Just as a note, here are the addresses in PMA memory for Rx and Tx data
Rx 40006380 Tx 40006300Here is the enumeration capture:
0 Enum Reset 1 Enum Reset 2 Enum Rx S 8210 EA60 8 8006000100004000 3 Enum Tx 8000 62A0 18 120100020200004083044057000201020301 4 Enum Rx 8010 A230 0 5 Enum Reset 6 Enum Rx S 8010 EA60 8 00050A0000000000 7 Enum Tx 8000 72A0 0 8 Enum Rx S 8010 EA60 8 8006000100001200 9 Enum Tx 8000 62A0 18 120100020200004083044057000201020301 10 Enum Rx 8010 A230 0 11 Enum Rx S 8010 EA60 8 8006000600000A00 12 Enum Tx 8000 72A0 0 13 Enum Rx 8010 A210 0 14 Enum Rx S 8010 EA60 8 8006000600000A00 15 Enum Tx 8000 72A0 0 16 Enum Rx S 8010 EA60 8 8006000200000900 17 Enum Tx 8000 62A0 9 09024300020100C032 18 Enum Rx 8010 A230 0 19 Enum Rx S 8010 EA60 8 8006000200004300 20 Enum Tx 8000 62A0 64 09024300020100C03209040000010202010005240010010524010001042402020524060001070582030800FF09040100020A0000000705030240000007058102 21 Enum Tx 8000 62E0 3 400000 22 Enum Rx 8010 A270 0 23 Enum Rx S 8010 EA60 8 800600030000FF00 24 Enum Tx 8000 62A0 4 04030904 25 Enum Rx 8010 A230 0 26 Enum Rx S 8010 EA60 8 800602030904FF00 27 Enum Tx 8000 62A0 46 2E03530054004D003300320020005600690072007400750061006C00200043004F004D00200050006F0072007400 28 Enum Rx 8010 A230 0 29 Enum Rx S 8010 EA60 8 800601030904FF00 30 Enum Tx 8000 62A0 38 2603530054004D006900630072006F0065006C0065006300740072006F006E00690063007300 31 Enum Rx 8010 A230 0 32 Enum Rx S 8010 EA60 8 800603030904FF00 33 Enum Tx 8000 62A0 52 34033800370031003700340037003200380035003300350031003800380035003000300036003600660066006600340038000000 34 Enum Rx 8010 A230 0 35 Enum Rx S 8010 EA60 8 0009010000000000 36 Enum Tx 8000 72A0 0 37 Enum Rx S 8010 EA60 8 2120000000000700 38 Enum Rx 8010 A270 7 80250000000008 39 Enum Tx 8000 32A0 0The "S" indicates that the "setup" bit was set in the endpoint register. It seems to be set for every received packet during enumeration, which makes sense. Except for that last packet! Whic has size 0 and is received on the 0 endpoint making it some kind of control packet.
Then I give the value of the "istr", and then the endpoint register, followed by the count, then the data.
I was somewhat concerned that with the F103 and only 20K of ram that I might run out of memory, but this seemed to work just fine. I ought to think about ways to find out if I exhaust memory in ways other than having weird confusing bugs show up.
One thing of note in the above is a fair number of "zero length" transfers in both directions. My guess is that some other bits or bit is signalling something in these cases, but we shall see. Perhaps these are just spurious interrupts that end up being ignored. So far a mystery, and I will ignore them for now.
2 Enum Rx S 8210 EA60 8 8006000100004000 3 Enum Tx 8000 62A0 18 120100020200004083044057000201020301
The first byte in a setup packet is the request type. In our first packet this byte is 0x80. The high bit is supposed to indicate the transfer direction -- for the data phase. So if it is set (as it is in our first packet) it means "device to host" -- which I guess means it wants data. Then we get a type field (0 is "standard") and then a recipient field (0 is "device).
