One of my engineers left to go Indonesia and teach, or something, and I have inherited 17,000 lines of really ghastly, buggy, ugly assembly code for an embedded product. It looks easier to rewrite it from scratch than to try to fix it, so that keeps me off the streets for the rest of the month.
This thing has an ST flash chip, M29W400BB, which is 4M bits, used in256kx16 mode. The datasheet is typically confusing. So please check me on this:
If I write a secret combination of words to a secret list of addresses in the chip, six writes total, I can tell it to erase one of its 11 sub-blocks of memory. Apparently I can't do normal reads during erase, so I can't run the code out of the same flash I'm erasing. I have to erase a block (to all 1's, like an eprom) before I can program it. A block erase can take up to 6 seconds, but I can poll it to see when it's done. Apparently I select which block is to be erased by writing0x30 into any address of that block, as the last operation of the erase command.
(The datasheet is cute. I's not obvious whether writing to address "BA" means "write to address 0xBA" or "write to an address in the block". Seems like the latter makes sense.)
Write 0xAA to 0x555 0x55 to 0x2AA 0x80 to 0x555 0xAA to 0x555 0x55 to 0x2AA 0x30 to any address in block to be erased
wait 6 secs or poll for erase done
Programming flash is less clear. Apparently I execute a chunk of secret writes, one for each word I want to load, each with three command code writes followed by an address+data word write. "The final write operation... starts the write state machine." I assume from this that the actual burn of a single word begins after each poke-a-write-word command sequence, and it seems to take 10 us typ,200 us max, and is again pollable for done.
Write 0xAA to 0x555 0x55 to 0x2AA 0xA0 to 0X555 data to target address
wait 200 usec or poll for write done
It sounds like here, once I erase a whole block, I can program any addresses within that block, as many or as few as I like, at any desired addresses, at any time. There seems to be no time constraints on how long it takes me to do this.
During erase or program, I again can't execute code out of flash, so I'll have to relocate the flash erase and write routines into CPU ram and run them from there.
Of course the datasheet has no straightforward "to write a block, do this..." stuff, or any examples.
Oh well, even if nobody answers this post, just typing it has helped me figure out what's probably going on.