CARD_IO_CLK, active);
 }
 #endif /* !DETECT_VCC_BY_ADC */
 #endif /* CARDEMU_SECOND_UART */
@@ -578,28 +412,15 @@ void mode_cardemu_init(void)
 	INIT_LLIST_HEAD(&cardem_inst[0].usb_out_queue);
 	rbuf_reset(&cardem_inst[0].rb);
 	PIO_Configure(pins_usim1, PIO_LISTSIZE(pins_usim1));
 	/* configure USART as ISO-7816 slave (e.g. card) */
 	ISO7816_Init(&cardem_inst[0].usart_info, CLK_SLAVE);
-	NVIC_EnableIRQ(FIRST_USART_IRQ);
+	NVIC_EnableIRQ(USART1_IRQn);
 	PIO_ConfigureIt(&pin_usim1_rst, usim1_rst_irqhandler);
 	PIO_EnableIt(&pin_usim1_rst);
 	/* obtain current RST state */
 	usim1_rst_irqhandler(&pin_usim1_rst);
 #ifndef DETECT_VCC_BY_ADC
 	PIO_ConfigureIt(&pin_usim1_vcc, usim1_vcc_irqhandler);
 	PIO_EnableIt(&pin_usim1_vcc);
 	/* obtain current VCC state */
 	usim1_vcc_irqhandler(&pin_usim1_vcc);
 #else
 	do {} while (!adc_triggered); /* wait for first ADC reading */
 #endif /* DETECT_VCC_BY_ADC */
-
+	cardem_inst[0].ch = card_emu_init(0, 2, 0, SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN, SIMTRACE_CARDEM_USB_EP_USIM1_INT, PIO_Get(&pin_usim1_vcc) ? true : false, PIO_Get(&pin_usim1_rst) ? false : true, PIO_Get(&pin_usim1_vcc) ? true : false);
 	cardem_inst[0].ch = card_emu_init(0, 0, SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN,
 					  SIMTRACE_CARDEM_USB_EP_USIM1_INT, cardem_inst[0].vcc_active,
 					  cardem_inst[0].rst_active, cardem_inst[0].vcc_active);
 	sim_switch_use_physical(0, 1);
 #ifdef CARDEMU_SECOND_UART
@@ -607,24 +428,15 @@ void mode_cardemu_init(void)
 	rbuf_reset(&cardem_inst[1].rb);
 	PIO_Configure(pins_usim2, PIO_LISTSIZE(pins_usim2));
 	ISO7816_Init(&cardem_inst[1].usart_info, CLK_SLAVE);
 	/* TODO enable timeout */
 	NVIC_EnableIRQ(USART0_IRQn);
 	PIO_ConfigureIt(&pin_usim2_rst, usim2_rst_irqhandler);
 	PIO_EnableIt(&pin_usim2_rst);
 	usim2_rst_irqhandler(&pin_usim2_rst); /* obtain current RST state */
 #ifndef DETECT_VCC_BY_ADC
 	PIO_ConfigureIt(&pin_usim2_vcc, usim2_vcc_irqhandler);
 	PIO_EnableIt(&pin_usim2_vcc);
 	usim2_vcc_irqhandler(&pin_usim2_vcc); /* obtain current VCC state */
 #else
 	do {} while (!adc_triggered); /* wait for first ADC reading */
 #endif /* DETECT_VCC_BY_ADC */
-
+	cardem_inst[1].ch = card_emu_init(1, 0, 1, SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN, SIMTRACE_CARDEM_USB_EP_USIM2_INT, PIO_Get(&pin_usim2_vcc) ? true : false, PIO_Get(&pin_usim2_rst) ? false : true, PIO_Get(&pin_usim2_vcc) ? true : false);
 	cardem_inst[1].ch = card_emu_init(1, 1, SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN,
 					  SIMTRACE_CARDEM_USB_EP_USIM2_INT, cardem_inst[1].vcc_active,
 					  cardem_inst[1].rst_active, cardem_inst[1].vcc_active);
 	sim_switch_use_physical(1, 1);
 	/* TODO check RST and VCC */
 #endif /* CARDEMU_SECOND_UART */
 }
@@ -639,9 +451,9 @@ void mode_cardemu_exit(void)
 	PIO_DisableIt(&pin_usim1_rst);
 	PIO_DisableIt(&pin_usim1_vcc);
-	NVIC_DisableIRQ(FIRST_USART_IRQ);
+	NVIC_DisableIRQ(USART1_IRQn);
-	USART_SetTransmitterEnabled(FIRST_USART_BASE, 0);
+	USART_SetTransmitterEnabled(USART1, 0);
