fw/qmod: enable modem RESET by default at boot

When the uC firmware starts, assert the (high-active) _RESET GPIOs,
which will cause the transistors to drive the mPCIe slot !PERST
low.

There is of course a short instance of time between the uC reset
until it executes wwan_perst_init(). To avoid this, a hardware
pull-up would have to be re-worked onto the _RESET[1..4] signals
on the PCBA

Change-Id: I8742fefa4bf02e728e34d5d8cbc0fda771e78ffb

.gitignore

@@ -18,7 +18,8 @@ tags
 *.bin
 *.p
 host/simtrace2-list
-host/simtrace2-remsim
-host/simtrace2-remsim-usb2udp
+host/simtrace2-cardem-pcsc
+host/contrib/simtrace2.spec
 usb_strings_generated.h
 firmware/usbstring/usbstring
+firmware/apps/*/usb_strings.txt.patched

Makefile

@@ -17,10 +17,15 @@ fw-clean: fw-simtrace-dfu-clean fw-simtrace-trace-clean fw-simtrace-cardem-clean
 fw: fw-simtrace-dfu fw-simtrace-trace fw-simtrace-cardem fw-qmod-dfu fw-qmod-cardem
 
 utils:
-	make -C host
+	(cd host && \
+	 autoreconf -fi && \
+	 ./configure --prefix=/usr --disable-werror && \
+	 make)
 
 clean: fw-clean
-	make -C host clean
+	if [ -e host/Makefile ]; then \
+		make -C host clean; \
+	fi
 
 install:
 	make -C firmware install

README.md

@@ -5,9 +5,6 @@ This is the repository for the next-generation SIMtrace devices,
 providing abilities to trace the communication between (U)SIM card and
 phone, remote (U)SIM card forward, (U)SIM man-in-the-middle, and more.
 
-This is under heavy development, and right now it is not surprising if
-things still break on a daily basis.
-
 NOTE: Nothing in this repository applies to the SIMtrace v1.x hardware
 or its associated firmware.  SIMtrace v1.x is based on a different CPU /
 microcontroller architecture and uses a completely different software
@@ -16,12 +13,6 @@ stack and host software.
 Supported Hardware
 ------------------
 
-At this point, the primary development target is still the OWHW + sysmoQMOD
-device, but we expect to add support for a SAM3 based SIMtrace hardware
-board soon.
-
-The goal is to support the following devices:
-
 * Osmocom SIMtrace 1.x with SAM3 controller
 ** this is open hardware and schematics / PCB design is published
 * sysmocom sysmoQMOD (with 4 Modems,  4 SIM slots and 2 SAM3)
@@ -37,3 +28,11 @@ This repository contains several directory
 * firmware - the firmware to run on the actual devices
 * hardware - some information related to the hardware
 * host - Programs to use on the USB host to interface with the hardware
+
+
+The host software includes
+
+* libosmo-simtrace2 - a shared library to talk to devices running the simtrace2 firmware
+* simtrace2-list - list any USB-attached devices running simtrace2 firmware
+* simtrace2-sniff - interface the 'trace' firmware to obtain card protocol traces
+* simtrace2-cardem-pcsc - interface the 'cardem' fimrware to use a SIM in a PC/SC reader

TODO-RELEASE

@@ -0,0 +1,10 @@
+# When cleaning up this file: bump API version in corresponding Makefile.am and rename corresponding debian/lib*.install
+# according to https://osmocom.org/projects/cellular-infrastructure/wiki/Make_a_new_release
+# In short: https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html#Updating-version-info
+# LIBVERSION=c:r:a
+# If the library source code has changed at all since the last update, then increment revision: c:r + 1:a.
+# If any interfaces have been added, removed, or changed since the last update: c + 1:0:0.
+# If any interfaces have been added since the last public release: c:r:a + 1.
+# If any interfaces have been removed or changed since the last public release: c:r:0.
+#library	what			description / commit summary line
+simtrace2	API/ABI change		osmo_st2_transport new member

contrib/flash.py

@@ -0,0 +1,162 @@
+#!/usr/bin/env python
+# encoding: utf-8
+# python: 3.8.1
+
+# library to enumerate USB devices
+import usb.core
+from usb.util import *
+# more elegant structure
+from typing import NamedTuple
+# regular expressions utilities
+import re
+# open utilities to handle files
+import os, sys
+# to download the firmwares
+import urllib.request
+# to flash using DFU-util
+import subprocess
+
+# SIMtrace 2 device information
+class Device(NamedTuple):
+	usb_vendor_id: int
+	usb_product_id: int
+	name: str
+	url: dict # 1: sniff/trace firmware, 2: card emulation firmware
+
+# SIMtrace 2 devices definitions
+DEVICE_SIMTRACE = Device(usb_vendor_id=0x1d50, usb_product_id=0x60e3, name="SIMtrace 2", url={"trace": "https://ftp.osmocom.org/binaries/simtrace2/firmware/latest/simtrace-trace-dfu-latest.bin", "cardem": "https://osmocom.org/attachments/download/3868/simtrace-cardem-dfu.bin"})
+DEVICE_QMOD = Device(usb_vendor_id=0x1d50, usb_product_id=0x4004, name="sysmoQMOD (Quad Modem)", url={"cardem": "https://ftp.osmocom.org/binaries/simtrace2/firmware/latest/qmod-cardem-dfu-latest.bin"})
+DEVICE_OWHW = Device(usb_vendor_id=0x1d50, usb_product_id=0x4001, name="OWHW", url={"cardem": "https://ftp.osmocom.org/binaries/simtrace2/firmware/latest/owhw-cardem-dfu-latest.bin"})
+DEVICES = [DEVICE_SIMTRACE, DEVICE_QMOD]
+
+# which firmware does the SIMtrace USN interface subclass correspond
+FIRMWARE_SUBCLASS = {1: "trace", 2: "cardem"}
+
+def print_help():
+	print("this script will flash SIMtrace 2 - based devices")
+	print("when no argument is provided, it will try to flash the application firmware of all SIMtrace 2 devices connected to USB with the latest version")
+	print("to flash a specific firmware, provide the name as argument")
+	print("the possible firmwares are: trace, cardem")
+	print("to list all devices connected to USB, provide the argument \"list\"")
+
+# the firmware to flash
+to_flash = None
+
+# parse command line argument
+if len(sys.argv) == 2:
+  to_flash = sys.argv[1]
+if to_flash not in ["list", "trace", "cardem"] and len(sys.argv) > 1:
+	print_help()
+	exit(0)
+
+# get all USB devices
+devices = []
+devices_nb = 0
+updated_nb = 0
+usb_devices = usb.core.find(find_all=True)
+for usb_device in usb_devices:
+	# find SIMtrace devices
+	definitions = list(filter(lambda x: x.usb_vendor_id == usb_device.idVendor and x.usb_product_id == usb_device.idProduct, DEVICES))
+	if 1 != len(definitions):
+		continue
+	devices_nb += 1
+	definition = definitions[0]
+	serial = usb_device.serial_number or "unknown"
+	usb_path = str(usb_device.bus) + "-" + ".".join(map(str, usb_device.port_numbers))
+	print("found " + definition.name + " device (chip ID " + serial + ") at USB path " + usb_path)
+	# determine if we are running DFU (in most cases the bootloader, but could also be the application)
+	dfu_interface = None
+	for configuration in usb_device:
+		# get DFU interface descriptor
+		dfu_interface = dfu_interface or find_descriptor(configuration, bInterfaceClass=254, bInterfaceSubClass=1)
+	if (None == dfu_interface):
+		print("no DFU USB interface found")
+		continue
+	dfu_mode = (2 == dfu_interface.bInterfaceProtocol) # InterfaceProtocol 1 is runtime mode, 2 is DFU mode
+	# determine firmware type (when not in DFU mode)
+	firmware = None
+	simtrace_interface = None
+	for configuration in usb_device:
+		simtrace_interface = simtrace_interface or find_descriptor(configuration, bInterfaceClass=255)
+	if simtrace_interface and simtrace_interface.bInterfaceSubClass in FIRMWARE_SUBCLASS:
+		firmware = firmware or FIRMWARE_SUBCLASS[simtrace_interface.bInterfaceSubClass]
+	if dfu_mode:
+		firmware = 'dfu'
+	if firmware:
+		print("installed firmware: " + firmware)
+	else:
+		print("unknown installed firmware")
+		continue
+	# determine version of the application/bootloader firmware
+	version = None
+	version_interface = None
+	for configuration in usb_device:
+		# get custom interface with string
+		version_interface = version_interface or find_descriptor(configuration, bInterfaceClass=255, bInterfaceSubClass=255)
+	if version_interface and version_interface.iInterface and version_interface.iInterface > 0 and get_string(usb_device, version_interface.iInterface):
+		version = get_string(usb_device, version_interface.iInterface)
+	if not version:
+		# the USB serial is set (in the application) since version 0.5.1.34-e026 from 2019-08-06
+		# https://git.osmocom.org/simtrace2/commit/?id=e0265462d8c05ebfa133db2039c2fbe3ebbd286e
+		# the USB serial is set (in the bootloader) since version 0.5.1.45-ac7e from 2019-11-18
+		# https://git.osmocom.org/simtrace2/commit/?id=5db9402a5f346e30288db228157f71c29aefce5a
+		# the firmware version is set (in the application) since version 0.5.1.37-ede8 from 2019-08-13
+		# https://git.osmocom.org/simtrace2/commit/?id=ede87e067dadd07119f24e96261b66ac92b3af6f
+		# the firmware version is set (in the bootloader) since version 0.5.1.45-ac7e from 2019-11-18
+		# https://git.osmocom.org/simtrace2/commit/?id=5db9402a5f346e30288db228157f71c29aefce5a
+		if dfu_mode:
+			if serial:
+				version = "< 0.5.1.45-ac7e"
+			else:
+				versoin = "< 0.5.1.45-ac7e"
+		else:
+			if serial:
+				version = "< 0.5.1.37-ede8"
+			else:
+				versoin = "< 0.5.1.34-e026"
+	print("device firmware version: " + version)
+	# flash latest firmware
+	if to_flash == "list": # we just want to list the devices, not flash them
+		continue
+	# check the firmware exists
+	if firmware == "dfu" and to_flash is None:
+		print("device is currently in DFU mode. you need to specify which firmware to flash")
+		continue
+	to_flash = to_flash or firmware
+	if to_flash not in definition.url.keys():
+		print("no firmware image available for " + firmware + " firmware")
+		continue
+	# download firmware
+	try:
+		dl_path, header = urllib.request.urlretrieve(definition.url[to_flash])
+	except:
+		print("could not download firmware " + definition.url[to_flash])
+		continue
+	dl_file = open(dl_path, "rb")
+	dl_data = dl_file.read()
+	dl_file.close()
+	# compare versions
+	dl_version = re.search(b'firmware \d+\.\d+\.\d+\.\d+-[0-9a-fA-F]{4}', dl_data)
+	if dl_version is None:
+		print("could not get version from downloaded firmware image")
+		os.remove(dl_path)
+		continue
+	dl_version = dl_version.group(0).decode("utf-8").split(" ")[1]
+	print("latest firmware version: " + dl_version)
+	versions = list(map(lambda x: int(x), version.split(" ")[-1].split("-")[0].split(".")))
+	dl_versions = list(map(lambda x: int(x), dl_version.split("-")[0].split(".")))
+	dl_newer = (versions[0] < dl_versions[0] or (versions[0] == dl_versions[0] and versions[1] < dl_versions[1]) or (versions[0] == dl_versions[0] and versions[1] == dl_versions[1] and versions[2] < dl_versions[2]) or (versions[0] == dl_versions[0] and versions[1] == dl_versions[1] and versions[2] == dl_versions[2] and versions[3] < dl_versions[3]))
+	if not dl_newer:
+		print("no need to flash latest version")
+		os.remove(dl_path)
+		continue
+	print("flashing latest version")
+	dfu_result = subprocess.run(["dfu-util", "--device", hex(definition.usb_vendor_id) + ":" + hex(definition.usb_product_id), "--path", usb_path, "--cfg", "1", "--alt", "1", "--reset", "--download", dl_path])
+	os.remove(dl_path)
+	if 0 != dfu_result.returncode:
+		printf("flashing firmware using dfu-util failed. ensure dfu-util is installed and you have the permissions to access this USB device")
+		continue
+	updated_nb += 1
+
+print(str(devices_nb)+ " SIMtrace 2 device(s) found")
+print(str(updated_nb)+ " SIMtrace 2 device(s) updated")

contrib/jenkins.sh

@@ -21,6 +21,9 @@ mkdir "$deps" || true
 
 osmo-build-dep.sh libosmocore "" '--disable-doxygen --enable-gnutls'
 
+# verify only after building the dependency (to ensure we have most recent source of dependency)
+verify_value_string_arrays_are_terminated.py $(find . -name "*.[hc]")
+
 export PKG_CONFIG_PATH="$inst/lib/pkgconfig:$PKG_CONFIG_PATH"
 export LD_LIBRARY_PATH="$inst/lib"
 
@@ -28,6 +31,7 @@ BUILDS=""
 BUILDS+="simtrace/dfu simtrace/trace simtrace/cardem "
 BUILDS+="qmod/dfu qmod/cardem "
 BUILDS+="owhw/dfu owhw/cardem "
+BUILDS+="octsimtest/cardem "
 
 cd $TOPDIR/firmware
 for build in $BUILDS; do
@@ -50,23 +54,35 @@ make clean
 echo
 echo "=============== HOST START  =============="
 cd $TOPDIR/host
-make clean
-make
-make clean
+autoreconf --install --force
+./configure --enable-sanitize --enable-werror
+$MAKE $PARALLEL_MAKE
+#$MAKE distcheck || cat-testlogs.sh
+make dist
+
+#if [ "$WITH_MANUALS" = "1" ] && [ "$PUBLISH" = "1" ]; then
+#	make -C "$base/doc/manuals" publish
+#fi
 
 if [ "x$publish" = "x--publish" ]; then
 	echo
 	echo "=============== UPLOAD BUILD  =============="
+	$TOPDIR/contrib/prepare_upload.sh
 
-	cat > "$WORKSPACE/known_hosts" <<EOF
-[rita.osmocom.org]:48 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDgQ9HntlpWNmh953a2Gc8NysKE4orOatVT1wQkyzhARnfYUerRuwyNr1GqMyBKdSI9amYVBXJIOUFcpV81niA7zQRUs66bpIMkE9/rHxBd81SkorEPOIS84W4vm3SZtuNqa+fADcqe88Hcb0ZdTzjKILuwi19gzrQyME2knHY71EOETe9Yow5RD2hTIpB5ecNxI0LUKDq+Ii8HfBvndPBIr0BWYDugckQ3Bocf+yn/tn2/GZieFEyFpBGF/MnLbAAfUKIdeyFRX7ufaiWWz5yKAfEhtziqdAGZaXNaLG6gkpy3EixOAy6ZXuTAk3b3Y0FUmDjhOHllbPmTOcKMry9
-[rita.osmocom.org]:48 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPdWn1kEousXuKsZ+qJEZTt/NSeASxCrUfNDW3LWtH+d8Ust7ZuKp/vuyG+5pe5pwpPOgFu7TjN+0lVjYJVXH54=
-[rita.osmocom.org]:48 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8iivY70EiR5NiGChV39gRLjNpC8lvu1ZdHtdMw2zuX
+	cat > "/build/known_hosts" <<EOF
+[ftp.osmocom.org]:48 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDgQ9HntlpWNmh953a2Gc8NysKE4orOatVT1wQkyzhARnfYUerRuwyNr1GqMyBKdSI9amYVBXJIOUFcpV81niA7zQRUs66bpIMkE9/rHxBd81SkorEPOIS84W4vm3SZtuNqa+fADcqe88Hcb0ZdTzjKILuwi19gzrQyME2knHY71EOETe9Yow5RD2hTIpB5ecNxI0LUKDq+Ii8HfBvndPBIr0BWYDugckQ3Bocf+yn/tn2/GZieFEyFpBGF/MnLbAAfUKIdeyFRX7ufaiWWz5yKAfEhtziqdAGZaXNaLG6gkpy3EixOAy6ZXuTAk3b3Y0FUmDjhOHllbPmTOcKMry9
+[ftp.osmocom.org]:48 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPdWn1kEousXuKsZ+qJEZTt/NSeASxCrUfNDW3LWtH+d8Ust7ZuKp/vuyG+5pe5pwpPOgFu7TjN+0lVjYJVXH54=
+[ftp.osmocom.org]:48 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8iivY70EiR5NiGChV39gRLjNpC8lvu1ZdHtdMw2zuX
 EOF
-	SSH_COMMAND="ssh -o 'UserKnownHostsFile=$WORKSPACE/known_hosts' -p 48"
-	rsync -avz --delete -e "$SSH_COMMAND" $TOPDIR/firmware/bin/*.bin binaries@rita.osmocom.org:web-files/simtrace2/firmware/
+	SSH_COMMAND="ssh -o 'UserKnownHostsFile=/build/known_hosts' -p 48"
+	rsync --archive --verbose --compress --delete --rsh "$SSH_COMMAND" $TOPDIR/firmware/bin/*-latest.{bin,elf} binaries@ftp.osmocom.org:web-files/simtrace2/firmware/latest/
+	rsync --archive --verbose --compress --rsh "$SSH_COMMAND" --exclude $TOPDIR/firmware/bin/*-latest.{bin,elf} $TOPDIR/firmware/bin/*-*-*-*.{bin,elf} binaries@ftp.osmocom.org:web-files/simtrace2/firmware/all/
 fi
 
+echo
+echo "=============== HOST CLEAN  =============="
+$MAKE maintainer-clean
+
 echo
 echo "=============== FIRMWARE CLEAN  =============="
 cd $TOPDIR/firmware/

contrib/prepare_upload.sh

@@ -0,0 +1,16 @@
+#!/bin/sh -e
+# Create copies of binaries with -latest, -$GIT_VERSION (OS#4413, OS#3452)
+cd "$(dirname "$0")/.."
+
+GIT_VERSION="$(./git-version-gen .tarball-version)"
+
+echo "Copying binaries with "-latest" and "-$GIT_VERSION" appended..."
+
+cd firmware/bin
+for ext in bin elf; do
+	for file in *."$ext"; do
+		without_ext="${file%.*}"
+		cp -v "$file" "$without_ext-latest.$ext"
+		cp -v "$file" "$without_ext-$GIT_VERSION.$ext"
+	done
+done

debian/changelog

@@ -1,3 +1,9 @@
+simtrace2 (0.5.2) UNRELEASED; urgency=medium
+
+  * adapt to host tools in autotools
+
+ -- Harald Welte <lafore@gnumonks.org>  Thu, 28 Nov 2019 00:44:57 +0100
+
 simtrace2 (0.5.1) unstable; urgency=medium
 
   * Backwards-compatibility with older (released, non-master) libosmocore

debian/control

@@ -3,6 +3,13 @@ Maintainer: Harald Welte <laforge@gnumonks.org>
 Section: devel
 Priority: optional
 Build-Depends: debhelper (>= 9),
+               autotools-dev,
+               autoconf,
+               automake,
+               libtool,
+               pkg-config,
+               git,
+               dh-autoreconf,
                libosmocore-dev,
                libpcsclite-dev,
                libnewlib-arm-none-eabi,
@@ -26,6 +33,33 @@ Package: simtrace2-utils
 Section: devel
 Architecture: any
 Multi-Arch: same
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, libosmo-simtrace2-0
 Recommends: simtrace2-firmware
 Description: Host utilities to communicate with SIMtrace2 USB Devices.
+
+Package: libosmo-simtrace2-0
+Section: libs
+Architecture: any
+Multi-Arch: same
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: Osmocom SIMtrace2 library
+  This library contains core "driver" functionality to interface with the
+  Osmocom SIMtrace2 (and compatible) USB device firmware.  It enables
+  applications to implement SIM card / smart card tracing as well as
+  SIM / smart card emulation functions.
+
+Package: libosmo-simtrace2-dev
+Section: libdevel
+Architecture: any
+Multi-Arch: same
+Depends: libosmo-simtrace2-0, ${misc:Depends}
+Description: Development headers for Osmocom SIMtrace2 library
+  This library contains core "driver" functionality to interface with the
+  Osmocom SIMtrace2 (and compatible) USB device firmware.  It enables
+  applications to implement SIM card / smart card tracing as well as
+  SIM / smart card emulation functions.
+  .
+  The header files provided by this package may be used to develop
+  with any of the libosmocore libraries.
+  .
+  Also static libraries are installed with this package.

debian/libosmo-simtrace2-0.install

@@ -0,0 +1 @@
+usr/lib/libosmo-simtrace2*.so.*

debian/libosmo-simtrace2-dev.install

@@ -0,0 +1,5 @@
+usr/include/*
+usr/lib/lib*.a
+usr/lib/lib*.so
+usr/lib/lib*.la
+usr/lib/pkgconfig/*

debian/rules

@@ -1,4 +1,19 @@
 #!/usr/bin/make -f
 
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+DEBIAN  := $(shell dpkg-parsechangelog | grep ^Version: | cut -d' ' -f2)
+DEBVERS := $(shell echo '$(DEBIAN)' | cut -d- -f1)
+VERSION := $(shell echo '$(DEBVERS)' | sed -e 's/[+-].*//' -e 's/~//g')
+
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+export DEB_LDFLAGS_MAINT_STRIP = -Wl,-Bsymbolic-functions
+
+
 %:
 	dh $@
+
+override_dh_autoreconf:
+	cd host && dh_autoreconf

debian/source/format

@@ -0,0 +1 @@
+3.0 (native)

firmware/Makefile

@@ -28,22 +28,33 @@
 
 #   Makefile for compiling the Getting Started with SAM3S Microcontrollers project
 
+GIT_VERSION=$(shell $(TOP)/git-version-gen $(TOP)/.tarball-version)
 #-------------------------------------------------------------------------------
 #        User-modifiable options
 #-------------------------------------------------------------------------------
 
+# verbosity
+V ?= 0
+ifneq ("$(V)","0")
+SILENT :=
+else
+SILENT := @
+endif
+
 # Chip & board used for compilation
 # (can be overriden by adding CHIP=chip and BOARD=board to the command-line)
 CHIP  ?= sam3s4
 BOARD ?= qmod
-
-# Defines which are the available memory targets for the SAM3S-EK board.
-MEMORIES ?= flash dfu
-
-# Output file basename
 APP ?= dfu
 
-# Output directories
+# Defines which are the available memory targets for the SAM3S-EK board.
+ifeq ($(APP), dfu)
+MEMORIES ?= flash dfu
+else
+MEMORIES ?= dfu
+endif
+
+# Output directories and filename
 OUTPUT = $(BOARD)-$(APP)
 BIN = bin
 OBJ = obj/$(BOARD)
@@ -73,7 +84,6 @@ GDB = $(CROSS_COMPILE)gdb
 NM = $(CROSS_COMPILE)nm
 
 TOP=..
-GIT_VERSION=$(shell $(TOP)/git-version-gen $(TOP)/.tarvers)
 
 #-------------------------------------------------------------------------------
 #		Files
@@ -97,7 +107,8 @@ C_LIBCHIP  = $(notdir $(wildcard $(AT91LIB)/libchip_sam3s/source/*.c) $(wildcard
 C_LIBUSB     = USBDescriptors.c USBRequests.c USBD.c USBDCallbacks.c USBDDriver.c USBDDriverCallbacks.c
 C_LIBUSB_RT  = dfu.c dfu_runtime.c
 C_LIBUSB_DFU = dfu.c dfu_desc.c dfu_driver.c
-C_LIBCOMMON  = string.c stdio.c fputs.c usb_buf.c ringbuffer.c pseudo_talloc.c host_communication.c
+C_LIBCOMMON  = string.c stdio.c fputs.c usb_buf.c ringbuffer.c pseudo_talloc.c host_communication.c \
+	       main_common.c stack_check.c
 
 C_BOARD      = $(notdir $(wildcard libboard/common/source/*.c))
 C_BOARD     += $(notdir $(wildcard libboard/$(BOARD)/source/*.c))
@@ -120,15 +131,15 @@ C_OBJECTS  = $(C_FILES:%.c=%.o)
 # TRACE_LEVEL_NO_TRACE   0
 TRACE_LEVEL ?= 4
 
-DEBUG_PHONE_SNIFF?=0
+# allow asserting the peer SAM3S ERASE signal to completely erase the flash
+# only applicable for qmod board
+ALLOW_PEER_ERASE?=0
 
 #CFLAGS+=-DUSB_NO_DEBUG=1
 
 # Optimization level, put in comment for debugging
 OPTIMIZATION ?= -Os
 
-
-
 # Flags
 INCLUDES_USB = -I$(AT91LIB)/usb/include -I$(AT91LIB)
 
@@ -161,18 +172,25 @@ CFLAGS += -Wno-suggest-attribute=noreturn
 # -mlong-calls  -Wall
 #CFLAGS += -save-temps -fverbose-asm
 #CFLAGS += -Wa,-a,-ad
-CFLAGS += -D__ARM
+CFLAGS += -D__ARM -fno-builtin
 CFLAGS += --param max-inline-insns-single=500 -mcpu=cortex-m3 -mthumb # -mfix-cortex-m3-ldrd
-CFLAGS += -ffunction-sections -g $(OPTIMIZATION) $(INCLUDES) -D$(CHIP) -DTRACE_LEVEL=$(TRACE_LEVEL) -DDEBUG_PHONE_SNIFF=$(DEBUG_PHONE_SNIFF)
+CFLAGS += -ffunction-sections -g $(OPTIMIZATION) $(INCLUDES) -D$(CHIP) -DTRACE_LEVEL=$(TRACE_LEVEL) -DALLOW_PEER_ERASE=$(ALLOW_PEER_ERASE)
 CFLAGS += -DGIT_VERSION=\"$(GIT_VERSION)\"
 CFLAGS += -DBOARD=\"$(BOARD)\" -DBOARD_$(BOARD)
 CFLAGS += -DAPPLICATION=\"$(APP)\" -DAPPLICATION_$(APP)
+
+# Disable stack protector by default (OS#5081)
+ifeq ($(STACK_PROTECTOR), 1)
+CFLAGS += -fstack-protector
+else
+CFLAGS += -fno-stack-protector
+endif
+
 ASFLAGS = -mcpu=cortex-m3 -mthumb -Wall -g $(OPTIMIZATION) $(INCLUDES) -D$(CHIP) -D__ASSEMBLY__
-LDFLAGS = -mcpu=cortex-m3 -mthumb -Wl,--cref -Wl,--check-sections -Wl,--gc-sections -Wl,--entry=ResetException -Wl,--unresolved-symbols=report-all -Wl,--warn-common -Wl,--warn-section-align -Wl,--warn-unresolved-symbols $(LIB)
+LDFLAGS = -mcpu=cortex-m3 -mthumb -Wl,--cref -Wl,--check-sections -Wl,--gc-sections -Wl,--entry=ResetException -Wl,--unresolved-symbols=report-all -Wl,--warn-common -Wl,--warn-section-align -Wl,--print-memory-usage -Wl,--no-undefined $(LIB)
 #LD_OPTIONAL=-Wl,--print-gc-sections -Wl,--stats
 
-
-# Append OBJ and BIN directories to output filename
+# Append BIN directories to output filename
 OUTPUT := $(BIN)/$(OUTPUT)
 
 #-------------------------------------------------------------------------------
@@ -196,7 +214,11 @@ $(BIN) $(OBJ):
 usbstring/usbstring: usbstring/usbstring.c
 	gcc $^ -o $@
 
-apps/$(APP)/usb_strings_generated.h: apps/$(APP)/usb_strings.txt usbstring/usbstring
+.PHONY: apps/$(APP)/usb_strings.txt.patched
+apps/$(APP)/usb_strings.txt.patched: apps/$(APP)/usb_strings.txt
+	sed "s/PRODUCT_STRING/$(shell cat libboard/$(BOARD)/product_string.txt)/" $< > $@
+
+apps/$(APP)/usb_strings_generated.h: apps/$(APP)/usb_strings.txt.patched usbstring/usbstring
 	cat $< | usbstring/usbstring > $@
 
 define RULES
@@ -204,18 +226,18 @@ C_OBJECTS_$(1) = $(addprefix $(OBJ)/$(1)_, $(C_OBJECTS))
 ASM_OBJECTS_$(1) = $(addprefix $(OBJ)/$(1)_, $(ASM_OBJECTS))
 
 $(1): $$(ASM_OBJECTS_$(1)) $$(C_OBJECTS_$(1))
-	@$(CC) $(LDFLAGS) $(LD_OPTIONAL) -T"libboard/common/resources/$(CHIP)/$$@.ld" -Wl,-Map,$(OUTPUT)-$$@.map -o $(OUTPUT)-$$@.elf $$^ $(LIBS)
-	@$(NM) $(OUTPUT)-$$@.elf >$(OUTPUT)-$$@.elf.txt
-	@$(OBJCOPY) -O binary $(OUTPUT)-$$@.elf $(OUTPUT)-$$@.bin
-	@$(SIZE) $$^ $(OUTPUT)-$$@.elf
+	$(SILENT)$(CC) $(LDFLAGS) $(LD_OPTIONAL) -T"libboard/common/resources/$(CHIP)/$$@.ld" -Wl,-Map,$(OUTPUT)-$$@.map -o $(OUTPUT)-$$@.elf $$^ $(LIBS)
+	$(SILENT)$(NM) $(OUTPUT)-$$@.elf >$(OUTPUT)-$$@.elf.txt
+	$(SILENT)$(OBJCOPY) -O binary $(OUTPUT)-$$@.elf $(OUTPUT)-$$@.bin
+	$(SILENT)$(SIZE) $$^ $(OUTPUT)-$$@.elf
 
 $$(C_OBJECTS_$(1)): $(OBJ)/$(1)_%.o: %.c Makefile $(OBJ) $(BIN)
 	@echo [COMPILING $$<]
-	@$(CC) $(CFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -Wa,-ahlms=$(BIN)/$$*.lst -c -o $$@ $$<
+	$(SILENT)$(CC) $(CFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -Wa,-ahlms=$(BIN)/$$*.lst -c -o $$@ $$<
 
 $$(ASM_OBJECTS_$(1)): $(OBJ)/$(1)_%.o: %.S Makefile $(OBJ) $(BIN)
 	@echo [ASSEMBLING $$@]
-	@$(CC) $(ASFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -c -o $$@ $$<
+	$(SILENT)@$(CC) $(ASFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -c -o $$@ $$<
 
 debug_$(1): $(1)
 	$(GDB) -x "$(BOARD_LIB)/resources/gcc/$(BOARD)_$(1).gdb" -ex "reset" -readnow -se $(OUTPUT)-$(1).elf
@@ -232,6 +254,7 @@ log:
 	lsof $(SERIAL) && echo "log is already opened" || ( sed -u "s/\r//" $(SERIAL) | ts )
 
 clean:
+	-rm -f apps/$(APP)/usb_strings.txt.patched
 	-rm -fR $(OBJ)/*.o $(BIN)/*.bin $(BIN)/*.elf $(BIN)/*.elf.txt $(BIN)/*.map $(BIN)/*.lst `find . -name \*.p`
 
 install:

firmware/README.txt

@@ -24,6 +24,7 @@ Current boards supported are:
 * `simtrace`: The good old Osmocom SIMtrace PCB with SAM3 instead of SAM7, open hardware.
 * `qmod`: A sysmocom-proprietary quad mPCIe carrier board, publicly available
 * `owhw`: An undisclosed sysmocom-internal board, not publicly available
+* `octsimtest`: A sysmocom-proprietary production testing board, not publicly available
 
 = Firmware
 
@@ -51,6 +52,7 @@ Current applications supported are:
 * `cardem`: To provide remote SIM operation capabilities.
 * `trace`:  To monitor the communication between a SIM card and a phone (corresponds to the functionality provide by the first SIMtrace)
 * `triple_play`: To support the three previous functionalities, using USB configurations.
+* `gpio_test`: internal test code
 
