Communication

Protocols
Notes and/or Reference

10/22/18 6.111 Fall 2018 1

Huge Amount of Self-Contained
Devices
• Sensors
• A-to-D converters
• D-to-A
• Memory
• Microcontrollers
• Etc…

• We need ability/fluency to extract info from and

work with them

10/22/18 6.111 Fall 2018 2

Case Study
• 9 axis IMU (Inertial Measurement Unit)
• Accelerometer
• Gyroscope
• Magnetometer
• One of the only real MEMS
(MicroElectroMechanical Systems) applications that
has gone full-scale (others might be TI’s DMD,
gyroscopes, microphones, some microfluidics, Si
resonators, Piezoelectrics from Inkjets, etc…)

10/22/18 6.111 Fall 2018 3

Accelerometers

• First MEMS accelerometer: 1979

• Position of a proof mass is capacitively sensed and
decoded to provide acceleration data

Spring
Proof Mass
Spring

%
Measure

!" → Δ%
Capacitance via
Impedance
Divider

SEM of two-axis accelerometer

10/22/18 6.111 Fall 2018 4

Uses of Acceleration Measurements:
• Acceleration can be used to detect motion
• (pedometer, free-fall/drop detection):
). = )+/ + )"/ + )*/ Accelerometer directions
+X, +Y, +Z

'(
)* Chip

!" = tan
)+ −) +

• Use gravity and trig to find orientation:

−)*

10/22/18 6.111 Fall 2018 5

Problems
• Accelerometers have huge amounts of high-
frequency noise
• To fix, usually Low Pass Filter the raw signal (Infinite
Impulse Response approach shown below)
• This cuts down on frequency response though L

./
01 [$ − 1]
!" [$] = !" [$ − 1]) + 1 − ) tan
02 [$ − 1]

02 X acceleration 0<)<1 Filter Coefficient

01 z acceleration
!" Angle estimate around y axis

10/22/18 6.111 Fall 2018 6

Bring in Gyroscopes

Angular velocity (arb. units)

• Provide Direct Angular
Velocity which we can
integrate to get angle
• Very little high-frequency
noise, but lots of low

angle (arb. units)

frequency noise (Gyros
drift like crazy)
time (seconds)

Gyro readings are “around” the

axis they refer to (use right-
hand rule):

10/22/18 6.111 Fall 2018 7

Gyro Operation
• Resonating Proof Mass Resonating
• Electrostatic Drive Spring
Proof Mass
Spring

• Piezoelectric Drive
Measure Measure
Capacitance via Capacitance via
Impedance Impedance
Divider Divider

• Turning out-of-plane:
• Proof-mass fights the turn Rotation of Device
Spr
Resonating
• Detect deviation via ing

capacitance Proof Mass

Sp
ri
ng

Measure
Capacitan
ce via
Impedanc
e
Divider
Measure
Capacitan
ce
Changes in capacitance Impedanc via
e

• Do this for all three axes

Divider
measured at different
points
Scale not accurate/nor design details

10/22/18 6.111 Fall 2018 8

How to use Gyro Readings:
• Because of Drift (low frequency
noise/offset) you want to avoid doing
much long-term integration with a gyro
reading
• Having beta less than unity ensures any
angle that comes from gyro reading
will eventually disappear, but in short
term it will dominate
• Depending on time step: !" # = %!" # − 1 + )*+ [# − 1]

0<%<1 Filter Coefficient *+ Gyro y reading

% ≈ 0.95 starting point ) Time Step

10/22/18 6.111 Fall 2018 9

What to do?
• Using only accelerometer, leaves us blind to
motion/change in the short term but fine in the
long-term

• Using only gyroscope, leaves us blind in the long

term, but good in the short term

• What to do?