-	USART_SetReceiverEnabled(FIRST_USART_BASE, 0);
+	USART_SetReceiverEnabled(USART1, 0);
 #ifdef CARDEMU_SECOND_UART
 	PIO_DisableIt(&pin_usim2_rst);
@@ -668,33 +480,12 @@ static void dispatch_usb_command_generic(struct msgb *msg, struct cardem_inst *c
 	usb_buf_free(msg);
 }
 static void process_card_insert(struct cardem_inst *ci, bool card_insert)
 {
 	TRACE_INFO("%u: set card_insert to %s\r\n", ci->num, card_insert ? "INSERTED" : "REMOVED");
 #ifdef HAVE_BOARD_CARDINSERT
 	board_set_card_insert(ci, card_insert);
 #else
 	if (!ci->pin_insert.pio) {
 		TRACE_INFO("%u: skipping unsupported card_insert to %s\r\n",
 			   ci->num, card_insert ? "INSERTED" : "REMOVED");
 		return;
 	}
 	if (card_insert)
 		PIO_Set(&ci->pin_insert);
 	else
 		PIO_Clear(&ci->pin_insert);
 #endif
 }
 /* handle a single USB command as received from the USB host */
 static void dispatch_usb_command_cardem(struct msgb *msg, struct cardem_inst *ci)
 {
 	struct simtrace_msg_hdr *hdr;
 	struct cardemu_usb_msg_set_atr *atr;
 	struct cardemu_usb_msg_cardinsert *cardins;
 	struct cardemu_usb_msg_config *cfg;
 	struct llist_head *queue;
 	hdr = (struct simtrace_msg_hdr *) msg->l1h;
@@ -711,16 +502,21 @@ static void dispatch_usb_command_cardem(struct msgb *msg, struct cardem_inst *ci
 		break;
 	case SIMTRACE_MSGT_DT_CEMU_CARDINSERT:
 		cardins = (struct cardemu_usb_msg_cardinsert *) msg->l2h;
-		process_card_insert(ci, cardins->card_insert);
+		if (!ci->pin_insert.pio) {
 			TRACE_INFO("%u: skipping unsupported card_insert to %s\r\n",
 				   ci->num, cardins->card_insert ? "INSERTED" : "REMOVED");
 			break;
 		}
 		TRACE_INFO("%u: set card_insert to %s\r\n", ci->num,
 			   cardins->card_insert ? "INSERTED" : "REMOVED");
 		if (cardins->card_insert)
 			PIO_Set(&ci->pin_insert);
 		else
 			PIO_Clear(&ci->pin_insert);
 		usb_buf_free(msg);
 		break;
 	case SIMTRACE_MSGT_BD_CEMU_STATUS:
-		card_emu_report_status(ci->ch, false);
+		card_emu_report_status(ci->ch);
 		usb_buf_free(msg);
 		break;
 	case SIMTRACE_MSGT_BD_CEMU_CONFIG:
 		cfg = (struct cardemu_usb_msg_config *) msg->l2h;
 		card_emu_set_config(ci->ch, cfg, msgb_l2len(msg));
 		usb_buf_free(msg);
 		break;
 	case SIMTRACE_MSGT_BD_CEMU_STATS:
@@ -856,10 +652,9 @@ static void dispatch_received_msg(struct msgb *msg, struct cardem_inst *ci)
 		}
 		if (mh->msg_len > msgb_length(msg)) {
-			TRACE_ERROR("%u: Unexpected large message (%u bytes)\r\n",
+			TRACE_ERROR("%u: Unexpected large message (%u bytes)\n",
 					ci->num, mh->msg_len);
 			usb_buf_free(segm);
 			break;
 		} else {
 			uint8_t *cur = msgb_put(segm, mh->msg_len);
 			segm->l1h = segm->head;
@@ -919,8 +714,6 @@ void mode_cardemu_run(void)
 			//TRACE_ERROR("%uRx%02x\r\n", i, byte);
 		}
 		process_io_statechg(ci);
 		/* first try to send any pending messages on IRQ */
 		usb_refill_to_host(ci->ep_int);
--- a/firmware/libcommon/source/pseudo_talloc.c
+++ b/firmware/libcommon/source/pseudo_talloc.c
@@ -15,16 +15,13 @@
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