 == Memories
 
@@ -76,6 +78,10 @@ $ make TRACE_LEVEL=4
 ```
 Accepted values: 0 (NO_TRACE) to 5 (DEBUG)
 
+The qmod specific option `ALLOW_PEER_ERASE` controls if the UART debug command to assert the peer SAM3S ERASE line is present in the code.
+Per default this is set to 0 to prevent accidentally erasing all firmware, including the DFU bootloader, which would then need to be flashed using SAM-BA or JTAG/SWD.
+Setting `ALLOW_PEER_ERASE` to 1 enables back the debug command and should be used only for debugging or development purposes.
+
 = Flashing
 
 To flash a firmware image follow the instructions provided in the [wiki](https://projects.osmocom.org/projects/simtrace2/wiki/).

firmware/apps/cardem/Makefile

@@ -1,3 +1,3 @@
 C_FILES += $(C_LIBUSB_RT)
 
-C_FILES += card_emu.c iso7816_3.c iso7816_4.c mode_cardemu.c simtrace_iso7816.c usb.c
+C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c usb.c

firmware/apps/cardem/main.c

@@ -24,10 +24,9 @@
 #include "board.h"
 #include "simtrace.h"
 #include "utils.h"
+#include "main_common.h"
 #include <osmocom/core/timer.h>
 
-unsigned int g_unique_id[4];
-
 /*------------------------------------------------------------------------------
  *         Internal variables
  *------------------------------------------------------------------------------*/
@@ -40,7 +39,7 @@ typedef struct {
 	void (*exit) (void);
 	/* main loop content for given configuration */
 	void (*run) (void);
-	/* Interrupt handler for USART1 */
+	/* Interrupt handler for USART0 */
 	void (*usart0_irq) (void);
 	/* Interrupt handler for USART1 */
 	void (*usart1_irq) (void);
@@ -54,6 +53,8 @@ static const conf_func config_func_ptrs[] = {
 		.init = Sniffer_init,
 		.exit = Sniffer_exit,
 		.run = Sniffer_run,
+		.usart0_irq = Sniffer_usart0_irq,
+		.usart1_irq = Sniffer_usart1_irq,
 	},
 #endif
 #ifdef HAVE_CCID
@@ -155,34 +156,7 @@ extern int main(void)
 
 	PIO_InitializeInterrupts(0);
 
-	EEFC_ReadUniqueID(g_unique_id);
-
-		printf("\n\r\n\r"
-		"=============================================================================\n\r"
-		"SIMtrace2 firmware " GIT_VERSION "\n\r"
-		"(C) 2010-2017 by Harald Welte, 2018-2019 by Kevin Redon\n\r"
-		"=============================================================================\n\r");
-
-#if (TRACE_LEVEL >= TRACE_LEVEL_INFO)
-	TRACE_INFO("Chip ID: 0x%08lx (Ext 0x%08lx)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
-	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\n\r",
-		   g_unique_id[0], g_unique_id[1],
-		   g_unique_id[2], g_unique_id[3]);
-	uint8_t reset_cause = (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos;
-	static const char* reset_causes[] = {
-		"general reset (first power-up reset)",
-		"backup reset (return from backup mode)",
-		"watchdog reset (watchdog fault occurred)",
-		"software reset (processor reset required by the software)",
-		"user reset (NRST pin detected low)",
-	};
-	if (reset_cause < ARRAY_SIZE(reset_causes)) {
-		TRACE_INFO("Reset Cause: %s\n\r", reset_causes[reset_cause]);
-	} else {
-		TRACE_INFO("Reset Cause: 0x%lx\n\r", (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos);
-	}
-#endif
-
+	print_banner();
 	board_main_top();
 
 	TRACE_INFO("USB init...\n\r");
@@ -203,8 +177,7 @@ extern int main(void)
 	}
 
 	TRACE_INFO("calling configure of all configurations...\n\r");
-	for (i = 1; i < sizeof(config_func_ptrs) / sizeof(config_func_ptrs[0]);
-	     ++i) {
+	for (i = 1; i < ARRAY_SIZE(config_func_ptrs); i++) {
 		if (config_func_ptrs[i].configure)
 			config_func_ptrs[i].configure();
 	}
@@ -248,6 +221,7 @@ extern int main(void)
 			}
 			last_simtrace_config = simtrace_config;
 		} else {
+			//FIXME: usb_proces() for every interface in this configuration?
 			if (config_func_ptrs[simtrace_config].run) {
 				config_func_ptrs[simtrace_config].run();
 			}

firmware/apps/cardem/usb_strings.txt

@@ -1,8 +1,8 @@
 sysmocom - s.f.m.c. GmbH
-SIMtrace 2 compatible device
+PRODUCT_STRING
 SIMtrace Sniffer
 SIMtrace CCID
-SIMtrace Phone
+SIMtrace Card Emulation
 SIMtrace MITM
 CardEmulator Modem 1
 CardEmulator Modem 2

firmware/apps/dfu/main.c

@@ -26,8 +26,15 @@
 
 #include <osmocom/core/timer.h>
 
+/* USB alternate interface index used to identify which partition to flash */
+/** USB alternate interface index indicating RAM partition */
 #define ALTIF_RAM 0
+/** USB alternate interface index indicating flash partition */
+#if defined(ENVIRONMENT_flash)
 #define ALTIF_FLASH 1
+#elif defined(ENVIRONMENT_dfu)
+#define ALTIF_FLASH 2
+#endif
 
 unsigned int g_unique_id[4];
 /* remember if the watchdog has been configured in the main loop so we can kick it in the ISR */
@@ -44,10 +51,18 @@ static const Pin pinsLeds[] = { PINS_LEDS } ;
  *----------------------------------------------------------------------------*/
 
 #define RAM_ADDR(offset) (IRAM_ADDR + BOARD_DFU_RAM_SIZE + offset)
+#if defined(ENVIRONMENT_flash)
 #define FLASH_ADDR(offset) (IFLASH_ADDR + BOARD_DFU_BOOT_SIZE + offset)
+#elif defined(ENVIRONMENT_dfu)
+#define FLASH_ADDR(offset) (IFLASH_ADDR + offset)
+#endif
 
-#define IFLASH_END	((uint8_t *)IFLASH_ADDR + IFLASH_SIZE)
-#define IRAM_END	((uint8_t *)IRAM_ADDR + IRAM_SIZE)
+#define IRAM_END ((uint8_t *)IRAM_ADDR + IRAM_SIZE)
+#if defined(ENVIRONMENT_flash)
+#define IFLASH_END ((uint8_t *)IFLASH_ADDR + IFLASH_SIZE)
+#elif defined(ENVIRONMENT_dfu)
+#define IFLASH_END ((uint8_t *)IFLASH_ADDR + BOARD_DFU_BOOT_SIZE)
+#endif
 
 /* incoming call-back: Host has transferred 'len' bytes (stored at
  * 'data'), which we shall write to 'offset' into the partition
@@ -90,7 +105,11 @@ int USBDFU_handle_dnload(uint8_t altif, unsigned int offset,
 		break;
 	case ALTIF_FLASH:
 		addr = FLASH_ADDR(offset);
+#if defined(ENVIRONMENT_flash)
 		if (addr < IFLASH_ADDR || addr + len >= IFLASH_ADDR + IFLASH_SIZE) {
+#elif defined(ENVIRONMENT_dfu)
+		if (addr < IFLASH_ADDR || addr + len >= IFLASH_ADDR + BOARD_DFU_BOOT_SIZE) {
+#endif
 			g_dfu->state = DFU_STATE_dfuERROR;
 			g_dfu->status = DFU_STATUS_errADDRESS;
 			rc = DFU_RET_STALL;
@@ -224,6 +243,17 @@ static void check_exec_dbg_cmd(void)
 	//board_exec_dbg_cmd(ch);
 }
 
+/* print a horizontal line of '=' characters; Doing this in a loop vs. using a 'const'
+ * string saves us ~60 bytes of executable size (matters particularly for DFU loader) */
+static void print_line(void)
+{
+	int i;
+	for (i = 0; i < 78; i++)
+		fputc('=', stdout);
+	fputc('\n', stdout);
+	fputc('\r', stdout);
+}
+
 /*------------------------------------------------------------------------------
  *        Main
  *------------------------------------------------------------------------------*/
@@ -246,34 +276,45 @@ extern int main(void)
 	PIO_Clear(&pinsLeds[LED_NUM_GREEN]);
 #endif
 
-	PIO_InitializeInterrupts(0);
-
 	EEFC_ReadUniqueID(g_unique_id);
 
-	printf("\n\r\n\r"
-		"=============================================================================\n\r"
-		"DFU bootloader %s for board %s\n\r"
-		"(C) 2010-2017 by Harald Welte, 2018-2019 by Kevin Redon\n\r"
-		"=============================================================================\n\r",
+	printf("\n\r\n\r");
+	print_line();
+	printf("DFU bootloader %s for board %s\n\r"
+		"(C) 2010-2017 by Harald Welte, 2018-2019 by Kevin Redon\n\r",
 		manifest_revision, manifest_board);
+	print_line();
 
-	TRACE_INFO("Chip ID: 0x%08x (Ext 0x%08x)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
+#if (TRACE_LEVEL >= TRACE_LEVEL_INFO)
+	TRACE_INFO("Chip ID: 0x%08lx (Ext 0x%08lx)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
 	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\n\r",
 		   g_unique_id[0], g_unique_id[1],
 		   g_unique_id[2], g_unique_id[3]);
-	TRACE_INFO("Reset Cause: 0x%lx\n\r", reset_cause);
+	static const char* reset_causes[] = {
+		"general reset (first power-up reset)",
+		"backup reset (return from backup mode)",
+		"watchdog reset (watchdog fault occurred)",
+		"software reset (processor reset required by the software)",
+		"user reset (NRST pin detected low)",
+	};
+	if (reset_cause < ARRAY_SIZE(reset_causes)) {
+		TRACE_INFO("Reset Cause: %s\n\r", reset_causes[reset_cause]);
+	} else {
+		TRACE_INFO("Reset Cause: 0x%lx\n\r", (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos);
+	}
+#endif
 
 #if (TRACE_LEVEL >= TRACE_LEVEL_INFO)
 	/* Find out why we are in the DFU bootloader, and not the main application */
 	TRACE_INFO("DFU bootloader start reason: ");
 	switch (USBDFU_OverrideEnterDFU()) {
 	case 0:
-		/* 0 normally means that there is no override, but we are in the bootloader,
-		 * thus the first check in board_cstartup_gnu did return something else than 0.
-		 * this can only be g_dfu->magic which is erased when the segment are
-		 * relocated, which happens in board_cstartup_gnu just after USBDFU_OverrideEnterDFU.
-		 * no static variable can be used to store this case since this will also be overwritten
-		 */
+		if (SCB->VTOR < IFLASH_ADDR + BOARD_DFU_BOOT_SIZE) {
+			TRACE_INFO_WP("unknown\n\r");
+		} else {
+			TRACE_INFO_WP("DFU is the main application\n\r");
+		}
+		break;
 	case 1:
 		TRACE_INFO_WP("DFU switch requested by main application\n\r");
 		break;
@@ -300,17 +341,16 @@ extern int main(void)
 
 	TRACE_INFO("USB init...\n\r");
 	/* Signal USB reset by disabling the pull-up on USB D+ for at least 10 ms */
+	USBD_Disconnect();
 #ifdef PIN_USB_PULLUP
 	const Pin usb_dp_pullup = PIN_USB_PULLUP;
 	PIO_Configure(&usb_dp_pullup, 1);
 	PIO_Set(&usb_dp_pullup);
 #endif
-	USBD_HAL_Suspend();
-	mdelay(20);
+	mdelay(50);
 #ifdef PIN_USB_PULLUP
 	PIO_Clear(&usb_dp_pullup);
 #endif
-	USBD_HAL_Activate();
 
 	USBDFU_Initialize(&dfu_descriptors);
 
@@ -319,8 +359,8 @@ extern int main(void)
 		check_exec_dbg_cmd();
 #if 1
 		if (i >= MAX_USB_ITER * 3) {
-			TRACE_ERROR("Resetting board (USB could "
-				    "not be configured)\n\r");
+			TRACE_ERROR("Resetting board (USB could not be configured)\n\r");
+			g_dfu->magic = USB_DFU_MAGIC; // start the bootloader after reboot
 			USBD_Disconnect();
 			NVIC_SystemReset();
 		}

firmware/apps/dfu/usb_strings.txt

@@ -1,5 +1,6 @@
 sysmocom - s.f.m.c. GmbH
-SIMtrace 2 compatible device
+PRODUCT_STRING
 DFU (Device Firmware Upgrade)
 RAM
 Flash (Application Partition)
+Flash (Bootloader Partition)

firmware/apps/freq_ctr/Makefile

@@ -0,0 +1,3 @@
+C_FILES += $(C_LIBUSB_RT)
+
+C_FILES += freq_ctr.c

firmware/apps/freq_ctr/freq_ctr.c

@@ -0,0 +1,55 @@
+#include <stdint.h>
+#include "utils.h"
+#include "tc_etu.h"
+#include "chip.h"
+
+
+/* pins for Channel 0 of TC-block 0 */
+#define PIN_TIOA0	{PIO_PA0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+
+/* pins for Channel 1 of TC-block 0 */
+#define PIN_TIOA1	{PIO_PA15, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+#define PIN_TCLK1	{PIO_PA28, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+
+static const Pin pins_tc[] = { PIN_TIOA0, PIN_TIOA1, PIN_TCLK1 };
+
+static TcChannel *tc1 = &TC0->TC_CHANNEL[1];
+
+void TC1_IrqHandler(void)
+{
+	uint32_t sr = tc1->TC_SR;
+	printf("TC1=%lu; SR=0x%08lx\r\n", tc1->TC_RA, sr);
+}
+
+void freq_ctr_init(void)
+{
+	TcChannel *tc0 = &TC0->TC_CHANNEL[0];
+
+	PIO_Configure(pins_tc, ARRAY_SIZE(pins_tc));
+
+	PMC_EnablePeripheral(ID_TC0);
+	PMC_EnablePeripheral(ID_TC1);
+
+	/* route TCLK1 to XC1 */
+	TC0->TC_BMR &= ~TC_BMR_TC1XC1S_Msk;
+	TC0->TC_BMR |= TC_BMR_TC1XC1S_TCLK1;
+
+	/* TC0 in wveform mode: Run from SCLK. Raise TIOA on RA; lower TIOA on RC + trigger */
+	tc0->TC_CMR = TC_CMR_TCCLKS_TIMER_CLOCK5 | TC_CMR_BURST_NONE |
+		      TC_CMR_EEVTEDG_NONE | TC_CMR_WAVSEL_UP_RC | TC_CMR_WAVE |
+		      TC_CMR_ACPA_SET | TC_CMR_ACPC_CLEAR;
+	tc0->TC_RA = 16384; /* set high at 16384 */
+	tc0->TC_RC = 32786; /* set low at 32786 */
+
+	/* TC1 in capture mode: Run from XC1. Trigger on TIOA rising. Load RA on rising */
+	tc1->TC_CMR = TC_CMR_TCCLKS_XC1 | TC_CMR_BURST_NONE |
+		      TC_CMR_ETRGEDG_RISING | TC_CMR_ABETRG | TC_CMR_LDRA_RISING;
+	/* Interrupt us if the external trigger happens */
+	tc1->TC_IER = TC_IER_ETRGS;
+	NVIC_EnableIRQ(TC1_IRQn);
+
+	TC0->TC_BCR = TC_BCR_SYNC;
+
+	tc0->TC_CCR = TC_CCR_CLKEN|TC_CCR_SWTRG;
+	tc1->TC_CCR = TC_CCR_CLKEN|TC_CCR_SWTRG;
+}

firmware/apps/freq_ctr/main.c

@@ -0,0 +1,54 @@
+
+#include "board.h"
+#include "utils.h"
+#include "osmocom/core/timer.h"
+
+extern void freq_ctr_init(void);
+
+/* returns '1' in case we should break any endless loop */
+static void check_exec_dbg_cmd(void)
+{
+	int ch;
+
+	if (!UART_IsRxReady())
+		return;
+
+	ch = UART_GetChar();
+
+	board_exec_dbg_cmd(ch);
+}
+
+
+extern int main(void)
+{
+	led_init();
+	led_blink(LED_RED, BLINK_ALWAYS_ON);
+	led_blink(LED_GREEN, BLINK_ALWAYS_ON);
+
+	/* Enable watchdog for 2000 ms, with no window */
+	WDT_Enable(WDT, WDT_MR_WDRSTEN | WDT_MR_WDDBGHLT | WDT_MR_WDIDLEHLT |
+		   (WDT_GetPeriod(2000) << 16) | WDT_GetPeriod(2000));
+
+	PIO_InitializeInterrupts(0);
+
+
+	printf("\n\r\n\r"
+		"=============================================================================\n\r"
+		"Freq Ctr firmware " GIT_VERSION " (C) 2019 by Harald Welte\n\r"
+		"=============================================================================\n\r");
+
+	board_main_top();
+
+	TRACE_INFO("starting frequency counter...\n\r");
+	freq_ctr_init();
+
+	TRACE_INFO("entering main loop...\n\r");
+	while (1) {
+		WDT_Restart(WDT);
+
+		check_exec_dbg_cmd();
+		osmo_timers_prepare();
+		osmo_timers_update();
+	}
+
+}

firmware/apps/freq_ctr/usb_strings.txt

@@ -0,0 +1,10 @@
+sysmocom - s.f.m.c. GmbH
+PRODUCT_STRING
+SIMtrace Sniffer
+SIMtrace CCID
+SIMtrace Card Emulation
+SIMtrace MITM
+CardEmulator Modem 1
+CardEmulator Modem 2
+CardEmulator Modem 3
+CardEmulator Modem 4

firmware/apps/gpio_test/Makefile

@@ -0,0 +1,3 @@
+C_FILES += $(C_LIBUSB_RT)
+
+C_FILES += gpio_test.c

firmware/apps/gpio_test/gpio_test.c

@@ -0,0 +1,8 @@
+#include <stdint.h>
+#include "utils.h"
+#include "chip.h"
+
+void gpio_test_init(void)
+{
+	printf("FIXME run tests here\n\r");
+}

firmware/apps/gpio_test/main.c

@@ -0,0 +1,54 @@
+
+#include "board.h"
+#include "utils.h"
+#include "osmocom/core/timer.h"
+
+extern void gpio_test_init(void);
+
+/* returns '1' in case we should break any endless loop */
+static void check_exec_dbg_cmd(void)
+{
+	int ch;
+
+	if (!UART_IsRxReady())
+		return;
+
+	ch = UART_GetChar();
+
+	board_exec_dbg_cmd(ch);
+}
+
+
+extern int main(void)
+{
+	led_init();
+	led_blink(LED_RED, BLINK_ALWAYS_ON);
+	led_blink(LED_GREEN, BLINK_ALWAYS_ON);
+
+	/* Enable watchdog for 2000 ms, with no window */
+	WDT_Enable(WDT, WDT_MR_WDRSTEN | WDT_MR_WDDBGHLT | WDT_MR_WDIDLEHLT |
+		   (WDT_GetPeriod(2000) << 16) | WDT_GetPeriod(2000));
+
+	PIO_InitializeInterrupts(0);
+
+
+	printf("\n\r\n\r"
+		"=============================================================================\n\r"
+		"GPIO Test firmware " GIT_VERSION " (C) 2019 Sysmocom GmbH\n\r"
+		"=============================================================================\n\r");
+
+	board_main_top();
+
+	TRACE_INFO("starting gpio test...\n\r");
+	gpio_test_init();
+
+	TRACE_INFO("entering main loop...\n\r");
+	while (1) {
+		WDT_Restart(WDT);
+
+		check_exec_dbg_cmd();
+		osmo_timers_prepare();
+		osmo_timers_update();
+	}
+
+}

firmware/apps/gpio_test/usb_strings.txt

@@ -0,0 +1,10 @@
+sysmocom - s.f.m.c. GmbH
+PRODUCT_STRING
+SIMtrace Sniffer
+SIMtrace CCID
+SIMtrace Card Emulation
+SIMtrace MITM
+CardEmulator Modem 1
+CardEmulator Modem 2
+CardEmulator Modem 3
+CardEmulator Modem 4

firmware/apps/trace/Makefile

@@ -1,3 +1,3 @@
 C_FILES += $(C_LIBUSB_RT)
 
-C_FILES += iso7816_4.c iso7816_fidi.c simtrace_iso7816.c sniffer.c usb.c
+C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c usb.c

firmware/apps/trace/main.c

@@ -24,10 +24,9 @@
 #include "board.h"
 #include "simtrace.h"
 #include "utils.h"
+#include "main_common.h"
 #include "osmocom/core/timer.h"
 
-unsigned int g_unique_id[4];
-
 /*------------------------------------------------------------------------------
  *         Internal variables
  *------------------------------------------------------------------------------*/
@@ -158,20 +157,7 @@ extern int main(void)
 
 	PIO_InitializeInterrupts(0);
 
-	EEFC_ReadUniqueID(g_unique_id);
-
-		printf("\n\r\n\r"
-		"=============================================================================\n\r"
-		"SIMtrace2 firmware " GIT_VERSION " (C) 2010-2016 by Harald Welte\n\r"
-		"=============================================================================\n\r");
-
-	TRACE_INFO("Chip ID: 0x%08lx (Ext 0x%08lx)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
-	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\n\r",
-		   g_unique_id[0], g_unique_id[1],
-		   g_unique_id[2], g_unique_id[3]);
-	TRACE_INFO("Reset Cause: 0x%lx\n\r", (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos);
-	TRACE_INFO("USB configuration used: %d\n\r", simtrace_config);
-
+	print_banner();
 	board_main_top();
 
 	TRACE_INFO("USB init...\n\r");

firmware/apps/trace/usb_strings.txt

@@ -1,8 +1,8 @@
 sysmocom - s.f.m.c. GmbH
-SIMtrace 2 compatible device
+PRODUCT_STRING
 SIMtrace Sniffer
 SIMtrace CCID
-SIMtrace Phone
+SIMtrace Card Emulation
 SIMtrace MITM
 CardEmulator Modem 1
 CardEmulator Modem 2

firmware/apps/triple_play/Makefile

@@ -1,3 +1,3 @@
 C_FILES += $(C_LIBUSB_RT)
 
-C_FILES += card_emu.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c
+C_FILES += card_emu.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c usb.c

firmware/apps/triple_play/main.c

@@ -26,8 +26,6 @@
 #include "req_ctx.h"
 #include <osmocom/core/timer.h>
 
-unsigned int g_unique_id[4];
-
 /*------------------------------------------------------------------------------
  *         Internal variables
  *------------------------------------------------------------------------------*/
@@ -149,17 +147,7 @@ extern int main(void)
 
 	PIO_InitializeInterrupts(0);
 
-	EEFC_ReadUniqueID(g_unique_id);
-
-		printf("\r\n\r\n"
-		"=============================================================================\r\n"
-		"SIMtrace2 firmware " GIT_REVISION " (C) 2010-2017 by Harald Welte\r\n"
-		"=============================================================================\r\n");
-
-	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\r\n",
-		   g_unique_id[0], g_unique_id[1],
-		   g_unique_id[2], g_unique_id[3]);
-
+	print_banner();
 	board_main_top();
 
 	TRACE_INFO("USB init...\r\n");

firmware/atmel_softpack_libraries/libchip_sam3s/source/USBD_HAL.c

@@ -45,11 +45,6 @@
  *      Headers
  *---------------------------------------------------------------------------*/
 
-#ifdef TRACE_LEVEL
-#undef TRACE_LEVEL
-#endif
-#define TRACE_LEVEL TRACE_LEVEL_WARNING
-
 #include "chip.h"
 #include "USBD_HAL.h"
 #include <usb/device/dfu/dfu.h>
@@ -1082,6 +1077,14 @@ static inline uint8_t UDP_Read(uint8_t  bEndpoint,
  *      Exported functions
  *---------------------------------------------------------------------------*/
 
+
+uint16_t USBD_GetEndpointSize(uint8_t bEndpoint)
+{
+    Endpoint *pEndpoint = &(endpoints[bEndpoint]);
+
+    return pEndpoint->size;
+}
+
 /**
  * USBD (UDP) interrupt handler
  * Manages device resume, suspend, end of bus reset.
@@ -1138,7 +1141,7 @@ void USBD_IrqHandler(void)
     /* Resume (Wakeup) */
     if ((status & (UDP_ISR_WAKEUP | UDP_ISR_RXRSM)) != 0) {
 
-        TRACE_INFO_WP("Res ");
+        TRACE_DEBUG_WP("Res ");
         /* Clear and disable resume interrupts */
         UDP->UDP_ICR = UDP_ICR_WAKEUP | UDP_ICR_RXRSM | UDP_ICR_RXSUSP;
         UDP->UDP_IDR = UDP_IDR_WAKEUP | UDP_IDR_RXRSM;
@@ -1150,7 +1153,7 @@ void USBD_IrqHandler(void)
        This interrupt is always treated last (hence the '==') */
     if (status == UDP_ISR_RXSUSP) {
 
-        TRACE_INFO_WP("Susp ");
+        TRACE_DEBUG_WP("Susp ");
         /* Enable wakeup */
         UDP->UDP_IER = UDP_IER_WAKEUP | UDP_IER_RXRSM;
         /* Acknowledge interrupt */
@@ -1161,19 +1164,26 @@ void USBD_IrqHandler(void)
     /* End of bus reset */
     else if ((status & UDP_ISR_ENDBUSRES) != 0) {
 
-        TRACE_INFO_WP("EoBRes ");
+        TRACE_DEBUG_WP("EoBRes ");
 
 #if defined(BOARD_USB_DFU)
 #if defined(APPLICATION_dfu)
 	/* if we are currently in the DFU bootloader, and we are beyond
 	 * the MANIFEST stage, we shall switch to the normal
 	 * application */
-	if (g_dfu->past_manifest)
+	if (g_dfu->past_manifest) {
+#if defined(ENVIRONMENT_flash)
 		USBDFU_SwitchToApp();
+#elif defined(ENVIRONMENT_dfu)
+		USBDFU_SwitchToDFU();
+#endif
+	}
+
 #else
 	/* if we are currently in the main application, and we are in
-	 * appDETACH state, switch into the DFU bootloader */
-	if (g_dfu->state == DFU_STATE_appDETACH)
+	 * appDETACH state or past downloading, switch into the DFU bootloader.
+	 */
+	if (g_dfu->state == DFU_STATE_appDETACH || g_dfu->state == DFU_STATE_dfuMANIFEST)
 		DFURT_SwitchToDFU();
 #endif /* APPLICATION_dfu */
 #endif /* BOARD_USB_DFU */
@@ -1202,7 +1212,7 @@ void USBD_IrqHandler(void)
 
                 if (status != 0) {
 
-                    TRACE_INFO_WP("\n\r  - ");
+                    TRACE_DEBUG_WP("\n\r  - ");
                 }
             }
             eptnum++;
@@ -1211,7 +1221,7 @@ void USBD_IrqHandler(void)
 
     /* Toggle LED back to its previous state */
     TRACE_DEBUG_WP("!");
-    TRACE_INFO_WP("\n\r");
+    TRACE_DEBUG_WP("\n\r");
     if (USBD_GetState() >= USBD_STATE_POWERED) {
 
         //LED_Clear(USBD_LEDUSB);
@@ -1361,7 +1371,7 @@ uint8_t USBD_HAL_ConfigureEP(const USBEndpointDescriptor *pDescriptor)
         UDP->UDP_IER = (1 << bEndpoint);
     }
 
-    TRACE_INFO_WP("CfgEp%d ", bEndpoint);
+    TRACE_DEBUG_WP("CfgEp%d ", bEndpoint);
     return bEndpoint;
 }
 
@@ -1529,7 +1539,7 @@ void USBD_HAL_RemoteWakeUp(void)
     UDP_EnableUsbClock();
     UDP_EnableTransceiver();
 
-    TRACE_INFO_WP("RWUp ");
+    TRACE_DEBUG_WP("RWUp ");
 
     // Activates a remote wakeup (edge on ESR), then clear ESR
     UDP->UDP_GLB_STAT |= UDP_GLB_STAT_ESR;
@@ -1662,6 +1672,10 @@ uint8_t USBD_HAL_Halt(uint8_t bEndpoint, uint8_t ctl)
             UDP->UDP_RST_EP |= 1 << bEndpoint;
             UDP->UDP_RST_EP &= ~(1 << bEndpoint);
         }
+
+        /* This fixes a weird bug with regard to ping-pong OUT endpoints */
+        UDP->UDP_RST_EP |= 1 << bEndpoint;
+        UDP->UDP_RST_EP &= ~(1 << bEndpoint);
     }
 
     /* Return Halt status */
@@ -1692,7 +1706,10 @@ void USBD_HAL_Suspend(void)
     /* The device enters the Suspended state */
     UDP_DisableTransceiver();
     UDP_DisableUsbClock();
-    UDP_DisablePeripheralClock();
+    /* Don't disable peripheral clock; this somehow breaks completion of any IN transfers
+     * that have already been written to the peripheral, and which we expect to complete
+     * after resume */
+    //UDP_DisablePeripheralClock();
 }
 
 /**

firmware/atmel_softpack_libraries/libchip_sam3s/source/efc.c

@@ -163,7 +163,7 @@ extern void EFC_TranslateAddress( Efc** ppEfc, uint32_t dwAddress, uint16_t* pwP
     wPage = (dwAddress - IFLASH_ADDR) / IFLASH_PAGE_SIZE;
     wOffset = (dwAddress - IFLASH_ADDR) % IFLASH_PAGE_SIZE;
 
-    TRACE_DEBUG( "Translated 0x%08X to page=%d and offset=%d\n\r", dwAddress, wPage, wOffset ) ;
+    TRACE_DEBUG( "Translated 0x%08lX to page=%d and offset=%d\n\r", dwAddress, wPage, wOffset ) ;
     /* Store values */
     if ( pEfc )
     {

firmware/atmel_softpack_libraries/libchip_sam3s/source/flashd.c

@@ -134,7 +134,7 @@ static void ComputeLockRange( uint32_t dwStart, uint32_t dwEnd, uint32_t *pdwAct
     // Store actual page numbers
     EFC_ComputeAddress( pStartEfc, wActualStartPage, 0, pdwActualStart ) ;
     EFC_ComputeAddress( pEndEfc, wActualEndPage, 0, pdwActualEnd ) ;
-    TRACE_DEBUG( "Actual lock range is 0x%06X - 0x%06X\n\r", *pdwActualStart, *pdwActualEnd ) ;
+    TRACE_DEBUG( "Actual lock range is 0x%06lX - 0x%06lX\n\r", *pdwActualStart, *pdwActualEnd ) ;
 }
 
 

firmware/atmel_softpack_libraries/libchip_sam3s/source/pio_it.c

@@ -211,6 +211,16 @@ extern void PIO_InitializeInterrupts( uint32_t dwPriority )
     NVIC_EnableIRQ( PIOC_IRQn ) ;
 }
 
+static InterruptSource *find_intsource4pin(const Pin *pPin)
+{
+    unsigned int i ;
+    for (i = 0; i < _dwNumSources; i++) {
+        if (_aIntSources[i].pPin == pPin)
+	    return &_aIntSources[i];
+    }
+    return NULL;
+}
+
 /**
  * Configures a PIO or a group of PIO to generate an interrupt on status
  * change. The provided interrupt handler will be called with the triggering
@@ -228,15 +238,17 @@ extern void PIO_ConfigureIt( const Pin *pPin, void (*handler)( const Pin* ) )
 
     assert( pPin ) ;
     pio = pPin->pio ;
-    assert( _dwNumSources < MAX_INTERRUPT_SOURCES ) ;
 
-    /* Define new source */
-    TRACE_DEBUG( "PIO_ConfigureIt: Defining new source #%" PRIu32 ".\n\r",  _dwNumSources ) ;
-
-    pSource = &(_aIntSources[_dwNumSources]) ;
-    pSource->pPin = pPin ;
+    pSource = find_intsource4pin(pPin);
+    if (!pSource) {
+        /* Define new source */
+        TRACE_DEBUG( "PIO_ConfigureIt: Defining new source #%" PRIu32 ".\n\r",  _dwNumSources ) ;
+        assert( _dwNumSources < MAX_INTERRUPT_SOURCES ) ;
+        pSource = &(_aIntSources[_dwNumSources]) ;
+        pSource->pPin = pPin ;
+        _dwNumSources++ ;
+    }
     pSource->handler = handler ;
-    _dwNumSources++ ;
 
     /* PIO3 with additional interrupt support
      * Configure additional interrupt mode registers */

firmware/atmel_softpack_libraries/libchip_sam3s/source/unique_id.c

@@ -8,6 +8,11 @@ void EEFC_ReadUniqueID(unsigned int *pdwUniqueID)
 {
 	unsigned int status;
 
+	/* disable interrupts, as interrupt vectors are stored in flash,
+	 * and after STUI was issued, we can no longer access flassh until
+	 * SPUI complets */
+	__disable_irq();
+
 	/* Errata / Workaround: Set bit 16 of EEFC Flash Mode Register
 	 * to 1 */
 	EFC->EEFC_FMR |= (1 << 16);
@@ -40,4 +45,6 @@ void EEFC_ReadUniqueID(unsigned int *pdwUniqueID)
 	do {
 		status = EFC->EEFC_FSR;
 	} while ((status & EEFC_FSR_FRDY) != EEFC_FSR_FRDY);
+
+	__enable_irq();
 }

firmware/atmel_softpack_libraries/usb/device/core/USBD.c

@@ -300,7 +300,7 @@ void USBD_SetConfiguration(uint8_t cfgnum)
     else {
         deviceState = USBD_STATE_ADDRESS;
         /* Reset all endpoints */
-        USBD_HAL_ResetEPs(0xFFFFFFFF, USBD_STATUS_RESET, 0);
+        USBD_HAL_ResetEPs(0xFFFFFFFE, USBD_STATUS_RESET, 0);
     }
 }
 

firmware/atmel_softpack_libraries/usb/device/dfu/dfu.h

@@ -39,8 +39,8 @@ struct dfu_desc {
 #define DFU_FUNC_DESC  {						\
 	.bLength		= USB_DT_DFU_SIZE,			\
 	.bDescriptorType	= USB_DT_DFU,				\
-	.bmAttributes		= USB_DFU_CAN_UPLOAD | USB_DFU_CAN_DOWNLOAD, \
-	.wDetachTimeOut		= 0xff00,				\
+	.bmAttributes		= USB_DFU_CAN_UPLOAD | USB_DFU_CAN_DOWNLOAD | USB_DFU_WILL_DETACH, \
+	.wDetachTimeOut		= 0x00,				\
 	.wTransferSize		= BOARD_DFU_PAGE_SIZE,			\
 	.bcdDFUVersion		= 0x0100,				\
 }
@@ -101,7 +101,7 @@ struct dfudata {
 extern struct dfudata _g_dfu;
 extern struct dfudata *g_dfu;
 
-void set_usb_serial_str(const uint8_t *serial_usbstr);
+void set_usb_serial_str(void);
 
 void DFURT_SwitchToDFU(void);
 
@@ -124,6 +124,9 @@ void USBDFU_Initialize(const USBDDriverDescriptors *pDescriptors);
 /* USBD tells us to switch from DFU mode to application mode */
 void USBDFU_SwitchToApp(void);
 
+/* USBD tells us to switch from to DFU mode */
+void USBDFU_SwitchToDFU(void);
+
 /* Return values to be used by USBDFU_handle_{dn,up}load */
 #define DFU_RET_NOTHING	0
 #define DFU_RET_ZLP	1

firmware/atmel_softpack_libraries/usb/device/dfu/dfu_desc.c

@@ -13,14 +13,107 @@
 #include <usb/common/dfu/usb_dfu.h>
 #include <usb/device/dfu/dfu.h>
 
+#include "usb_strings_generated.h"
+
 enum {
 	STR_MANUF	= 1,
 	STR_PROD,
 	STR_CONFIG,
+	// strings for the first alternate interface (e.g. DFU)
 	_STR_FIRST_ALT,
-	STR_SERIAL	= (_STR_FIRST_ALT+BOARD_DFU_NUM_IF),
+	// serial string
+	STR_SERIAL	= (_STR_FIRST_ALT + BOARD_DFU_NUM_IF),
+	// version string (on additional interface)
+	VERSION_CONF_STR,
+	VERSION_STR,
+	// count
+	STRING_DESC_CNT,
 };
 
+/* string used to replace one of both DFU flash partition atlsettings */
+static const unsigned char usb_string_notavailable[] = {
+	USBStringDescriptor_LENGTH(13),
+	USBGenericDescriptor_STRING,
+	USBStringDescriptor_UNICODE('n'),