The recipient field is not a silly device or host, but can be:
The next byte is the request. In our first packet this is 0x06. This is "get descriptor", and since "device" was indicated in the first byte, this is "get device descriptor".
The next 2 bytes are "value" (Here: 0x0001).
The next 2 bytes are "index" (Here: 0x0000).
The next 2 bytes are "length" (Here: 0x4000).
Value of 1 means "device", so we have "GET DESCRIPTOR" for device. The index of zero is usual (or it could indicate "language"). And the length of 64 would seem to be a maximum size of 64?
Supposedly byte order in USB is little endian, but I am unsure.
The 18 bytes response can be found in usb_dev_cdc_acm.cxx as const uint8_t UsbDev::_DEVICE_DESC[] in a form that can be examined in a more or less readable form.
6 Enum Rx S 8010 EA60 8 00050A0000000000 8 Enum Rx S 8010 EA60 8 8006000100001200The second one is just a repeat of the one we already analyzed above (with a different 18 byte length for some reason) and it gets the same response. What about the first? The transfer direction is now host to device, and the request is 5 rather than 6 which is "set address" with value=0x0a00, index=0, length=0
Then we see these three:
11 Enum Rx S 8010 EA60 8 8006000600000A00 14 Enum Rx S 8010 EA60 8 8006000600000A00 16 Enum Rx S 8010 EA60 8 8006000200000900 17 Enum Tx 8000 62A0 9 09024300020100C032These are all "get descriptor", the first two get no response. These have value of 6 which is "device qualifier". I guess it asks twice just to be sure.
The last has value = 2, which asks for configuration. It does get a response. Note that it gives a length of 9 and gets a response of size 9.
Then we get the following exchange:
19 Enum Rx S 8010 EA60 8 8006000200004300 20 Enum Tx 8000 62A0 64 09024300020100C03209040000010202010005240010010524010001042402020524060001070582030800FF09040100020A0000000705030240000007058102 21 Enum Tx 8000 62E0 3 400000This again asks for configuration, the only difference being the length field which is now 67 (64+3). How does it know to ask for 67 bytes?
Since packets on full speed USB are limited to 64 bytes
in size, the response comes in two pieces.
The first is 64 bytes in length, and the extra 3 bytes come along in a second packet.
This monster can be found in usb_dev_cdc_acm.cxx as uint8_t UsbDev::_CONFIG_DESC[]
This big packet has all the information about endpoints.
35 Enum Rx S 8010 EA60 8 0009010000000000 37 Enum Rx S 8010 EA60 8 2120000000000700 38 Enum Rx 8010 A270 7 80250000000008The first "0009" is "set configuration".
The last packet is not a setup packet at all! It is received on the 0 endpoint, so it is a control packet of some kind.
I have yet to see clear statments about USB byte order and I see conflicting things even in the setup packets captured above. First of all, the request field looks fine as a little endian value. The value is 6 and we see 06_00. The "value" field though is peculiar. The value is 1 and we see 00_01. When we get to the length field, thing seem nicely little endian again with 67 being represented as 43_00.
Aha! Here is something that may provide some clarification. I am looking at wiresharks "analysis" of the 8 byte config packet. It breaks it up like this:
1 byte - 0x80 - request type 1 byte - 0x06 - request 1 byte - 0x00 - descriptor index 1 byte - 0x01 - descriptor type 2 byte - 0 - language 2 byte = 0x12 - lengthNow this makes sense! It matches the data and it makes sense. Why does the crappy documentation not explain this?
This has just sort of been a "recon" of the whole enumeration business. It has been enough for me to get some idea of what goes on and to know what questions to ask to probe further.
What I am going to need to do is to learn how to find information in the official USB documents in order to move ahead any further. It is not that terrible!! What you do is to download usb_20.pdf, which is a 573 page document. You can ignore most of it. What we are after is in chapter 9. Section 9.3 gives details about the device request packet.
Tom's Computer Info / [email protected]