 */
 #include <stdint.h>
 #include <stdio.h>
 #include "talloc.h"
 #include "trace.h"
 #include "utils.h"
 #include <osmocom/core/utils.h>
-/* TODO: this number should dynamically scale. We need at least one per IN/IRQ endpoint,
+#define NUM_RCTX_SMALL 10
 * as well as at least 3 for every OUT endpoint.  Plus some more depending on the application */
 #define NUM_RCTX_SMALL 20
 #define RCTX_SIZE_SMALL 348
 static uint8_t msgb_data[NUM_RCTX_SMALL][RCTX_SIZE_SMALL] __attribute__((aligned(sizeof(long))));
@@ -66,7 +63,6 @@ int _talloc_free(void *ptr, const char *location)
 		if (ptr == msgb_data[i]) {
 			if (!msgb_inuse[i]) {
 				TRACE_ERROR("%s: double_free by %s\r\n", __func__, location);
 				OSMO_ASSERT(0);
 			} else {
 				msgb_inuse[i] = 0;
 			}
@@ -77,24 +73,9 @@ int _talloc_free(void *ptr, const char *location)
 	local_irq_restore(x);
 	TRACE_ERROR("%s: invalid pointer %p from %s\r\n", __func__, ptr, location);
 	OSMO_ASSERT(0);
 	return -1;
 }
 void talloc_report(const void *ptr, FILE *f)
 {
 	unsigned int i;
 	fprintf(f, "talloc_report(): ");
 	for (i = 0; i < ARRAY_SIZE(msgb_inuse); i++) {
 		if (msgb_inuse[i])
 			fputc('X', f);
 		else
 			fputc('_', f);
 	}
 	fprintf(f, "\r\n");
 }
 void talloc_set_name_const(const void *ptr, const char *name)
 {
 	/* do nothing */
--- a/firmware/libcommon/source/simtrace_iso7816.c
+++ b/firmware/libcommon/source/simtrace_iso7816.c
@@ -71,7 +71,7 @@ void ISR_PhoneRST(const Pin * pPin)
 	     USBD_Write(SIMTRACE_USB_EP_PHONE_INT, "R", 1,
 			(TransferCallback) & Callback_PhoneRST_ISR,
 			0)) != USBD_STATUS_SUCCESS) {
-		TRACE_ERROR("USB err status: %d (%s)\r\n", ret, __FUNCTION__);
+		TRACE_ERROR("USB err status: %d (%s)\n", ret, __FUNCTION__);
 		return;
 	}
@@ -109,7 +109,7 @@ void mode_trace_usart1_irq(void)
 			/* Fill char into buffer */
 			rbuf_write(&sim_rcv_buf, c);
 		} else {
-			TRACE_DEBUG("e %x st: %lx\r\n", c, stat);
+			TRACE_DEBUG("e %x st: %x\n", c, stat);
 		}		/* else: error occurred */
 		char_stat = stat;
@@ -125,7 +125,7 @@ void update_fidi(Usart_info *usart, uint8_t fidi)
 	uint8_t fi = fidi >> 4;
 	uint8_t di = fidi & 0xf;
-	int ratio = iso7816_3_compute_fd_ratio(fi, di);
+	int ratio = compute_fidi_ratio(fi, di);
 	if (ratio > 0 && ratio < 0x8000) {
 		/* make sure USART uses new F/D ratio */
--- a/firmware/libcommon/source/sniffer.c
+++ b/firmware/libcommon/source/sniffer.c
@@ -303,10 +303,22 @@ static void change_state(enum iso7816_3_sniff_state iso_state_new)
 }
 const struct value_string data_flags[] = {
-	{ SNIFF_DATA_FLAG_ERROR_INCOMPLETE,	"incomplete" },
+	{
-	{ SNIFF_DATA_FLAG_ERROR_MALFORMED,	"malformed" },
+		.value = SNIFF_DATA_FLAG_ERROR_INCOMPLETE,
-	{ SNIFF_DATA_FLAG_ERROR_CHECKSUM,	"checksum error" },
+		.str = "incomplete",
-	{ 0, NULL }
+	},
 	{
 		.value = SNIFF_DATA_FLAG_ERROR_MALFORMED,
 		.str = "malformed",
 	},
 	{
 		.value = SNIFF_DATA_FLAG_ERROR_CHECKSUM,
 		.str = "checksum error",
 	},
 	{
 		.value = 0,
 		.str = NULL,
 	},
 };