+	USBStringDescriptor_UNICODE('o'),
+	USBStringDescriptor_UNICODE('t'),
+	USBStringDescriptor_UNICODE(' '),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('v'),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('i'),
+	USBStringDescriptor_UNICODE('l'),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('b'),
+	USBStringDescriptor_UNICODE('l'),
+	USBStringDescriptor_UNICODE('e'),
+};
+
+/* USB string for the serial (using 128-bit device ID) */
+static unsigned char usb_string_serial[] = {
+	USBStringDescriptor_LENGTH(32),
+	USBGenericDescriptor_STRING,
+	USBStringDescriptor_UNICODE('0'),
+	USBStringDescriptor_UNICODE('0'),
+	USBStringDescriptor_UNICODE('1'),
+	USBStringDescriptor_UNICODE('1'),
+	USBStringDescriptor_UNICODE('2'),
+	USBStringDescriptor_UNICODE('2'),
+	USBStringDescriptor_UNICODE('3'),
+	USBStringDescriptor_UNICODE('3'),
+	USBStringDescriptor_UNICODE('4'),
+	USBStringDescriptor_UNICODE('4'),
+	USBStringDescriptor_UNICODE('5'),
+	USBStringDescriptor_UNICODE('5'),
+	USBStringDescriptor_UNICODE('6'),
+	USBStringDescriptor_UNICODE('6'),
+	USBStringDescriptor_UNICODE('7'),
+	USBStringDescriptor_UNICODE('7'),
+	USBStringDescriptor_UNICODE('8'),
+	USBStringDescriptor_UNICODE('8'),
+	USBStringDescriptor_UNICODE('9'),
+	USBStringDescriptor_UNICODE('9'),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('b'),
+	USBStringDescriptor_UNICODE('b'),
+	USBStringDescriptor_UNICODE('c'),
+	USBStringDescriptor_UNICODE('c'),
+	USBStringDescriptor_UNICODE('d'),
+	USBStringDescriptor_UNICODE('d'),
+	USBStringDescriptor_UNICODE('e'),
+	USBStringDescriptor_UNICODE('e'),
+	USBStringDescriptor_UNICODE('f'),
+	USBStringDescriptor_UNICODE('f'),
+};
+
+/* USB string for the version */
+static const unsigned char usb_string_version_conf[] = {
+	USBStringDescriptor_LENGTH(16),
+	USBGenericDescriptor_STRING,
+	USBStringDescriptor_UNICODE('f'),
+	USBStringDescriptor_UNICODE('i'),
+	USBStringDescriptor_UNICODE('r'),
+	USBStringDescriptor_UNICODE('m'),
+	USBStringDescriptor_UNICODE('w'),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('r'),
+	USBStringDescriptor_UNICODE('e'),
+	USBStringDescriptor_UNICODE(' '),
+	USBStringDescriptor_UNICODE('v'),
+	USBStringDescriptor_UNICODE('e'),
+	USBStringDescriptor_UNICODE('r'),
+	USBStringDescriptor_UNICODE('s'),
+	USBStringDescriptor_UNICODE('i'),
+	USBStringDescriptor_UNICODE('o'),
+	USBStringDescriptor_UNICODE('n'),
+};
+
+static const char git_version[] = GIT_VERSION;
+static unsigned char usb_string_version[2 + ARRAY_SIZE(git_version) * 2 - 2];
+/** array of static (from usb_strings) and runtime (serial, version) USB strings */
+static const unsigned char *usb_strings_extended[STRING_DESC_CNT];
+
 static const USBDeviceDescriptor fsDevice = {
 	.bLength = 		sizeof(USBDeviceDescriptor),
 	.bDescriptorType = 	USBGenericDescriptor_DEVICE,
@@ -34,12 +127,8 @@ static const USBDeviceDescriptor fsDevice = {
 	.bcdDevice = 		BOARD_USB_RELEASE,
 	.iManufacturer =	STR_MANUF,
 	.iProduct =		STR_PROD,
-#ifdef BOARD_USB_SERIAL
 	.iSerialNumber =	STR_SERIAL,
-#else
-	.iSerialNumber =	0,
-#endif
-	.bNumConfigurations =	1,
+	.bNumConfigurations =	2, // DFU + version configurations
 };
 
 /* Alternate Interface Descriptor, we use one per partition/memory type */
@@ -52,7 +141,7 @@ static const USBDeviceDescriptor fsDevice = {
 		.bNumEndpoints =	0,					\
 		.bInterfaceClass =	0xfe,					\
 		.bInterfaceSubClass =	1,					\
-		.iInterface =		(_STR_FIRST_ALT+ALT),			\
+		.iInterface =		(_STR_FIRST_ALT + ALT),			\
 		.bInterfaceProtocol =	2,					\
 	}
 
@@ -85,17 +174,79 @@ const struct dfu_desc dfu_cfg_descriptor = {
 	.func_dfu = DFU_FUNC_DESC
 };
 
-#include "usb_strings_generated.h"
-
-#if 0
-void set_usb_serial_str(const uint8_t *serial_usbstr)
+void set_usb_serial_str(void)
 {
-	usb_strings[STR_SERIAL] = serial_usbstr;
-}
+	unsigned int i;
+
+	// put device ID into USB serial number description
+	unsigned int device_id[4];
+	EEFC_ReadUniqueID(device_id);
+	char device_id_string[32 + 1];
+	snprintf(device_id_string, ARRAY_SIZE(device_id_string), "%08x%08x%08x%08x",
+		device_id[0], device_id[1], device_id[2], device_id[3]);
+	for (i = 0; i < ARRAY_SIZE(device_id_string) - 1; i++) {
+		usb_string_serial[2 + 2 * i] = device_id_string[i];
+	}
+
+	// put version into USB string
+	usb_string_version[0] = USBStringDescriptor_LENGTH(ARRAY_SIZE(git_version) - 1);
+	usb_string_version[1] = USBGenericDescriptor_STRING;
+	for (i = 0; i < ARRAY_SIZE(git_version) - 1; i++) {
+		usb_string_version[2 + i * 2 + 0] = git_version[i];
+		usb_string_version[2 + i * 2 + 1] = 0;
+	}
+
+	// fill extended USB strings
+	for (i = 0; i < ARRAY_SIZE(usb_strings) && i < ARRAY_SIZE(usb_strings_extended); i++) {
+		usb_strings_extended[i] = usb_strings[i];
+	}
+#if defined(ENVIRONMENT_dfu)
+	usb_strings_extended[_STR_FIRST_ALT + 1] = usb_string_notavailable;
+#elif defined(ENVIRONMENT_flash)
+	usb_strings_extended[_STR_FIRST_ALT + 2] = usb_string_notavailable;
 #endif
+	usb_strings_extended[STR_SERIAL] = usb_string_serial;
+	usb_strings_extended[VERSION_CONF_STR] = usb_string_version_conf;
+	usb_strings_extended[VERSION_STR] = usb_string_version;
+}
+
+/* USB descriptor just to show the version */
+typedef struct _SIMTraceDriverConfigurationDescriptorVersion {
+	/** Standard configuration descriptor. */
+	USBConfigurationDescriptor configuration;
+	USBInterfaceDescriptor version;
+} __attribute__ ((packed)) SIMTraceDriverConfigurationDescriptorVersion;
+
+static const SIMTraceDriverConfigurationDescriptorVersion
+				configurationDescriptorVersion = {
+	/* Standard configuration descriptor for the interface descriptor*/
+	.configuration = {
+		.bLength 		= sizeof(USBConfigurationDescriptor),
+		.bDescriptorType	= USBGenericDescriptor_CONFIGURATION,
+		.wTotalLength		= sizeof(SIMTraceDriverConfigurationDescriptorVersion),
+		.bNumInterfaces		= 1,
+		.bConfigurationValue	= 2,
+		.iConfiguration		= VERSION_CONF_STR,
+		.bmAttributes		= USBD_BMATTRIBUTES,
+		.bMaxPower		= USBConfigurationDescriptor_POWER(100),
+	},
+	/* Interface standard descriptor just holding the version information */
+	.version = {
+		.bLength = sizeof(USBInterfaceDescriptor),
+		.bDescriptorType 	= USBGenericDescriptor_INTERFACE,
+		.bInterfaceNumber	= 0,
+		.bAlternateSetting	= 0,
+		.bNumEndpoints		= 0,
+		.bInterfaceClass	= USB_CLASS_PROPRIETARY,
+		.bInterfaceSubClass	= 0xff,
+		.bInterfaceProtocol	= 0,
+		.iInterface		= VERSION_STR,
+	},
+};
 
 static const USBConfigurationDescriptor *conf_desc_arr[] = {
 	&dfu_cfg_descriptor.ucfg,
+	&configurationDescriptorVersion.configuration,
 };
 
 const USBDDriverDescriptors dfu_descriptors = {
@@ -108,6 +259,6 @@ const USBDDriverDescriptors dfu_descriptors = {
 	.pHsConfiguration = NULL,
 	.pHsQualifier = NULL,
 	.pHsOtherSpeed = NULL,
-	.pStrings = usb_strings,
-	.numStrings = ARRAY_SIZE(usb_strings),
+	.pStrings = usb_strings_extended,
+	.numStrings = ARRAY_SIZE(usb_strings_extended),
 };

firmware/atmel_softpack_libraries/usb/device/dfu/dfu_driver.c

@@ -33,8 +33,7 @@
 #include <usb/common/dfu/usb_dfu.h>
 #include <usb/device/dfu/dfu.h>
 
-/* FIXME: this was used for a special ELF section which then got called
- * by DFU code and Application code, across flash partitions */
+/** specific memory location shared across bootloader and application */
 #define __dfudata __attribute__ ((section (".dfudata")))
 #define __dfufunc
 
@@ -42,11 +41,14 @@
 static USBDDriver usbdDriver;
 static unsigned char if_altsettings[1];
 
+/** structure containing the DFU state and magic value to know if DFU or application should be started */
 __dfudata struct dfudata _g_dfu = {
-  	.state = DFU_STATE_appIDLE,
+	.state = DFU_STATE_dfuIDLE,
 	.past_manifest = 0,
 	.total_bytes = 0,
 };
+
+/** variable to structure containing DFU state */
 struct dfudata *g_dfu = &_g_dfu;
 
 WEAK void dfu_drv_updstatus(void)
@@ -83,7 +85,7 @@ static void __dfufunc handle_getstate(void)
 {
 	uint8_t u8 = g_dfu->state;
 
-	TRACE_DEBUG("handle_getstate(%u)\n\r", g_dfu->state);
+	TRACE_DEBUG("handle_getstate(%ld)\n\r", g_dfu->state);
 
 	USBD_Write(0, (char *)&u8, sizeof(u8), NULL, 0);
 }
@@ -447,6 +449,7 @@ void USBDFU_Initialize(const USBDDriverDescriptors *pDescriptors)
 	/* We already start in DFU idle mode */
 	g_dfu->state = DFU_STATE_dfuIDLE;
 
+	set_usb_serial_str();
 	USBDDriver_Initialize(&usbdDriver, pDescriptors, if_altsettings);
 	USBD_Init();
 	USBD_Connect();
@@ -460,7 +463,20 @@ void USBDFU_SwitchToApp(void)
 	/* make sure the MAGIC is not set to enter DFU again */
 	g_dfu->magic = 0;
 
-	printf("switching to app\r\n");
+	/* disconnect from USB to ensure re-enumeration */
+	USBD_Disconnect();
+
+	/* disable any interrupts during transition */
+	__disable_irq();
+
+	/* Tell the hybrid to execute FTL JUMP! */
+	NVIC_SystemReset();
+}
+
+void USBDFU_SwitchToDFU(void)
+{
+	/* make sure the MAGIC is not set to enter DFU again */
+	g_dfu->magic = USB_DFU_MAGIC;
 
 	/* disconnect from USB to ensure re-enumeration */
 	USBD_Disconnect();

firmware/atmel_softpack_libraries/usb/device/dfu/dfu_runtime.c

@@ -36,7 +36,12 @@
 #include <usb/common/dfu/usb_dfu.h>
 #include <usb/device/dfu/dfu.h>
 
-struct dfudata *g_dfu = (struct dfudata *) IRAM_ADDR;
+/** specific memory location shared across bootloader and application */
+#define __dfudata __attribute__ ((section (".dfudata")))
+/** structure containing the magic value to know if DFU or application should be started */
+__dfudata struct dfudata _g_dfu;
+/** variable to structure containing the magic value to know if DFU or application should be started */
+struct dfudata *g_dfu = &_g_dfu;
 
 /* FIXME: this was used for a special ELF section which then got called
  * by DFU code and Application code, across flash partitions */
@@ -63,7 +68,7 @@ static void __dfufunc handle_getstate(void)
 {
 	uint8_t u8 = g_dfu->state;
 
-	TRACE_DEBUG("handle_getstate(%u)\n\r", g_dfu->state);
+	TRACE_DEBUG("handle_getstate(%lu)\n\r", g_dfu->state);
 
 	USBD_Write(0, (char *)&u8, sizeof(u8), NULL, 0);
 }
@@ -160,6 +165,8 @@ void USBDFU_Runtime_RequestHandler(const USBGenericRequest *request)
 			 * will then trigger DFURT_SwitchToDFU() below */
 			TRACE_DEBUG("\r\n====dfu_detach\n\r");
 			g_dfu->state = DFU_STATE_appDETACH;
+			USBD_Write(0, 0, 0, 0, 0);
+			DFURT_SwitchToDFU();
 			ret = DFU_RET_ZLP;
 			goto out;
 			break;
@@ -204,13 +211,14 @@ out:
 
 void DFURT_SwitchToDFU(void)
 {
+	__disable_irq();
+
 	/* store the magic value that the DFU loader can detect and
 	 * activate itself, rather than boot into the application */
 	g_dfu->magic = USB_DFU_MAGIC;
-
-	/* Disconnect the USB by remoting the pull-up */
+	__DMB();
+	/* Disconnect the USB by removing the pull-up */
 	USBD_Disconnect();
-	__disable_irq();
 
 	/* reset the processor, we will start execution with the
 	 * ResetVector of the bootloader */

firmware/atmel_softpack_libraries/usb/include/USBD.h

@@ -214,6 +214,8 @@ typedef void (*MblTransferCallback)(void *pArg,
  *         Exported functions
  *------------------------------------------------------------------------------*/
 
+extern uint16_t USBD_GetEndpointSize(uint8_t bEndpoint);
+
 //extern void USBD_IrqHandler(void);
 
 extern void USBD_Init(void);

firmware/libboard/common/include/board_common.h

@@ -56,16 +56,12 @@
 /** Core definition */
 #define cortexm3
 
-#define PIO_LED_RED     PIO_PA17
-#define PIO_LED_GREEN   PIO_PA18
-
-#define PIN_LED_RED     {PIO_LED_RED, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
-#define PIN_LED_GREEN   {PIO_LED_GREEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
-#define PINS_LEDS       PIN_LED_RED, PIN_LED_GREEN 
-
-#define LED_NUM_RED     0
-#define LED_NUM_GREEN   1
-
+/* LEDs are used to indicate the status
+ * the LED definition is board specific
+ * most boards have two LEDs, one green and one red
+ * the red LED indicates of the main firmware is ready (on) or if there is an error (blinking)
+ * the green LED indicates if the firmware is idling (on) or if there is activity (blinking)
+ */
 /** USART0 pin RX */
 #define PIN_USART0_RXD    {PIO_PA9A_URXD0, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /** USART0 pin TX */
@@ -112,17 +108,17 @@
 /* Interrupt request ID of USART peripheral connected to the phone */
 #define IRQ_USART_PHONE USART1_IRQn
 
-#define SIM_PWEN        PIO_PA5
-#define VCC_FWD         PIO_PA26
-
 // Board has UDP controller
 #define BOARD_USB_UDP
 
 #define BOARD_USB_DFU
+
+
 #define BOARD_DFU_BOOT_SIZE	(16 * 1024)
 #define BOARD_DFU_RAM_SIZE	(2 * 1024)
 #define BOARD_DFU_PAGE_SIZE	512
-#define BOARD_DFU_NUM_IF	2
+/** number of DFU interfaces (used to flash specific partitions) */
+#define BOARD_DFU_NUM_IF	3
 
 extern void board_exec_dbg_cmd(int ch);
 extern void board_main_top(void);

firmware/libboard/common/resources/sam3s4/dfu.ld

@@ -39,9 +39,9 @@ SEARCH_DIR(.)
 MEMORY
 {
 	/* reserve the first 16k (= 0x4000) for the DFU bootloader */
-	rom (rx)  : ORIGIN = 0x00404000, LENGTH = 0x0003c000 /* flash, 256K */
-	/* reserve the first 32 (= 0x20) bytes for the _g_dfu struct */
-	ram (rwx) : ORIGIN = 0x20000020, LENGTH = 0x0000bfe0 /* sram, 48K */
+	rom (rx)  : ORIGIN = 0x00400000 + 16K, LENGTH = 256K - 16K /* flash, 256K */
+	/* note: dfudata will be at the start */
+	ram (rwx) : ORIGIN = 0x20000000, LENGTH = 48K /* SRAM, 48K */
 }
 
 /* Section Definitions */ 
@@ -111,6 +111,8 @@ SECTIONS
     {
         . = ALIGN(4);
         _srelocate = .;
+        /* we must make sure the .dfudata is linked to start of RAM */
+        *(.dfudata .dfudata.*);
         *(.ramfunc .ramfunc.*);
         *(.data .data.*);
         . = ALIGN(4);

firmware/libboard/common/resources/sam3s4/flash.ld

@@ -38,8 +38,8 @@ SEARCH_DIR(.)
 /* Memory Spaces Definitions */
 MEMORY
 {
-	rom (rx)  : ORIGIN = 0x00400000, LENGTH = 0x00040000 /* flash, 256K */
-	ram (rwx) : ORIGIN = 0x20000000, LENGTH = 0x0000c000 /* sram, 48K */
+	rom (rx)  : ORIGIN = 0x00400000, LENGTH = 16K /* flash, 256K, but only the first 16K should be used for the bootloader */
+	ram (rwx) : ORIGIN = 0x20000000, LENGTH = 48K /* SRAM, 48K */
 }
 
 /* Section Definitions */ 

firmware/libboard/common/source/board_cstartup_gnu.c

@@ -126,7 +126,7 @@ IntFunc exception_table[] = {
 	IrqHandlerNotUsed   /* 35 not used */
 };
 
-#if defined(BOARD_USB_DFU) && defined(APPLICATION_dfu)
+#if defined(BOARD_USB_DFU) && defined(APPLICATION_dfu) && defined(ENVIRONMENT_flash)
 #include "usb/device/dfu/dfu.h"
 static void BootIntoApp(void)
 {
@@ -159,8 +159,9 @@ void ResetException( void )
 	LowLevelInit() ;
 
 
-#if defined(BOARD_USB_DFU) && defined(APPLICATION_dfu)
-	if (!USBDFU_OverrideEnterDFU()) {
+#if defined(BOARD_USB_DFU) && defined(APPLICATION_dfu) && defined(ENVIRONMENT_flash)
+	// boot application if there is not DFU override
+	if (!USBDFU_OverrideEnterDFU() && SCB->VTOR < IFLASH_ADDR + BOARD_DFU_BOOT_SIZE) {
 		UART_Exit();
 		__disable_irq();
 		BootIntoApp();

firmware/libboard/common/source/board_lowlevel.c

@@ -127,6 +127,9 @@ extern WEAK void LowLevelInit( void )
 	SUPC->SUPC_SMMR = SUPC_SMMR_SMTH_3_0V | SUPC_SMMR_SMSMPL_CSM |
 	    	      SUPC_SMMR_SMRSTEN_ENABLE;
 
+	/* disable ERASE pin to prevent accidental flash erase */
+	MATRIX->CCFG_SYSIO |= CCFG_SYSIO_SYSIO12;
+
 	/* enable both LED and green LED */
 	PIOA->PIO_PER |= PIO_LED_RED | PIO_LED_GREEN;
 	PIOA->PIO_OER |= PIO_LED_RED | PIO_LED_GREEN;
@@ -215,3 +218,8 @@ void mdelay(unsigned int msecs)
 	do {
 	} while ((jiffies - jiffies_start) < msecs);
 }
+
+void abort() {
+	NVIC_SystemReset();
+	while(1) {};
+}

firmware/libboard/octsimtest/include/board.h

@@ -0,0 +1,128 @@
+/* octSIMtest with SAM3S board definition
+ *
+ * (C) 2019 by sysmocom -s.f.m.c. GmbH, Author:Joachim Steiger <jsteiger@sysmocom.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#pragma once
+#include "board_common.h"
+#include "simtrace_usb.h"
+
+/* Name of the board */
+#define BOARD_NAME "OCTSIMTEST"
+/* Board definition */
+#define octsimtest
+
+/** oscillator used as main clock source (in Hz) */
+#define BOARD_MAINOSC 18432000
+/** desired main clock frequency (in Hz, based on BOARD_MAINOSC) */
+#define BOARD_MCK 58982400 // 18.432 * 16 / 5
+
+/** Pin configuration **/
+
+/** there is no red LED, but the code needs this second LED, thus we provide an unused pin */
+#define PIO_LED_RED     PIO_PB13
+/** MCU pin connected to green LED, which is actually amber, and the logic is inverted since it is connected to an NPN transistor (used as open drain) */
+#define PIO_LED_GREEN   PIO_PA4
+/** red LED pin definition */
+#define PIN_LED_RED     {PIO_LED_RED, PIOB, ID_PIOB, PIO_OUTPUT_1, PIO_DEFAULT}
+/** green LED pin definition */
+#define PIN_LED_GREEN   {PIO_LED_GREEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** LEDs pin definition */
+#define PINS_LEDS       PIN_LED_RED, PIN_LED_GREEN 
+/** index for red LED in LEDs pin definition array */
+#define LED_NUM_RED     0
+/** index for green LED in LEDs pin definition array */
+#define LED_NUM_GREEN   1
+
+/* Button to force bootloader start (shorted to ground when pressed */
+#define PIN_BOOTLOADER_SW      {PIO_PA5, PIOA, ID_PIOA, PIO_INPUT, PIO_PULLUP}
+
+// FIXME PA8 is 32khz xtal on octsimtest
+/* Pull card presence pin high (shorted to ground in card slot when card is present) */
+
+/** Phone connection **/
+/* Phone USIM slot 1 VCC pin (VCC_PHONE in schematic) */
+#define PIN_USIM1_VCC          {PIO_PA25, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
+/* Phone USIM slot 1 RST pin (active low; RST_PHONE in schematic) */
+#define PIN_USIM1_nRST         {PIO_PA24, PIOA, ID_PIOA, PIO_INPUT, PIO_IT_EDGE | PIO_DEGLITCH }
+/* Phone I/O data signal input/output (I/O_PHONE in schematic) */
+#define PIN_PHONE_IO           {PIO_PA22A_TXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Phone CLK clock input (CLK_PHONE in schematic) */
+#define PIN_PHONE_CLK          {PIO_PA23A_SCK1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Pin used to switch level shifter in I/O line between rx (0) and tx (1) */
+#define PIN_USIM1_IO_DIR	{PIO_PA26, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Pin used for phone USIM slot 1 communication */
+#define PINS_USIM1              PIN_PHONE_IO, PIN_PHONE_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST, PIN_USIM1_IO_DIR
+/* Phone I/O data signal input/output (unused USART RX input; connected to I/O_PHONE in schematic) */
+#define PIN_PHONE_IO_INPUT     {PIO_PA21A_RXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Pin used as clock input (to measure the ETU duration; connected to CLK_PHONE in schematic) */
+#define PIN_PHONE_CLK_INPUT    {PIO_PA29B_TCLK2, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+
+/** Default pin configuration **/
+
+/** External SPI flash interface   **/
+/* SPI MISO pin definition */
+#define PIN_SPI_MISO  {PIO_PA12A_MISO, PIOA, PIOA, PIO_PERIPH_A, PIO_PULLUP}
+/* SPI MOSI pin definition */
+#define PIN_SPI_MOSI  {PIO_PA13A_MOSI, PIOA, PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* SPI SCK pin definition */
+#define PIN_SPI_SCK   {PIO_PA14A_SPCK, PIOA, PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* SPI pins definition. Contains MISO, MOSI & SCK */
+#define PINS_SPI       PIN_SPI_MISO, PIN_SPI_MOSI, PIN_SPI_SCK
+/* SPI chip select 0 pin definition */
+#define PIN_SPI_NPCS0 {PIO_PA11A_NPCS0, PIOA, PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* SPI flash write protect pin (active low, pulled low) */
+#define PIN_SPI_WP    {PA15, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+
+/** Pin configuration to control USB pull-up on D+
+ *  @details the USB pull-up on D+ is enable by default on the board but can be disabled by setting PA16 high
+ */
+#define PIN_USB_PULLUP  {PIO_PA16, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+
+/** USB definitions */
+/* OpenMoko SIMtrace 2 USB vendor ID */
+#define BOARD_USB_VENDOR_ID	USB_VENDOR_OPENMOKO
+/* OpenMoko SIMtrace 2 USB product ID (main application/runtime mode) */
+#define BOARD_USB_PRODUCT_ID	USB_PRODUCT_OCTSIMTEST
+/* OpenMoko SIMtrace 2 DFU USB product ID (DFU bootloader/DFU mode) */
+#define BOARD_DFU_USB_PRODUCT_ID USB_PRODUCT_OCTSIMTEST
+/* USB release number (bcdDevice, shown as 0.00) */
+#define BOARD_USB_RELEASE	0x000
+/* Indicate SIMtrace is bus power in USB attributes */
+#define BOARD_USB_BMATTRIBUTES	USBConfigurationDescriptor_BUSPOWERED_NORWAKEUP
+
+#define DETECT_VCC_BY_ADC
+/* we have a resistive voltage divider of 47 + 30 kOhms to also detect 5V supply power */
+#define VCC_UV_THRESH_1V8	(1500000*47)/(47+30)
+#define VCC_UV_THRESH_3V	(2500000*47)/(47+30)
+
+#define HAVE_SLOT_MUX
+
+#define HAVE_BOARD_CARDINSERT
+struct cardem_inst;
+void board_set_card_insert(struct cardem_inst *ci, bool card_insert);
+
+/** Supported modes */
+/* SIMtrace board supports sniffer mode */
+//#define HAVE_SNIFFER
+/* SIMtrace board supports CCID mode */
+//#define HAVE_CCID
+/* SIMtrace board supports card emulation mode */
+#define HAVE_CARDEM
+/* SIMtrace board supports man-in-the-middle mode */
+//#define HAVE_MITM
+/* octsimtest board supports gpio_test mode */
+#define HAVE_GPIO_TEST

firmware/libboard/octsimtest/include/i2c.h

@@ -0,0 +1,28 @@
+/* I2C EEPROM memory read and write utilities
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#pragma once
+
+#include <stdbool.h>
+
+void i2c_pin_init(void);
+
+bool i2c_write_byte(bool send_start, bool send_stop, uint8_t byte);
+uint8_t i2c_read_byte(bool nack, bool send_stop);
+void i2c_stop_cond(void);
+
+int eeprom_write_byte(uint8_t slave, uint8_t addr, uint8_t byte);
+int eeprom_read_byte(uint8_t slave, uint8_t addr);

firmware/libboard/octsimtest/include/mcp23017.h

@@ -0,0 +1,27 @@
+/* mcp23017 i2c gpio expander read and write utilities
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#pragma once
+
+#define MCP23017_ADDRESS 0x20
+
+int mcp23017_init(uint8_t slave, uint8_t iodira, uint8_t iodirb);
+int mcp23017_test(uint8_t slave);
+int mcp23017_toggle(uint8_t slave);
+int mcp23017_set_output_a(uint8_t slave, uint8_t val);
+int mcp23017_set_output_b(uint8_t slave, uint8_t val);
+//int mcp23017_write_byte(uint8_t slave, uint8_t addr, uint8_t byte);
+//int mcp23017_read_byte(uint8_t slave, uint8_t addr);

firmware/libboard/octsimtest/include/mux.h

@@ -0,0 +1,17 @@
+#pragma once
+
+void mux_init(void);
+int mux_set_slot(uint8_t s);
+int mux_get_slot(void);
+void mux_set_freq(uint8_t s);
+
+/* this reflects the wiring between U5 and U4 */
+#define MUX_FREQ_DIV_2		0
+#define MUX_FREQ_DIV_4		1
+#define MUX_FREQ_DIV_16		2
+#define MUX_FREQ_DIV_32		3
+#define MUX_FREQ_DIV_32		3
+#define MUX_FREQ_DIV_128	4
+#define MUX_FREQ_DIV_512	5
+#define MUX_FREQ_DIV_2048	6
+#define MUX_FREQ_DIV_4096	7

firmware/libboard/octsimtest/product_string.txt

@@ -0,0 +1 @@
+sysmoOCTSIM-Tester

firmware/libboard/octsimtest/source/board_octsimtest.c

@@ -0,0 +1,124 @@
+/* SIMtrace with SAM3S specific application code
+ *
+ * (C) 2017 by Harald Welte <laforge@gnumonks.org>
+ * (C) 2018 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#include <stdbool.h>
+#include "board.h"
+#include "simtrace.h"
+#include "utils.h"
+#include "sim_switch.h"
+#include <osmocom/core/timer.h>
+#include "usb_buf.h"
+#include "i2c.h"
+#include "mcp23017.h"
+#include "mux.h"
+
+static bool mcp2317_present = false;
+
+void board_exec_dbg_cmd(int ch)
+{
+	switch (ch) {
+	case '?':
+		printf("\t?\thelp\n\r");
+		printf("\t0-8\tselect physical SIM slot\n\r");
+		printf("\tR\treset SAM3\n\r");
+		printf("\tm\trun mcp23017 test\n\r");
+		printf("\ti\tset card insert via I2C\n\r");
+		printf("\tI\tdisable card insert\n\r");
+		break;
+	case '0': mux_set_slot(0); break;
+	case '1': mux_set_slot(1); break;
+	case '2': mux_set_slot(2); break;
+	case '3': mux_set_slot(3); break;
+	case '4': mux_set_slot(4); break;
+	case '5': mux_set_slot(5); break;
+	case '6': mux_set_slot(6); break;
+	case '7': mux_set_slot(7); break;
+	case 'R':
+		printf("Asking NVIC to reset us\n\r");
+		USBD_Disconnect();
+		NVIC_SystemReset();
+		break;
+	case 'm':
+		mcp23017_test(MCP23017_ADDRESS);
+		break;
+	case 'i':
+		printf("Setting card insert (slot=%u)\r\n", mux_get_slot());
+		mcp23017_set_output_a(MCP23017_ADDRESS, (1 << mux_get_slot()));
+		break;
+	case 'I':
+		printf("Releasing card insert (slot=%u)\r\n", mux_get_slot());
+		mcp23017_set_output_a(MCP23017_ADDRESS, 0);
+		break;
+	default:
+		printf("Unknown command '%c'\n\r", ch);
+		break;
+	}
+}
+
+void board_main_top(void)
+{
+#ifndef APPLICATION_dfu
+	usb_buf_init();
+
+	mux_init();
+	i2c_pin_init();
+	/* PORT A: all outputs, Port B0 output, B1..B7 unused */
+	if (mcp23017_init(MCP23017_ADDRESS, 0x00, 0xfe) == 0) {
+		mcp2317_present = true;
+		mcp23017_set_output_a(MCP23017_ADDRESS, 0);
+	}
+	/* Initialize checking for card insert/remove events */
+	//card_present_init();
+#endif
+}
+
+int board_override_enter_dfu(void)
+{
+	const Pin bl_sw_pin = PIN_BOOTLOADER_SW;
+
+	PIO_Configure(&bl_sw_pin, 1);
+
+	/* Enter DFU bootloader in case the respective button is pressed */
+	if (PIO_Get(&bl_sw_pin) == 0) {
+		/* do not print to early since the console is not initialized yet */
+		//printf("BOOTLOADER switch pressed -> Force DFU\n\r");
+		return 1;
+	} else
+		return 0;
+}
+
+void board_set_card_insert(struct cardem_inst *ci, bool card_insert)
+{
+	int s = mux_get_slot();
+
+	/* A0 .. A7 of the MCP are each connected to the gate of a FET which closes
+	 * the sim-present signal of the respective slot */
+
+	if (mcp2317_present) {
+		if (card_insert) {
+			/* we must enable card-presence of the active slot and disable it on all others */
+			mcp23017_set_output_a(MCP23017_ADDRESS, (1 << s));
+		} else {
+			/* we disable all card insert signals */
+			mcp23017_set_output_a(MCP23017_ADDRESS, 0);
+		}
+	} else {
+		TRACE_WARNING("No MCP23017 present; cannot set CARD_INSERT\r\n");
+	}
+}

firmware/libboard/octsimtest/source/i2c.c

@@ -0,0 +1,225 @@
+/* I2C EEPROM memory read and write utilities
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#include "board.h"
+#include <stdbool.h>
+
+/* Low-Level I2C Routines */
+
+static const Pin pin_sda = {PIO_PA30, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_OPENDRAIN };
+static const Pin pin_sda_in = {PIO_PA30, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT };
+static const Pin pin_scl = {PIO_PA31, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_OPENDRAIN };
+
+static void i2c_delay()
+{
+	volatile int v;
+	int i;
+
+	/* 100 cycles results in SCL peak length of 44us, so it's about
+	 * 440ns per cycle here */
+	for (i = 0; i < 14; i++) {
+		v = 0;
+	}
+}
+
+void i2c_pin_init(void)
+{
+	PIO_Configure(&pin_scl, PIO_LISTSIZE(pin_scl));
+	PIO_Configure(&pin_sda, PIO_LISTSIZE(pin_sda));
+}
+
+static void set_scl(void)
+{
+	PIO_Set(&pin_scl);
+	i2c_delay();
+}
+
+static void set_sda(void)
+{
+	PIO_Set(&pin_sda);
+	i2c_delay();
+}
+
+static void clear_scl(void)
+{
+	PIO_Clear(&pin_scl);
+	i2c_delay();
+}
+
+static void clear_sda(void)
+{
+	PIO_Clear(&pin_sda);
+	i2c_delay();
+}
+
+static bool read_sda(void)
+{
+	bool ret;
+
+	PIO_Configure(&pin_sda_in, PIO_LISTSIZE(pin_sda_in));
+	if (PIO_Get(&pin_sda_in))
+		ret = true;
+	else
+		ret = false;
+	PIO_Configure(&pin_sda, PIO_LISTSIZE(pin_sda));
+
+	return ret;
+}
+
+/* Core I2C Routines */
+
+static bool i2c_started = false;
+
+static void i2c_start_cond(void)
+{
+	if (i2c_started) {
+		set_sda();
+		set_scl();
+	}
+
+	clear_sda();
+	i2c_delay();
+	clear_scl();
+	i2c_started = true;
+}
+
+void i2c_stop_cond(void)
+{
+	clear_sda();
+	set_scl();
+	set_sda();
+	i2c_delay();
+	i2c_started = false;
+}
+
+static void i2c_write_bit(bool bit)
+{
+	if (bit)
+		set_sda();
+	else
+		clear_sda();
+	i2c_delay(); // ?
+	set_scl();
+	clear_scl();
+}
+
+static bool i2c_read_bit(void)
+{
+	bool bit;
+
+	set_sda();
+	set_scl();
+	bit = read_sda();
+	clear_scl();
+
+	return bit;
+}
+
+bool i2c_write_byte(bool send_start, bool send_stop, uint8_t byte)
+{
+	uint8_t bit;
+	bool nack;
+
+	if (send_start)
+		i2c_start_cond();
+
+	for (bit = 0; bit < 8; bit++) {
+		i2c_write_bit((byte & 0x80) != 0);
+		byte <<= 1;
+	}
+
+	nack = i2c_read_bit();
+
+	if (send_stop)
+		i2c_stop_cond();
+
+	return nack;
+}
+
+uint8_t i2c_read_byte(bool nack, bool send_stop)
+{