10/22/18 6.111 Fall 2018 10

 Merge the signals
• Complementary Filter:
23 [# − 1]
!" # = % !" # − 1 + )*" [# − 1] + 1 − % tan01
24 [# − 1]

0<%<1 Filter Coefficient *" Gyro y reading 24 X acceleration

% ≈ 0.95 good starting point

23 z acceleration
) Time Step

• Very simple form of sensor fusion (where you merge

data from more than one sensor to build up model of
what is going on)

10/22/18 6.111 Fall 2018 11

Sensor Fusion
• Most modern sensors are used with other sensors:
• Accelerometers with gyroscopes for quick relative
orientation detection
• GPS with magnetic field with local WiFi sniffing for absolute
location determination
• Fuse multiple microphones together for user voice
• Many others…
• Can be incorporated open-loop (like complementary
filter on previous page)
• Or incorporate into “learning” algorithms:
• NLMS, Kalman, LQE, Baysean, Linear-Observer System
• Estimate, compare to new data, correct, repeat…

10/22/18 6.111 Fall 2018 12

How to get Access to the signals
in first place?
• Some accelerometers are analog out (can therefore
read them with an A-to-D converter) (ADXL335, for
example)
• These have limited functionality…and also it is
analog so there’s the whole noise issue....which is
not nice
• Most flavors of sensors are digital

10/22/18 6.111 Fall 2018 13

 Board: $5.00 from Ebay

MPU-9250 Chip: $3.00 in bulk

• Use in Lab 5
• 3-axis Accelerometer (16-bit readings)
• 3-axis Gyroscope (16-bit readings)
• 3-axis Magnetic Hall Effect Sensor (Compass) (16 bit readings)
• SPI or I2C communication (!)…no analog out
• On-chip Filters (programmable)
• On-chip programmable offsets
• On-chip programmable scale!
• On-chip sensor fusion possible (with quaternion output)!
• Interrupt-out (for low-power applications!)
• On-chip sensor fusion and other calculations (can do orientation
math on-chip or pedometry even)
• So cheap they usually aren’t even counterfeited! J

10/22/18 6.111 Fall 2018 14

Common Chip-Chip Communication
Protocols
• Parallel (not so much anymore)…mostly memory and things
that need to send data at very high rates such as a camera

• Serial (UART) (still common in some communication and

GPS devices)

• SPI (Serial Peripheral Interface) very common

• I2C (Inter-Integrated Circuit Communication) very common

• I2S (Inter-Integrated Circuit Sound Bus) very common

10/22/18 6.111 Fall 2018 15

Serial and Parallel at High Level

Parallel Link: Serial Link:

Currently pushing 10-30Gb/s …

10/22/18 6.111 Fall 2018 16

Serial Communications
• Sending information one bit at a time vs. many bits in parallel
• Serial: good for long distance (save on cable, pin and connector cost,
easy synchronization). Requires “serializer” at sender, “deserializer” at
receiver
• Parallel: issues with clock skew, crosstalk, interconnect density, pin
count. Used to dominate for short-distances (eg, between chips).
• BUT modern preference is for parallel, but independent serial links (eg,
PCI-Express x1,x2,x4,x8,x16) as a hedge against link failures.
• A zillion standards
• Asynchronous (no explicit clock) vs. Synchronous (CLK line in addition
to DATA line).
• Recent trend to reduce signaling voltages: save power, reduce
transition times
• Control/low-bandwidth Interfaces: SPI, I2C, 1-Wire, PS/2, AC97
• Networking: RS232, Ethernet, T1, Sonet
• Computer Peripherals: USB, FireWire, Fiber Channel, Infiniband, SATA,
Serial Attached SCSI

10/22/18 6.111 Fall 2018 17

Common Chip-Chip Communication
Protocols
• Parallel (not so much anymore).

• Serial (UART) (still common in some classes of devices)

• SPI (Serial Peripheral Interface) very common

• I2C (Inter-Integrated Circuit Communication) very

common

• I2S (Inter-Integrated Circuit Sound Bus) very common

10/22/18 6.111 Fall 2018 18
 Serial (UART)
TX/RX
Device 1 Device 2

RX/TX

• Stands for Universal Asynchronous Receiver Transmitter

• Requires agreement ahead-of-time between devices
regarding things like clock rate (BAUD), etc…
• Two wire communication
• Cannot really share
• (every pair of devices needs own pair of lines)
• Data rate really < 115.2Kbps
• Data sent LSB first