 static void print_flags(const struct value_string* flag_meanings, uint32_t nb_flags, uint32_t flags) {
@@ -658,10 +670,9 @@ static void process_byte_pps(uint8_t byte)
 					fn = 1;
 					dn = 1;
 				}
-				TRACE_INFO("PPS negotiation successful: Fn=%u Dn=%u\n\r",
+				TRACE_INFO("PPS negotiation successful: Fn=%u Dn=%u\n\r", fi_table[fn], di_table[dn]);
 					   iso7816_3_fi_table[fn], iso7816_3_di_table[dn]);
 				update_fidi(&sniff_usart, pps_cur[2]);
-				update_wt(0, iso7816_3_di_table[dn]);
+				update_wt(0, di_table[dn]);
 				usb_send_fidi(pps_cur[2]); /* send Fi/Di change notification to host software over USB */
 			} else { /* checksum is invalid */
 				TRACE_INFO("PPS negotiation failed\n\r");
--- a/firmware/libcommon/source/stack_check.c
+++ b/firmware/libcommon/source/stack_check.c
@@ -1,14 +0,0 @@
 #include <stdint.h>
 #include <osmocom/core/panic.h>
 /* This is what's minimally required to fix builds on Ubuntu 20.04,
 * where stack smashing protection is enabled by default when using dpkg
 * - even when cross-compiling: https://osmocom.org/issues/4687
 */
 uintptr_t __stack_chk_guard = 0xdeadbeef;
 void __stack_chk_fail(void)
 {
 	osmo_panic("Stack smashing detected!\r\n");
 }
--- a/firmware/libcommon/source/stdio.c
+++ b/firmware/libcommon/source/stdio.c
@@ -358,7 +358,6 @@ signed int vsnprintf(char *pStr, size_t length, const char *pFormat, va_list ap)
 				case 'i': num = PutSignedInt(pStr, fill, width, va_arg(ap, signed int)); break;
 				case 'u': num = PutUnsignedInt(pStr, fill, width, va_arg(ap, unsigned int)); break;
 				case 'x': num = PutHexa(pStr, fill, width, 0, va_arg(ap, unsigned int)); break;
 				case 'p': num = PutHexa(pStr, fill, width, 0, va_arg(ap, unsigned long)); break;
 				case 'X': num = PutHexa(pStr, fill, width, 1, va_arg(ap, unsigned int)); break;
 				case 's': num = PutString(pStr, va_arg(ap, char *)); break;
 				case 'c': num = PutChar(pStr, va_arg(ap, unsigned int)); break;
--- a/firmware/libcommon/source/usb.c
+++ b/firmware/libcommon/source/usb.c
@@ -689,8 +689,16 @@ void SIMtrace_USB_Initialize(void)
 {
 	unsigned int i;
 	/* Signal USB reset by disabling the pull-up on USB D+ for at least 10 ms */
 #ifdef PIN_USB_PULLUP
 	const Pin usb_dp_pullup = PIN_USB_PULLUP;
 	PIO_Configure(&usb_dp_pullup, 1);
 	PIO_Set(&usb_dp_pullup);
 #endif
 	USBD_HAL_Suspend();
-	mdelay(500);
+	mdelay(20);
 #ifdef PIN_USB_PULLUP
 	PIO_Clear(&usb_dp_pullup);
 #endif
 	USBD_HAL_Activate();
 	// Get std USB driver
--- a/firmware/libcommon/source/usb_buf.c
+++ b/firmware/libcommon/source/usb_buf.c
@@ -24,7 +24,6 @@
 #include <errno.h>
 #define USB_ALLOC_SIZE	280
 #define USB_MAX_QLEN	3
 static struct usb_buffered_ep usb_buffered_ep[BOARD_USB_NUMENDPOINTS];
@@ -79,18 +78,7 @@ int usb_buf_submit(struct msgb *msg)
 	/* no need for irqsafe operation, as the usb_tx_queue is
 	 * processed only by the main loop context */
-
+	msgb_enqueue(&ep->queue, msg);
 	if (ep->queue_len >= USB_MAX_QLEN) {
 		struct msgb *evict;
 		/* free the first pending buffer in the queue */