+	uint8_t byte = 0;
+	uint8_t bit;
+
+	for (bit = 0; bit < 8; bit++) {
+		byte = (byte << 1) | i2c_read_bit();
+	}
+
+	i2c_write_bit(nack);
+
+	if (send_stop)
+		i2c_stop_cond();
+
+	return byte;
+}
+
+
+/* EEPROM related code */
+
+int eeprom_write_byte(uint8_t slave, uint8_t addr, uint8_t byte)
+{
+	bool nack;
+
+	WDT_Restart(WDT);
+
+	/* Write slave address */
+	nack = i2c_write_byte(true, false, slave << 1);
+	if (nack)
+		goto out_stop;
+	nack = i2c_write_byte(false, false, addr);
+	if (nack)
+		goto out_stop;
+	nack = i2c_write_byte(false, true, byte);
+	if (nack)
+		goto out_stop;
+	/* Wait tWR time to ensure EEPROM is writing correctly (tWR = 5 ms for AT24C02) */
+	mdelay(5);
+
+out_stop:
+	i2c_stop_cond();
+	if (nack)
+		return -1;
+	else
+		return 0;
+}
+
+int eeprom_read_byte(uint8_t slave, uint8_t addr)
+{
+	bool nack;
+
+	WDT_Restart(WDT);
+
+	/* dummy write cycle */
+	nack = i2c_write_byte(true, false, slave << 1);
+	if (nack)
+		goto out_stop;
+	nack = i2c_write_byte(false, false, addr);
+	if (nack)
+		goto out_stop;
+	/* Re-start with read */
+	nack = i2c_write_byte(true, false, (slave << 1) | 1);
+	if (nack)
+		goto out_stop;
+
+	return i2c_read_byte(true, true);
+
+out_stop:
+	i2c_stop_cond();
+	if (nack)
+		return -1;
+	else
+		return 0;
+}

firmware/libboard/octsimtest/source/mcp23017.c

@@ -0,0 +1,156 @@
+#include "board.h"
+#include <stdbool.h>
+#include "i2c.h"
+#include "mcp23017.h"
+
+
+//defines from https://github.com/adafruit/Adafruit-MCP23017-Arduino-Library/blob/master/Adafruit_MCP23017.h under BSD license
+
+// registers
+#define MCP23017_IODIRA 0x00
+#define MCP23017_IPOLA 0x02
+#define MCP23017_GPINTENA 0x04
+#define MCP23017_DEFVALA 0x06
+#define MCP23017_INTCONA 0x08
+#define MCP23017_IOCONA 0x0A
+#define MCP23017_GPPUA 0x0C
+#define MCP23017_INTFA 0x0E
+#define MCP23017_INTCAPA 0x10
+#define MCP23017_GPIOA 0x12
+#define MCP23017_OLATA 0x14
+
+
+#define MCP23017_IODIRB 0x01
+#define MCP23017_IPOLB 0x03
+#define MCP23017_GPINTENB 0x05
+#define MCP23017_DEFVALB 0x07
+#define MCP23017_INTCONB 0x09
+#define MCP23017_IOCONB 0x0B
+#define MCP23017_GPPUB 0x0D
+#define MCP23017_INTFB 0x0F
+#define MCP23017_INTCAPB 0x11
+#define MCP23017_GPIOB 0x13
+#define MCP23017_OLATB 0x15
+
+#define MCP23017_INT_ERR 255
+
+
+//bool i2c_write_byte(bool send_start, bool send_stop, uint8_t byte)
+//uint8_t i2c_read_byte(bool nack, bool send_stop)
+//static void i2c_stop_cond(void)
+
+int mcp23017_write_byte(uint8_t slave, uint8_t addr, uint8_t byte)
+{
+	bool nack;
+
+	WDT_Restart(WDT);
+
+//	 Write slave address 
+	nack = i2c_write_byte(true, false, slave << 1);
+	if (nack)
+		goto out_stop;
+	nack = i2c_write_byte(false, false, addr);
+	if (nack)
+		goto out_stop;
+	nack = i2c_write_byte(false, true, byte);
+	if (nack)
+		goto out_stop;
+
+out_stop:
+	i2c_stop_cond();
+	if (nack)
+		return -1;
+	else
+		return 0;
+}
+
+int mcp23017_read_byte(uint8_t slave, uint8_t addr)
+{
+	bool nack;
+
+	WDT_Restart(WDT);
+
+	// dummy write cycle
+	nack = i2c_write_byte(true, false, slave << 1);
+	if (nack)
+		goto out_stop;
+	nack = i2c_write_byte(false, false, addr);
+	if (nack)
+		goto out_stop;
+	// Re-start with read
+	nack = i2c_write_byte(true, false, (slave << 1) | 1);
+	if (nack)
+		goto out_stop;
+
+	return i2c_read_byte(true, true);
+
+out_stop:
+	i2c_stop_cond();
+	if (nack)
+		return -1;
+	else
+		return 0;
+}
+
+int mcp23017_init(uint8_t slave, uint8_t iodira, uint8_t iodirb)
+{
+	TRACE_DEBUG("mcp23017_init\n\r");
+
+	// all gpio input
+	if (mcp23017_write_byte(slave, MCP23017_IODIRA, iodira))
+		goto out_err;
+	// msb of portb output, rest input
+	if (mcp23017_write_byte(slave, MCP23017_IODIRB, iodirb))
+		goto out_err;
+	if (mcp23017_write_byte(slave, MCP23017_IOCONA, 0x20)) //disable SEQOP (autoinc addressing)
+		goto out_err;
+
+	TRACE_DEBUG("mcp23017 found\n\r");
+	return 0;
+
+out_err:
+	TRACE_WARNING("mcp23017 NOT found!\n\r");
+	return -1;
+}
+
+int mcp23017_test(uint8_t slave)
+{
+	printf("mcp23017_test\n\r");
+	printf("GPIOA 0x%x\n\r", mcp23017_read_byte(slave,MCP23017_GPIOA));
+	printf("GPIOB 0x%x\n\r", mcp23017_read_byte(slave,MCP23017_GPIOB));
+	printf("IODIRA 0x%x\n\r", mcp23017_read_byte(slave,MCP23017_IODIRA));
+	printf("IODIRB 0x%x\n\r", mcp23017_read_byte(slave,MCP23017_IODIRB));
+	printf("IOCONA 0x%x\n\r", mcp23017_read_byte(slave,MCP23017_IOCONA));
+	printf("IOCONB 0x%x\n\r", mcp23017_read_byte(slave,MCP23017_IOCONB));
+
+	return 0;
+}
+
+int mcp23017_set_output_a(uint8_t slave, uint8_t val)
+{
+	return mcp23017_write_byte(slave, MCP23017_OLATA, val);
+}
+
+int mcp23017_set_output_b(uint8_t slave, uint8_t val)
+{
+	return mcp23017_write_byte(slave, MCP23017_OLATB, val);
+}
+
+int mcp23017_toggle(uint8_t slave)
+{
+	// example writing MSB of gpio
+	static bool foo=false;
+	if (foo)
+	{
+		printf("+\n\r");
+		mcp23017_write_byte(slave, MCP23017_OLATB, 0x80);
+		foo=false;
+	}
+	else
+	{
+		printf("-\n\r");
+		mcp23017_write_byte(slave, MCP23017_OLATB, 0x00);
+		foo=true;
+	}
+	return 0;
+}

firmware/libboard/octsimtest/source/mux.c

@@ -0,0 +1,113 @@
+/* sysmoOCTSIMTEST support for multiplexers
+ *
+ * (C) 2021 by Harald Welte <laforge@gnumonks.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+
+#include "board.h"
+#include "mux.h"
+#include <stdbool.h>
+#include <errno.h>
+
+/* 3-bit S0..S2 signal for slot selection */
+static const Pin pin_in_sel[3] = {
+	{ PIO_PA1, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT },
+	{ PIO_PA2, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT },
+	{ PIO_PA3, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT },
+};
+
+/* 3-bit S0..S2 signal for frequency divider selection */
+static const Pin pin_freq_sel[3] = {
+	{ PIO_PA16, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT },
+	{ PIO_PA17, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT },
+	{ PIO_PA18, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT },
+};
+
+/* low-active output enable for all muxes */
+static const Pin pin_oe = { PIO_PA19, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT };
+
+static uint8_t g_mux_slot = 0;
+
+/* initialize the external 1:8 multiplexers */
+void mux_init(void)
+{
+	PIO_Configure(&pin_oe, PIO_LISTSIZE(pin_oe));
+	PIO_Configure(pin_in_sel, PIO_LISTSIZE(pin_in_sel));
+	PIO_Configure(pin_freq_sel, PIO_LISTSIZE(pin_freq_sel));
+
+	mux_set_slot(0);
+}
+
+/* set the slot selection mux */
+int mux_set_slot(uint8_t s)
+{
+	TRACE_INFO("%s(%u)\r\n", __func__, s);
+
+	if (s > 7)
+		return -EINVAL;
+
+	/* !OE = H: disconnect input and output of muxes */
+	PIO_Set(&pin_oe);
+
+	if (s & 1)
+		PIO_Set(&pin_in_sel[0]);
+	else
+		PIO_Clear(&pin_in_sel[0]);
+	if (s & 2)
+		PIO_Set(&pin_in_sel[1]);
+	else
+		PIO_Clear(&pin_in_sel[1]);
+	if (s & 4)
+		PIO_Set(&pin_in_sel[2]);
+	else
+		PIO_Clear(&pin_in_sel[2]);
+
+	/* !OE = L: (re-)enable the output of muxes */
+	PIO_Clear(&pin_oe);
+
+	g_mux_slot = s;
+	return s;
+}
+
+int mux_get_slot(void)
+{
+	return g_mux_slot;
+}
+
+/* set the frequency divider mux */
+void mux_set_freq(uint8_t s)
+{
+	TRACE_INFO("%s(%u)\r\n", __func__, s);
+
+	/* no need for 'break before make' here, this would also affect
+	 * the SIM card I/O signals which we don't want to disturb */
+
+	if (s & 1)
+		PIO_Set(&pin_freq_sel[0]);
+	else
+		PIO_Clear(&pin_freq_sel[0]);
+	if (s & 2)
+		PIO_Set(&pin_freq_sel[1]);
+	else
+		PIO_Clear(&pin_freq_sel[1]);
+	if (s & 4)
+		PIO_Set(&pin_freq_sel[2]);
+	else
+		PIO_Clear(&pin_freq_sel[2]);
+
+	/* !OE = L: ensure enable the output of muxes */
+	PIO_Clear(&pin_oe);
+}

firmware/libboard/octsimtest/source/sim_switch.c

@@ -0,0 +1,37 @@
+/* Code to switch between local (physical) and remote (emulated) SIM
+ *
+ * (C) 2021 by Harald Welte <hwelte@hmw-consulting.de>
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#include "board.h"
+#include "trace.h"
+#include "sim_switch.h"
+
+int sim_switch_use_physical(unsigned int nr, int physical)
+{
+	if (physical) {
+		TRACE_ERROR("%u: Use local/physical SIM - UNSUPPORTED!\r\n", nr);
+	} else {
+		TRACE_INFO("%u: Use remote/emulated SIM\r\n", nr);
+	}
+
+	return 0;
+}
+
+int sim_switch_init(void)
+{
+	return 1; // SIMtrace hardware has only one switchable interface
+}

firmware/libboard/owhw/include/board.h

@@ -31,6 +31,24 @@
 /** desired main clock frequency (in Hz, based on BOARD_MAINOSC) */
 #define BOARD_MCK 58982400 // 18.432 * 16 / 5
 
+/** MCU pin connected to red LED */
+#define PIO_LED_RED     PIO_PA17
+/** MCU pin connected to green LED */
+#define PIO_LED_GREEN   PIO_PA18
+/** red LED pin definition */
+#define PIN_LED_RED     {PIO_LED_RED, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** green LED pin definition */
+#define PIN_LED_GREEN   {PIO_LED_GREEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** LEDs pin definition */
+#define PINS_LEDS       PIN_LED_RED, PIN_LED_GREEN 
+/** index for red LED in LEDs pin definition array */
+#define LED_NUM_RED     0
+/** index for green LED in LEDs pin definition array */
+#define LED_NUM_GREEN   1
+
+/* pin connected to the SIMTRACE_BOOTLOADER signal. set high to force DFU bootloader start */
+#define PIN_BOOTLOADER		{PIO_PA31, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
+
 /* USIM 2 interface (USART) */
 #define PIN_USIM2_CLK		{PIO_PA2, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
 #define PIN_USIM2_IO		{PIO_PA6, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}

firmware/libboard/owhw/product_string.txt

@@ -0,0 +1 @@
+OWHW

firmware/libboard/owhw/source/owhw.c

@@ -1,7 +1,7 @@
 /* Card simulator specific functions
  *
  * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
- * (C) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * (C) 2018-2019, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -65,3 +65,16 @@ void cardsim_gpio_init(void)
 {
 	PIO_Configure(pins_cardsim, ARRAY_SIZE(pins_cardsim));
 }
+
+int board_override_enter_dfu(void)
+{
+	const Pin bl_pin = PIN_BOOTLOADER;
+
+	PIO_Configure(&bl_pin, 1);
+
+	if (PIO_Get(&bl_pin) == 0) { // signal low
+		return 0; // do not override enter DFU
+	} else {
+		return 1; // override enter DFU
+	}
+}

firmware/libboard/qmod/include/board.h

@@ -20,9 +20,6 @@
 #include "board_common.h"
 #include "simtrace_usb.h"
 
-#define LED_USIM1	LED_GREEN
-#define LED_USIM2	LED_RED
-
 /** Name of the board */
 #define BOARD_NAME "QMOD"
 /** Board definition */
@@ -33,6 +30,25 @@
 /** desired main clock frequency (in Hz, based on BOARD_MAINOSC) */
 #define BOARD_MCK 58000000 // 18.432 * 29 / 6
 
+/** MCU pin connected to red LED */
+#define PIO_LED_RED     PIO_PA17
+/** MCU pin connected to green LED */
+#define PIO_LED_GREEN   PIO_PA18
+/** red LED pin definition */
+#define PIN_LED_RED     {PIO_LED_RED, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** green LED pin definition */
+#define PIN_LED_GREEN   {PIO_LED_GREEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** LEDs pin definition */
+#define PINS_LEDS       PIN_LED_RED, PIN_LED_GREEN 
+/** index for red LED in LEDs pin definition array */
+#define LED_NUM_RED     0
+/** index for green LED in LEDs pin definition array */
+#define LED_NUM_GREEN   1
+/** the green LED is actually red and used as indication for USIM1 */
+#define LED_USIM1	LED_GREEN
+/** the green LED is actually red and used as indication for USIM2 */
+#define LED_USIM2	LED_RED
+
 /* USIM 2 interface (USART) */
 #define PIN_USIM2_CLK		{PIO_PA2, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
 #define PIN_USIM2_IO		{PIO_PA6, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
@@ -75,8 +91,8 @@
 #define PINS_WWAN_IN		{ PIN_WWAN1, PIN_WWAN2 }
 
 /* outputs controlling RESET input of modems */
-#define PIN_PERST1		{PIO_PA25, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_PULLUP}
-#define PIN_PERST2		{PIO_PA26, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_PULLUP}
+#define PIN_PERST1		{PIO_PA25, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_PULLUP}
+#define PIN_PERST2		{PIO_PA26, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_PULLUP}
 #define PINS_PERST		{ PIN_PERST1, PIN_PERST2 }
 
 #define PIN_VERSION_DET		{PIO_PA19, PIOA, ID_PIOA, PIO_PERIPH_D, PIO_DEFAULT}
@@ -93,9 +109,9 @@
 #define BOARD_USB_RELEASE	0x010
 
 #define CARDEMU_SECOND_UART
-#define DETECT_VCC_BY_ADC
 
-/** sysmoQMOD only supports card emulation */
-#ifdef APPLICATION_cardem
+#define DETECT_VCC_BY_ADC
+#define VCC_UV_THRESH_1V8	1500000
+#define VCC_UV_THRESH_3V	2500000
+
 #define HAVE_CARDEM
-#endif

firmware/libboard/qmod/product_string.txt

@@ -0,0 +1 @@
+sysmoQMOD (Quad Modem)

firmware/libboard/qmod/source/board_qmod.c

@@ -1,7 +1,7 @@
 /* sysmocom quad-modem sysmoQMOD application code
  *
  * (C) 2016-2017 by Harald Welte <hwelte@hmw-consulting.de>
- * (C) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * (C) 2018-2019, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -28,6 +28,7 @@
 #include "card_pres.h"
 #include <osmocom/core/timer.h>
 #include "usb_buf.h"
+#include "i2c.h"
 
 static const Pin pin_hubpwr_override = PIN_PRTPWR_OVERRIDE;
 static const Pin pin_hub_rst = {PIO_PA13, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
@@ -46,6 +47,7 @@ static int qmod_sam3_is_12(void)
 		return 0;
 }
 
+#if (ALLOW_PEER_ERASE > 0)
 const unsigned char __eeprom_bin[256] = {
 	USB_VENDOR_OPENMOKO & 0xff,
 	USB_VENDOR_OPENMOKO >> 8,
@@ -69,7 +71,6 @@ const unsigned char __eeprom_bin[256] = {
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xA0, 0x56, 0x23, 0x71, 0x04, 0x00, /* 0xf0 - 0xff */
 };
 
-#include "i2c.h"
 static int write_hub_eeprom(void)
 {
 	int i;
@@ -126,7 +127,7 @@ static int erase_hub_eeprom(void)
 
 	return 0;
 }
-
+#endif /* ALLOW_PEER_ERASE */
 
 static void board_exec_dbg_cmd_st12only(int ch)
 {
@@ -137,12 +138,14 @@ static void board_exec_dbg_cmd_st12only(int ch)
 		return;
 
 	switch (ch) {
+#if (ALLOW_PEER_ERASE > 0)
 	case 'E':
 		write_hub_eeprom();
 		break;
 	case 'e':
 		erase_hub_eeprom();
 		break;
+#endif /* ALLOW_PEER_ERASE */
 	case 'O':
 		printf("Setting PRTPWR_OVERRIDE\n\r");
 		PIO_Set(&pin_hubpwr_override);
@@ -151,6 +154,7 @@ static void board_exec_dbg_cmd_st12only(int ch)
 		printf("Clearing PRTPWR_OVERRIDE\n\r");
 		PIO_Clear(&pin_hubpwr_override);
 		break;
+#if (ALLOW_PEER_ERASE > 0)
 	case 'H':
 		printf("Clearing _HUB_RESET -> HUB_RESET high (inactive)\n\r");
 		PIO_Clear(&pin_hub_rst);
@@ -170,6 +174,7 @@ static void board_exec_dbg_cmd_st12only(int ch)
 		printf("Writing value 0x%02lx to EEPROM offset 0x%02lx\n\r", val, addr);
 		eeprom_write_byte(0x50, addr, val);
 		break;
+#endif /* ALLOW_PEER_ERASE */
 	case 'r':
 		printf("Please enter EEPROM offset:\n\r");
 		UART_GetIntegerMinMax(&addr, 0, 255);
@@ -184,6 +189,13 @@ static void board_exec_dbg_cmd_st12only(int ch)
 /* returns '1' in case we should break any endless loop */
 void board_exec_dbg_cmd(int ch)
 {
+#if (ALLOW_PEER_ERASE > 0)
+	/* this variable controls if it is allowed to assert/release the ERASE line.
+	   this is done to prevent accidental ERASE on noisy serial input since only one character can trigger the ERASE.
+	 */
+	static bool allow_erase = false;
+#endif /* ALLOW_PEER_ERASE */
+
 	switch (ch) {
 	case '?':
 		printf("\t?\thelp\n\r");
@@ -193,22 +205,32 @@ void board_exec_dbg_cmd(int ch)
 		printf("\tg\tswitch off LED 2\n\r");
 		printf("\tG\tswitch off LED 2\n\r");
 		if (qmod_sam3_is_12()) {
+#if (ALLOW_PEER_ERASE > 0)
 			printf("\tE\tprogram EEPROM\n\r");
 			printf("\te\tErase EEPROM\n\r");
+#endif /* ALLOW_PEER_ERASE */
 			printf("\tO\tEnable PRTPWR_OVERRIDE\n\r");
 			printf("\to\tDisable PRTPWR_OVERRIDE\n\r");
+#if (ALLOW_PEER_ERASE > 0)
 			printf("\tH\tRelease HUB RESET (high)\n\r");
 			printf("\th\tAssert HUB RESET (low)\n\r");
 			printf("\tw\tWrite single byte in EEPROM\n\r");
+#endif /* ALLOW_PEER_ERASE */
 			printf("\tr\tRead single byte from EEPROM\n\r");
 		}
 		printf("\tX\tRelease peer SAM3 from reset\n\r");
 		printf("\tx\tAssert peer SAM3 reset\n\r");
+#if (ALLOW_PEER_ERASE > 0)
 		printf("\tY\tRelease peer SAM3 ERASE signal\n\r");
+		printf("\ta\tAllow asserting peer SAM3 ERASE signal\n\r");
 		printf("\ty\tAssert peer SAM3 ERASE signal\n\r");
+#endif /* ALLOW_PEER_ERASE */
 		printf("\tU\tProceed to USB Initialization\n\r");
 		printf("\t1\tGenerate 1ms reset pulse on WWAN1\n\r");
 		printf("\t2\tGenerate 1ms reset pulse on WWAN2\n\r");
+		printf("\t!\tSwitch Channel A from physical -> remote\n\r");
+		printf("\t@\tSwitch Channel B from physical -> remote\n\r");
+		printf("\tt\t(pseudo)talloc report\n\r");
 		break;
 	case 'R':
 		printf("Asking NVIC to reset us\n\r");
@@ -239,14 +261,24 @@ void board_exec_dbg_cmd(int ch)
 		printf("Setting _SIMTRACExx_RST -> SIMTRACExx_RST low (active)\n\r");
 		PIO_Set(&pin_peer_rst);
 		break;
+#if (ALLOW_PEER_ERASE > 0)
 	case 'Y':
 		printf("Clearing SIMTRACExx_ERASE (inactive)\n\r");
 		PIO_Clear(&pin_peer_erase);
 		break;
-	case 'y':
-		printf("Seetting SIMTRACExx_ERASE (active)\n\r");
-		PIO_Set(&pin_peer_erase);
+	case 'a':
+		printf("Asserting SIMTRACExx_ERASE allowed on next command\n\r");
+		allow_erase = true;
 		break;
+	case 'y':
+		if (allow_erase) {
+			printf("Setting SIMTRACExx_ERASE (active)\n\r");
+			PIO_Set(&pin_peer_erase);
+		} else {
+			printf("Please first allow setting SIMTRACExx_ERASE\n\r");
+		}
+		break;
+#endif /* ALLOW_PEER_ERASE */
 	case '1':
 		printf("Resetting Modem 1 (of this SAM3)\n\r");
 		wwan_perst_do_reset_pulse(0, 300);
@@ -261,6 +293,9 @@ void board_exec_dbg_cmd(int ch)
 	case '@':
 		sim_switch_use_physical(0, 0);
 		break;
+	case 't':
+		talloc_report(NULL, stdout);
+		break;
 	default:
 		if (!qmod_sam3_is_12())
 			printf("Unknown command '%c'\n\r", ch);
@@ -268,6 +303,13 @@ void board_exec_dbg_cmd(int ch)
 			board_exec_dbg_cmd_st12only(ch);
 		break;
 	}
+
+#if (ALLOW_PEER_ERASE > 0)
+	// set protection back so it can only run for one command
+	if ('a' != ch) {
+		allow_erase = false;
+	}
+#endif /* ALLOW_PEER_ERASE */
 }
 
 void board_main_top(void)
@@ -300,11 +342,13 @@ void board_main_top(void)
 		TRACE_INFO("Detected Quad-Modem ST12\n\r");
 	} else {
 		TRACE_INFO("Detected Quad-Modem ST34\n\r");
+#ifndef APPLICATION_dfu
 		/* make sure we use the second set of USB Strings
 		 * calling the interfaces "Modem 3" and "Modem 4" rather
 		 * than 1+2 */
 		usb_strings[7] = usb_strings[9];
 		usb_strings[8] = usb_strings[10];
+#endif
 	}
 
 	/* Obtain the circuit board version (currently just prints voltage */

firmware/libboard/sam3p256/include/board.h

@@ -0,0 +1,163 @@
+/* Olimiex SAM3S-P256 board definition
+ *
+ * (C) 2019 by Harald Welte <hwelte@hmw-consulting.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#pragma once
+#include "board_common.h"
+#include "simtrace_usb.h"
+
+/* Name of the board */
+#define BOARD_NAME "SAM3S-P256"
+/* Board definition */
+#define simtrace
+
+/** oscillator used as main clock source (in Hz) */
+#define BOARD_MAINOSC 12000000
+/** desired main clock frequency (in Hz, based on BOARD_MAINOSC) */
+#define BOARD_MCK 58000000
+
+/** MCU pin connected to yellow LED2 */
+#define PIO_LED_RED     PIO_PA17
+/** MCU pin connected to green LED1 */
+#define PIO_LED_GREEN   PIO_PA18
+/** red LED pin definition */
+#define PIN_LED_RED     {PIO_LED_RED, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** green LED pin definition */
+#define PIN_LED_GREEN   {PIO_LED_GREEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** LEDs pin definition */
+#define PINS_LEDS       PIN_LED_RED, PIN_LED_GREEN 
+/** index for red LED in LEDs pin definition array */
+#define LED_NUM_RED     0
+/** index for green LED in LEDs pin definition array */
+#define LED_NUM_GREEN   1
+
+/** Pin configuration **/
+/* Button to force bootloader start (shorted to ground when pressed */
+#define PIN_BOOTLOADER_SW      {PIO_PA20, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
+#if 0
+/* Enable powering the card using the second 3.3 V output of the LDO (active high) */
+#define SIM_PWEN_PIN           {SIM_PWEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/* Enable powering the SIM card */
+#define PWR_PINS                SIM_PWEN_PIN
+/* Card presence pin */
+#define SW_SIM                  PIO_PA8
+/* Pull card presence pin high (shorted to ground in card slot when card is present) */
+#define SMARTCARD_CONNECT_PIN  {SW_SIM, PIOA, ID_PIOA, PIO_INPUT, PIO_PULLUP | PIO_DEBOUNCE | PIO_DEGLITCH | PIO_IT_EDGE }
+
+/** Smart card connection **/
+/* Card RST reset signal input (active low; RST_SIM in schematic) */
+#define PIN_SIM_RST            {PIO_PA7, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Card I/O data signal input/output (I/O_SIM in schematic) */
+#define PIN_SIM_IO             {PIO_PA6A_TXD0, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Card CLK clock input (CLK_SIM in schematic) */
+#define PIN_SIM_CLK            {PIO_PA2B_SCK0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+/* Pin to measure card I/O timing (to start measuring the ETU on I/O activity; connected I/O_SIM in schematic) */
+#define PIN_SIM_IO_INPUT       {PIO_PA1B_TIOB0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+/* Pin used as clock input (to measure the ETU duration; connected to CLK_SIM in schematic) */
+#define PIN_SIM_CLK_INPUT      {PIO_PA4B_TCLK0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+/* Pins used to measure ETU timing (using timer counter) */ 
+#define PINS_TC                 PIN_SIM_IO_INPUT, PIN_SIM_CLK_INPUT
+
+/** Phone connection **/
+/* Phone USIM slot 1 VCC pin (VCC_PHONE in schematic) */
+#define PIN_USIM1_VCC          {PIO_PA25, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
+/* Phone USIM slot 1 RST pin (active low; RST_PHONE in schematic) */
+#define PIN_USIM1_nRST         {PIO_PA24, PIOA, ID_PIOA, PIO_INPUT, PIO_IT_RISE_EDGE | PIO_DEGLITCH }
+/* Phone I/O data signal input/output (I/O_PHONE in schematic) */
+#define PIN_PHONE_IO           {PIO_PA22A_TXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Phone CLK clock input (CLK_PHONE in schematic) */
+#define PIN_PHONE_CLK          {PIO_PA23A_SCK1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Pin used for phone USIM slot 1 communication */
+#define PINS_USIM1              PIN_PHONE_IO, PIN_PHONE_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST
+/* Phone I/O data signal input/output (unused USART RX input; connected to I/O_PHONE in schematic) */
+#define PIN_PHONE_IO_INPUT     {PIO_PA21A_RXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Pin used as clock input (to measure the ETU duration; connected to CLK_PHONE in schematic) */
+#define PIN_PHONE_CLK_INPUT    {PIO_PA29B_TCLK2, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+
+/** Default pin configuration **/
+/* Disconnect VPP, CLK, and RST lines between card and phone using bus switch (high sets bus switch to high-impedance) */
+#define PIN_SC_SW_DEFAULT      {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/* Disconnect I/O line between card and phone using bus switch (high sets bus switch to high-impedance) */
+#define PIN_IO_SW_DEFAULT      {PIO_PA19, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/* Disconnect all lines (VPP, CLK, RST, and I/O) between card and phone */
+#define PINS_BUS_DEFAULT        PIN_SC_SW_DEFAULT, PIN_IO_SW_DEFAULT
+
+/** Sniffer configuration **/
+/* Connect VPP, CLK, and RST lines between card and phone using bus switch (low connects signals on bus switch) */
+#define PIN_SC_SW_SNIFF        {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Connect I/O line between card and phone using bus switch (low connects signals on bus switch) */
+#define PIN_IO_SW_SNIFF        {PIO_PA19, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Connect all lines (VPP, CLK, RST, and I/O) between card and phone */
+#define PINS_BUS_SNIFF          PIN_SC_SW_SNIFF, PIN_IO_SW_SNIFF
+/* Card RST reset signal input (use as input since the phone will drive it) */
+#define PIN_SIM_RST_SNIFF      {PIO_PA7, PIOA, ID_PIOA, PIO_INPUT, PIO_DEGLITCH | PIO_IT_EDGE}
+/* Pins used to sniff phone-card communication */
+#define PINS_SIM_SNIFF          PIN_SIM_IO, PIN_SIM_CLK, PIN_SIM_RST_SNIFF
+/* Disable power converter 4.5-6V to 3.3V (active high) */
+#define PIN_SIM_PWEN_SNIFF     {SIM_PWEN, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Enable power switch to forward VCC_PHONE to VCC_SIM (active high) */
+#define PIN_VCC_FWD_SNIFF      {VCC_FWD, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/* Use phone VCC to power card */
+#define PINS_PWR_SNIFF          PIN_SIM_PWEN_SNIFF, PIN_VCC_FWD_SNIFF
+
+/** CCID configuration */
+/* Card RST reset signal input (active low; RST_SIM in schematic) */
+#define PIN_ISO7816_RSTMC      {PIO_PA7, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* ISO7816-communication related pins */
+#define PINS_ISO7816            PIN_SIM_IO,  PIN_SIM_CLK,  PIN_ISO7816_RSTMC // SIM_PWEN_PIN, PIN_SIM_IO2, PIN_SIM_CLK2
+
+/** External SPI flash interface   **/
+/* SPI MISO pin definition */
+#define PIN_SPI_MISO  {PIO_PA12A_MISO, PIOA, PIOA, PIO_PERIPH_A, PIO_PULLUP}
+/* SPI MOSI pin definition */
+#define PIN_SPI_MOSI  {PIO_PA13A_MOSI, PIOA, PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* SPI SCK pin definition */
+#define PIN_SPI_SCK   {PIO_PA14A_SPCK, PIOA, PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* SPI pins definition. Contains MISO, MOSI & SCK */
+#define PINS_SPI       PIN_SPI_MISO, PIN_SPI_MOSI, PIN_SPI_SCK
+/* SPI chip select 0 pin definition */
+#define PIN_SPI_NPCS0 {PIO_PA11A_NPCS0, PIOA, PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* SPI flash write protect pin (active low, pulled low) */
+#define PIN_SPI_WP    {PA15, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+#endif
+
+/** Pin configuration to control USB pull-up on D+
+ *  @details the USB pull-up on D+ is enable by default on the board but can be disabled by setting PA16 high
+ */
+#define PIN_USB_PULLUP  {PIO_PA16, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+
+/** USB definitions */
+/* OpenMoko SIMtrace 2 USB vendor ID */
+#define BOARD_USB_VENDOR_ID	USB_VENDOR_OPENMOKO
+/* OpenMoko SIMtrace 2 USB product ID (main application/runtime mode) */
+#define BOARD_USB_PRODUCT_ID	USB_PRODUCT_SIMTRACE2
+/* OpenMoko SIMtrace 2 DFU USB product ID (DFU bootloader/DFU mode) */
+#define BOARD_DFU_USB_PRODUCT_ID USB_PRODUCT_SIMTRACE2_DFU
+/* USB release number (bcdDevice, shown as 0.00) */
+#define BOARD_USB_RELEASE	0x000
+/* Indicate SIMtrace is bus power in USB attributes */
+#define BOARD_USB_BMATTRIBUTES	USBConfigurationDescriptor_BUSPOWERED_NORWAKEUP
+
+/** Supported modes */
+/* SIMtrace board supports sniffer mode */
+#define HAVE_SNIFFER
+/* SIMtrace board supports CCID mode */
+//#define HAVE_CCID
+/* SIMtrace board supports card emulation mode */
+//#define HAVE_CARDEM
+/* SIMtrace board supports man-in-the-middle mode */
+//#define HAVE_MITM

firmware/libboard/sam3p256/source/board_sam3p256.c

@@ -0,0 +1,68 @@
+/* Olimex SAM3S-P256 specific application code
+ *
+ * (C) 2017,2019 by Harald Welte <laforge@gnumonks.org>
+ * (C) 2018 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#include "board.h"
+#include "simtrace.h"
+#include "utils.h"
+#include "sim_switch.h"
+#include <osmocom/core/timer.h>
+#include "usb_buf.h"
+
+void board_exec_dbg_cmd(int ch)
+{
+	switch (ch) {
+	case '?':
+		printf("\t?\thelp\n\r");
+		printf("\tR\treset SAM3\n\r");
+		break;
+	case 'R':
+		printf("Asking NVIC to reset us\n\r");
+		USBD_Disconnect();
+		NVIC_SystemReset();
+		break;
+	default:
+		printf("Unknown command '%c'\n\r", ch);
+		break;
+	}
+}
+
+void board_main_top(void)
+{
+#ifndef APPLICATION_dfu
+	usb_buf_init();
+
+	/* Initialize checking for card insert/remove events */
+	//card_present_init();
+#endif
+}
+
+int board_override_enter_dfu(void)
+{
+	const Pin bl_sw_pin = PIN_BOOTLOADER_SW;
+
+	PIO_Configure(&bl_sw_pin, 1);
+
+	/* Enter DFU bootloader in case the respective button is pressed */
+	if (PIO_Get(&bl_sw_pin) == 0) {
+		/* do not print to early since the console is not initialized yet */
+		//printf("BOOTLOADER switch pressed -> Force DFU\n\r");
+		return 1;
+	} else
+		return 0;
+}

firmware/libboard/simtrace/include/board.h

@@ -31,11 +31,26 @@