10/22/18 6.111 Fall 2018 19

Serial (UART)
• Line Hi at rest
• Drops Low to indicate start
• 8 (or 9 bits follows)
• Goes high (stop bit)

10/22/18 6.111 Fall 2018 20

Note on Terminology
• In device-to-device communication, it is common to have
one device labeled the ”Master” and one labeled the
“Slave”…the Master controls the Slave(s) in these settings.
• Trace history of this naming terminology back to 1940s
• I’ve seen some alternatives suggested: Leader/Follower,
Primary/Secondary (other ideas?), but this naming scheme
persists in the field and on data sheets
• Movement from this terminology has occurred more
readily in software than hardware…Django has transitioned
• Los Angeles actually requested manufacturers to use
alternative naming scheme as far back as 2003

10/22/18 6.111 Fall 2018 21

SPI
MOSI
Master MISO Slave
Device Device
SCK
CE/CS

• Stands for Serial-Peripheral Interface

• Four Wires:
• MOSI: Master-Out-Slave-In
• MISO: Master-In-Slave-Out
• SCK: Serial Clock
• CE/CS (Chip Enable or Chip Select)
• SCK removes need to agree ahead of time on data
rate (from UART)
• High Data Rates: (1MHz up to ~70 MHz clock (bits))
• Data MSB or LSB first…up to devices
10/22/18 6.111 Fall 2018 22
 MOSI

SPI
Master MISO Slave
Device Device 1
SCK
CE0/CS0

• Can share MOSI/MISO Bus

• Addition of multiple slaves requires Slave
additional select wires Device 2

CE1/CS1
• Hardware/firmware for SPI is pretty
easy to implement:
• Wires are uni-directional
• Classic “duh” sort of approach to digital
communication, but very robust.

10/22/18 6.111 Fall 2018 23

SPI Example From MCP3008 Datasheet

MCP3008 is a 8-channel 10 bit ADC

from Microchip that communicates
over SPI

MCP3008
CMOD-A7-35T

Here I am talking to a MCP3008 10 bit ADC

CS

MOSI Sends its data MSB first

X X 1 1 0 0 1 X X X X X X X X X X X X X

MISO …
X X X X X X X X 0 0 0 0 1 0 1 1 0 1 1

SCK

10/22/18 6.111 Fall 2018 24

SPI Example
“Give me a
single-ended
reading…” “From your “0001011011” ”We’re done
“Hey MCP3008” channel 1” here. ”

CS

MOSI
X X 1 1 0 0 1 X X X X X X X X X X X X X

MISO …
X X X X X X X X 0 0 0 0 1 0 1 1 0 1 1

SCK

Artix-7 (Master Device) Dialog

MCP3008 (Slave Device) Dialog X means don’t care

10/22/18 6.111 Fall 2018 25

SPI In Real Life

• Here I am talking to the same CS

chip I was daydreaming about
talking to on the previous
slide. SCK

• Dreams do come true

11001000001011011
• I’m saying, “give me your MOSI

measurement on Channel 1,”

and it is responding with MISO

“10’b0001011011” mapped to
3.3V or 0.293 V

10/22/18 6.111 Fall 2018 26

 MOSI

SPI* Master
Device
MISO
SCK
Slave
Device

• Six Wires: CE0/CS0

D/C
• MOSI: Master-Out-Slave-In RES
• MISO: Master-In-Slave-Out
• SCK: Clock
• CE/CS (Chip Enable or Chip Select)
• RES: Reset Device
• D/C: Data/Command (often seen in devices
where you need to write tons of data (i.e. a
display)
• Three/Two Wires:
• If a device has nothing to say, drop MISO:
• If you assume only one device on bus drop
CE/CS

10/22/18 6.111 Fall 2018 27

I2C
• Stands for Inter-Integrated Circuit communication
• Invented in 1980s
• Two Wire, One for Clock, one for data (both
directions)
• Usually 100kHz or 400 kHz clock (newer versions go
to 3.4 MHz)