 		TRACE_INFO("EP%02x: dropping first queue element (qlen=%u)\r\n",
 			   ep->ep, ep->queue_len);
 		evict = msgb_dequeue_count(&ep->queue, &ep->queue_len);
 		OSMO_ASSERT(evict);
 		usb_buf_free(evict);
 	}
 	msgb_enqueue_count(&ep->queue, msg, &ep->queue_len);
 	return 0;
 }
@@ -101,6 +89,5 @@ void usb_buf_init(void)
 	for (i = 0; i < ARRAY_SIZE(usb_buffered_ep); i++) {
 		struct usb_buffered_ep *ep = &usb_buffered_ep[i];
 		INIT_LLIST_HEAD(&ep->queue);
 		ep->ep = i;
 	}
 }
--- a/firmware/libosmocore/include/osmocom/core/msgb.h
+++ b/firmware/libosmocore/include/osmocom/core/msgb.h
@@ -80,49 +80,6 @@ extern int msgb_resize_area(struct msgb *msg, uint8_t *area,
 extern struct msgb *msgb_copy(const struct msgb *msg, const char *name);
 static int msgb_test_invariant(const struct msgb *msg) __attribute__((pure));
 /*! Free all msgbs from a queue built with msgb_enqueue().
 * \param[in] queue  list head of a msgb queue.
 */
 static inline void msgb_queue_free(struct llist_head *queue)
 {
 	struct msgb *msg;
 	while ((msg = msgb_dequeue(queue))) msgb_free(msg);
 }
 /*! Enqueue message buffer to tail of a queue and increment queue size counter
 * \param[in] queue linked list header of queue
 * \param[in] msg message buffer to be added to the queue
 * \param[in] count pointer to variable holding size of the queue
 *
 * The function will append the specified message buffer \a msg to the queue
 * implemented by \ref llist_head \a queue using function \ref msgb_enqueue_count,
 * then increment \a count
 */
 static inline void msgb_enqueue_count(struct llist_head *queue, struct msgb *msg,
 					unsigned int *count)
 {
 	msgb_enqueue(queue, msg);
 	(*count)++;
 }
 /*! Dequeue message buffer from head of queue and decrement queue size counter
 * \param[in] queue linked list header of queue
 * \param[in] count pointer to variable holding size of the queue
 * \returns message buffer (if any) or NULL if queue empty
 *
 * The function will remove the first message buffer from the queue
 * implemented by \ref llist_head \a queue using function \ref msgb_enqueue_count,
 * and decrement \a count, all if queue is not empty.
 */
 static inline struct msgb *msgb_dequeue_count(struct llist_head *queue,
 						unsigned int *count)
 {
 	struct msgb *msg = msgb_dequeue(queue);
 	if (msg)
 		(*count)--;
 	return msg;
 }
 #ifdef MSGB_DEBUG
 #include <osmocom/core/panic.h>
 #define MSGB_ABORT(msg, fmt, args ...) do {		\
--- a/firmware/libosmocore/source/panic.c
+++ b/firmware/libosmocore/source/panic.c
@@ -46,7 +46,7 @@ static osmo_panic_handler_t osmo_panic_handler = (void*)0;
 __attribute__ ((format (printf, 1, 0)))
 static void osmo_panic_default(const char *fmt, va_list args)
 {
-	vfprintf_sync(stderr, fmt, args);
+	vfprintf(stderr, fmt, args);
 	osmo_generate_backtrace();
 	assert(0);
 }
--- a/firmware/test/card_emu_tests.c
+++ b/firmware/test/card_emu_tests.c
@@ -13,20 +13,6 @@
 #define PHONE_INT	2
 #define PHONE_DATAOUT	3
 /* stub for stdio */
 signed int printf_sync(const char *pFormat, ...)