 /** desired main clock frequency (in Hz, based on BOARD_MAINOSC) */
 #define BOARD_MCK 58982400 // 18.432 * 16 / 5
 
+/** MCU pin connected to red LED */
+#define PIO_LED_RED     PIO_PA17
+/** MCU pin connected to green LED */
+#define PIO_LED_GREEN   PIO_PA18
+/** red LED pin definition */
+#define PIN_LED_RED     {PIO_LED_RED, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** green LED pin definition */
+#define PIN_LED_GREEN   {PIO_LED_GREEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** LEDs pin definition */
+#define PINS_LEDS       PIN_LED_RED, PIN_LED_GREEN 
+/** index for red LED in LEDs pin definition array */
+#define LED_NUM_RED     0
+/** index for green LED in LEDs pin definition array */
+#define LED_NUM_GREEN   1
+
 /** Pin configuration **/
 /* Button to force bootloader start (shorted to ground when pressed */
 #define PIN_BOOTLOADER_SW      {PIO_PA31, PIOA, ID_PIOA, PIO_INPUT, PIO_PULLUP}
 /* Enable powering the card using the second 3.3 V output of the LDO (active high) */
-#define SIM_PWEN_PIN           {SIM_PWEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+#define SIM_PWEN_PIN           {PIO_PA5, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 /* Enable powering the SIM card */
 #define PWR_PINS                SIM_PWEN_PIN
 /* Card presence pin */
@@ -65,9 +80,9 @@
 /* Phone I/O data signal input/output (I/O_PHONE in schematic) */
 #define PIN_USIM1_IO           {PIO_PA22A_TXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Phone CLK clock input (CLK_PHONE in schematic) */
-#define PIN_PHONE_CLK          {PIO_PA23A_SCK1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+#define PIN_USIM1_CLK          {PIO_PA23A_SCK1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Pin used for phone USIM slot 1 communication */
-#define PINS_USIM1              PIN_USIM1_IO, PIN_PHONE_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST
+#define PINS_USIM1              PIN_USIM1_IO, PIN_USIM1_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST
 /* Phone I/O data signal input/output (unused USART RX input; connected to I/O_PHONE in schematic) */
 #define PIN_PHONE_IO_INPUT     {PIO_PA21A_RXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Pin used as clock input (to measure the ETU duration; connected to CLK_PHONE in schematic) */
@@ -93,9 +108,9 @@
 /* Pins used to sniff phone-card communication */
 #define PINS_SIM_SNIFF          PIN_SIM_IO, PIN_SIM_CLK, PIN_SIM_RST_SNIFF
 /* Disable power converter 4.5-6V to 3.3V (active high) */
-#define PIN_SIM_PWEN_SNIFF     {SIM_PWEN, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+#define PIN_SIM_PWEN_SNIFF     {PIO_PA5, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 /* Enable power switch to forward VCC_PHONE to VCC_SIM (active high) */
-#define PIN_VCC_FWD_SNIFF      {VCC_FWD, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+#define PIN_VCC_FWD_SNIFF      {PIO_PA26, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 /* Use phone VCC to power card */
 #define PINS_PWR_SNIFF          PIN_SIM_PWEN_SNIFF, PIN_VCC_FWD_SNIFF
 
@@ -105,14 +120,6 @@
 /* ISO7816-communication related pins */
 #define PINS_ISO7816            PIN_SIM_IO,  PIN_SIM_CLK,  PIN_ISO7816_RSTMC // SIM_PWEN_PIN, PIN_SIM_IO2, PIN_SIM_CLK2
 
-/** card emulation configuration */
-/* Disable power converter 4.5-6V to 3.3V (active high) */
-#define PIN_SIM_PWEN_CARDEMU   {SIM_PWEN, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
-/* Disable power switch to forward VCC_PHONE to VCC_SIM (active high) */
-#define PIN_VCC_FWD_CARDEMU    {VCC_FWD, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
-/* Disable power to SIM */
-#define PINS_PWR_CARDEMU        PIN_SIM_PWEN_CARDEMU, PIN_VCC_FWD_CARDEMU
-
 /** External SPI flash interface   **/
 /* SPI MISO pin definition */
 #define PIN_SPI_MISO  {PIO_PA12A_MISO, PIOA, PIOA, PIO_PERIPH_A, PIO_PULLUP}
@@ -150,14 +157,10 @@
 #define HAVE_SNIFFER
 #endif
 /* SIMtrace board supports CCID mode */
-#ifdef APPLICATION_ccid
 //#define HAVE_CCID
-#endif
 /* SIMtrace board supports card emulation mode */
 #ifdef APPLICATION_cardem
 #define HAVE_CARDEM
 #endif
 /* SIMtrace board supports man-in-the-middle mode */
-#ifdef APPLICATION_mitm
 //#define HAVE_MITM
-#endif

firmware/libboard/simtrace/product_string.txt

@@ -0,0 +1 @@
+SIMtrace 2

firmware/libboard/simtrace/source/sim_switch.c

@@ -22,15 +22,6 @@
 #include "led.h"
 #include "sim_switch.h"
 
-#ifdef PIN_SIM_SWITCH1
-static const Pin pin_conn_usim1 = {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
-#endif
-#ifdef PIN_SIM_SWITCH2
-static const Pin pin_conn_usim2 = {PIO_PA28, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
-#endif
-
-static int initialized = 0;
-
 int sim_switch_use_physical(unsigned int nr, int physical)
 {
 	const Pin pin_sc = PIN_SC_SW_DEFAULT; // pin to control bus switch for VCC/RST/CLK signals

firmware/libcommon/include/assert.h

@@ -89,7 +89,7 @@
 		/// \param condition  Condition to verify.
 		#define ASSERT(condition)  { \
 			if (!(condition)) { \
-				printf("-F- ASSERT: %s %s:%d\n\r", #condition, __BASE_FILE__, __LINE__); \
+				printf_sync("-F- ASSERT: %s %s:%d\n\r", #condition, __BASE_FILE__, __LINE__); \
 				while (1); \
 			} \
 		}

firmware/libcommon/include/card_emu.h

@@ -29,8 +29,17 @@ enum card_io {
 	CARD_IO_CLK,
 };
 
-struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uart_chan,
-				  uint8_t in_ep, uint8_t irq_ep);
+/** initialise card slot
+ *  @param[in] slot_num slot number (arbitrary number)
+ *  @param[in] uart_chan UART peripheral channel
+ *  @param[in] in_ep USB IN end point number
+ *  @param[in] irq_ep USB INTerrupt end point number
+ *  @param[in] vcc_active initial VCC signal state (true = on)
+ *  @param[in] in_reset initial RST signal state (true = reset asserted)
+ *  @param[in] clocked initial CLK signat state (true = active)
+ *  @return main card handle reference
+ */
+struct card_handle *card_emu_init(uint8_t slot_num, uint8_t uart_chan, uint8_t in_ep, uint8_t irq_ep, bool vcc_active, bool in_reset, bool clocked);
 
 /* process a single byte received from the reader */
 void card_emu_process_rx_byte(struct card_handle *ch, uint8_t byte);
@@ -46,44 +55,24 @@ int card_emu_set_atr(struct card_handle *ch, const uint8_t *atr, uint8_t len);
 
 struct llist_head *card_emu_get_uart_tx_queue(struct card_handle *ch);
 void card_emu_have_new_uart_tx(struct card_handle *ch);
-void card_emu_report_status(struct card_handle *ch);
+void card_emu_report_status(struct card_handle *ch, bool report_on_irq);
 
-/*! call when the waiting time has half-expired
- *  param[in] ch card for which the waiting time half expired
- */
-void card_emu_wt_halfed(struct card_handle *ch);
-/*! call when the waiting time has expired
- *  param[in] ch card for which the waiting time expired
- */
-void card_emu_wt_expired(struct card_handle *ch);
+void card_emu_wtime_half_expired(void *ch);
+void card_emu_wtime_expired(void *ch);
 
-#define ENABLE_TX	0x01
-#define ENABLE_RX	0x02
 
-// the following functions are callbacks implement in mode_cardemu.c
+#define ENABLE_TX		0x01
+#define ENABLE_RX		0x02
+#define ENABLE_TX_TIMER_ONLY	0x03
 
-/*! update F and D on USART peripheral
- *  @param[in] usart USART peripheral to configure
- *  @param[in] f clock rate conversion integer F value
- *  @param[in] d baud rate adjustment factor D value
- *  @note this should happen after reset and protocol select (through PPS or implicit)
- */
-void card_emu_uart_update_fd(uint8_t uart_chan, uint16_t f, uint8_t d);
-/*! update WT on USART peripheral
- *  @param[in] usart USART peripheral to configure
- *  @param[in] wt inactivity Waiting Time before card_emu_wt_expired is called (0 to disable)
- */
+int card_emu_uart_update_fidi(uint8_t uart_chan, unsigned int fidi);
 void card_emu_uart_update_wt(uint8_t uart_chan, uint32_t wt);
-/*! reset waiting timeout count down on USART peripheral
- *  @param[in] usart USART peripheral to configure
- */
 void card_emu_uart_reset_wt(uint8_t uart_chan);
-/*! set I/O line high
- *  @param[in] usart USART peripheral to configure
- *  @param[in] set if I/O line should be set high (true), or cleared low (false)
- */
-void card_emu_uart_io_set(uint8_t uart_chan, bool set);
 int card_emu_uart_tx(uint8_t uart_chan, uint8_t byte);
 void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx);
 void card_emu_uart_wait_tx_idle(uint8_t uart_chan);
 void card_emu_uart_interrupt(uint8_t uart_chan);
+
+struct cardemu_usb_msg_config;
+int card_emu_set_config(struct card_handle *ch, const struct cardemu_usb_msg_config *scfg,
+			unsigned int scfg_len);

firmware/libcommon/include/iso7816_3.h

@@ -1,98 +0,0 @@
-/*
- * Copyright (C) 2019 sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-*/
-/* this library provides utilities to handle the ISO-7816 part 3 communication aspects (e.g. related to F and D) */
-#pragma once
-
-#include <stdint.h>
-#include <stdbool.h>
-
-/** default clock rate conversion integer Fd
- *  @implements ISO/IEC 7816-3:2006(E) section 8.1
- */
-#define ISO7816_3_DEFAULT_FD 372
-/** default baud rate adjustment factor Dd
- *  @implements ISO/IEC 7816-3:2006(E) section 8.1
- */
-#define ISO7816_3_DEFAULT_DD 1
-/** default clock rate conversion integer Fi
- *  @implements ISO/IEC 7816-3:2006(E) section 8.3
- *  @note non-default value is optionally specified in TA1
- */
-#define ISO7816_3_DEFAULT_FI 372
-/** default baud rate adjustment factor Di
- *  @implements ISO/IEC 7816-3:2006(E) section 8.3
- *  @note non-default value is optionally specified in TA1
- */
-#define ISO7816_3_DEFAULT_DI 1
-/** default maximum clock frequency, in Hz
- *  @implements ISO/IEC 7816-3:2006(E) section 8.3
- *  @note non-default value is optionally specified in TA1
- */
-#define ISO7816_3_DEFAULT_FMAX 5000000UL
-/** default Waiting Integer (WI) value for T=0
- *  @implements ISO/IEC 7816-3:2006(E) section 10.2
- *  @note non-default value is optionally specified in TC2
- */
-#define ISO7816_3_DEFAULT_WI 10
-/** default Waiting Time (WT) value, in ETU
- *  @implements ISO/IEC 7816-3:2006(E) section 8.1
- *  @note depends on Fi, Di, and WI if protocol T=0 is selected
- */
-#define ISO7816_3_DEFAULT_WT 9600
-
-/** Table encoding the clock rate conversion integer Fi
- *  @note Fi is indicated in TA1, but the same table is used for F and Fn during PPS
- *  @implements ISO/IEC 7816-3:2006(E) table 7
- */
-extern const uint16_t iso7816_3_fi_table[];
-
-/** Table encoding the maximum clock frequency f_max in Hz
- *  @implements ISO/IEC 7816-3:2006(E) table 7
- *  @note f_max is indicated in TA1, but the same table is used for F and Fn during PPS
- */
-extern const uint32_t iso7816_3_fmax_table[];
-
-/** Table encoding the baud rate adjust integer Di
- *  @implements ISO/IEC 7816-3:2006(E) table 8
- *  @note Di is indicated in TA1, but the same table is used for D and Dn during PPS
- */
-extern const uint8_t iso7816_3_di_table[];
-
-/* verify if the clock rate conversion integer F value is valid
- * @param[in] f F value to be validated
- * @return if F value is valid
- * @note only values in ISO/IEC 7816-3:2006(E) table 7 are valid
- */
-bool iso7816_3_valid_f(uint16_t f);
-/* verify if the baud rate adjustment factor D value is valid
- * @param[in] d D value to be validated
- * @return if D value is valid
- * @note only values in ISO/IEC 7816-3:2006(E) table 8 are valid
- */
-bool iso7816_3_valid_d(uint8_t d);
-/** calculate Waiting Time (WT)
- *  @param[in] wi Waiting Integer
- *  @param[in] fi clock rate conversion integer Fi value
- *  @param[in] di baud rate adjustment factor Di value
- *  @param[in] f clock rate conversion integer F value
- *  @param[in] d baud rate adjustment factor D value
- *  @return Waiting Time WT, in ETU, or < 0 on error (see code for return codes)
- *  @note this should happen after reset and T=0 protocol select (through PPS or implicit)
- *  @implements ISO/IEC 7816-3:2006(E) section 8.1 and 10.2
- */
-int32_t iso7816_3_calculate_wt(uint8_t wi, uint16_t fi, uint8_t di, uint16_t f, uint8_t d);

firmware/libcommon/include/iso7816_fidi.h

@@ -21,10 +21,10 @@
 #include <stdint.h>
 
 /* Table 7 of ISO 7816-3:2006 */
-extern const uint16_t fi_table[];
+extern const uint16_t iso7816_3_fi_table[16];
 
 /* Table 8 from ISO 7816-3:2006 */
-extern const uint8_t di_table[];
+extern const uint8_t iso7816_3_di_table[16];
 
-/* compute the F/D ratio based on Fi and Di values */
-int compute_fidi_ratio(uint8_t fi, uint8_t di);
+/* compute the F/D ratio based on F_index and D_index values */
+int iso7816_3_compute_fd_ratio(uint8_t f_index, uint8_t d_index);

firmware/libcommon/include/main_common.h

@@ -0,0 +1,3 @@
+#pragma once
+
+void print_banner(void);

firmware/libcommon/include/ringbuffer.h

@@ -21,7 +21,7 @@
 #include <stdbool.h>
 #include <sys/types.h>
 
-#define RING_BUFLEN 512
+#define RING_BUFLEN 1024
 
 typedef struct ringbuf {
 	uint8_t buf[RING_BUFLEN];

firmware/libcommon/include/simtrace.h

@@ -1,6 +1,7 @@
 /* SIMtrace 2 mode definitions
  *
- * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ * Copyright (c) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ * Copyright (c) 2018-2019, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -57,6 +58,7 @@ enum confNum {
 #ifdef HAVE_MITM
 	CFG_NUM_MITM,
 #endif
+	CFG_NUM_VERSION,
 	NUM_CONF
 };
 

firmware/libcommon/include/simtrace_prot.h

@@ -62,6 +62,8 @@ enum simtrace_msg_type_cardem {
 	SIMTRACE_MSGT_DO_CEMU_RX_DATA,
 	/* Indicate PTS request from phone */
 	SIMTRACE_MSGT_DO_CEMU_PTS,
+	/* Set configurable parameters */
+	SIMTRACE_MSGT_BD_CEMU_CONFIG,
 };
 
 /* SIMTRACE_MSGC_MODEM */
@@ -228,10 +230,17 @@ struct cardemu_usb_msg_status {
 	uint32_t flags;
 	/* phone-applied target voltage in mV */
 	uint16_t voltage_mv;
-	uint8_t f; /*!< index of F and f_max values as encoded in ISO/IEC 7816-3:2006(E) Table 7 */
-	uint8_t d; /*!< index of D value as encoded in ISO/IEC 7816-3:2006(E) Table 8 */
-	uint8_t wi; /*!< Waiting Integer as defined in ISO/IEC 7816-3:2006(E) Section 10.2 */
-	uint32_t wt; /*!< Waiting Time in ETU as defined in ISO/IEC 7816-3:2006(E) Section 8.1 */
+	/* F/D related information. Not actual Fn/Dn values but indexes into tables! */
+	union {
+		uint8_t F_index;	/* <! Index to ISO7816-3 Table 7 (F and f_max values) */
+		uint8_t fi;		/* <! old, wrong name for API compatibility */
+	};
+	union {
+		uint8_t D_index;	/* <! Index to ISO7816-3 Table 8 (D value) */
+		uint8_t di;		/* <! old, wrong name for API compatibility */
+	};
+	uint8_t wi;		/* <! Waiting Integer as defined in ISO7816-3 Section 10.2 */
+	uint32_t waiting_time;	/* <! Waiting Time in etu as defined in ISO7816-3 Section 8.1 */
 } __attribute__ ((packed));
 
 /* CEMU_USB_MSGT_DO_PTS */
@@ -253,6 +262,17 @@ struct cardemu_usb_msg_error {
 	uint8_t msg[0];
 } __attribute__ ((packed));
 
+/* enable/disable the generation of DO_STATUS on IRQ endpoint */
+#define CEMU_FEAT_F_STATUS_IRQ	0x00000001
+
+/* SIMTRACE_MSGT_BD_CEMU_CONFIG */
+struct cardemu_usb_msg_config {
+	/* bit-mask of CEMU_FEAT_F flags */
+	uint32_t features;
+	/* the selected slot number (if an external mux is present) */
+	uint8_t slot_mux_nr;
+} __attribute__ ((packed));
+
 /***********************************************************************
  * MODEM CONTROL
  ***********************************************************************/

firmware/libcommon/include/simtrace_usb.h

@@ -25,6 +25,7 @@
 #define USB_PRODUCT_QMOD_SAM3		0x4004
 #define USB_PRODUCT_SIMTRACE2_DFU	0x60e3	/* was 0x60e2 */
 #define USB_PRODUCT_SIMTRACE2		0x60e3
+#define USB_PRODUCT_OCTSIMTEST		0x616d
 
 /* USB proprietary class */
 #define USB_CLASS_PROPRIETARY			0xff
@@ -64,4 +65,4 @@
 #define SIMTRACE_CARDEM_USB_EP_USIM2_INT		3
 
 /*! Maximum number of endpoints */
-#define BOARD_USB_NUMENDPOINTS		6
+#define BOARD_USB_NUMENDPOINTS		7 /* 0 (control) + 2 (interfaces) * 3 (endpoints) */

firmware/libcommon/include/talloc.h

@@ -17,6 +17,7 @@
 #pragma once
 
 #include <stdlib.h>
+#include <stdio.h>
 #include <stdarg.h>
 
 /* minimalistic emulation of core talloc API functions used by msgb.c */
@@ -39,3 +40,4 @@ void *talloc_named_const(const void *context, size_t size, const char *name);
 void talloc_set_name_const(const void *ptr, const char *name);
 char *talloc_strdup(const void *t, const char *p);
 void *talloc_pool(const void *context, size_t size);
+void talloc_report(const void *ptr, FILE *f);

firmware/libcommon/include/usb_buf.h

@@ -29,6 +29,8 @@ struct usb_buffered_ep {
 	volatile uint32_t in_progress;
 	/* Tx queue (IN) / Rx queue (OUT) */
 	struct llist_head queue;
+	/* current length of queue */
+	unsigned int queue_len;
 };
 
 struct msgb *usb_buf_alloc(uint8_t ep);
@@ -40,5 +42,15 @@ int usb_drain_queue(uint8_t ep);
 void usb_buf_init(void);
 struct usb_buffered_ep *usb_get_buf_ep(uint8_t ep);
 
-int usb_refill_to_host(uint8_t ep);
-int usb_refill_from_host(uint8_t ep);
+struct usb_if {
+	uint8_t if_num;		/* interface number */
+	uint8_t ep_out;		/* OUT endpoint (0 if none) */
+	uint8_t ep_in;		/* IN endpint (0 if none) */
+	uint8_t ep_int;		/* INT endpoint (0 if none) */
+	void *data;		/* opaque data, passed through */
+	struct {
+		/* call-back to be called for inclming messages on OUT EP */
+		void (*rx_out)(struct msgb *msg, const struct usb_if *usb_if);
+	} ops;
+};
+void usb_process(const struct usb_if *usb_if);

firmware/libcommon/source/card_emu.c

@@ -1,7 +1,7 @@
 /* ISO7816-3 state machine for the card side
  *
- * (C) 2010-2017 by Harald Welte <laforge@gnumonks.org>
- * (C) 2018-2019 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * (C) 2010-2021 by Harald Welte <laforge@gnumonks.org>
+ * (C) 2018 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -26,15 +26,22 @@
 
 #include "utils.h"
 #include "trace.h"
-#include "iso7816_3.h"
+#include "iso7816_fidi.h"
 #include "card_emu.h"
 #include "simtrace_prot.h"
 #include "usb_buf.h"
 #include <osmocom/core/linuxlist.h>
 #include <osmocom/core/msgb.h>
 
+#ifdef HAVE_SLOT_MUX
+#include "mux.h"
+#endif
+
 #define NUM_SLOTS		2
 
+/* bit-mask of supported CEMU_FEAT_F_ flags */
+#define SUPPORTED_FEATURES	(CEMU_FEAT_F_STATUS_IRQ)
+
 #define	ISO7816_3_INIT_WTIME	9600
 #define ISO7816_3_DEFAULT_WI	10
 #define ISO7816_3_ATR_LEN_MAX	(1+32)	/* TS plus 32 chars */
@@ -53,42 +60,15 @@ enum iso7816_3_card_state {
 };
 
 const struct value_string iso7816_3_card_state_names[] = {
-	{
-		.value = ISO_S_WAIT_POWER,
-		.str = "WAIT_POWER",
-	},
-	{
-		.value = ISO_S_WAIT_CLK,
-		.str = "WAIT_CLK",
-	},
-	{
-		.value = ISO_S_WAIT_RST,
-		.str = "WAIT_RST",
-	},
-	{
-		.value = ISO_S_WAIT_ATR,
-		.str = "WAIT_ATR",
-	},
-	{
-		.value = ISO_S_IN_ATR,
-		.str = "IN_ATR",
-	},
-	{
-		.value = ISO_S_IN_PTS,
-		.str = "IN_PTS",
-	},
-	{
-		.value = ISO_S_WAIT_TPDU,
-		.str = "WAIT_TPDU",
-	},
-	{
-		.value = ISO_S_IN_TPDU,
-		.str = "IN_TPDU",
-	},
-	{
-		.value = 0,
-		.str = NULL,
-	},
+	{ ISO_S_WAIT_POWER,	"WAIT_POWER" },
+	{ ISO_S_WAIT_CLK,	"WAIT_CLK" },
+	{ ISO_S_WAIT_RST,	"WAIT_RST" },
+	{ ISO_S_WAIT_ATR,	"WAIT_ATR" },
+	{ ISO_S_IN_ATR,		"IN_ATR" },
+	{ ISO_S_IN_PTS,		"IN_PTS" },
+	{ ISO_S_WAIT_TPDU,	"WAIT_TPDU" },
+	{ ISO_S_IN_TPDU,	"IN_TPDU" },
+	{ 0, NULL }
 };
 
 
@@ -108,6 +88,22 @@ enum pts_state {
 	PTS_S_WAIT_RESP_PCK = PTS_S_WAIT_REQ_PCK | 0x10,
 };
 
+const struct value_string pts_state_names[] = {
+	{ PTS_S_WAIT_REQ_PTSS,	"WAIT_REQ_PTSS" },
+	{ PTS_S_WAIT_REQ_PTS0,	"WAIT_REQ_PTS0" },
+	{ PTS_S_WAIT_REQ_PTS1,	"WAIT_REQ_PTS1" },
+	{ PTS_S_WAIT_REQ_PTS2,	"WAIT_REQ_PTS2" },
+	{ PTS_S_WAIT_REQ_PTS3,	"WAIT_REQ_PTS3" },
+	{ PTS_S_WAIT_REQ_PCK,	"WAIT_REQ_PCK" },
+	{ PTS_S_WAIT_RESP_PTSS,	"WAIT_RESP_PTSS" },
+	{ PTS_S_WAIT_RESP_PTS0,	"WAIT_RESP_PTS0" },
+	{ PTS_S_WAIT_RESP_PTS1,	"WAIT_RESP_PTS1" },
+	{ PTS_S_WAIT_RESP_PTS2,	"WAIT_RESP_PTS2" },
+	{ PTS_S_WAIT_RESP_PTS3,	"WAIT_RESP_PTS3" },
+	{ PTS_S_WAIT_RESP_PCK,	"WAIT_RESP_PCK" },
+	{ 0, NULL }
+};
+
 /* PTS field byte index */
 #define _PTSS	0
 #define _PTS0	1
@@ -129,42 +125,15 @@ enum tpdu_state {
 };
 
 const struct value_string tpdu_state_names[] = {
-	{
-		.value = TPDU_S_WAIT_CLA,
-		.str = "WAIT_CLA",
-	},
-	{
-		.value = TPDU_S_WAIT_INS,
-		.str = "WAIT_INS",
-	},
-	{
-		.value = TPDU_S_WAIT_P1,
-		.str = "WAIT_P1",
-	},
-	{
-		.value = TPDU_S_WAIT_P2,
-		.str = "WAIT_P2",
-	},
-	{
-		.value = TPDU_S_WAIT_P3,
-		.str = "WAIT_P3",
-	},
-	{
-		.value = TPDU_S_WAIT_PB,
-		.str = "WAIT_PB",
-	},
-	{
-		.value = TPDU_S_WAIT_RX,
-		.str = "WAIT_RX",
-	},
-	{
-		.value = TPDU_S_WAIT_TX,
-		.str = "WAIT_TX",
-	},
-	{
-		.value = 0,
-		.str = NULL,
-	},
+	{ TPDU_S_WAIT_CLA,	"WAIT_CLA" },
+	{ TPDU_S_WAIT_INS,	"WAIT_INS" },
+	{ TPDU_S_WAIT_P1,	"WAIT_P1" },
+	{ TPDU_S_WAIT_P2,	"WAIT_P2" },
+	{ TPDU_S_WAIT_P3,	"WAIT_P3" },
+	{ TPDU_S_WAIT_PB,	"WAIT_PB" },
+	{ TPDU_S_WAIT_RX, 	"WAIT_RX" },
+	{ TPDU_S_WAIT_TX,	"WAIT_TX" },
+	{ 0, NULL }
 };
 
 /* TPDU field byte index */
@@ -177,61 +146,44 @@ const struct value_string tpdu_state_names[] = {
 struct card_handle {
 	unsigned int num;
 
+	/* bit-mask of enabled optional features (CEMU_FEAT_F_*) */
+	uint32_t features;
+
 	enum iso7816_3_card_state state;
 
 	/* signal levels */
-	uint8_t vcc_active;	/* 1 = on, 0 = off */
-	uint8_t in_reset;	/* 1 = RST low, 0 = RST high */
-	uint8_t clocked;	/* 1 = active, 0 = inactive */
+	bool vcc_active;	/*< if VCC is active (true = active/ON) */
+	bool in_reset;	/*< if card is in reset (true = RST low/asserted, false = RST high/ released) */
+	bool clocked;	/*< if clock is active ( true = active, false = inactive) */
+
+	/* All below variables with _index suffix are indexes from 0..15 into Tables 7 + 8
+	 * of ISO7816-3. */
+
+	/*! Index to clock rate conversion integer Fi (ISO7816-3 Table 7).
+	 *  \note this represents the maximum value supported by the card, and can be indicated in TA1 */
+	uint8_t Fi_index;
+	/*! Current value of index to clock rate conversion integer F (ISO 7816-3 Section 7.1). */
+	uint8_t F_index;
+
+	/*! Index to baud rate adjustment factor Di (ISO7816-3 Table 8).
+	 *  \note this represents the maximum value supported by the card, and can be indicated in TA1 */
+	uint8_t Di_index;
+	/*! Current value of index to baud rate adjustment factor D (ISO 7816-3 Section 7.1). */
+	uint8_t D_index;
+
+	/*! Waiting Integer (ISO7816-3 Section 10.2).
+	 *  \note this value can be set in TA2 */
+	uint8_t wi;
+
+	/*! Waiting Time, in ETU (ISO7816-3 Section 8.1).
+	 *  \note this depends on Fi, Di, and WI if T=0 is used */
+	uint32_t waiting_time;	/* in etu */
 
-	uint8_t tc_chan;	/* TC channel number */
 	uint8_t uart_chan;	/* UART channel */
 
 	uint8_t in_ep;		/* USB IN EP */
 	uint8_t irq_ep;		/* USB IN EP */
 
-	/*! clock rate conversion integer F
-	 *  @implements ISO/IEC 7816-3:2006(E) section 7.1
-	 *  @note this represents the current value used
-	 */
-	uint16_t f;
-	/*! baud rate adjustment factor D
-	 *  @implements ISO/IEC 7816-3:2006(E) section 7.1
-	 *  @note this represents the current value used
-	 */
-	uint8_t d;
-	/*! clock frequency in Hz
-	 *  @implements ISO/IEC 7816-3:2006(E) section 7.1
-	 *  @note the USART peripheral in slave mode does not provide the current value. we could measure it but this is not really useful. instead we remember the maximum possible value corresponding to the selected F value
-	 */
-	uint32_t f_cur;
-	/*! clock rate conversion integer Fi
-	 *  @implements ISO/IEC 7816-3:2006(E) Table 7
-	 *  @note this represents the maximum value supported by the card, and can be indicated in TA1
-	 *  @note this value can be set in TA1
-	 */
-	uint16_t fi;
-	/*! baud rate adjustment factor Di
-	 *  @implements ISO/IEC 7816-3:2006(E) Table 8
-	 *  @note this represents the maximum value supported by the card, and can be indicated in TA1
-	 */
-	uint8_t di;
-	/*! clock frequency, in Hz
-	 *  @implements ISO/IEC 7816-3:2006(E) Table 7
-	 *  @note this represents the maximum value supported by the card, and can be indicated in TA1
-	 */
-	uint32_t f_max;
-	/*! Waiting Integer
-	 *  @implements ISO/IEC 7816-3:2006(E) Section 10.2
-	 *  @note this value can be set in TA2
-	 */
-	uint8_t wi;
-	/*! Waiting Time, in ETU
-	 *  @implements ISO/IEC 7816-3:2006(E) Section 8.1
-	 *  @note this depends on Fi, Di, and WI if T=0 is used
-	 */
-	uint32_t wt;
-
 	/* ATR state machine */
 	struct {
 		uint8_t idx;
@@ -266,6 +218,27 @@ struct card_handle {
 	} stats;
 };
 
+/* reset all the 'dynamic' state of the card handle to the initial/default values */
+static void card_handle_reset(struct card_handle *ch)
+{
+	struct msgb *msg;
+
+	card_emu_uart_update_wt(ch->uart_chan, 0);
+
+	/* release any buffers we may still own */
+	if (ch->uart_tx_msg) {
+		usb_buf_free(ch->uart_tx_msg);
+		ch->uart_tx_msg = NULL;
+	}
+	if (ch->uart_rx_msg) {
+		usb_buf_free(ch->uart_rx_msg);
+		ch->uart_rx_msg = NULL;
+	}
+	while ((msg = msgb_dequeue(&ch->uart_tx_queue))) {
+		usb_buf_free(msg);
+	}
+}
+
 struct llist_head *card_emu_get_uart_tx_queue(struct card_handle *ch)
 {
 	return &ch->uart_tx_queue;
@@ -287,12 +260,35 @@ void usb_buf_upd_len_and_submit(struct msgb *msg)
 /* Allocate USB buffer and push + initialize simtrace_msg_hdr */
 struct msgb *usb_buf_alloc_st(uint8_t ep, uint8_t msg_class, uint8_t msg_type)
 {
-	struct msgb *msg;
+	struct msgb *msg = NULL;
 	struct simtrace_msg_hdr *sh;
 
-	msg = usb_buf_alloc(ep);
-	if (!msg)
-		return NULL;
+	while (!msg) {
+		msg = usb_buf_alloc(ep); // try to allocate some memory
+		if (!msg) { // allocation failed, we might be out of memory
+			struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
+			if (!bep) {
+				TRACE_ERROR("ep %u: %s queue does not exist\n\r",
+				            ep, __func__);
+				return NULL;
+			}
+			if (llist_empty(&bep->queue)) {
+				TRACE_ERROR("ep %u: %s EOMEM (queue already empty)\n\r",
+				            ep, __func__);
+				return NULL;
+			}
+			msg = msgb_dequeue_count(&bep->queue, &bep->queue_len);
+			if (!msg) {
+				TRACE_ERROR("ep %u: %s no msg in non-empty queue\n\r",
+				            ep, __func__);
+				return NULL;
+			}
+			usb_buf_free(msg);
+			msg = NULL;
+			TRACE_DEBUG("ep %u: %s queue msg dropped\n\r",
+			            ep, __func__);
+		}
+	}
 
 	msg->l1h = msgb_put(msg, sizeof(*sh));
 	sh = (struct simtrace_msg_hdr *) msg->l1h;
@@ -378,6 +374,21 @@ static void flush_pts(struct card_handle *ch)
 	usb_buf_upd_len_and_submit(msg);
 }
 
+static void emu_update_fidi(struct card_handle *ch)
+{
+	int rc;
+
+	rc = iso7816_3_compute_fd_ratio(ch->F_index, ch->D_index);
+	if (rc > 0 && rc < 0x400) {
+		TRACE_INFO("%u: computed F(%u)/D(%u) ratio: %d\r\n", ch->num,
+			   ch->F_index, ch->D_index, rc);
+		/* make sure UART uses new F/D ratio */
+		card_emu_uart_update_fidi(ch->uart_chan, rc);
+	} else
+		TRACE_INFO("%u: computed F/D ratio %d unsupported\r\n",
+			   ch->num, rc);
+}
+
 /* Update the ISO 7816-3 TPDU receiver state */
 static void card_set_state(struct card_handle *ch,
 			   enum iso7816_3_card_state new_state)
@@ -394,38 +405,35 @@ static void card_set_state(struct card_handle *ch,
 	case ISO_S_WAIT_POWER:
 	case ISO_S_WAIT_CLK:
 	case ISO_S_WAIT_RST:
-		card_emu_uart_enable(ch->uart_chan, 0); // disable Rx and Tx of UART
-		card_emu_uart_update_wt(ch->uart_chan, 0); // disable timeout
-		if (ISO_S_WAIT_POWER == new_state) {
-			card_emu_uart_io_set(ch->uart_chan, false); // pull I/O line low
-		} else {
-			card_emu_uart_io_set(ch->uart_chan, true); // pull I/O line high
-		}
+		/* disable Rx and Tx of UART */
+		card_emu_uart_enable(ch->uart_chan, 0);
+		/* disable timeout */
+		card_emu_uart_update_wt(ch->uart_chan, 0);
 		break;
 	case ISO_S_WAIT_ATR:
-		// reset the ETU-related values
-		ch->f = ISO7816_3_DEFAULT_FD;
-		ch->d = ISO7816_3_DEFAULT_DD;
-		card_emu_uart_update_fd(ch->uart_chan, ch->f, ch->d); // set baud rate
-
-		// reset values optionally specified in the ATR
-		ch->fi = ISO7816_3_DEFAULT_FI;
-		ch->di = ISO7816_3_DEFAULT_DI;
+		/* Reset to initial Fi / Di ratio */
+		ch->Fi_index = ch->F_index = 1;
+		ch->Di_index = ch->D_index = 1;
 		ch->wi = ISO7816_3_DEFAULT_WI;
-		int32_t wt = iso7816_3_calculate_wt(ch->wi, ch->fi, ch->di, ch->f, ch->d); // get default waiting time
-		if (wt <= 0) {
-			TRACE_FATAL("%u: invalid WT %ld\r\n", ch->num, wt);
-		}
-		ch->wt = wt;