Master SDA Slave

Device Device

SCL

10/22/18 6.111 Fall 2018 28

On i2C Multiple Devices Require
Same # of Wires
Master SDA
• Devices come with their own ID Device Slave
Device 1
numbers (originally a 7 bit value SCL
but more modern ones have 10
bits)…allows potentially up to
2^7 devices or 2^10 on a bus
(theoretically anyways) Slave
Device 2

• ID’s are specified at the factory,

usually several to choose from
when you implement and you
select them by pulling external
pins HI or LOW

10/22/18 6.111 Fall 2018 29

More to story (need pull-up resistors)
• i2C uses an open drain
• Meaning both Master and Slave Device
are either:
• LOW
• High-Impedance
• Need external pull-up resistors
These resistors
are large reaso
n
3.3V 3.3V why data rate
is so low!

4.7kΩ 4.7kΩ

Master SDA Slave

Device Device

SCL

10/22/18 6.111 Fall 2018 30

Tri-State
• inout cannot be a reg ever, ever…it is closer to a
wire...usual way to work with them is the
following:

In verilog…

inout sda;

reg sda_val;

assign sda = sda_val? 1’bz: 1’b0;

10/22/18 6.111 Fall 2018 31

As a result:
3.3V

4.7kΩ
inout sda;
reg sda_val;
assign sda = sda_val? 1’bz: 1’b0; SDA

Wanna write to SDA? SDA in

sda_val <= 0; //or 1 if desired :wq

Wanna read to SDA?

VGS
sda_val <= 1;
//wait clock cycle…
some_reg <= sda; //read from input

Mode Master Slave

Master Transmit HiZ (HI) or LOW HiZ (listening)

Slave ACK/NACK HiZ (listening) HiZ (HI) or LOW

Slave Transmit HiZ (listening) HiZ (HI) or LOW

Master ACK/NACK HiZ (HI) or LOW HiZ (listening)

10/22/18 6.111 Fall 2018 32

i2C Operation
• Data is conveyed on SDA (Either from Master or
Slave depending on point during communication)
• SCL is 50% duty cycle
• SDA generally changes on falling edge of SCL (isn’t
required)
• SDA sampled at rising edge of SCL
• Master is in charge of setting SCL frequency and
driving it
• Data is sent MSB first

10/22/18 6.111 Fall 2018 33

Meanings I: (Start, Stop, Sampling)

Master Releases Bus (STOP)

By pulling SDA HI while SCL is HI
Master Claims Bus (START)
Idle State By pulling SDA LOW while SCL is HI
SDA and SCL sit HI

SDA: HI

LO

Data/State on SDA transitions

SCL: HI @ negedge of SCL*

LO

Data from SDA sampled @ posedge of SCL

*not specified but probably easiest spot to do

10/22/18 6.111 Fall 2018 34

Meanings II Address
• First thing sent by Master is 7 bit address (10 bit in
more modern i2C…has some leading 11111’s in
it..don’t worry about that)

• If a device on the bus possesses that address, it

acknowledges (ACK/NACK=0) and it becomes the
slave

• All other devices (other than Master/Slave Devices)

will ignore until STOP signal appears later on.

10/22/18 6.111 Fall 2018 35

Meanings III (Read/Write Bit)
• After sending address, a Read/Write Bit is specified
by Master on SDA:
• If Write (0) is specified, the next byte will be a register to
write to, and following bytes will be information to write
into that register
• If Read (1) is specified, the Slave will start sending data out,
with the Master acknowledging after every byte (until it
wants data to not be sent anymore)

10/22/18 6.111 Fall 2018 36

Meanings IV (ACK/NACK)
• After every 8 bits, it is the listener’s job to
acknowledge or not acknowledge the data just
sent (called an ACK/NACK)
• Transmitter pulls SDA HI and listens for next
reading (@posedge of SCL):
• If LOW, then receiver acknowledges data
• If remains HI, no acknowledgement
• Transmitter/Receiver act accordingly