 {
 	va_list ap;
 	signed int result;
 	va_start(ap, pFormat);
 	result = vprintf(pFormat, ap);
 	va_end(ap);
 	return result;
 }
 /***********************************************************************
 * stub functions required by card_emu.c
 ***********************************************************************/
@@ -64,9 +50,6 @@ void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx)
 	case ENABLE_TX:
 		rts = "TX";
 		break;
 	case ENABLE_TX_TIMER_ONLY:
 		rts = "TX-TIMER-ONLY";
 		break;
 	case ENABLE_RX:
 		rts = "RX";
 		break;
@@ -83,14 +66,29 @@ void card_emu_uart_interrupt(uint8_t uart_chan)
 	printf("uart_interrupt(uart_chan=%u)\n", uart_chan);
 }
-void card_emu_uart_update_wt(uint8_t uart_chan, uint32_t wt)
+void tc_etu_set_wtime(uint8_t tc_chan, uint16_t wtime)
 {
-	printf("%s(uart_chan=%u, wtime=%u)\n", __func__, uart_chan, wt);
+	printf("tc_etu_set_wtime(tc_chan=%u, wtime=%u)\n", tc_chan, wtime);
 }
-void card_emu_uart_reset_wt(uint8_t uart_chan)
+void tc_etu_set_etu(uint8_t tc_chan, uint16_t etu)
 {
-	printf("%s(uart_chan=%u\n", __func__, uart_chan);
+	printf("tc_etu_set_etu(tc_chan=%u, etu=%u)\n", tc_chan, etu);
 }
 void tc_etu_init(uint8_t chan_nr, void *handle)
 {
 	printf("tc_etu_init(tc_chan=%u)\n", chan_nr);
 }
 void tc_etu_enable(uint8_t chan_nr)
 {
 	printf("tc_etu_enable(tc_chan=%u)\n", chan_nr);
 }
 void tc_etu_disable(uint8_t chan_nr)
 {
 	printf("tc_etu_disable(tc_chan=%u)\n", chan_nr);
 }
@@ -138,7 +136,7 @@ static void io_start_card(struct card_handle *ch)
 	/* release from reset and verify th ATR */
 	card_emu_io_statechg(ch, CARD_IO_RST, 0);
 	/* simulate waiting time before ATR expired */
-	card_emu_wtime_expired(ch);
+	tc_etu_wtime_expired(ch);
 	verify_atr(ch);
 }
@@ -179,14 +177,14 @@ static void dump_rctx(struct msgb *msg)
 static void get_and_verify_rctx(uint8_t ep, const uint8_t *data, unsigned int len)
 {
-	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
+	struct llist_head *queue = usb_get_queue(ep);
 	struct msgb *msg;
 	struct cardemu_usb_msg_tx_data *td;
 	struct cardemu_usb_msg_rx_data *rd;
 	struct simtrace_msg_hdr *mh;
-	assert(bep);
+	assert(queue);
-	msg = msgb_dequeue_count(&bep->queue, &bep->queue_len);
+	msg = msgb_dequeue(queue);
 	assert(msg);
 	dump_rctx(msg);
 	assert(msg->l1h);
@@ -216,13 +214,13 @@ static void get_and_verify_rctx(uint8_t ep, const uint8_t *data, unsigned int le
 static void get_and_verify_rctx_pps(const uint8_t *data, unsigned int len)
 {
-	struct usb_buffered_ep *bep = usb_get_buf_ep(PHONE_DATAIN);
+	struct llist_head *queue = usb_get_queue(PHONE_DATAIN);
 	struct msgb *msg;
 	struct simtrace_msg_hdr *mh;
 	struct cardemu_usb_msg_pts_info *ptsi;
-	assert(bep);
+	assert(queue);
-	msg = msgb_dequeue_count(&bep->queue, &bep->queue_len);
+	msg = msgb_dequeue(queue);
 	assert(msg);
 	dump_rctx(msg);
 	assert(msg->l1h);
@@ -410,7 +408,7 @@ int main(int argc, char **argv)
 	struct card_handle *ch;
 	unsigned int i;
-	ch = card_emu_init(0, 42, PHONE_DATAIN, PHONE_INT, false, true, false);