-		card_emu_uart_enable(ch->uart_chan, ENABLE_TX); // enable TX to be able to use the timeout
+		ch->waiting_time = ISO7816_3_INIT_WTIME;
+		emu_update_fidi(ch);
+		/* enable TX to be able to use the timeout */
+		card_emu_uart_enable(ch->uart_chan, ENABLE_TX_TIMER_ONLY);
 		/* the ATR should only be sent 400 to 40k clock cycles after the RESET.
-		 * we use the tc_etu mechanism to wait this time.
+		 * we use the UART timeout mechanism to wait this time.
 		 * since the initial ETU is Fd=372/Dd=1 clock cycles long, we have to wait 2-107 ETU.
 		 */
 		card_emu_uart_update_wt(ch->uart_chan, 2);
 		break;
 	case ISO_S_IN_ATR:
-		// FIXME disable timeout while sending ATR
+		/* initialize to default WI, this will be overwritten if we
+		 * send TC2, and it will be programmed into hardware after
+		 * ATR is finished */
+		ch->wi = ISO7816_3_DEFAULT_WI;
+		/* update waiting time to initial waiting time */
+		ch->waiting_time = ISO7816_3_INIT_WTIME;
+		/* set initial waiting time */
+		card_emu_uart_update_wt(ch->uart_chan, ch->waiting_time);
 		/* Set ATR sub-state to initial state */
 		ch->atr.idx = 0;
 		/* enable USART transmission to reader */
@@ -471,6 +479,7 @@ static int tx_byte_atr(struct card_handle *ch)
 		return 1;
 	} else { /* The ATR has been completely transmitted */
 		/* search for TC2 to updated WI */
+		ch->wi = ISO7816_3_DEFAULT_WI;
 		if (ch->atr.len >= 2 && ch->atr.atr[1] & 0xf0) { /* Y1 has some data */
 			uint8_t atr_td1 = 2;
 			if (ch->atr.atr[1] & 0x10) { /* TA1 is present */
@@ -499,9 +508,11 @@ static int tx_byte_atr(struct card_handle *ch)
 				}
 			}
 		}
-		/* FIXME update waiting time in case of card is specific mode */
-		/* reset PTS to initial state */
-		set_pts_state(ch, PTS_S_WAIT_REQ_PTSS);
+		/* update waiting time (see ISO 7816-3 10.2). We can drop the Fi
+		 * multiplier as we store the waiting time in units of 'etu', and
+		 * don't really care what the number of clock cycles or the absolute
+		 * wall clock time is */
+		ch->waiting_time = ch->wi * 960;
 		/* go to next state */
 		card_set_state(ch, ISO_S_WAIT_TPDU);
 		return 0;
@@ -518,8 +529,9 @@ static int tx_byte_atr(struct card_handle *ch)
 /* Update the PTS sub-state */
 static void set_pts_state(struct card_handle *ch, enum pts_state new_ptss)
 {
-	TRACE_DEBUG("%u: 7816 PTS state %u -> %u\r\n",
-		    ch->num, ch->pts.state, new_ptss);
+	TRACE_DEBUG("%u: 7816 PTS state %s -> %s\r\n", ch->num,
+		    get_value_string(pts_state_names, ch->pts.state),
+		    get_value_string(pts_state_names, new_ptss));
 	ch->pts.state = new_ptss;
 }
 
@@ -566,12 +578,9 @@ from_pts3:
 	return PTS_S_WAIT_REQ_PCK | is_resp;
 }
 
-/*! process incoming PTS byte
- *  @param[in] ch card handle on which the byte has been received
- *  @param[in] byte received PTS byte
- *  @return new iso7816_3_card_state or -1 at the end of PTS request
- */
-static int process_byte_pts(struct card_handle *ch, uint8_t byte)
+
+static int
+process_byte_pts(struct card_handle *ch, uint8_t byte)
 {
 	switch (ch->pts.state) {
 	case PTS_S_WAIT_REQ_PTSS:
@@ -598,12 +607,12 @@ static int process_byte_pts(struct card_handle *ch, uint8_t byte)
 			set_pts_state(ch, PTS_S_WAIT_REQ_PTSS);
 			return ISO_S_WAIT_TPDU;
 		}
-		/* FIXME check if proposal matches capabilities in TA1 */
+		/* FIXME: check if proposal matches capabilities in ATR */
 		memcpy(ch->pts.resp, ch->pts.req, sizeof(ch->pts.resp));
 		break;
 	default:
-		TRACE_ERROR("%u: process_byte_pts() in invalid state %u\r\n",
-			    ch->num, ch->pts.state);
+		TRACE_ERROR("%u: process_byte_pts() in invalid PTS state %s\r\n", ch->num,
+			    get_value_string(pts_state_names, ch->pts.state));
 		break;
 	}
 	/* calculate the next state and set it */
@@ -637,17 +646,12 @@ static int tx_byte_pts(struct card_handle *ch)
 		break;
 	case PTS_S_WAIT_RESP_PTS1:
 		byte = ch->pts.resp[_PTS1];
-		// TODO the value should have been validated when receiving the request
-		ch->f = iso7816_3_fi_table[byte >> 4]; // save selected Fn
-		if (0 == ch->f) {
-			TRACE_ERROR("%u: invalid F index in PPS response: %u\r\n", ch->num, byte >> 4);
-			// TODO become unresponsive to signal error condition
-		}
-		ch->d = iso7816_3_di_table[byte & 0xf]; // save selected Dn
-		if (0 == ch->d) {
-			TRACE_ERROR("%u: invalid D index in PPS response: %u\r\n", ch->num, byte & 0xf);
-			// TODO become unresponsive to signal error condition
-		}
+		/* This must be TA1 */
+		ch->F_index = byte >> 4;
+		ch->D_index = byte & 0xf;
+		TRACE_DEBUG("%u: found F=%u D=%u\r\n", ch->num,
+			    iso7816_3_fi_table[ch->F_index], iso7816_3_di_table[ch->D_index]);
+		/* FIXME: if F or D are 0, become unresponsive to signal error condition */
 		break;
 	case PTS_S_WAIT_RESP_PTS2:
 		byte = ch->pts.resp[_PTS2];
@@ -659,8 +663,8 @@ static int tx_byte_pts(struct card_handle *ch)
 		byte = ch->pts.resp[_PCK];
 		break;
 	default:
-		TRACE_ERROR("%u: get_byte_pts() in invalid state %u\r\n",
-			    ch->num, ch->pts.state);
+		TRACE_ERROR("%u: get_byte_pts() in invalid PTS state %s\r\n", ch->num,
+			    get_value_string(pts_state_names, ch->pts.state));
 		return 0;
 	}
 
@@ -672,15 +676,8 @@ static int tx_byte_pts(struct card_handle *ch)
 	switch (ch->pts.state) {
 	case PTS_S_WAIT_RESP_PCK:
 		card_emu_uart_wait_tx_idle(ch->uart_chan);
-		card_emu_uart_update_fd(ch->uart_chan, ch->f, ch->d); // set selected baud rate
-		int32_t wt = iso7816_3_calculate_wt(ch->wi, ch->fi, ch->di, ch->f, ch->d); // get new waiting time
-		if (wt <= 0) {
-			TRACE_ERROR("%u: invalid WT calculated: %ld\r\n", ch->num, wt);
-			// TODO become unresponsive to signal error condition
-		} else {
-			ch->wt = wt;
-		}
-		// FIXME disable WT
+		/* update baud rate generator with F/D */
+		emu_update_fidi(ch);
 		/* Wait for the next TPDU */
 		card_set_state(ch, ISO_S_WAIT_TPDU);
 		set_pts_state(ch, PTS_S_WAIT_REQ_PTSS);
@@ -751,10 +748,6 @@ static void set_tpdu_state(struct card_handle *ch, enum tpdu_state new_ts)
 {
 	if (ch->tpdu.state == new_ts)
 		return;
-	if (ISO_S_IN_TPDU != ch->state && ISO_S_WAIT_TPDU != ch->state) {
-		TRACE_ERROR("%u: setting TPDU state in %s state\r\n", ch->num,
-			get_value_string(iso7816_3_card_state_names, ch->state));
-	}
 
 	TRACE_DEBUG("%u: 7816 TPDU state %s -> %s\r\n", ch->num,
 		get_value_string(tpdu_state_names, ch->tpdu.state),
@@ -762,20 +755,29 @@ static void set_tpdu_state(struct card_handle *ch, enum tpdu_state new_ts)
 	ch->tpdu.state = new_ts;
 
 	switch (new_ts) {
-	case TPDU_S_WAIT_CLA: // we will be waiting for the next incoming TDPU
-		card_emu_uart_enable(ch->uart_chan, ENABLE_RX); // switch back to receiving mode
-		card_emu_uart_update_wt(ch->uart_chan, 0); // disable waiting time since we don't expect any data
+	case TPDU_S_WAIT_CLA:
+		/* switch back to receiving mode */
+		card_emu_uart_enable(ch->uart_chan, ENABLE_RX);
+		/* disable waiting time since we don't expect any data */
+		card_emu_uart_update_wt(ch->uart_chan, 0);
 		break;
-	case TPDU_S_WAIT_INS: // the reader started sending the TPDU header
-		card_emu_uart_update_wt(ch->uart_chan, ch->wt); // start waiting for the rest of the header/body
+	case TPDU_S_WAIT_INS:
+		/* start waiting for the rest of the header/body */
+		card_emu_uart_update_wt(ch->uart_chan, ch->waiting_time);
 		break;
-	case TPDU_S_WAIT_RX: // the reader should send us the TPDU body data
-		card_emu_uart_enable(ch->uart_chan, ENABLE_RX); // switch to receive mode to receive the body
-		card_emu_uart_update_wt(ch->uart_chan, ch->wt); // start waiting for the rest body
+	case TPDU_S_WAIT_RX:
+		/* switch to receive mode to receive the body */
+		card_emu_uart_enable(ch->uart_chan, ENABLE_RX);
+		/* start waiting for the body */
+		card_emu_uart_update_wt(ch->uart_chan, ch->waiting_time);
 		break;
 	case TPDU_S_WAIT_PB:
-		card_emu_uart_enable(ch->uart_chan, ENABLE_TX); // header is completely received, now we need to transmit the procedure byte
-		card_emu_uart_update_wt(ch->uart_chan, ch->wt); // prepare to extend the waiting time once half of it is reached
+		/* we just completed the TPDU header from reader to card
+		 * and now need to disable the receiver, enable the
+		 * transmitter and transmit the procedure byte */
+		card_emu_uart_enable(ch->uart_chan, ENABLE_TX);
+		/* prepare to extend the waiting time once half of it is reached */
+		card_emu_uart_update_wt(ch->uart_chan, ch->waiting_time);
 		break;
 	default:
 		break;
@@ -882,8 +884,8 @@ process_byte_tpdu(struct card_handle *ch, uint8_t byte)
 		add_tpdu_byte(ch, byte);
 		break;
 	default:
-		TRACE_ERROR("%u: process_byte_tpdu() in invalid state %u\r\n",
-			    ch->num, ch->tpdu.state);
+		TRACE_ERROR("%u: process_byte_tpdu() in invalid TPDU state %s\r\n", ch->num,
+			    get_value_string(tpdu_state_names, ch->tpdu.state));
 	}
 
 	/* ensure we stay in TPDU ISO state */
@@ -970,6 +972,8 @@ void card_emu_process_rx_byte(struct card_handle *ch, uint8_t byte)
 	switch (ch->state) {
 	case ISO_S_WAIT_TPDU:
 		if (byte == 0xff) {
+			/* reset PTS to initial state */
+			set_pts_state(ch, PTS_S_WAIT_REQ_PTSS);
 			new_state = process_byte_pts(ch, byte);
 			ch->stats.pps++;
 			goto out_silent;
@@ -982,8 +986,8 @@ void card_emu_process_rx_byte(struct card_handle *ch, uint8_t byte)
 		new_state = process_byte_pts(ch, byte);
 		goto out_silent;
 	default:
-		TRACE_ERROR("%u: Received UART char in invalid 7816 state "
-			    "%u\r\n", ch->num, ch->state);
+		TRACE_ERROR("%u: Received UART char in invalid 7816 state %s\r\n", ch->num,
+			    get_value_string(iso7816_3_card_state_names, ch->state));
 		break;
 	}
 
@@ -1036,13 +1040,16 @@ void card_emu_have_new_uart_tx(struct card_handle *ch)
 	}
 }
 
-void card_emu_report_status(struct card_handle *ch)
+void card_emu_report_status(struct card_handle *ch, bool report_on_irq)
 {
 	struct msgb *msg;
 	struct cardemu_usb_msg_status *sts;
+	uint8_t ep = ch->in_ep;
 
-	msg = usb_buf_alloc_st(ch->in_ep, SIMTRACE_MSGC_CARDEM,
-				SIMTRACE_MSGT_BD_CEMU_STATUS);
+	if (report_on_irq)
+		ep = ch->irq_ep;
+
+	msg = usb_buf_alloc_st(ep, SIMTRACE_MSGC_CARDEM, SIMTRACE_MSGT_BD_CEMU_STATUS);
 	if (!msg)
 		return;
 
@@ -1054,11 +1061,33 @@ void card_emu_report_status(struct card_handle *ch)
 		sts->flags |= CEMU_STATUS_F_CLK_ACTIVE;
 	if (ch->in_reset)
 		sts->flags |= CEMU_STATUS_F_RESET_ACTIVE;
-	/* FIXME set voltage and card insert values */
-	sts->f = ch->f;
-	sts->d = ch->d;
+	/* FIXME: voltage + card insert */
+	sts->F_index = ch->F_index;
+	sts->D_index = ch->D_index;
 	sts->wi = ch->wi;
-	sts->wt = ch->wt;
+	sts->waiting_time = ch->waiting_time;
+
+	usb_buf_upd_len_and_submit(msg);
+}
+
+static void card_emu_report_config(struct card_handle *ch)
+{
+	struct msgb *msg;
+	struct cardemu_usb_msg_config *cfg;
+	uint8_t ep = ch->in_ep;
+
+	msg = usb_buf_alloc_st(ch->in_ep, SIMTRACE_MSGC_CARDEM, SIMTRACE_MSGT_BD_CEMU_CONFIG);
+	if (!msg)
+		return;
+
+	cfg = (struct cardemu_usb_msg_config *) msgb_put(msg, sizeof(*cfg));
+	cfg->features = ch->features;
+#ifdef HAVE_SLOT_MUX
+	cfg->slot_mux_nr = mux_get_slot();
+#else
+	cfg->slot_mux_nr = 0;
+#endif
+
 
 	usb_buf_upd_len_and_submit(msg);
 }
@@ -1066,14 +1095,19 @@ void card_emu_report_status(struct card_handle *ch)
 /* hardware driver informs us that a card I/O signal has changed */
 void card_emu_io_statechg(struct card_handle *ch, enum card_io io, int active)
 {
+	uint32_t chg_mask = 0;
+
 	switch (io) {
 	case CARD_IO_VCC:
 		if (active == 0 && ch->vcc_active == 1) {
 			TRACE_INFO("%u: VCC deactivated\r\n", ch->num);
+			card_handle_reset(ch);
 			card_set_state(ch, ISO_S_WAIT_POWER);
+			chg_mask |= CEMU_STATUS_F_VCC_PRESENT;
 		} else if (active == 1 && ch->vcc_active == 0) {
 			TRACE_INFO("%u: VCC activated\r\n", ch->num);
 			card_set_state(ch, ISO_S_WAIT_CLK);
+			chg_mask |= CEMU_STATUS_F_VCC_PRESENT;
 		}
 		ch->vcc_active = active;
 		break;
@@ -1082,27 +1116,49 @@ void card_emu_io_statechg(struct card_handle *ch, enum card_io io, int active)
 			TRACE_INFO("%u: CLK activated\r\n", ch->num);
 			if (ch->state == ISO_S_WAIT_CLK)
 				card_set_state(ch, ISO_S_WAIT_RST);
+			chg_mask |= CEMU_STATUS_F_CLK_ACTIVE;
 		} else if (active == 0 && ch->clocked == 1) {
 			TRACE_INFO("%u: CLK deactivated\r\n", ch->num);
+			chg_mask |= CEMU_STATUS_F_CLK_ACTIVE;
 		}
 		ch->clocked = active;
 		break;
 	case CARD_IO_RST:
 		if (active == 0 && ch->in_reset) {
 			TRACE_INFO("%u: RST released\r\n", ch->num);
-			if (ch->vcc_active && ch->clocked && ISO_S_WAIT_RST == ch->state) {
+			if (ch->vcc_active && ch->clocked && ch->state == ISO_S_WAIT_RST) {
 				/* prepare to send the ATR */
 				card_set_state(ch, ISO_S_WAIT_ATR);
 			}
+			chg_mask |= CEMU_STATUS_F_RESET_ACTIVE;
 		} else if (active && !ch->in_reset) {
 			TRACE_INFO("%u: RST asserted\r\n", ch->num);
+			card_handle_reset(ch);
+			chg_mask |= CEMU_STATUS_F_RESET_ACTIVE;
 			card_set_state(ch, ISO_S_WAIT_RST);
 		}
 		ch->in_reset = active;
 		break;
+	}
+
+	switch (ch->state) {
+	case ISO_S_WAIT_POWER:
+	case ISO_S_WAIT_CLK:
+	case ISO_S_WAIT_RST:
+		/* check end activation state (even if the reader does
+		 * not respect the activation sequence) */
+		if (ch->vcc_active && ch->clocked && !ch->in_reset) {
+			/* prepare to send the ATR */
+			card_set_state(ch, ISO_S_WAIT_ATR);
+		}
+		break;
 	default:
 		break;
 	}
+
+	/* notify the host about the state change */
+	if ((ch->features & CEMU_FEAT_F_STATUS_IRQ) && chg_mask)
+		card_emu_report_status(ch, true);
 }
 
 /* User sets a new ATR to be returned during next card reset */
@@ -1111,66 +1167,102 @@ int card_emu_set_atr(struct card_handle *ch, const uint8_t *atr, uint8_t len)
 	if (len > sizeof(ch->atr.atr))
 		return -1;
 
-/* ignore new ATR for now since we PPS has not been tested
 	memcpy(ch->atr.atr, atr, len);
 	ch->atr.len = len;
 	ch->atr.idx = 0;
-*/
 
 #if TRACE_LEVEL >= TRACE_LEVEL_INFO 
 	uint8_t i;
 	TRACE_INFO("%u: ATR set: ", ch->num);
-	for (i = 0; i < len; i++) {
+	for (i = 0; i < ch->atr.len; i++) {
 		TRACE_INFO_WP("%02x ", atr[i]);
 	}
 	TRACE_INFO_WP("\n\r");
-	TRACE_INFO("%u: ATR set currently ignored\n\r", ch->num);
 #endif
 	/* FIXME: race condition with transmitting ATR to reader? */
 
 	return 0;
 }
 
-void card_emu_wt_halfed(struct card_handle *ch)
+/* hardware driver informs us that one (more) ETU has expired */
+void card_emu_wtime_half_expired(void *handle)
 {
+	struct card_handle *ch = handle;
+	/* transmit NULL procedure byte well before waiting time expires */
 	switch (ch->state) {
 	case ISO_S_IN_TPDU:
 		switch (ch->tpdu.state) {
-		case TPDU_S_WAIT_TX:
 		case TPDU_S_WAIT_PB:
+		case TPDU_S_WAIT_TX:
 			putchar('N');
-			card_emu_uart_tx(ch->uart_chan, ISO7816_3_PB_NULL); // we are waiting for data from the user. send a procedure byte to ask the reader to wait more time
-			card_emu_uart_reset_wt(ch->uart_chan); // reset WT
+			/* we are waiting for data from the user. Send a procedure byte to ask the
+			 * reader to wait more time */
+			card_emu_uart_tx(ch->uart_chan, ISO7816_3_PB_NULL);
+			card_emu_uart_reset_wt(ch->uart_chan);
 			break;
 		default:
 			break;
 		}
+		break;
 	default:
 		break;
 	}
 }
 
-void card_emu_wt_expired(struct card_handle *ch)
+/* hardware driver informs us that one (more) ETU has expired */
+void card_emu_wtime_expired(void *handle)
 {
+	struct card_handle *ch = handle;
 	switch (ch->state) {
 	case ISO_S_WAIT_ATR:
 		/* ISO 7816-3 6.2.1 time tc has passed, we can now send the ATR */
 		card_set_state(ch, ISO_S_IN_ATR);
 		break;
 	default:
-		// TODO become unresponsive
 		TRACE_ERROR("%u: wtime_exp\r\n", ch->num);
 		break;
 	}
 }
 
-/* shortest ATR possible (uses default speed and no options) */
-static const uint8_t default_atr[] = { 0x3B, 0x00 };
+/* reasonable ATR offering all protocols and voltages
+ * smartphones might not care, but other readers do
+ *
+ * TS =		0x3B	Direct Convention
+ * T0 =		0x80	Y(1): b1000, K: 0 (historical bytes)
+ * TD(1) =	0x80	Y(i+1) = b1000, Protocol T=0
+ * ----
+ * TD(2) =	0x81	Y(i+1) = b1000, Protocol T=1
+ * ----
+ * TD(3) =	0x1F	Y(i+1) = b0001, Protocol T=15
+ * ----
+ * TA(4) =	0xC7	Clock stop: no preference - Class accepted by the card: (3G) A 5V B 3V C 1.8V
+ * ----
+ * Historical bytes
+ * TCK =	0x59 	correct checksum
+ */
+static const uint8_t default_atr[] = { 0x3B, 0x80, 0x80, 0x81 , 0x1F, 0xC7, 0x59 };
 
 static struct card_handle card_handles[NUM_SLOTS];
 
-struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uart_chan,
-				  uint8_t in_ep, uint8_t irq_ep)
+int card_emu_set_config(struct card_handle *ch, const struct cardemu_usb_msg_config *scfg,
+			unsigned int scfg_len)
+{
+	if (scfg_len >= sizeof(uint32_t))
+		ch->features = (scfg->features & SUPPORTED_FEATURES);
+
+#ifdef HAVE_SLOT_MUX
+	if (scfg_len >= sizeof(uint32_t)+sizeof(uint8_t)) {
+		mux_set_slot(scfg->slot_mux_nr);
+	}
+#endif
+
+	/* send back a report of our current configuration */
+	card_emu_report_config(ch);
+
+	return 0;
+}
+
+struct card_handle *card_emu_init(uint8_t slot_num, uint8_t uart_chan, uint8_t in_ep, uint8_t irq_ep, bool vcc_active, bool in_reset, bool clocked)
 {
 	struct card_handle *ch;
 
@@ -1183,22 +1275,20 @@ struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uar
 
 	INIT_LLIST_HEAD(&ch->uart_tx_queue);
 
-	/* initialize the card_handle with reasonable defaults */
 	ch->num = slot_num;
 	ch->irq_ep = irq_ep;
 	ch->in_ep = in_ep;
 	ch->state = ISO_S_WAIT_POWER;
-	ch->vcc_active = 0;
-	ch->in_reset = 1;
-	ch->clocked = 0;
+	ch->vcc_active = vcc_active;
+	ch->in_reset = in_reset;
+	ch->clocked = clocked;
 
-	ch->fi = ISO7816_3_DEFAULT_FI;
-	ch->di = ISO7816_3_DEFAULT_DI;
+	ch->Fi_index = ch->F_index = 1;
+	ch->Di_index = ch->D_index = 1;
 	ch->wi = ISO7816_3_DEFAULT_WI;
-	ch->wt = ISO7816_3_DEFAULT_WT;;
 
-	ch->tc_chan = tc_chan;
 	ch->uart_chan = uart_chan;
+	ch->waiting_time = ISO7816_3_INIT_WTIME;
 
 	ch->atr.idx = 0;
 	ch->atr.len = sizeof(default_atr);
@@ -1207,5 +1297,7 @@ struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uar
 	ch->pts.state = PTS_S_WAIT_REQ_PTSS;
 	ch->tpdu.state = TPDU_S_WAIT_CLA;
 
+	card_handle_reset(ch);
+
 	return ch;
 }

firmware/libcommon/source/cciddriver.c

@@ -428,7 +428,7 @@ static void PCtoRDRXfrBlock( void )
 	uint16_t msglen = 0;
 	uint32_t ret;
 
-	TRACE_DEBUG("PCtoRDRXfrBlock\n");
+	TRACE_DEBUG("PCtoRDRXfrBlock\n\r");
 
 	// Check the block length
 	if ( ccidDriver.sCcidCommand.wLength > (configurationDescriptorsFS->ccid.dwMaxCCIDMessageLength-10) ) {
@@ -921,7 +921,7 @@ void USBDCallbacks_RequestReceived(const USBGenericRequest *request)
 void CCID_SmartCardRequest( void )
 {
 	unsigned char bStatus;
-	TRACE_DEBUG("CCID_req\n");
+	TRACE_DEBUG("CCID_req\n\r");
 
 	do {
 

firmware/libcommon/source/host_communication.c

@@ -27,28 +27,37 @@
  * USBD Integration API
  ***********************************************************************/
 
-/* call-back after (successful?) transfer of a buffer */
+/* call-back after (successful?) transfer of a write buffer on IN EP */
 static void usb_write_cb(uint8_t *arg, uint8_t status, uint32_t transferred,
 			 uint32_t remaining)
 {
 	struct msgb *msg = (struct msgb *) arg;
 	struct usb_buffered_ep *bep = msg->dst;
+	uint16_t ep_size = USBD_GetEndpointSize(bep->ep);
 	unsigned long x;
 
 	TRACE_DEBUG("%s (EP=0x%02x)\r\n", __func__, bep->ep);
 
+	if (((msgb_length(msg) % ep_size) == 0) && (transferred == ep_size)) {
+		/* terminate with ZLP; pass in 'msg' again as 'arg' so we get
+		 * called the second time and proceed with usb_buf_free below */
+		USBD_Write(bep->ep, 0, 0, (TransferCallback) &usb_write_cb, msg);
+		return;
+	}
+
 	local_irq_save(x);
 	bep->in_progress--;
 	local_irq_restore(x);
-	TRACE_DEBUG("%u: in_progress=%d\n", bep->ep, bep->in_progress);
+	TRACE_DEBUG("%u: in_progress=%lu\r\n", bep->ep, bep->in_progress);
 
 	if (status != USBD_STATUS_SUCCESS)
-		TRACE_ERROR("%s error, status=%d\n", __func__, status);
+		TRACE_ERROR("%s error, status=%d\r\n", __func__, status);
 
 	usb_buf_free(msg);
 }
 
-int usb_refill_to_host(uint8_t ep)
+/* check if the spcified IN endpoint is idle and submit the next buffer from queue */
+static int usb_refill_to_host(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
 	struct msgb *msg;
@@ -75,44 +84,44 @@ int usb_refill_to_host(uint8_t ep)
 
 	bep->in_progress++;
 
-	msg = msgb_dequeue(&bep->queue);
+	msg = msgb_dequeue_count(&bep->queue, &bep->queue_len);
 
 	local_irq_restore(x);
 
-	TRACE_DEBUG("%s (EP=0x%02x), in_progress=%d\r\n", __func__, ep, bep->in_progress);
+	TRACE_DEBUG("%s (EP=0x%02x), in_progress=%lu\r\n", __func__, ep, bep->in_progress);
 
 	msg->dst = bep;
 
 	rc = USBD_Write(ep, msgb_data(msg), msgb_length(msg),
 			(TransferCallback) &usb_write_cb, msg);
 	if (rc != USBD_STATUS_SUCCESS) {
-		TRACE_ERROR("%s error %x\n", __func__, rc);
+		TRACE_ERROR("%s error %x\r\n", __func__, rc);
 		/* re-insert to head of queue */
 		llist_add_irqsafe(&msg->list, &bep->queue);
 		local_irq_save(x);
 		bep->in_progress--;
 		local_irq_restore(x);
-		TRACE_DEBUG("%02x: in_progress=%d\n", bep->ep, bep->in_progress);
+		TRACE_DEBUG("%02x: in_progress=%lu\r\n", bep->ep, bep->in_progress);
 		return 0;
 	}
 
 	return 1;
 }
 
-/* call-back after (successful?) transfer of a buffer */
+/* call-back after (successful?) read transfer of a buffer on OUT EP */
 static void usb_read_cb(uint8_t *arg, uint8_t status, uint32_t transferred,
 			uint32_t remaining)
 {
 	struct msgb *msg = (struct msgb *) arg;
 	struct usb_buffered_ep *bep = msg->dst;
 
-	TRACE_DEBUG("%s (EP=%u, len=%u, q=%p)\r\n", __func__,
+	TRACE_DEBUG("%s (EP=%u, len=%lu, q=%p)\r\n", __func__,
 			bep->ep, transferred, &bep->queue);
 
 	bep->in_progress = 0;
 
 	if (status != USBD_STATUS_SUCCESS) {
-		TRACE_ERROR("%s error, status=%d\n", __func__, status);
+		TRACE_ERROR("%s error, status=%d\r\n", __func__, status);
 		usb_buf_free(msg);
 		return;
 	}
@@ -120,7 +129,8 @@ static void usb_read_cb(uint8_t *arg, uint8_t status, uint32_t transferred,
 	llist_add_tail_irqsafe(&msg->list, &bep->queue);
 }
 
-int usb_refill_from_host(uint8_t ep)
+/* refill the read queue for data received from host PC on OUT EP, if needed */
+static int usb_refill_from_host(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
 	struct msgb *msg;
@@ -150,7 +160,7 @@ int usb_refill_from_host(uint8_t ep)
 	rc = USBD_Read(ep, msg->head, msgb_tailroom(msg),
 			(TransferCallback) &usb_read_cb, msg);
 	if (rc != USBD_STATUS_SUCCESS) {
-		TRACE_ERROR("%s error %d\n", __func__, rc);
+		TRACE_ERROR("%s error %d\r\n", __func__, rc);
 		usb_buf_free(msg);
 		bep->in_progress = 0;
 	}
@@ -158,6 +168,7 @@ int usb_refill_from_host(uint8_t ep)
 	return 1;
 }
 
+/* drain any buffers from the queue of the endpoint and release their memory */
 int usb_drain_queue(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
@@ -177,7 +188,7 @@ int usb_drain_queue(uint8_t ep)
 	}
 
 	/* free all queued msgbs */
-	while ((msg = msgb_dequeue(&bep->queue))) {
+	while ((msg = msgb_dequeue_count(&bep->queue, &bep->queue_len))) {
 		usb_buf_free(msg);
 		ret++;
 	}
@@ -187,3 +198,45 @@ int usb_drain_queue(uint8_t ep)
 
 	return ret;
 }
+
+
+
+/* iterate over the queue of incoming USB commands and dispatch/execute
+ * them */
+static void process_any_usb_commands(const struct usb_if *usb_if)
+{
+	struct llist_head *queue = usb_get_queue(usb_if->ep_out);
+	struct llist_head *lh;
+	struct msgb *msg;
+	int i;
+
+	/* limit the number of iterations to 10, to ensure we don't get
+	 * stuck here without returning to main loop processing */
+	for (i = 0; i < 10; i++) {
+		/* de-queue the list head in an irq-safe way */
+		lh = llist_head_dequeue_irqsafe(queue);
+		if (!lh)
+			break;
+		msg = llist_entry(lh, struct msgb, list);
+		usb_if->ops.rx_out(msg, usb_if);
+	}
+}
+
+/* perform any action related to USB processing (IRQ/INT/OUT EP refill, handling OUT) */
+void usb_process(const struct usb_if *usb_if)
+{
+	/* first try to send any pending messages on IRQ */
+	if (usb_if->ep_int)
+		usb_refill_to_host(usb_if->ep_int);
+
+	/* then try to send any pending messages on IN */
+	if (usb_if->ep_in)
+		usb_refill_to_host(usb_if->ep_in);
+
+	/* ensure we can handle incoming USB messages from the
+	 * host */
+	if (usb_if->ep_out) {
+		usb_refill_from_host(usb_if->ep_out);
+		process_any_usb_commands(usb_if);
+	}
+}

firmware/libcommon/source/iso7816_3.c

@@ -1,123 +0,0 @@
-/*
- * Copyright (C) 2019 sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-*/
-#include <stdint.h>
-#include <stddef.h>
-
-#include "utils.h"
-#include "iso7816_3.h"
-
-const uint16_t iso7816_3_fi_table[16] = {
-	372, 372, 558, 744, 1116, 1488, 1860, 0,
-	0, 512, 768, 1024, 1536, 2048, 0, 0
-};
-
-const uint32_t iso7816_3_fmax_table[16] = {
-	4000000, 5000000, 6000000, 8000000, 12000000, 16000000, 20000000, 0,
-	0, 5000000, 7500000, 10000000, 15000000, 20000000, 0, 0
-};
-
-const uint8_t iso7816_3_di_table[16] = {
-	0, 1, 2, 4, 8, 16, 32, 64,
-	12, 20, 0, 0, 0, 0, 0, 0,
-};
-
-/* all values are based on the Elementary Time Unit (ETU), defined in ISO/IEC 7816-3 section 7.1
- * this is the time required to transmit a bit, and is calculated as follows: 1 ETU = (F / D) x (1 / f) where:
- * - F is the clock rate conversion integer
- * - D is the baud rate adjustment factor
- * - f is the clock frequency
- * the possible F, f(max), and D values are defined in ISO/IEC 7816-3 table 7 and 8
- * - the initial value for F (after reset) is Fd = 372
- * - the initial value for D (after reset) is Dd = 1
- * - the initial maximum frequency f(max) is 5 MHz
- * the card must measure the ETU based on the clock signal provided by the reader
- * one ETU (e.g. 1 bit) takes F/D clock cycles, which the card must count
- *
- * the card can indicate an alternative set of supported values Fi (with corresponding f(max)) and Di for higher baud rate in TA1 in the ATR (see ISO/IEC 7816-3 section 8.3)
- * these values are selected according to ISO/IEC 7816-3 section 6.3.1:
- * - card in specific mode: they are enforced if TA2 is present (the reader can deactivate the card if it does not support these values)
- * - card in negotiable mode:
- * -- they can be selected by the reader using the Protocol and Parameters Selection (PPS) procedure
- * -- the first offered protocol and default values are used when no PPS is started
- *
- * PPS is done with Fd and Dd (see ISO/IEC 7816-3 section 9)
- * the reader can propose any F and D values between from Fd to Fi, and from Dd to Di (Fi and Di are indicated in TA1)
- * the in PPS agreed values F and D are called Fn and Dn and are applied after a successful exchange, corresponding to PPS1_Response bit 5
- *
- * the F and D values must be provided to the SAM3S USART peripheral (after reset and PPS)
- */
-
-bool iso7816_3_valid_f(uint16_t f)
-{
-	if (0 == f) {
-		return false;
-	}
-	uint8_t i = 0;
-	for (i = 0; i < ARRAY_SIZE(iso7816_3_fi_table) && iso7816_3_fi_table[i] != f; i++);
-	return (i < ARRAY_SIZE(iso7816_3_fi_table) && iso7816_3_fi_table[i] == f);
-}
-
-bool iso7816_3_valid_d(uint8_t d)
-{
-	if (0 == d) {
-		return false;
-	}
-	uint8_t i = 0;
-	for (i = 0; i < ARRAY_SIZE(iso7816_3_di_table) && iso7816_3_di_table[i] != d; i++);
-	return (i < ARRAY_SIZE(iso7816_3_di_table) && iso7816_3_di_table[i] == d);
-}
-
-/*
- * the ETU is not only used to define the baud rate, but also the Waiting Time (WT) (see ISO/IEC 7816-3 section 8.1)
- * when exceeding WT without card response, the reader flags the card as unresponsive, and resets it
- * this can be used by the card to indicate errors or unsupported operations
- * if the card requires more time to respond, it shall send a procedure byte to restart WT
- * WT is calculated as follows (for T=0, see ISO/IEC 7816-3 section 10.2): WT = WI x 960 x (Fi / f(max)) where
- * - WI is encoded in TC2 in the ATR (10 if absent)
- * - WI does not depend on D/Di (used for the ETU)
- * - after reset WT is 9600 ETU
- * - WI (e.g. the new WT) is applied when T=0 is used (after 6.3.1), even if Fi is not Fn (this WT extension is important to know for the reader so to have the right timeout)
- */
-
-int32_t iso7816_3_calculate_wt(uint8_t wi, uint16_t fi, uint8_t di, uint16_t f, uint8_t d)
-{
-	// sanity checks
-	if (0 == wi) {
-		return -1;
-	}
-	if (!iso7816_3_valid_f(fi)) {