10/22/18 6.111 Fall 2018 37

Meanings V
• For Master Device to write to Slave Device:
• START
• Send Device Address (with Write bit)
• Send register you want to write to
• Send data…until you’re satisfied
• STOP
• For Master Device to read from Slave Device:
• START
• Send Device Address (with Write bit)
• Send register you want to read from
• ReSTART communication
• Send Device Address (With Read bit)
• Read the bits
• After every 8 bits, it is Master’s job to acknowledge Slave…continued
acknowledgement leads to continued data out by Slave.
• Not-Acknowledge says “no more data from Slave”
• STOP leads to Master ceasing all communication

10/22/18 6.111 Fall 2018 38

Implementing i2C on FPGA with
MPU9250:
• Made master i2C controller in Verilog
• Used MPU9250 Data sheet: 42 pages (basic
functionality, timing requirements, etc…)
• MPU9250 Register Map: 55 pages

10/22/18 6.111 Fall 2018 39

State-Machine
Implementation of
i2C Master
• Continuously reads 2 bytes
starting at the 0x3B register
(X accelerometer data)
• Print out value in hex in LEDs
• 34 States
• Clocked at 200kHz, and
creates 100 kHz SCL
• Change SDA on falling edge of
SCL
• Sample SDA on rising edge of
SCL

10/22/18 6.111 Fall 2018 40

State-Machine
Implementation of i2C
Master
• Redundant states (repeated
READ/WRITE, ADDRESS, ACK/NACK,
etc…)

• ARM manual describes ~20 state

FSM

• Included code on site for

reference/starting point

• Diagram: on next page for reference

…200 more lines

10/22/18 6.111 Fall 2018 41

 START1 ACKNACK1A
STOP IDLE IDLE
ADDRESS1 READWRITE1

ACKNACK1C
NACK
7x
NACK ACK
READ3
ADDRESS2
ADDRESS3
8x
REGISTER1
ACK4
READ4 7x
8x
START2
ADDRESS4
READ2 ACKNACK3A REGISTER2

ACK
8x
ACKNACK3C
READWRITE2 ACKNACK2C
READ1 ACKNACK2A

ACK
IDLE IDLE
NACK NACK

10/22/18 6.111 Fall 2018 42

Communication Part
VCC

GND
SCL

SDA MPU9250
Nexys4

1 0 1 1 0 1 0 0 0 0 0 0 0 1 1 1 0 1 1 0 1 0 0 1 1 0 1 0 0 0 1 0 0 1 1 0 1 1 1 0 0

SDA
01010101010101010101010101010101010101110101010101010101010101010101010101010 …
SCL

10/22/18 6.111 Fall 2018 43

 Communication Part
VCC

GND
SCL

SDA MPU9250
Nexys4

MA
ST E
Nexys4 Acknowledge=0 ReStart MPU9250

R AC
Write=0 Read=1 Acknowledge=0

K
Device Address (0x68) Device Address (0x68) Data Read In
Start Device Register (0x3B)
1 0 1 1 0 1 0 0 0 0 0 0 0 1 1 1 0 1 1 0 1 0 0 1 1 0 1 0 0 0 1 0 0 1 1 0 1 1 1 0 0
SDA

SCL
01010101010101010101010101010101010101110101010101010101010101010101010101010 …

10/22/18 6.111 Fall 2018 44

 Communication Part
VCC

GND
SCL

SDA MPU9250
Nexys4

“I’m here. Sounds good” “OK” “Hey, 0x68…”

“Hey, 0x68…” “For sure”
”More, please”
“Different thought” “Read to me
“Look at your
“I wanna tell from where
0x6B register” “0x6D”
“I claim this bus” you something” you’re looking”

1 0 1 1 0 1 0 0 0 0 0 0 0 1 1 1 0 1 1 0 1 0 0 1 1 0 1 0 0 0 1 0 0 1 1 0 1 1 1 0 0
SDA

SCL
01010101010101010101010101010101010101110101010101010101010101010101010101010 …
Nexys4 (Master Device) Dialog MPU9250 (Slave Device) Dialog

10/22/18 6.111 Fall 2018 45

Communication in Real-Life:
Data being sent to MPU9250 Data being sent from MPU9250

SDA = Yellow

SCL = Purple

Triggered on leaving IDLE state

10/22/18 6.111 Fall 2018 46

Running and reading X acceleration:

HOOKUP

Horizontal: Vertical:
16’hFD88 = 16’b1111_1101_1000_1000 (2’s complement) 16’h4088 = 16’b0100_0000_1000_1000 (2’s complement)
Flip bits to get magnitude: 16’b0000_0010_0111_0111 Leave bits to get magnitude: 16’b0100_0000_1000_1000
=-315 =+16520
Full-scale (default +/- 2g) Full-scale (default +/- 2g)
-315/(2**15)*2g = -0.02g J makes sense -16520/(2**15)*2 = +1.01g J makes sense!