+	ch = card_emu_init(0, 23, 42, PHONE_DATAIN, PHONE_INT, false, true, false);
 	assert(ch);
 	usb_buf_init();
--- a/hardware/board_gpio.gnumeric
+++ b/hardware/board_gpio.gnumeric
--- a/host/.gitignore
+++ b/host/.gitignore
@@ -20,7 +20,6 @@ depcomp
 install-sh
 missing
 stamp-h1
 m4
 #libtool
 ltmain.sh
@@ -31,7 +30,3 @@ libtool
 .version
 *.pc
 simtrace2-list
 simtrace2-sniff
 simtrace2-cardem-pcsc
--- a/host/Makefile.am
+++ b/host/Makefile.am
@@ -3,7 +3,7 @@ AUTOMAKE_OPTIONS = foreign dist-bzip2 1.6
 AM_CPPFLAGS = $(all_includes) -I$(top_srcdir)/include
 SUBDIRS = include lib src contrib #tests examples doc
-EXTRA_DIST = .version
+EXTRA_DIST = .version git-version-gen
 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libosmo-simtrace2.pc
--- a/host/Makefile.old
+++ b/host/Makefile.old
@@ -0,0 +1,28 @@
 LDFLAGS+=`pkg-config --libs libusb-1.0 libosmocore` -pthread
 CFLAGS=-Wall -g
 APPS=simtrace2-remsim simtrace2-remsim-usb2udp simtrace2-list simtrace2-sniff
 all: $(APPS)
 simtrace2-remsim: simtrace2-remsim.o apdu_dispatch.o simtrace2-discovery.o simtrace2_api.o libusb_util.o
 	$(CC) -o $@ $^ $(LDFLAGS) `pkg-config --libs libosmosim libpcsclite`
 simtrace2-remsim-usb2udp: usb2udp.o simtrace2-discovery.o
 	$(CC) -o $@ $^ $(LDFLAGS)
 simtrace2-list: simtrace2_usb.o libusb_util.o
 	$(CC) -o $@ $^ $(LDFLAGS)
 simtrace2-sniff: simtrace2-sniff.o simtrace2-discovery.o libusb_util.o
 	$(CC) -o $@ $^ $(LDFLAGS)
 %.o: %.c
 	$(CC) $(CFLAGS) `pkg-config --cflags libusb-1.0 libosmocore` -o $@ -c $^
 clean:
 	@rm -f *.o $(APPS)
 install: $(APPS)
 	mkdir -p $(DESTDIR)/usr/bin
 	cp $(APPS) $(DESTDIR)/usr/bin/
--- a/host/configure.ac
+++ b/host/configure.ac
@@ -1,5 +1,5 @@
 AC_INIT([simtrace2],
-	m4_esyscmd([../git-version-gen ../.tarball-version]),
+	m4_esyscmd([./git-version-gen .tarball-version]),
 	[simtrace@lists.osmocom.org])
 dnl *This* is the root dir, even if an install-sh exists in ../ or ../../
@@ -56,9 +56,8 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([char foo;])],
 CFLAGS="$saved_CFLAGS"
 AC_SUBST(SYMBOL_VISIBILITY)
-PKG_CHECK_MODULES(LIBOSMOCORE, libosmocore >= 1.4.0)
+PKG_CHECK_MODULES(LIBOSMOCORE, libosmocore >= 1.0.0)
-PKG_CHECK_MODULES(LIBOSMOSIM, libosmosim >= 1.4.0)
+PKG_CHECK_MODULES(LIBOSMOSIM, libosmosim >= 1.0.0)
 PKG_CHECK_MODULES(LIBOSMOUSB, libosmousb >= 1.4.0)
 PKG_CHECK_MODULES(LIBUSB, libusb-1.0)
 AC_ARG_ENABLE(sanitize,
@@ -100,5 +99,4 @@ AC_OUTPUT(
 	src/Makefile
 	lib/Makefile
 	contrib/Makefile
 	contrib/simtrace2.spec
 	Makefile)
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Harald Welte	9ba5b5c1b9	host/lib/gsmtap.c: Add GPLv2 disclaimer Change-Id: Ie163af869c6aa2f3e2bd9007432dc6945384aaf2	2020-01-17 10:59:41 +01:00
Harald Welte	2c673c38f5	host: Add COPYING file for host software (GPLv2) Change-Id: I0f89a204939b0648eed94cc4f6e7c4f735c118fa	2020-01-17 10:59:32 +01:00
`@@ -1,3 +1,3 @@`
	`C_FILES += $(C_LIBUSB_RT)`	`C_FILES += $(C_LIBUSB_RT)`

	`C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c usb.c`	`C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c`