-		return -2;
-	}
-	if (!iso7816_3_valid_d(di)) {
-		return -3;
-	}
-	if (!iso7816_3_valid_f(f)) {
-		return -4;
-	}
-	if (!iso7816_3_valid_d(d)) {
-		return -5;
-	}
-	if (f > fi) {
-		return -6;
-	}
-	if (d > di) {
-		return -7;
-	}
-
-	return wi * 960UL * (fi/f) * (di/d); // calculate timeout value in ETU
-}

firmware/libcommon/source/iso7816_fidi.c

@@ -23,38 +23,38 @@
 #include "iso7816_fidi.h"
 
 /* Table 7 of ISO 7816-3:2006 */
-const uint16_t fi_table[] = {
+const uint16_t iso7816_3_fi_table[] = {
 	372, 372, 558, 744, 1116, 1488, 1860, 0,
 	0, 512, 768, 1024, 1536, 2048, 0, 0
 };
 
 /* Table 8 from ISO 7816-3:2006 */
-const uint8_t di_table[] = {
+const uint8_t iso7816_3_di_table[] = {
 	0, 1, 2, 4, 8, 16, 32, 64,
 	12, 20, 2, 4, 8, 16, 32, 64,
 };
 
 /* compute the F/D ratio based on Fi and Di values */
-int compute_fidi_ratio(uint8_t fi, uint8_t di)
+int iso7816_3_compute_fd_ratio(uint8_t f_index, uint8_t d_index)
 {
 	uint16_t f, d;
 	int ret;
 
-	if (fi >= ARRAY_SIZE(fi_table) ||
-	    di >= ARRAY_SIZE(di_table))
+	if (f_index >= ARRAY_SIZE(iso7816_3_fi_table) ||
+	    d_index >= ARRAY_SIZE(iso7816_3_di_table))
 		return -EINVAL;
 
-	f = fi_table[fi];
+	f = iso7816_3_fi_table[f_index];
 	if (f == 0)
 		return -EINVAL;
 
-	d = di_table[di];
+	d = iso7816_3_di_table[d_index];
 	if (d == 0)
 		return -EINVAL;
 
 	/* See table 7 of ISO 7816-3: From 1000 on we divide by 1/d,
 	 * which equals a multiplication by d */
-	if (di < 8)
+	if (d_index < 8)
 		ret = f / d;
 	else
 		ret = f * d;

firmware/libcommon/source/main_common.c

@@ -0,0 +1,54 @@
+/* SIMtrace 2 firmware common main helpers
+ *
+ * (C) 2015-2019 by Harald Welte <hwelte@hmw-consulting.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include "board.h"
+#include "utils.h"
+
+void print_banner(void)
+{
+	printf("\n\r\n\r"
+		"=============================================================================\n\r"
+		"SIMtrace2 firmware " GIT_VERSION ", BOARD=" BOARD ", APP=" APPLICATION "\n\r"
+		"(C) 2010-2019 by Harald Welte, 2018-2019 by Kevin Redon\n\r"
+		"=============================================================================\n\r");
+
+#if (TRACE_LEVEL >= TRACE_LEVEL_INFO)
+	/* print chip-unique ID */
+	unsigned int unique_id[4];
+	EEFC_ReadUniqueID(unique_id);
+	TRACE_INFO("Chip ID: 0x%08lx (Ext 0x%08lx)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
+	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\n\r",
+		   unique_id[0], unique_id[1], unique_id[2], unique_id[3]);
+
+	/* print reset cause */
+	uint8_t reset_cause = (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos;
+	static const char* reset_causes[] = {
+		"general reset (first power-up reset)",
+		"backup reset (return from backup mode)",
+		"watchdog reset (watchdog fault occurred)",
+		"software reset (processor reset required by the software)",
+		"user reset (NRST pin detected low)",
+	};
+	if (reset_cause < ARRAY_SIZE(reset_causes)) {
+		TRACE_INFO("Reset Cause: %s\n\r", reset_causes[reset_cause]);
+	} else {
+		TRACE_INFO("Reset Cause: 0x%lx\n\r", (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos);
+	}
+#endif
+}

firmware/libcommon/source/mode_cardemu.c

@@ -22,7 +22,7 @@
 #include "simtrace.h"
 #include "ringbuffer.h"
 #include "card_emu.h"
-#include "iso7816_3.h"
+#include "iso7816_fidi.h"
 #include "utils.h"
 #include <osmocom/core/linuxlist.h>
 #include <osmocom/core/msgb.h>
@@ -34,6 +34,8 @@
 
 #define TRACE_ENTRY()	TRACE_DEBUG("%s entering\r\n", __func__)
 
+static void dispatch_received_usb_msg(struct msgb *msg, const struct usb_if *usb_if);
+
 #ifdef PINS_CARDSIM
 static const Pin pins_cardsim[] = PINS_CARDSIM;
 #endif
@@ -42,9 +44,13 @@ static const Pin pins_cardsim[] = PINS_CARDSIM;
 static const Pin pins_usim1[]	= {PINS_USIM1};
 static const Pin pin_usim1_rst	= PIN_USIM1_nRST;
 static const Pin pin_usim1_vcc	= PIN_USIM1_VCC;
+#ifdef PIN_USIM1_IO_DIR
+static const Pin pin_io_dir 	= PIN_USIM1_IO_DIR;
+#endif
+
 
 #ifdef CARDEMU_SECOND_UART
-static const Pin pins_usim2[]    = {PINS_USIM2};
+static const Pin pins_usim2[]	= {PINS_USIM2};
 static const Pin pin_usim2_rst	= PIN_USIM2_nRST;
 static const Pin pin_usim2_vcc	= PIN_USIM2_VCC;
 #endif
@@ -54,18 +60,26 @@ struct cardem_inst {
 	struct card_handle *ch;
 	struct llist_head usb_out_queue;
 	struct ringbuf rb;
-	uint32_t wt; /*!< receiver waiting time to trigger timeout (0 to deactivate it) */
-	uint32_t wt_remaining; /*!< remaining waiting time */
-	bool wt_halfed; /*!< if at least half of the waiting time passed */
 	struct Usart_info usart_info;
+	struct {
+		/*! receiver waiting time to trigger timeout (0 to deactivate it) */
+		uint32_t total;
+		/*! remaining waiting time (we may need multiple timer runs to reach total */
+		uint32_t remaining;
+		/*! did we already notify about half the time having expired? */
+		bool half_time_notified;
+	} wt;
 	int usb_pending_old;
-	uint8_t ep_out;
-	uint8_t ep_in;
-	uint8_t ep_int;
-	const Pin pin_io;
+	struct usb_if usb_if;
 	const Pin pin_insert;
+#ifdef DETECT_VCC_BY_ADC
 	uint32_t vcc_uv;
 	uint32_t vcc_uv_last;
+#endif
+	bool vcc_active;
+	bool vcc_active_last;
+	bool rst_active;
+	bool rst_active_last;
 };
 
 struct cardem_inst cardem_inst[] = {
@@ -76,10 +90,16 @@ struct cardem_inst cardem_inst[] = {
 			.id = ID_USART1,
 			.state = USART_RCV
 		},
-		.ep_out = SIMTRACE_CARDEM_USB_EP_USIM1_DATAOUT,
-		.ep_in = SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN,
-		.ep_int = SIMTRACE_CARDEM_USB_EP_USIM1_INT,
-		.pin_io = PIN_USIM1_IO,
+		.usb_if = {
+			.if_num = 0,
+			.ep_out = SIMTRACE_CARDEM_USB_EP_USIM1_DATAOUT,
+			.ep_in = SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN,
+			.ep_int = SIMTRACE_CARDEM_USB_EP_USIM1_INT,
+			.data = &cardem_inst[0],
+			.ops = {
+				.rx_out = dispatch_received_usb_msg,
+			},
+		},
 #ifdef PIN_SET_USIM1_PRES
 		.pin_insert = PIN_SET_USIM1_PRES,
 #endif
@@ -92,10 +112,16 @@ struct cardem_inst cardem_inst[] = {
 			.id = ID_USART0,
 			.state = USART_RCV
 		},
-		.ep_out = SIMTRACE_CARDEM_USB_EP_USIM2_DATAOUT,
-		.ep_in = SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN,
-		.ep_int = SIMTRACE_CARDEM_USB_EP_USIM2_INT,
-		.pin_io = PIN_USIM2_IO,
+		.usb_if = {
+			.if_num = 1,
+			.ep_out = SIMTRACE_CARDEM_USB_EP_USIM2_DATAOUT,
+			.ep_in = SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN,
+			.ep_int = SIMTRACE_CARDEM_USB_EP_USIM2_INT,
+			.data = &cardem_inst[1],
+			.ops = {
+				.rx_out = dispatch_received_usb_msg,
+			},
+		},
 #ifdef PIN_SET_USIM2_PRES
 		.pin_insert = PIN_SET_USIM2_PRES,
 #endif
@@ -135,13 +161,28 @@ void card_emu_uart_wait_tx_idle(uint8_t uart_chan)
 	wait_tx_idle(usart);
 }
 
+static void card_emu_uart_set_direction(uint8_t uart_chan, bool tx)
+{
+	/* only on some boards (octsimtest) we hae an external level
+	 * shifter that requires us to switch the direction between RX and TX */
+#ifdef PIN_USIM1_IO_DIR
+	if (uart_chan == 0) {
+		if (tx)
+			PIO_Set(&pin_io_dir);
+		else
+			PIO_Clear(&pin_io_dir);
+	}
+#endif
+}
+
 /* call-back from card_emu.c to enable/disable transmit and/or receive */
 void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx)
 {
 	Usart *usart = get_usart_by_chan(uart_chan);
 	switch (rxtx) {
 	case ENABLE_TX:
-		USART_DisableIt(usart, ~US_IER_TXRDY);
+		card_emu_uart_set_direction(uart_chan, true);
+		USART_DisableIt(usart, ~(US_IER_TXRDY | US_IER_TIMEOUT));
 		/* as irritating as it is, we actually want to keep the
 		 * receiver enabled during transmit */
 		USART_SetReceiverEnabled(usart, 1);
@@ -149,14 +190,26 @@ void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx)
 		USART_EnableIt(usart, US_IER_TXRDY | US_IER_TIMEOUT);
 		USART_SetTransmitterEnabled(usart, 1);
 		break;
+	case ENABLE_TX_TIMER_ONLY:
+		/* enable the transmitter without generating TXRDY interrupts
+		 * just so that the timer can run */
+		USART_DisableIt(usart, ~US_IER_TIMEOUT);
+		/* as irritating as it is, we actually want to keep the
+		 * receiver enabled during transmit */
+		USART_SetReceiverEnabled(usart, 1);
+		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
+		USART_EnableIt(usart, US_IER_TIMEOUT);
+		USART_SetTransmitterEnabled(usart, 1);
+		break;
 	case ENABLE_RX:
 		USART_DisableIt(usart, ~US_IER_RXRDY);
 		/* as irritating as it is, we actually want to keep the
 		 * transmitter enabled during receive */
 		USART_SetTransmitterEnabled(usart, 1);
 		wait_tx_idle(usart);
+		card_emu_uart_set_direction(uart_chan, false);;
 		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
-		USART_EnableIt(usart, US_IER_RXRDY | US_IER_TIMEOUT);
+		USART_EnableIt(usart, US_IER_RXRDY);
 		USART_SetReceiverEnabled(usart, 1);
 		break;
 	case 0:
@@ -194,56 +247,100 @@ int card_emu_uart_tx(uint8_t uart_chan, uint8_t byte)
 	return 1;
 }
 
-/* FIXME: integrate this with actual irq handler */
+static uint16_t compute_next_timeout(struct cardem_inst *ci)
+{
+	uint32_t want_to_expire;
+
+	if (ci->wt.total == 0)
+		return 0;
+
+	if (!ci->wt.half_time_notified) {
+		/* we need to make sure to expire after half the total waiting time */
+		OSMO_ASSERT(ci->wt.remaining > (ci->wt.total / 2));
+		want_to_expire = ci->wt.remaining - (ci->wt.total / 2);
+	} else
+		want_to_expire = ci->wt.remaining;
+	/* if value exceeds the USART TO range, use the maximum possible value for one round */
+	return OSMO_MIN(want_to_expire, 0xffff);
+}
+
+/*! common handler if interrupt was received.
+ *  \param[in] inst_num Instance number, range 0..1 (some boards only '0' permitted) */
 static void usart_irq_rx(uint8_t inst_num)
 {
-	if (inst_num >= ARRAY_SIZE(cardem_inst)) {
-		TRACE_ERROR("%u: UART channel out of bounds\r\n", inst_num);
-		return;
-	}
+	OSMO_ASSERT(inst_num < ARRAY_SIZE(cardem_inst));
 	Usart *usart = get_usart_by_chan(inst_num);
 	struct cardem_inst *ci = &cardem_inst[inst_num];
 	uint32_t csr;
 	uint8_t byte = 0;
 
-	csr = usart->US_CSR & usart->US_IMR; // save state/flags before they get changed
+	/* get one atomic snapshot of state/flags before they get changed */
+	csr = usart->US_CSR & usart->US_IMR;
 
-	if (csr & US_CSR_RXRDY) { // bytes has been received
-		byte = (usart->US_RHR) & 0xFF; // ready out byte
-		if (rbuf_write(&ci->rb, byte) < 0) // store byte in buffer
-			TRACE_ERROR("rbuf overrun\r\n"); // error if could not store in buffer
+	/* check if one byte has been completely received and is now in the holding register */
+	if (csr & US_CSR_RXRDY) {
+		/* read the bye from the holding register */
+		byte = (usart->US_RHR) & 0xFF;
+		/* append it to the buffer */
+		if (rbuf_write(&ci->rb, byte) < 0)
+			TRACE_ERROR("rbuf overrun\r\n");
 	}
 
-	if (csr & US_CSR_TXRDY) { // ready to transmit the next byte
-		if (card_emu_tx_byte(ci->ch) == 0) // transmit next byte, and check if a byte is being transmitted
-			USART_DisableIt(usart, US_IER_TXRDY); // stop the TX ready signal if not byte has been transmitted
+	/* check if the transmitter is ready for the next byte */
+	if (csr & US_CSR_TXRDY) {
+		/* transmit next byte and check if more bytes are to be transmitted */
+		if (card_emu_tx_byte(ci->ch) == 0) {
+			/* stop the TX ready interrupt of no more bytes to transmit */
+			USART_DisableIt(usart, US_IER_TXRDY);
+		}
 	}
 
-	if (csr & (US_CSR_OVRE | US_CSR_FRAME | US_CSR_PARE | US_CSR_NACK | (1 << 10))) { // error flag set
-		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK; // reset UART state to clear flag
-		TRACE_ERROR("%u USART error on 0x%x status: 0x%lx\n", ci->num, byte, csr); // warn user about error
+	/* check if any error flags are set */
+	if (csr & (US_CSR_OVRE|US_CSR_FRAME|US_CSR_PARE|US_CSR_NACK|(1<<10))) {
+		/* clear any error flags */
+		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
+		TRACE_ERROR("%u USART error on 0x%x status: 0x%lx\n", ci->num, byte, csr);
 	}
 
-	// handle timeout
-	if (csr & US_CSR_TIMEOUT) { // RX has been inactive for some time
-		if (ci->wt_remaining <= (usart->US_RTOR & 0xffff)) { // waiting time has passed
-			ci->wt_remaining = 0; // timeout reached (will stop the timer)
+	/* check if the timeout has expired. We "abuse" the receive timer for tracking
+	 * how many etu have expired since we last sent a byte.  See section
+	 * 33.7.3.11 "Receiver Time-out" of the SAM3S8 Data Sheet */
+	if (csr & US_CSR_TIMEOUT) {
+		/* clear timeout flag (and stop timeout until next character is received) */
+		usart->US_CR |= US_CR_STTTO;
+
+		/* RX has been inactive for some time */
+		if (ci->wt.remaining <= (usart->US_RTOR & 0xffff)) {
+			/* waiting time is over; will stop the timer */
+			ci->wt.remaining = 0;
 		} else {
-			ci->wt_remaining -= (usart->US_RTOR & 0xffff); // be sure to subtract the actual timeout since the new might not have been set and reloaded yet
+			/* subtract the actual timeout since the new might not have been set and
+			 * reloaded yet */
+			ci->wt.remaining -= (usart->US_RTOR & 0xffff);
 		}
-		if (0 == ci->wt_remaining) {
-			card_emu_wt_expired(ci->ch); // let the state know WT has expired
-		} else if (ci->wt_remaining <= ci->wt / 2 && !ci->wt_halfed) {
-			ci->wt_halfed = true;
-			card_emu_wt_halfed(ci->ch); // let the state know WT has half expired
-		}
-		if (ci->wt_remaining > 0xffff) { // value exceeds the USART TO range
-			usart->US_RTOR = 0xffff; // use the MAX
+		if (ci->wt.remaining == 0) {
+			/* let the FSM know that WT has expired */
+			card_emu_wtime_expired(ci->ch);
+			/* don't automatically re-start in this case */
 		} else {
-			usart->US_RTOR = ci->wt_remaining;
+			bool half_time_just_reached = false;
+
+			if (ci->wt.remaining <= ci->wt.total / 2 && !ci->wt.half_time_notified) {
+				ci->wt.half_time_notified = true;
+				/* don't immediately call card_emu_wtime_half_expired(), as that
+				 * in turn may calls card_emu_uart_update_wt() which will change
+				 * the timeout but would be overridden 4 lines below */
+				half_time_just_reached = true;
+			}
+
+			/* update the counter no matter if we reached half time or not */
+			usart->US_RTOR = compute_next_timeout(ci);
+			/* restart the counter (if wt is 0, the timeout is not started) */
+			usart->US_CR |= US_CR_RETTO;
+
+			if (half_time_just_reached)
+				card_emu_wtime_half_expired(ci->ch);
 		}
-		usart->US_CR |= US_CR_STTTO; // clear timeout flag (and stop timeout until next character is received)
-		usart->US_CR |= US_CR_RETTO; // restart the counter (it wt is 0, the timeout is not started)
 	}
 }
 
@@ -261,90 +358,51 @@ void mode_cardemu_usart1_irq(void)
 	usart_irq_rx(0);
 }
 
-// call-back from card_emu.c to change UART baud rate
-
-void card_emu_uart_update_fd(uint8_t uart_chan, uint16_t f, uint8_t d)
+/* call-back from card_emu.c to change UART baud rate */
+int card_emu_uart_update_fidi(uint8_t uart_chan, unsigned int fidi)
 {
-	Usart *usart = get_usart_by_chan(uart_chan); // get the USART based on the card handle
-	if (NULL == usart) {
-		TRACE_ERROR("%u: USART not found by chan\r\n", uart_chan);
-		return;
-	}
-	if (!iso7816_3_valid_f(f)) {
-		TRACE_ERROR("%u: invalid F: %u\r\n", uart_chan, f);
-		return;
-	}
-	if (!iso7816_3_valid_d(d)) {
-		TRACE_ERROR("%u: invalid D: %u\r\n", uart_chan, d);
-		return;
-	}
+	int rc;
+	Usart *usart = get_usart_by_chan(uart_chan);
 
-	uint16_t ratio = f / d;
-	if (ratio > 0 && ratio < 2048) {
-		/* make sure USART uses new F/D ratio */
-		usart->US_CR |= US_CR_RXDIS | US_CR_RSTRX; // disable USART before changing baud rate
-		usart->US_FIDI = (ratio & 0x7ff); // change baud rate (ratio)
-		usart->US_CR |= US_CR_RXEN | US_CR_STTTO; // re-enable USART (and stop timeout)
-		TRACE_INFO("%u: USART F/D set to %u/%u\r\n", uart_chan, f, d);
-	} else {
-		TRACE_ERROR("%u: USART could not set F/D to %u/%u\r\n", uart_chan, f, d);
-		// TODO become unresponsive
-	}
+	usart->US_CR |= US_CR_RXDIS | US_CR_RSTRX;
+	usart->US_FIDI = fidi & 0x3ff;
+	usart->US_CR |= US_CR_RXEN | US_CR_STTTO;
+	return 0;
 }
 
+/*! Update WT on USART peripheral.  Will automatically re-start timer with new value.
+ *  \param[in] usart USART peripheral to configure
+ *  \param[in] wt inactivity Waiting Time before card_emu_wtime_expired is called (0 to disable) */
 void card_emu_uart_update_wt(uint8_t uart_chan, uint32_t wt)
 {
-	if (uart_chan >= ARRAY_SIZE(cardem_inst)) {
-		TRACE_ERROR("%u: UART channel out of bounds\r\n", uart_chan);
-		return;
-	}
+	OSMO_ASSERT(uart_chan < ARRAY_SIZE(cardem_inst));
 	struct cardem_inst *ci = &cardem_inst[uart_chan];
-	Usart *usart = get_usart_by_chan(uart_chan); // get the USART based on the card handle
-	if (NULL == usart) {
-		TRACE_ERROR("%u: USART not found by chan\r\n", uart_chan);
-		return;
+	Usart *usart = get_usart_by_chan(uart_chan);
+
+	if (ci->wt.total != wt) {
+		TRACE_DEBUG("%u: USART WT changed from %lu to %lu ETU\r\n", uart_chan,
+			    ci->wt.total, wt);
 	}
 
-	ci->wt = wt; // save value
-	card_emu_uart_reset_wt(uart_chan); // reset and start timer
-	TRACE_INFO("%u: USART WT set to %lu ETU\r\n", uart_chan, wt);
+	ci->wt.total = wt;
+	/* reset and start the timer */
+	card_emu_uart_reset_wt(uart_chan);
 }
 
+/*! Reset and re-start waiting timeout count down on USART peripheral.
+ *  \param[in] usart USART peripheral to configure */
 void card_emu_uart_reset_wt(uint8_t uart_chan)
 {
-	if (uart_chan >= ARRAY_SIZE(cardem_inst)) {
-		TRACE_ERROR("%u: UART channel out of bounds\r\n", uart_chan);
-		return;
-	}
+	OSMO_ASSERT(uart_chan < ARRAY_SIZE(cardem_inst));
 	struct cardem_inst *ci = &cardem_inst[uart_chan];
-	Usart *usart = get_usart_by_chan(uart_chan); // get the USART based on the card handle
-	if (NULL == usart) {
-		TRACE_ERROR("%u: USART not found by chan\r\n", uart_chan);
-		return;
-	}
+	Usart *usart = get_usart_by_chan(uart_chan);
 
-	ci->wt_remaining = ci->wt; // reload WT value
-	ci->wt_halfed = false; // reset half expired
-	if (ci->wt_remaining > 0xffff) { // value exceeds the USART TO range
-		usart->US_RTOR = 0xffff; // use the MAX
-	} else {
-		usart->US_RTOR = ci->wt_remaining;
-	}
-	usart->US_CR |= US_CR_RETTO; // restart the counter (if wt is 0, the timeout is not started)
-}
-
-void card_emu_uart_io_set(uint8_t uart_chan, bool set)
-{
-	if (uart_chan >= ARRAY_SIZE(cardem_inst)) {
-		TRACE_ERROR("%u: UART channel out of bounds\r\n", uart_chan);
-		return;
-	}
-	struct cardem_inst *ci = &cardem_inst[uart_chan];
-	if (set) {
-		PIO_Set(&ci->pin_io);
-	} else {
-		PIO_Clear(&ci->pin_io);
-	}
+	/* FIXME: guard against race with interrupt handler */
+	ci->wt.remaining = ci->wt.total;
+	ci->wt.half_time_notified = false;
+	usart->US_RTOR = compute_next_timeout(ci);
+	/* restart the counter (if wt is 0, the timeout is not started) */
+	usart->US_CR |= US_CR_RETTO;
 }
 
 /* call-back from card_emu.c to force a USART interrupt */
@@ -366,8 +424,11 @@ void card_emu_uart_interrupt(uint8_t uart_chan)
  ***********************************************************************/
 
 #ifdef DETECT_VCC_BY_ADC
+#if !defined(VCC_UV_THRESH_1V8) || !defined(VCC_UV_THRESH_3V)
+#error "You must define VCC_UV_THRESH_{1V1,3V} if you use ADC VCC detection"
+#endif
 
-static int adc_triggered = 0;
+static volatile int adc_triggered = 0;
 static int adc_sam3s_reva_errata = 0;
 
 static int card_vcc_adc_init(void)
@@ -414,21 +475,14 @@ static int card_vcc_adc_init(void)
 	return 0;
 }
 
-#define VCC_UV_THRESH_1V8	1500000
-#define VCC_UV_THRESH_3V	2800000
-
 static void process_vcc_adc(struct cardem_inst *ci)
 {
 	if (ci->vcc_uv >= VCC_UV_THRESH_3V &&
 	    ci->vcc_uv_last < VCC_UV_THRESH_3V) {
-		card_emu_io_statechg(ci->ch, CARD_IO_VCC, 1);
-		/* FIXME do this for real */
-		card_emu_io_statechg(ci->ch, CARD_IO_CLK, 1);
+		ci->vcc_active = true;
 	} else if (ci->vcc_uv < VCC_UV_THRESH_3V &&
 		 ci->vcc_uv_last >= VCC_UV_THRESH_3V) {
-		/* FIXME do this for real */
-		card_emu_io_statechg(ci->ch, CARD_IO_CLK, 0);
-		card_emu_io_statechg(ci->ch, CARD_IO_VCC, 0);
+		ci->vcc_active = false;
 	}
 	ci->vcc_uv_last = ci->vcc_uv;
 }
@@ -453,44 +507,54 @@ void ADC_IrqHandler(void)
 		cardem_inst[0].vcc_uv = adc2uv(val);
 		process_vcc_adc(&cardem_inst[0]);
 		ADC->ADC_CR |= ADC_CR_START;
+		adc_triggered = 1;
 	}
 }
 #endif /* DETECT_VCC_BY_ADC */
 
+
+/* called from main loop; dispatches card I/O state changes to card_emu from main loop */
+static void process_io_statechg(struct cardem_inst *ci)
+{
+	if (ci->vcc_active != ci->vcc_active_last) {
+		card_emu_io_statechg(ci->ch, CARD_IO_VCC, ci->vcc_active);
+		/* FIXME do this for real */
+		card_emu_io_statechg(ci->ch, CARD_IO_CLK, ci->vcc_active);
+		ci->vcc_active_last = ci->vcc_active;
+	}
+
+	if (ci->rst_active != ci->rst_active_last) {
+		card_emu_io_statechg(ci->ch, CARD_IO_RST, ci->rst_active);
+		ci->rst_active_last = ci->rst_active;
+	}
+}
+
 /***********************************************************************
  * Core USB  / main loop integration
  ***********************************************************************/
 
 static void usim1_rst_irqhandler(const Pin *pPin)
 {
-	int active = PIO_Get(&pin_usim1_rst) ? 0 : 1;
-	card_emu_io_statechg(cardem_inst[0].ch, CARD_IO_RST, active);
+	cardem_inst[0].rst_active = PIO_Get(&pin_usim1_rst) ? false : true;
 }
 
 #ifndef DETECT_VCC_BY_ADC
 static void usim1_vcc_irqhandler(const Pin *pPin)
 {
-	int active = PIO_Get(&pin_usim1_vcc) ? 1 : 0;
-	card_emu_io_statechg(cardem_inst[0].ch, CARD_IO_VCC, active);
-	/* FIXME readers enable clock after providing power and before releasing reset, but we should check it */
-	card_emu_io_statechg(cardem_inst[0].ch, CARD_IO_CLK, active);
+	cardem_inst[0].vcc_active = PIO_Get(&pin_usim1_vcc) ? true : false;
 }
 #endif /* !DETECT_VCC_BY_ADC */
 
 #ifdef CARDEMU_SECOND_UART
 static void usim2_rst_irqhandler(const Pin *pPin)
 {
-	int active = PIO_Get(&pin_usim2_rst) ? 0 : 1;
-	card_emu_io_statechg(cardem_inst[1].ch, CARD_IO_RST, active);
+	cardem_inst[1].rst_active = PIO_Get(&pin_usim2_rst) ? false : true;
 }
 
 #ifndef DETECT_VCC_BY_ADC
 static void usim2_vcc_irqhandler(const Pin *pPin)
 {
-	int active = PIO_Get(&pin_usim2_vcc) ? 1 : 0;
-	card_emu_io_statechg(cardem_inst[1].ch, CARD_IO_VCC, active);
-	/* FIXME readers enable clock after providing power and before releasing reset, but we should check it */
-	card_emu_io_statechg(cardem_inst[1].ch, CARD_IO_CLK, active);
+	cardem_inst[1].vcc_active = PIO_Get(&pin_usim2_vcc) ? true : false;
 }
 #endif /* !DETECT_VCC_BY_ADC */
 #endif /* CARDEMU_SECOND_UART */
@@ -508,59 +572,64 @@ void mode_cardemu_init(void)
 
 	TRACE_ENTRY();
 
-#ifdef PINS_PWR_CARDEMU
-	// enable power on required peripherals, else disable
-	Pin pins_pwr_cardemu[] = { PINS_PWR_CARDEMU };
-	PIO_Configure(pins_pwr_cardemu, PIO_LISTSIZE(pins_pwr_cardemu));
-#endif /* PINS_PWR_CARDEMU */
 #ifdef PINS_CARDSIM
 	PIO_Configure(pins_cardsim, PIO_LISTSIZE(pins_cardsim));
 #endif
-	// ADC channel 6 and 7 are used to measure VCC (else they are grounded)
-	ADC->ADC_CHER |= ADC_CHER_CH6 | ADC_CHER_CH7; // enable the ADC channels to put them in high impedance (else they leak current)
 #ifdef DETECT_VCC_BY_ADC
-	card_vcc_adc_init(); // configure the ADC to measure VCC
+	card_vcc_adc_init();
 #endif /* DETECT_VCC_BY_ADC */
-	// TODO pull SIMtrace board SIM lines low, else they can leak current back to VCC
 
 	INIT_LLIST_HEAD(&cardem_inst[0].usb_out_queue);
 	rbuf_reset(&cardem_inst[0].rb);
 	PIO_Configure(pins_usim1, PIO_LISTSIZE(pins_usim1));
-	ISO7816_Init(&cardem_inst[0].usart_info, CLK_SLAVE); // configure USART as ISO-7816 slave (e.g. card)
-	cardem_inst[0].usart_info.base->US_RTOR = 0; // don't use receive timeout timer for now
-	USART_EnableIt(cardem_inst[0].usart_info.base, US_IER_RXRDY | US_IER_TIMEOUT); // enable interrupts to indicate when data has been received or timeout occurred
-	NVIC_EnableIRQ(USART1_IRQn); // enable interrupt requests for the USART peripheral
-	PIO_ConfigureIt(&pin_usim1_rst, usim1_rst_irqhandler); // register ISR to handle reset signal change
-	PIO_EnableIt(&pin_usim1_rst); // enable interrupt for reset pin change
+
+	/* configure USART as ISO-7816 slave (e.g. card) */
+	ISO7816_Init(&cardem_inst[0].usart_info, CLK_SLAVE);
+	NVIC_EnableIRQ(USART1_IRQn);
+	PIO_ConfigureIt(&pin_usim1_rst, usim1_rst_irqhandler);
+	PIO_EnableIt(&pin_usim1_rst);
+
+	/* obtain current RST state */
+	usim1_rst_irqhandler(&pin_usim1_rst);
 #ifndef DETECT_VCC_BY_ADC
-	PIO_ConfigureIt(&pin_usim1_vcc, usim1_vcc_irqhandler); // register ISR to handle VCC signal change
-	PIO_EnableIt(&pin_usim1_vcc); // enable interrupt for VCC pin change
+	PIO_ConfigureIt(&pin_usim1_vcc, usim1_vcc_irqhandler);
+	PIO_EnableIt(&pin_usim1_vcc);
+
+	/* obtain current VCC state */
+	usim1_vcc_irqhandler(&pin_usim1_vcc);
+#else
+	do {} while (!adc_triggered); /* wait for first ADC reading */
 #endif /* DETECT_VCC_BY_ADC */
-	cardem_inst[0].ch = card_emu_init(0, 2, 0, SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN, SIMTRACE_CARDEM_USB_EP_USIM1_INT);
+
+	cardem_inst[0].ch = card_emu_init(0, 0, SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN,
+					  SIMTRACE_CARDEM_USB_EP_USIM1_INT, cardem_inst[0].vcc_active,
+					  cardem_inst[0].rst_active, cardem_inst[0].vcc_active);
 	sim_switch_use_physical(0, 1);
-#ifndef DETECT_VCC_BY_ADC
-	usim1_vcc_irqhandler(NULL); // check VCC/CLK state
-#endif
-	usim1_rst_irqhandler(NULL); // force RST state
 
 #ifdef CARDEMU_SECOND_UART
 	INIT_LLIST_HEAD(&cardem_inst[1].usb_out_queue);
 	rbuf_reset(&cardem_inst[1].rb);
 	PIO_Configure(pins_usim2, PIO_LISTSIZE(pins_usim2));
 	ISO7816_Init(&cardem_inst[1].usart_info, CLK_SLAVE);
-	// TODO enable timeout
+	/* TODO enable timeout */
 	NVIC_EnableIRQ(USART0_IRQn);
 	PIO_ConfigureIt(&pin_usim2_rst, usim2_rst_irqhandler);
 	PIO_EnableIt(&pin_usim2_rst);
+	usim2_rst_irqhandler(&pin_usim2_rst); /* obtain current RST state */
 #ifndef DETECT_VCC_BY_ADC
 	PIO_ConfigureIt(&pin_usim2_vcc, usim2_vcc_irqhandler);
 	PIO_EnableIt(&pin_usim2_vcc);
+	usim2_vcc_irqhandler(&pin_usim2_vcc); /* obtain current VCC state */
+#else
+	do {} while (!adc_triggered); /* wait for first ADC reading */
 #endif /* DETECT_VCC_BY_ADC */
-	cardem_inst[1].ch = card_emu_init(1, 0, 1, SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN, SIMTRACE_CARDEM_USB_EP_USIM2_INT);
-	sim_switch_use_physical(1, 1);
-	// TODO check rst and vcc
-#endif /* CARDEMU_SECOND_UART */
 
+	cardem_inst[1].ch = card_emu_init(1, 1, SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN,
+					  SIMTRACE_CARDEM_USB_EP_USIM2_INT, cardem_inst[1].vcc_active,
+					  cardem_inst[1].rst_active, cardem_inst[1].vcc_active);
+	sim_switch_use_physical(1, 1);
+	/* TODO check RST and VCC */
+#endif /* CARDEMU_SECOND_UART */
 }
 
 /* called if config is deactivated */
@@ -603,12 +672,33 @@ static void dispatch_usb_command_generic(struct msgb *msg, struct cardem_inst *c
 	usb_buf_free(msg);
 }
 
+static void process_card_insert(struct cardem_inst *ci, bool card_insert)
+{
+	TRACE_INFO("%u: set card_insert to %s\r\n", ci->num, card_insert ? "INSERTED" : "REMOVED");
+
+#ifdef HAVE_BOARD_CARDINSERT
+	board_set_card_insert(ci, card_insert);
+#else
+	if (!ci->pin_insert.pio) {
+		TRACE_INFO("%u: skipping unsupported card_insert to %s\r\n",
+			   ci->num, card_insert ? "INSERTED" : "REMOVED");
+		return;
+	}
+
+	if (card_insert)
+		PIO_Set(&ci->pin_insert);
+	else
+		PIO_Clear(&ci->pin_insert);
+#endif
+}
+
 /* handle a single USB command as received from the USB host */
 static void dispatch_usb_command_cardem(struct msgb *msg, struct cardem_inst *ci)
 {
 	struct simtrace_msg_hdr *hdr;
 	struct cardemu_usb_msg_set_atr *atr;
 	struct cardemu_usb_msg_cardinsert *cardins;
+	struct cardemu_usb_msg_config *cfg;
 	struct llist_head *queue;
 
 	hdr = (struct simtrace_msg_hdr *) msg->l1h;
@@ -625,23 +715,17 @@ static void dispatch_usb_command_cardem(struct msgb *msg, struct cardem_inst *ci
 		break;
 	case SIMTRACE_MSGT_DT_CEMU_CARDINSERT:
 		cardins = (struct cardemu_usb_msg_cardinsert *) msg->l2h;
-		if (!ci->pin_insert.pio) {
-			TRACE_INFO("%u: skipping unsupported card_insert to %s\r\n",
-				   ci->num, cardins->card_insert ? "INSERTED" : "REMOVED");
-			break;
-		}
-		TRACE_INFO("%u: set card_insert to %s\r\n", ci->num,
-			   cardins->card_insert ? "INSERTED" : "REMOVED");
-		if (cardins->card_insert)
-			PIO_Set(&ci->pin_insert);
-		else