10/22/18 6.111 Fall 2018 47

Clock-Stretching (Cool part of i2C!!!)
!
• Normally Master drives SCL, but since Master drives
SCL high by going hiZ, it leaves the option open for
Slave to step in and prevent SCL from going high by
pulling SCL LOW
Master wanted to pull SCL HI but slave
prevents by pull LOW
(red never happens)

SCL:

Once Slave goes HiZ again, Master

picks back up on SCL

• Allows Slave a way to buy time/slow down things (if it requires

multiple clock cycles to process incoming data and/or generate
output)

10/22/18 6.111 Fall 2018 48

I2s (Inter-IC Sound Bus)
Master Slave
SDA
WS

• Not related to i2C at all SCL

• Intended for Digitized Stereo Data

• Three Wires:
• SDA: Serial Data (The actual music)
• WS: Word Select (Left/Right Channel)
• SCL: Serial Clock (For Synchronization)
• Push-Pull Driving (like SPI…no need for pull-up resistors)
• Data sent MSB first
• Clock-rate dictated by sample rate (44.1kHz @16 bits per
channel /w 2 channels = ~1.4 MHz for example
10/22/18 6.111 Fall 2018 49
i2S

10/22/18 6.111 Fall 2018 50

Implementation
• You’ve built a UART/serial module already…it was
pretty short/easy
• Vivado has IP cores for i2C Master and i2S Masters
• SPI is much more open to interpretation and loose
on its specs so no default core that I can find:
• I put some generic skeleton code on github/site with a
FIFO buffer that can get folks started if they need it.

10/22/18 6.111 Fall 2018 51

Compare and Contrast?
• Generally the fewer the wires the more rigid the
protocol
• SPI can be very flexible and high speed (have only
10 bits to send? No problem…send 10!...can’t do
that do that with i2C…need to zero-pad up to the
next full byte (16 bits)
• In terms of implementation, generally with
communication protocols, the more wires, the
easier the protocol/less overhead

10/22/18 6.111 Fall 2018 52

Which to Choose?
• SPI is generally easier and more flexible to implement,
but only certain devices use it since it takes up a lot of
pins (and pins are expensive/limited)
• ”Slow” and “Fast” data rates are relative too…i2C is
not as much of a compromise now as it was fifteen
years ago, particularly with high-speed i2C (or even
now that 400 kHz rates are common)
• Remember, these are all meant for chip-to-chip
communications!
• Check out the example i2C code from this lecture for
the IMU, and a generic SPI master I wrote up as
well…see if you can add clock-stretching! (not
required)
10/22/18 6.111 Fall 2018 53
Going Between boards
• Previous protocols are meant for device-to-device
communication
• There is no cabling standard for these protocols
• Distances are not specified for i2C, SPI, i2S, but
think in terms of inches
• Open-Drain protocols are particularly susceptible to
parasitics so keep leads short where possible!
• To go between devices we must use other
protocols!