-			PIO_Clear(&ci->pin_insert);
+		process_card_insert(ci, cardins->card_insert);
 		usb_buf_free(msg);
 		break;
 	case SIMTRACE_MSGT_BD_CEMU_STATUS:
-		card_emu_report_status(ci->ch);
+		card_emu_report_status(ci->ch, false);
 		usb_buf_free(msg);
 		break;
+	case SIMTRACE_MSGT_BD_CEMU_CONFIG:
+		cfg = (struct cardemu_usb_msg_config *) msg->l2h;
+		card_emu_set_config(ci->ch, cfg, msgb_l2len(msg));
+		break;
 	case SIMTRACE_MSGT_BD_CEMU_STATS:
 	default:
 		/* FIXME: Send Error */
@@ -717,8 +801,9 @@ static void dispatch_usb_command_modem(struct msgb *msg, struct cardem_inst *ci)
 }
 
 /* handle a single USB command as received from the USB host */
-static void dispatch_usb_command(struct msgb *msg, struct cardem_inst *ci)
+static void dispatch_usb_command(struct msgb *msg, const struct usb_if *usb_if)
 {
+	struct cardem_inst *ci = usb_if->data;
 	struct simtrace_msg_hdr *sh = (struct simtrace_msg_hdr *) msg->l1h;
 
 	if (msgb_length(msg) < sizeof(*sh)) {
@@ -747,7 +832,8 @@ static void dispatch_usb_command(struct msgb *msg, struct cardem_inst *ci)
 	}
 }
 
-static void dispatch_received_msg(struct msgb *msg, struct cardem_inst *ci)
+/* handle a single USB transfer as received from the USB host */
+static void dispatch_received_usb_msg(struct msgb *msg, const struct usb_if *usb_if)
 {
 	struct msgb *segm;
 	struct simtrace_msg_hdr *mh;
@@ -758,7 +844,7 @@ static void dispatch_received_msg(struct msgb *msg, struct cardem_inst *ci)
 	mh = (struct simtrace_msg_hdr *) msg->data;
 	if (mh->msg_len == msgb_length(msg)) {
 		/* fast path: only one message in buffer */
-		dispatch_usb_command(msg, ci);
+		dispatch_usb_command(msg, usb_if);
 		return;
 	}
 
@@ -767,22 +853,23 @@ static void dispatch_received_msg(struct msgb *msg, struct cardem_inst *ci)
 	while (1) {
 		mh = (struct simtrace_msg_hdr *) msg->data;
 
-		segm = usb_buf_alloc(ci->ep_out);
+		segm = usb_buf_alloc(usb_if->ep_out);
 		if (!segm) {
 			TRACE_ERROR("%u: ENOMEM during msg segmentation\r\n",
-				    ci->num);
+				    usb_if->if_num);
 			break;
 		}
 
 		if (mh->msg_len > msgb_length(msg)) {
-			TRACE_ERROR("%u: Unexpected large message (%u bytes)\n",
-					ci->num, mh->msg_len);
+			TRACE_ERROR("%u: Unexpected large message (%u bytes)\r\n",
+					usb_if->if_num, mh->msg_len);
 			usb_buf_free(segm);
+			break;
 		} else {
 			uint8_t *cur = msgb_put(segm, mh->msg_len);
 			segm->l1h = segm->head;
 			memcpy(cur, mh, mh->msg_len);
-			dispatch_usb_command(segm, ci);
+			dispatch_usb_command(segm, usb_if);
 		}
 		/* pull this message */
 		msgb_pull(msg, mh->msg_len);
@@ -794,35 +881,14 @@ static void dispatch_received_msg(struct msgb *msg, struct cardem_inst *ci)
 	usb_buf_free(msg);
 }
 
-/* iterate over the queue of incoming USB commands and dispatch/execute
- * them */
-static void process_any_usb_commands(struct llist_head *main_q,
-				     struct cardem_inst *ci)
-{
-	struct llist_head *lh;
-	struct msgb *msg;
-	int i;
-
-	/* limit the number of iterations to 10, to ensure we don't get
-	 * stuck here without returning to main loop processing */
-	for (i = 0; i < 10; i++) {
-		/* de-queue the list head in an irq-safe way */
-		lh = llist_head_dequeue_irqsafe(main_q);
-		if (!lh)
-			break;
-		msg = llist_entry(lh, struct msgb, list);
-		dispatch_received_msg(msg, ci);
-	}
-}
-
 /* main loop function, called repeatedly */
 void mode_cardemu_run(void)
 {
-	struct llist_head *queue;
 	unsigned int i;
 
 	for (i = 0; i < ARRAY_SIZE(cardem_inst); i++) {
 		struct cardem_inst *ci = &cardem_inst[i];
+		struct usb_if *usb_if = &ci->usb_if;
 
 		/* drain the ring buffer from UART into card_emu */
 		while (1) {
@@ -837,16 +903,8 @@ void mode_cardemu_run(void)
 			//TRACE_ERROR("%uRx%02x\r\n", i, byte);
 		}
 
-		/* first try to send any pending messages on IRQ */
-		usb_refill_to_host(ci->ep_int);
+		process_io_statechg(ci);
 
-		/* then try to send any pending messages on IN */
-		usb_refill_to_host(ci->ep_in);
-
-		/* ensure we can handle incoming USB messages from the
-		 * host */
-		usb_refill_from_host(ci->ep_out);
-		queue = usb_get_queue(ci->ep_out);
-		process_any_usb_commands(queue, ci);
+		usb_process(&ci->usb_if);
 	}
 }

firmware/libcommon/source/pseudo_talloc.c

@@ -15,13 +15,16 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
  */
 #include <stdint.h>
+#include <stdio.h>
 
 #include "talloc.h"
 #include "trace.h"
 #include "utils.h"
 #include <osmocom/core/utils.h>
 
-#define NUM_RCTX_SMALL 10
+/* TODO: this number should dynamically scale. We need at least one per IN/IRQ endpoint,
+ * as well as at least 3 for every OUT endpoint.  Plus some more depending on the application */
+#define NUM_RCTX_SMALL 20
 #define RCTX_SIZE_SMALL 348
 
 static uint8_t msgb_data[NUM_RCTX_SMALL][RCTX_SIZE_SMALL] __attribute__((aligned(sizeof(long))));
@@ -63,6 +66,7 @@ int _talloc_free(void *ptr, const char *location)
 		if (ptr == msgb_data[i]) {
 			if (!msgb_inuse[i]) {
 				TRACE_ERROR("%s: double_free by %s\r\n", __func__, location);
+				OSMO_ASSERT(0);
 			} else {
 				msgb_inuse[i] = 0;
 			}
@@ -73,9 +77,24 @@ int _talloc_free(void *ptr, const char *location)
 
 	local_irq_restore(x);
 	TRACE_ERROR("%s: invalid pointer %p from %s\r\n", __func__, ptr, location);
+	OSMO_ASSERT(0);
 	return -1;
 }
 
+void talloc_report(const void *ptr, FILE *f)
+{
+	unsigned int i;
+
+	fprintf(f, "talloc_report(): ");
+	for (i = 0; i < ARRAY_SIZE(msgb_inuse); i++) {
+		if (msgb_inuse[i])
+			fputc('X', f);
+		else
+			fputc('_', f);
+	}
+	fprintf(f, "\r\n");
+}
+
 void talloc_set_name_const(const void *ptr, const char *name)
 {
 	/* do nothing */

firmware/libcommon/source/simtrace_iso7816.c

@@ -71,7 +71,7 @@ void ISR_PhoneRST(const Pin * pPin)
 	     USBD_Write(SIMTRACE_USB_EP_PHONE_INT, "R", 1,
 			(TransferCallback) & Callback_PhoneRST_ISR,
 			0)) != USBD_STATUS_SUCCESS) {
-		TRACE_ERROR("USB err status: %d (%s)\n", ret, __FUNCTION__);
+		TRACE_ERROR("USB err status: %d (%s)\r\n", ret, __FUNCTION__);
 		return;
 	}
 
@@ -109,7 +109,7 @@ void mode_trace_usart1_irq(void)
 			/* Fill char into buffer */
 			rbuf_write(&sim_rcv_buf, c);
 		} else {
-			TRACE_DEBUG("e %x st: %x\n", c, stat);
+			TRACE_DEBUG("e %x st: %lx\r\n", c, stat);
 		}		/* else: error occurred */
 
 		char_stat = stat;
@@ -125,7 +125,7 @@ void update_fidi(Usart_info *usart, uint8_t fidi)
 
 	uint8_t fi = fidi >> 4;
 	uint8_t di = fidi & 0xf;
-	int ratio = compute_fidi_ratio(fi, di);
+	int ratio = iso7816_3_compute_fd_ratio(fi, di);
 
 	if (ratio > 0 && ratio < 0x8000) {
 		/* make sure USART uses new F/D ratio */

firmware/libcommon/source/sniffer.c

@@ -303,22 +303,10 @@ static void change_state(enum iso7816_3_sniff_state iso_state_new)
 }
 
 const struct value_string data_flags[] = {
-	{
-		.value = SNIFF_DATA_FLAG_ERROR_INCOMPLETE,
-		.str = "incomplete",
-	},
-	{
-		.value = SNIFF_DATA_FLAG_ERROR_MALFORMED,
-		.str = "malformed",
-	},
-	{
-		.value = SNIFF_DATA_FLAG_ERROR_CHECKSUM,
-		.str = "checksum error",
-	},
-	{
-		.value = 0,
-		.str = NULL,
-	},
+	{ SNIFF_DATA_FLAG_ERROR_INCOMPLETE,	"incomplete" },
+	{ SNIFF_DATA_FLAG_ERROR_MALFORMED,	"malformed" },
+	{ SNIFF_DATA_FLAG_ERROR_CHECKSUM,	"checksum error" },
+	{ 0, NULL }
 };
 
 static void print_flags(const struct value_string* flag_meanings, uint32_t nb_flags, uint32_t flags) {
@@ -670,9 +658,10 @@ static void process_byte_pps(uint8_t byte)
 					fn = 1;
 					dn = 1;
 				}
-				TRACE_INFO("PPS negotiation successful: Fn=%u Dn=%u\n\r", fi_table[fn], di_table[dn]);
+				TRACE_INFO("PPS negotiation successful: Fn=%u Dn=%u\n\r",
+					   iso7816_3_fi_table[fn], iso7816_3_di_table[dn]);
 				update_fidi(&sniff_usart, pps_cur[2]);
-				update_wt(0, di_table[dn]);
+				update_wt(0, iso7816_3_di_table[dn]);
 				usb_send_fidi(pps_cur[2]); /* send Fi/Di change notification to host software over USB */
 			} else { /* checksum is invalid */
 				TRACE_INFO("PPS negotiation failed\n\r");
@@ -986,20 +975,42 @@ static void usb_send_change(uint32_t flags)
 	usb_msg_upd_len_and_submit(usb_msg);
 }
 
+/* handle incoming message from USB OUT EP */
+static void dispatch_usb_out(struct msgb *msg, const struct usb_if *usb_if)
+{
+	struct simtrace_msg_hdr *sh = (struct simtrace_msg_hdr *) msg->l1h;
+
+	if (msgb_length(msg) < sizeof(*sh)) {
+		usb_buf_free(msg);
+		return;
+	}
+	msg->l2h = msg->l1h + sizeof(*sh);
+
+	switch (sh->msg_class) {
+	case SIMTRACE_MSGC_GENERIC:
+		break;
+	default:
+		break;
+	}
+
+	usb_buf_free(msg);
+}
+
+static const struct usb_if sniffer_usb_if = {
+	.if_num = 0,
+	.ep_in = SIMTRACE_USB_EP_CARD_DATAIN,
+	.ep_int = SIMTRACE_USB_EP_CARD_INT,
+	.ep_out = SIMTRACE_USB_EP_CARD_DATAOUT,
+	.ops = {
+		.rx_out = dispatch_usb_out,
+	}
+};
+
 /* Main (idle/busy) loop of this USB configuration */
 void Sniffer_run(void)
 {
 	/* Handle USB queue */
-	/* first try to send any pending messages on INT */
-	usb_refill_to_host(SIMTRACE_USB_EP_CARD_INT);
-	/* then try to send any pending messages on IN */
-	usb_refill_to_host(SIMTRACE_USB_EP_CARD_DATAIN);
-	/* ensure we can handle incoming USB messages from the host */
-	/* currently we don't need any incoming data
-	usb_refill_from_host(SIMTRACE_USB_EP_CARD_DATAOUT);
-	struct llist_head *queue = usb_get_queue(SIMTRACE_USB_EP_CARD_DATAOUT);
-	process_any_usb_commands(queue);
-	*/
+	usb_process(&sniffer_usb_if);
 
 	/* WARNING: the signal data and flags are not synchronized. We have to hope 
 	 * the processing is fast enough to not land in the wrong state while data

firmware/libcommon/source/stack_check.c

@@ -0,0 +1,14 @@
+#include <stdint.h>
+#include <osmocom/core/panic.h>
+
+/* This is what's minimally required to fix builds on Ubuntu 20.04,
+ * where stack smashing protection is enabled by default when using dpkg
+ * - even when cross-compiling: https://osmocom.org/issues/4687
+ */
+
+uintptr_t __stack_chk_guard = 0xdeadbeef;
+
+void __stack_chk_fail(void)
+{
+	osmo_panic("Stack smashing detected!\r\n");
+}

firmware/libcommon/source/stdio.c

@@ -358,6 +358,7 @@ signed int vsnprintf(char *pStr, size_t length, const char *pFormat, va_list ap)
 				case 'i': num = PutSignedInt(pStr, fill, width, va_arg(ap, signed int)); break;
 				case 'u': num = PutUnsignedInt(pStr, fill, width, va_arg(ap, unsigned int)); break;
 				case 'x': num = PutHexa(pStr, fill, width, 0, va_arg(ap, unsigned int)); break;
+				case 'p': num = PutHexa(pStr, fill, width, 0, va_arg(ap, unsigned long)); break;
 				case 'X': num = PutHexa(pStr, fill, width, 1, va_arg(ap, unsigned int)); break;
 				case 's': num = PutString(pStr, va_arg(ap, char *)); break;
 				case 'c': num = PutChar(pStr, va_arg(ap, unsigned int)); break;

firmware/libcommon/source/usb.c

@@ -2,7 +2,7 @@
  *         ATMEL Microcontroller Software Support
  * ----------------------------------------------------------------------------
  * Copyright (c) 2009, Atmel Corporation
- * Copyright (c) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * Copyright (c) 2018-2019, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * All rights reserved.
  *
@@ -46,7 +46,10 @@
  *       USB String descriptors 
  *------------------------------------------------------------------------------*/
 #include "usb_strings_generated.h"
+
+// the index of the strings (must match the order in usb_strings.txt)
 enum strDescNum {
+	// static strings from usb_strings
 	MANUF_STR = 1,
 	PRODUCT_STRING,
 	SNIFFER_CONF_STR,
@@ -55,9 +58,82 @@ enum strDescNum {
 	MITM_CONF_STR,
 	CARDEM_USIM1_INTF_STR,
 	CARDEM_USIM2_INTF_STR,
+	CARDEM_USIM3_INTF_STR,
+	CARDEM_USIM4_INTF_STR,
+	// runtime strings
+	SERIAL_STR,
+	VERSION_CONF_STR,
+	VERSION_STR,
+	// count
 	STRING_DESC_CNT
 };
 
+/** array of static (from usb_strings) and runtime (serial, version) USB strings
+ */
+static const unsigned char *usb_strings_extended[ARRAY_SIZE(usb_strings) + 3];
+
+/* USB string for the serial (using 128-bit device ID) */
+static unsigned char usb_string_serial[] = {
+	USBStringDescriptor_LENGTH(32),
+	USBGenericDescriptor_STRING,
+	USBStringDescriptor_UNICODE('0'),
+	USBStringDescriptor_UNICODE('0'),
+	USBStringDescriptor_UNICODE('1'),
+	USBStringDescriptor_UNICODE('1'),
+	USBStringDescriptor_UNICODE('2'),
+	USBStringDescriptor_UNICODE('2'),
+	USBStringDescriptor_UNICODE('3'),
+	USBStringDescriptor_UNICODE('3'),
+	USBStringDescriptor_UNICODE('4'),
+	USBStringDescriptor_UNICODE('4'),
+	USBStringDescriptor_UNICODE('5'),
+	USBStringDescriptor_UNICODE('5'),
+	USBStringDescriptor_UNICODE('6'),
+	USBStringDescriptor_UNICODE('6'),
+	USBStringDescriptor_UNICODE('7'),
+	USBStringDescriptor_UNICODE('7'),
+	USBStringDescriptor_UNICODE('8'),
+	USBStringDescriptor_UNICODE('8'),
+	USBStringDescriptor_UNICODE('9'),
+	USBStringDescriptor_UNICODE('9'),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('b'),
+	USBStringDescriptor_UNICODE('b'),
+	USBStringDescriptor_UNICODE('c'),
+	USBStringDescriptor_UNICODE('c'),
+	USBStringDescriptor_UNICODE('d'),
+	USBStringDescriptor_UNICODE('d'),
+	USBStringDescriptor_UNICODE('e'),
+	USBStringDescriptor_UNICODE('e'),
+	USBStringDescriptor_UNICODE('f'),
+	USBStringDescriptor_UNICODE('f'),
+};
+
+/* USB string for the version */
+static const unsigned char usb_string_version_conf[] = {
+	USBStringDescriptor_LENGTH(16),
+	USBGenericDescriptor_STRING,
+	USBStringDescriptor_UNICODE('f'),
+	USBStringDescriptor_UNICODE('i'),
+	USBStringDescriptor_UNICODE('r'),
+	USBStringDescriptor_UNICODE('m'),
+	USBStringDescriptor_UNICODE('w'),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('r'),
+	USBStringDescriptor_UNICODE('e'),
+	USBStringDescriptor_UNICODE(' '),
+	USBStringDescriptor_UNICODE('v'),
+	USBStringDescriptor_UNICODE('e'),
+	USBStringDescriptor_UNICODE('r'),
+	USBStringDescriptor_UNICODE('s'),
+	USBStringDescriptor_UNICODE('i'),
+	USBStringDescriptor_UNICODE('o'),
+	USBStringDescriptor_UNICODE('n'),
+};
+static const char git_version[] = GIT_VERSION;
+static unsigned char usb_string_version[2 + ARRAY_SIZE(git_version) * 2 - 2];
+
 /*------------------------------------------------------------------------------
  *       USB Device descriptors 
  *------------------------------------------------------------------------------*/
@@ -523,6 +599,40 @@ static const SIMTraceDriverConfigurationDescriptorMITM
 };
 #endif /* HAVE_CARDEM */
 
+/* USB descriptor just to show the version */
+typedef struct _SIMTraceDriverConfigurationDescriptorVersion {
+	/** Standard configuration descriptor. */
+	USBConfigurationDescriptor configuration;
+	USBInterfaceDescriptor version;
+} __attribute__ ((packed)) SIMTraceDriverConfigurationDescriptorVersion;
+
+static const SIMTraceDriverConfigurationDescriptorVersion
+				configurationDescriptorVersion = {
+	/* Standard configuration descriptor for the interface descriptor*/
+	.configuration = {
+		.bLength 		= sizeof(USBConfigurationDescriptor),
+		.bDescriptorType	= USBGenericDescriptor_CONFIGURATION,
+		.wTotalLength		= sizeof(SIMTraceDriverConfigurationDescriptorVersion),
+		.bNumInterfaces		= 1,
+		.bConfigurationValue	= CFG_NUM_VERSION,
+		.iConfiguration		= VERSION_CONF_STR,
+		.bmAttributes		= USBD_BMATTRIBUTES,
+		.bMaxPower		= USBConfigurationDescriptor_POWER(100),
+	},
+	/* Interface standard descriptor just holding the version information */
+	.version = {
+		.bLength = sizeof(USBInterfaceDescriptor),
+		.bDescriptorType 	= USBGenericDescriptor_INTERFACE,
+		.bInterfaceNumber	= 0,
+		.bAlternateSetting	= 0,
+		.bNumEndpoints		= 0,
+		.bInterfaceClass	= USB_CLASS_PROPRIETARY,
+		.bInterfaceSubClass	= 0xff,
+		.bInterfaceProtocol	= 0,
+		.iInterface		= VERSION_STR,
+	},
+};
+
 const USBConfigurationDescriptor *configurationDescriptorsArr[] = {
 #ifdef HAVE_SNIFFER
 	&configurationDescriptorSniffer.configuration,
@@ -536,6 +646,7 @@ const USBConfigurationDescriptor *configurationDescriptorsArr[] = {
 #ifdef HAVE_MITM
 	&configurationDescriptorMITM.configuration,
 #endif
+	&configurationDescriptorVersion.configuration,
 };
 
 /** Standard USB device descriptor for the CDC serial driver */
@@ -552,7 +663,7 @@ const USBDeviceDescriptor deviceDescriptor = {
 	.bcdDevice		= 2,	/* Release number */
 	.iManufacturer		= MANUF_STR,
 	.iProduct		= PRODUCT_STRING,
-	.iSerialNumber		= 0,
+	.iSerialNumber		= SERIAL_STR,
 	.bNumConfigurations	= ARRAY_SIZE(configurationDescriptorsArr),
 };
 
@@ -566,8 +677,8 @@ static const USBDDriverDescriptors driverDescriptors = {
 	0,			/* No high-speed configuration descriptor */
 	0,			/* No high-speed device qualifier descriptor */
 	0,			/* No high-speed other speed configuration descriptor */
-	usb_strings,
-	ARRAY_SIZE(usb_strings),/* cnt string descriptors in list */
+	usb_strings_extended,
+	ARRAY_SIZE(usb_strings_extended),/* cnt string descriptors in list */
 };
 
 /*----------------------------------------------------------------------------
@@ -576,7 +687,7 @@ static const USBDDriverDescriptors driverDescriptors = {
 
 void SIMtrace_USB_Initialize(void)
 {
-
+	unsigned int i;
 	/* Signal USB reset by disabling the pull-up on USB D+ for at least 10 ms */
 #ifdef PIN_USB_PULLUP
 	const Pin usb_dp_pullup = PIN_USB_PULLUP;
@@ -593,6 +704,32 @@ void SIMtrace_USB_Initialize(void)
 	// Get std USB driver
 	USBDDriver *pUsbd = USBD_GetDriver();
 
+	// put device ID into USB serial number description
+	unsigned int device_id[4];
+	EEFC_ReadUniqueID(device_id);
+	char device_id_string[32 + 1];
+	snprintf(device_id_string, ARRAY_SIZE(device_id_string), "%08x%08x%08x%08x",
+		device_id[0], device_id[1], device_id[2], device_id[3]);
+	for (i = 0; i < ARRAY_SIZE(device_id_string) - 1; i++) {
+		usb_string_serial[2 + 2 * i] = device_id_string[i];
+	}
+
+	// put version into USB string
+	usb_string_version[0] = USBStringDescriptor_LENGTH(ARRAY_SIZE(git_version) - 1);
+	usb_string_version[1] = USBGenericDescriptor_STRING;
+	for (i = 0; i < ARRAY_SIZE(git_version) - 1; i++) {
+		usb_string_version[2 + i * 2 + 0] = git_version[i];
+		usb_string_version[2 + i * 2 + 1] = 0;
+	}
+
+	// fill extended USB strings
+	for (i = 0; i < ARRAY_SIZE(usb_strings) && i < ARRAY_SIZE(usb_strings_extended); i++) {
+		usb_strings_extended[i] = usb_strings[i];
+	}
+	usb_strings_extended[SERIAL_STR] = usb_string_serial;
+	usb_strings_extended[VERSION_CONF_STR] = usb_string_version_conf;
+	usb_strings_extended[VERSION_STR] = usb_string_version;
+
 	// Initialize standard USB driver
 	USBDDriver_Initialize(pUsbd, &driverDescriptors, 0);	// Multiple interface settings not supported
 	USBD_Init();

firmware/libcommon/source/usb_buf.c

@@ -24,6 +24,7 @@
 #include <errno.h>
 
 #define USB_ALLOC_SIZE	280
+#define USB_MAX_QLEN	3
 
 static struct usb_buffered_ep usb_buffered_ep[BOARD_USB_NUMENDPOINTS];
 
@@ -78,7 +79,18 @@ int usb_buf_submit(struct msgb *msg)
 
 	/* no need for irqsafe operation, as the usb_tx_queue is
 	 * processed only by the main loop context */
-	msgb_enqueue(&ep->queue, msg);
+
+	if (ep->queue_len >= USB_MAX_QLEN) {
+		struct msgb *evict;
+		/* free the first pending buffer in the queue */
+		TRACE_INFO("EP%02x: dropping first queue element (qlen=%u)\r\n",
+			   ep->ep, ep->queue_len);
+		evict = msgb_dequeue_count(&ep->queue, &ep->queue_len);
+		OSMO_ASSERT(evict);
+		usb_buf_free(evict);
+	}
+
+	msgb_enqueue_count(&ep->queue, msg, &ep->queue_len);
 	return 0;
 }
 
@@ -89,5 +101,6 @@ void usb_buf_init(void)
 	for (i = 0; i < ARRAY_SIZE(usb_buffered_ep); i++) {
 		struct usb_buffered_ep *ep = &usb_buffered_ep[i];
 		INIT_LLIST_HEAD(&ep->queue);
+		ep->ep = i;
 	}
 }

firmware/libosmocore/include/osmocom/core/msgb.h

@@ -80,6 +80,49 @@ extern int msgb_resize_area(struct msgb *msg, uint8_t *area,
 extern struct msgb *msgb_copy(const struct msgb *msg, const char *name);
 static int msgb_test_invariant(const struct msgb *msg) __attribute__((pure));
 
+/*! Free all msgbs from a queue built with msgb_enqueue().
+ * \param[in] queue  list head of a msgb queue.
+ */
+static inline void msgb_queue_free(struct llist_head *queue)
+{
+	struct msgb *msg;
+	while ((msg = msgb_dequeue(queue))) msgb_free(msg);
+}
+
+/*! Enqueue message buffer to tail of a queue and increment queue size counter
+ * \param[in] queue linked list header of queue
+ * \param[in] msg message buffer to be added to the queue
+ * \param[in] count pointer to variable holding size of the queue
+ *
+ * The function will append the specified message buffer \a msg to the queue
+ * implemented by \ref llist_head \a queue using function \ref msgb_enqueue_count,
+ * then increment \a count
+ */
+static inline void msgb_enqueue_count(struct llist_head *queue, struct msgb *msg,
+					unsigned int *count)
+{
+	msgb_enqueue(queue, msg);
+	(*count)++;
+}
+
+/*! Dequeue message buffer from head of queue and decrement queue size counter
+ * \param[in] queue linked list header of queue
+ * \param[in] count pointer to variable holding size of the queue
+ * \returns message buffer (if any) or NULL if queue empty
+ *
+ * The function will remove the first message buffer from the queue
+ * implemented by \ref llist_head \a queue using function \ref msgb_enqueue_count,
+ * and decrement \a count, all if queue is not empty.
+ */
+static inline struct msgb *msgb_dequeue_count(struct llist_head *queue,
+						unsigned int *count)
+{
+	struct msgb *msg = msgb_dequeue(queue);
+	if (msg)
+		(*count)--;
+	return msg;
+}
+
 #ifdef MSGB_DEBUG
 #include <osmocom/core/panic.h>
 #define MSGB_ABORT(msg, fmt, args ...) do {		\

firmware/libosmocore/include/osmocom/core/utils.h

@@ -36,7 +36,7 @@ const char *get_value_string_or_null(const struct value_string *vs,
 int get_string_value(const struct value_string *vs, const char *str);
 
 char osmo_bcd2char(uint8_t bcd);
-/* only works for numbers in ASCII */
+/* only works for numbers in ascci */
 uint8_t osmo_char2bcd(char c);
 
 int osmo_hexparse(const char *str, uint8_t *b, int max_len);
@@ -60,7 +60,7 @@ do {								\
 	rem -= ret;						\
 } while (0)
 
-/*! Helper macro to terminate when an assertion fails
+/*! Helper macro to terminate when an assertion failes
  *  \param[in] exp Predicate to verify
  *  This function will generate a backtrace and terminate the program if
  *  the predicate evaluates to false (0).
@@ -75,7 +75,7 @@ do {								\
 /*! duplicate a string using talloc and release its prior content (if any)
  * \param[in] ctx Talloc context to use for allocation
  * \param[out] dst pointer to string, will be updated with ptr to new string
- * \param[in] newstr String that will be copied to newly allocated string */
+ * \param[in] newstr String that will be copieed to newly allocated string */
 static inline void osmo_talloc_replace_string(void *ctx, char **dst, const char *newstr)
 {
 	if (*dst)

firmware/libosmocore/source/panic.c

@@ -46,7 +46,7 @@ static osmo_panic_handler_t osmo_panic_handler = (void*)0;
 __attribute__ ((format (printf, 1, 0)))
 static void osmo_panic_default(const char *fmt, va_list args)
 {
-	vfprintf(stderr, fmt, args);
+	vfprintf_sync(stderr, fmt, args);
 	osmo_generate_backtrace();
 	assert(0);
 }

firmware/test/Makefile

@@ -11,12 +11,12 @@ CFLAGS=-g -Wall $(LIBOSMOCORE_CFLAGS) \
 	-I../libboard/common/include \
 	-I../libboard/simtrace/include \
 	-I.
-LDFLAGS=$(LIBOSMOCORE_LIBS)
+LIBS=$(LIBOSMOCORE_LIBS)
 
 VPATH=../src_simtrace ../libcommon/source
 
 card_emu_test:	card_emu_tests.hobj card_emu.hobj usb_buf.hobj iso7816_fidi.hobj
-	$(CC) $(LDFLAGS) -o $@ $^
+	$(CC) $(LDFLAGS) -o $@ $^ $(LIBS)
 
 %.hobj: %.c
 	$(CC) $(CFLAGS) -o $@ -c $^

firmware/test/card_emu_tests.c

@@ -13,7 +13,23 @@
 #define PHONE_INT	2
 #define PHONE_DATAOUT	3
 
-/* stub functions required by card_emu.c */
+/* stub for stdio */
+signed int printf_sync(const char *pFormat, ...)
+{
+	va_list ap;
+	signed int result;
+
+	va_start(ap, pFormat);
+	result = vprintf(pFormat, ap);
+	va_end(ap);
+
+	return result;
+}
+
+
+/***********************************************************************
+ * stub functions required by card_emu.c
+ ***********************************************************************/
 
 void card_emu_uart_wait_tx_idle(uint8_t uart_chan)
 {
@@ -30,6 +46,7 @@ int card_emu_uart_update_fidi(uint8_t uart_chan, unsigned int fidi)
 static uint8_t tx_debug_buf[1024];
 static unsigned int tx_debug_buf_idx;
 
+/* the card emulator wants to send some data to the host [reader] */
 int card_emu_uart_tx(uint8_t uart_chan, uint8_t byte)
 {
 	printf("UART_TX(%02x)\n", byte);
@@ -37,13 +54,6 @@ int card_emu_uart_tx(uint8_t uart_chan, uint8_t byte)
 	return 1;
 }
 
-static void reader_check_and_clear(const uint8_t *data, unsigned int len)
-{
-	assert(len == tx_debug_buf_idx);
-	assert(!memcmp(tx_debug_buf, data, len));
-	tx_debug_buf_idx = 0;
-}
-
 void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx)
 {
 	char *rts;
@@ -54,6 +64,9 @@ void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx)
 	case ENABLE_TX:
 		rts = "TX";
 		break;
+	case ENABLE_TX_TIMER_ONLY:
+		rts = "TX-TIMER-ONLY";
+		break;
 	case ENABLE_RX:
 		rts = "RX";
 		break;
@@ -70,32 +83,31 @@ void card_emu_uart_interrupt(uint8_t uart_chan)
 	printf("uart_interrupt(uart_chan=%u)\n", uart_chan);
 }
 
-void tc_etu_set_wtime(uint8_t tc_chan, uint16_t wtime)
+void card_emu_uart_update_wt(uint8_t uart_chan, uint32_t wt)
 {
-	printf("tc_etu_set_wtime(tc_chan=%u, wtime=%u)\n", tc_chan, wtime);
+	printf("%s(uart_chan=%u, wtime=%u)\n", __func__, uart_chan, wt);
 }
 
-void tc_etu_set_etu(uint8_t tc_chan, uint16_t etu)
+void card_emu_uart_reset_wt(uint8_t uart_chan)
 {
-	printf("tc_etu_set_etu(tc_chan=%u, etu=%u)\n", tc_chan, etu);
+	printf("%s(uart_chan=%u\n", __func__, uart_chan);
 }
 
-void tc_etu_init(uint8_t chan_nr, void *handle)
+
+
+/***********************************************************************
+ * test helper functions
+ ***********************************************************************/
+
+
+static void reader_check_and_clear(const uint8_t *data, unsigned int len)
 {
-	printf("tc_etu_init(tc_chan=%u)\n", chan_nr);
+	assert(len == tx_debug_buf_idx);
+	assert(!memcmp(tx_debug_buf, data, len));
+	tx_debug_buf_idx = 0;
 }
 
-void tc_etu_enable(uint8_t chan_nr)
-{
-	printf("tc_etu_enable(tc_chan=%u)\n", chan_nr);
-}
-
-void tc_etu_disable(uint8_t chan_nr)
-{
-	printf("tc_etu_disable(tc_chan=%u)\n", chan_nr);
-}
-
-const uint8_t atr[] = { 0x3b, 0x02, 0x14, 0x50 };
+static const uint8_t atr[] = { 0x3b, 0x02, 0x14, 0x50 };
 
 static int verify_atr(struct card_handle *ch)
 {
@@ -126,10 +138,11 @@ static void io_start_card(struct card_handle *ch)
 	/* release from reset and verify th ATR */
 	card_emu_io_statechg(ch, CARD_IO_RST, 0);
 	/* simulate waiting time before ATR expired */
-	tc_etu_wtime_expired(ch);
+	card_emu_wtime_expired(ch);
 	verify_atr(ch);
 }
 
+/* emulate the host/reader sending some bytes to the [emulated] card */
 static void reader_send_bytes(struct card_handle *ch, const uint8_t *bytes, unsigned int len)
 {
 	unsigned int i;
@@ -166,14 +179,14 @@ static void dump_rctx(struct msgb *msg)
 
 static void get_and_verify_rctx(uint8_t ep, const uint8_t *data, unsigned int len)
 {
-	struct llist_head *queue = usb_get_queue(ep);
+	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
 	struct msgb *msg;
 	struct cardemu_usb_msg_tx_data *td;
 	struct cardemu_usb_msg_rx_data *rd;
 	struct simtrace_msg_hdr *mh;
 
-	assert(queue);
-	msg = msgb_dequeue(queue);
+	assert(bep);
+	msg = msgb_dequeue_count(&bep->queue, &bep->queue_len);
 	assert(msg);
 	dump_rctx(msg);
 	assert(msg->l1h);
@@ -203,13 +216,13 @@ static void get_and_verify_rctx(uint8_t ep, const uint8_t *data, unsigned int le
 
 static void get_and_verify_rctx_pps(const uint8_t *data, unsigned int len)
 {
-	struct llist_head *queue = usb_get_queue(PHONE_DATAIN);
+	struct usb_buffered_ep *bep = usb_get_buf_ep(PHONE_DATAIN);
 	struct msgb *msg;
 	struct simtrace_msg_hdr *mh;
 	struct cardemu_usb_msg_pts_info *ptsi;
 
-	assert(queue);
-	msg = msgb_dequeue(queue);
+	assert(bep);
+	msg = msgb_dequeue_count(&bep->queue, &bep->queue_len);
 	assert(msg);
 	dump_rctx(msg);
 	assert(msg->l1h);
@@ -397,7 +410,7 @@ int main(int argc, char **argv)
 	struct card_handle *ch;
 	unsigned int i;
 
-	ch = card_emu_init(0, 23, 42, PHONE_DATAIN, PHONE_INT);
+	ch = card_emu_init(0, 42, PHONE_DATAIN, PHONE_INT, false, true, false);
 	assert(ch);
 
 	usb_buf_init();