10/22/18 6.111 Fall 2018 54

RS232 (aka “serial port”)
• Labkit: simple bidirectional data connection with
computer.
• Characteristics
• Large voltages => special interface chips
(1/mark: -12V to -3V, 0/space: 3V to 12V)
• Separate xmit and rcv wires: full duplex
• Slow transmission rates (1 bit time = 1 baud); most interfaces
support standardized baud rates: 1200, 2400, 4800, 9600,
19.2K, 38.4K, 57.6K, 115.2K
• Format
• Wire is held at 1/mark when idle
• Start bit (1 bit of “0” at start of transmission)
• Data bits (LSB first, can be 5 to 8 bits of data)
• Parity bit (none, even, odd)
• Stop bits (1, 1.5 or 2 bits of 1/mark at end of symbol)
• Most common 8-N-1: eight data bits, no parity, one stop bit

10/22/18 6.111 Fall 2018 55

RS232 interface
• Transmit: easy, just build FSM to
generate desired waveform with
correct bit timing
• Receive:
• Want to sample value in middle of
each bit time
• Oversample, eg, at 16x baud rate
• Look for 1->0 transition at
beginning of start bit
• Count to 8 to sample start bit,
then repeatedly count to 16 to Figure from

sample other bits

http://www.arcelect.com/rs232.htm

• Check format (start, data, parity, Should look familiar from Lab 2!

stop) before accepting data.

10/22/18 6.111 Fall 2018 56

PS/2 Keyboard/Mouse Interface
• 2-wire interface (CLK, DATA), bidirectional
transmission of serial data at 10-16kHz
• Format
• Device generates CLK, but host can
request-to-send by holding CLK low
for 100us
• DATA and CLK idle at “1”, CLK starts when
there’s a transmission. DATA changes on
CLK, sampled on CLK Figures from digilentinc.com
• 11-bit packets: one start bit of “0”, 8 data bits
(LSB first), odd parity bit, one stop bit of “1”.
• Keyboards send scan codes (not ASCII!) for
each press, 8’hF0 followed by scan code for
each release
• Mice send button status, Δx and Δy of
movement since last transmission

10/22/18 6.111 Fall 2018 57

PS/2 Keyboard/Mouse Interface
• 2 signal wire interface (CLK, DATA),
bidirectional transmission of serial
data at 10-16kHz

Figures from digilentinc.com

10/22/18 6.111 Fall 2018 58

IDE Bus – Serial ATA (SATA)

SATA

2-wire (+,-) for high-speed

SATA 1: 1.5Gb/s
SATA 2: 3Gb/s
SATA 3: 6Gb/s

10/22/18 6.111 Fall 2018 59

USB: Universal Serial Bus
• USB 1.0 (12 Mbit/s) introduced in 1996
• USB 2.0 (480 Mbit/s) in 2000
• USB 3.0 (5 Gbit/s) in 2012
• USB-C 2016.
• USB 3.2 (30 Gbit/s) in July 20, 2017
Credit: Reddit
• Created by Compaq, Digital, IBM, Intel, Northern Telecom and Microsoft.
• Uses differential bi-direction serial communications

Type A USB 2.0 – 4 pins

Type A & B
Pinout Mini/Micro Pinout USB 3.0

10/22/18 6.111 Fall 2018 60

USB: Universal Serial Bus
• More defined layers than your other things we’ve
seen

• The 2000 version of USB spec was 570 pages long

• Current USB 3.2 (9/22/2017 release!...so new! so

fresh!)
• spec is 103 MB zip file*
• Approximately 8,000 pages long at this point
• I’ll summarize in a few slides

*and hosted on web page that has painfully slow DL speeds and looks like it is from 2000

10/22/18 6.111 Fall 2018 61

How is Data Transmitted in USB
(High Level):
• Communication uses handshakes to establish
capable/expected data rates
• Host device (computer for example), assigns
connected devices temporary IDs on shared bus.
• Packets of information, including headers,
payloads, and error checks (CRC5, CRC16, and
CRC32 are used) are sent between host and client
devices

10/22/18 6.111 Fall 2018 62

 How is Data Transmitted in USB
(Bit Level):
• USB uses twisted wire pairs and there is no CLOCK wire
• All data is transmitted using Non-Return-Zero-Inverted (NRZI) encoding:
• A 0 is encoded as a value change
• A 1 is encoded by no change
• After initial synchronization byte, the receiver extracts the clock from
the on-average probability of 0’s in the data (which give transitions)
using local oscillator and Phase-Locked Loops
• Avoid long stretches of 1’s by bit-stuffing (shoving 0’s in to avoid periods
of time where no transitions happen)…similar to ether protocols
• Capable of up to 30 Gbit/s
• ~2 decent resolution movies per second

10/22/18 6.111 Fall 2018 63

 USB - C
• Universal connector for power and data – first product MacBook Air – one and
only port!
• Symmetrical – no orientation (Good for 10,000 insert/withdrawals…10
kiloinserts)
• Supports DisplayPort, HDMI, power, USB, and VGA. Uses differential bi-
direction serial communications
• Supplies up to 100W power (5V @ up to 2A, 12V @ up to 5A, and 20V @ up to
5A)
• Voltage dictated by software handshake, etc..
• New adapters required for DisplayPort, HDMI, power, USB, and VGA – omg!

10/22/18 6.111 Fall 2018 64

Potential Problems
• If we all followed the laws life would be grand
• Not everyone can read all 8,000 pages
• Not everyone wants to read all 8,000 pages
• Difference between 5V and 20V going into your
laptop is now based on software handshakes
between two devices.
• Do you trust your devices?
• Solution is now to do hardware verification prior
to any power delivery using table of approved-
devices for via 128 bit encryption (mid 2016)
• It’ll be interesting to see how quickly this gets
hacked

10/22/18 6.111 Fall 2018 65

Getting data back to the board…

10/22/18 6.111 Fall 2018 66

FTDI Chipsets
• Future Technology Devices International Ltd (FTDI) is a
Scottish Electronics firm that makes USB interfaces
• They produce devices that convert between USB and:
• UART
• SPI
• I2C
• Parallel Out
• Extremely common

10/22/18 6.111 Fall 2018 67

The Great FTDI Bricking of 2014
• From the beginning of USB to only recently, most USB devices
used FTDI-based chip sets to interface (source of those annoying
FTDXX.h library issues you’d always see in Windows)
• Your optical mouse would have some circuit and it would
communicate internally with UART…then the FTDI chip would
convert to USB
• Dozens of “clones” were built to work with that software, these
clones often times selling for a small fraction of the cost of the
original FTDI chips
• In 2014 FTDI they released a software update, included in most
Windows Service Packs that bricked all “non-genuine” devices
• Turned out a lot of ”legit” products were using
counterfeits/clones

10/22/18 6.111 Fall 2018 68

Human Interface Device (HID) Classes

• Complex, yet implementable communication

protocol that utilizes widely accepted protocol:
• Have a device and/or FPGA directly run implement
that part of the USB stack
• Can implement in ~10 state FSM or so
• Appear as a “mouse” or a “keyboard” or a “webcam”,
etc…
• Medium speeds…really need specialized hardware
for the super speeds

10/22/18 6.111 Fall 2018 69

RFID: Radio Frequency Identification
• Used to provide remote
Like in MIT IDs:
interrogation/identification
• Frequency bands:
• 125 - 134 kHz [MIT ID]*
• 13.56 MHz [US Passports]*
• 400 – 960 MHz UHF
[EZPASS 915mhz ~ 1 Transmitting
antenna
mw]**
• 2.45 GHz
• 5.8 GHz

* excitation/broadcast powered Battery

** battery powered EZ Pass Internals

*http://groups.csail.mit.edu/mac/classes/6.805/student-papers/fall04-papers/mit_id/#specs

10/22/18 6.111 Fall 2018 70

125khz RFID

Receiver
Powered by 125khz broadcast
125khz transmitter signal

10/22/18 6.111 Fall 2018 71

 MIT RFID
Stimulating and Receiving Coils

• 125 kHz carrier

• 62.5 kHz modulating
wave phase-shifts
every 16 cycles: FFT of Pickup on Receiving
Coil while Stimulating Coil
• ! shift indicates a 1 has 125 kHz driven into it
• No shift indicates a 0 and NO CARD in between

• …so we’ve got: (Spike is 125 kHz centered)

• Phase-shift-encoded
Non-Return-to-Zero- FFT of Pickup on Receiving Coil
Mark Encoding (NRZ-M) while Stimulating Coil has 125 kHz
driven into it and CARD is in
between
(LOOK AT THAT SIDEBAND
ACTION!!!)

10/22/18 6.111 Fall 2018 72