1 /* 2 * (C) Copyright 2008 - 2009 3 * Windriver, <www.windriver.com> 4 * Tom Rix <Tom.Rix@windriver.com> 5 * 6 * Copyright 2011 Sebastian Andrzej Siewior <bigeasy@linutronix.de> 7 * 8 * Copyright 2014 Linaro, Ltd. 9 * Rob Herring <robh@kernel.org> 10 * 11 * SPDX-License-Identifier: GPL-2.0+ 12 */ 13 #include <config.h> 14 #include <common.h> 15 #include <console.h> 16 #include <errno.h> 17 #include <fastboot.h> 18 #include <malloc.h> 19 #include <linux/usb/ch9.h> 20 #include <linux/usb/gadget.h> 21 #include <linux/usb/composite.h> 22 #include <linux/compiler.h> 23 #include <u-boot/sha256.h> 24 #include <version.h> 25 #include <g_dnl.h> 26 #include <fs.h> 27 #include <android_avb/avb_ops_user.h> 28 #include <android_avb/rk_avb_ops_user.h> 29 #include <dm/uclass.h> 30 #include <power/fuel_gauge.h> 31 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 32 #include <fb_mmc.h> 33 #endif 34 #ifdef CONFIG_FASTBOOT_FLASH_NAND_DEV 35 #include <fb_nand.h> 36 #endif 37 #ifdef CONFIG_OPTEE_CLIENT 38 #include <optee_include/OpteeClientInterface.h> 39 #endif 40 41 #define FASTBOOT_VERSION "0.4" 42 43 #define FASTBOOT_INTERFACE_CLASS 0xff 44 #define FASTBOOT_INTERFACE_SUB_CLASS 0x42 45 #define FASTBOOT_INTERFACE_PROTOCOL 0x03 46 47 #define RX_ENDPOINT_MAXIMUM_PACKET_SIZE_2_0 (0x0200) 48 #define RX_ENDPOINT_MAXIMUM_PACKET_SIZE_1_1 (0x0040) 49 #define TX_ENDPOINT_MAXIMUM_PACKET_SIZE (0x0040) 50 51 #define EP_BUFFER_SIZE 4096 52 /* 53 * EP_BUFFER_SIZE must always be an integral multiple of maxpacket size 54 * (64 or 512 or 1024), else we break on certain controllers like DWC3 55 * that expect bulk OUT requests to be divisible by maxpacket size. 56 */ 57 58 struct f_fastboot { 59 struct usb_function usb_function; 60 61 /* IN/OUT EP's and corresponding requests */ 62 struct usb_ep *in_ep, *out_ep; 63 struct usb_request *in_req, *out_req; 64 }; 65 66 static inline struct f_fastboot *func_to_fastboot(struct usb_function *f) 67 { 68 return container_of(f, struct f_fastboot, usb_function); 69 } 70 71 static struct f_fastboot *fastboot_func; 72 static unsigned int download_size; 73 static unsigned int download_bytes; 74 static unsigned int upload_size; 75 static unsigned int upload_bytes; 76 static bool start_upload; 77 78 static struct usb_endpoint_descriptor fs_ep_in = { 79 .bLength = USB_DT_ENDPOINT_SIZE, 80 .bDescriptorType = USB_DT_ENDPOINT, 81 .bEndpointAddress = USB_DIR_IN, 82 .bmAttributes = USB_ENDPOINT_XFER_BULK, 83 .wMaxPacketSize = cpu_to_le16(64), 84 }; 85 86 static struct usb_endpoint_descriptor fs_ep_out = { 87 .bLength = USB_DT_ENDPOINT_SIZE, 88 .bDescriptorType = USB_DT_ENDPOINT, 89 .bEndpointAddress = USB_DIR_OUT, 90 .bmAttributes = USB_ENDPOINT_XFER_BULK, 91 .wMaxPacketSize = cpu_to_le16(64), 92 }; 93 94 static struct usb_endpoint_descriptor hs_ep_in = { 95 .bLength = USB_DT_ENDPOINT_SIZE, 96 .bDescriptorType = USB_DT_ENDPOINT, 97 .bEndpointAddress = USB_DIR_IN, 98 .bmAttributes = USB_ENDPOINT_XFER_BULK, 99 .wMaxPacketSize = cpu_to_le16(512), 100 }; 101 102 static struct usb_endpoint_descriptor hs_ep_out = { 103 .bLength = USB_DT_ENDPOINT_SIZE, 104 .bDescriptorType = USB_DT_ENDPOINT, 105 .bEndpointAddress = USB_DIR_OUT, 106 .bmAttributes = USB_ENDPOINT_XFER_BULK, 107 .wMaxPacketSize = cpu_to_le16(512), 108 }; 109 110 static struct usb_interface_descriptor interface_desc = { 111 .bLength = USB_DT_INTERFACE_SIZE, 112 .bDescriptorType = USB_DT_INTERFACE, 113 .bInterfaceNumber = 0x00, 114 .bAlternateSetting = 0x00, 115 .bNumEndpoints = 0x02, 116 .bInterfaceClass = FASTBOOT_INTERFACE_CLASS, 117 .bInterfaceSubClass = FASTBOOT_INTERFACE_SUB_CLASS, 118 .bInterfaceProtocol = FASTBOOT_INTERFACE_PROTOCOL, 119 }; 120 121 static struct usb_descriptor_header *fb_fs_function[] = { 122 (struct usb_descriptor_header *)&interface_desc, 123 (struct usb_descriptor_header *)&fs_ep_in, 124 (struct usb_descriptor_header *)&fs_ep_out, 125 }; 126 127 static struct usb_descriptor_header *fb_hs_function[] = { 128 (struct usb_descriptor_header *)&interface_desc, 129 (struct usb_descriptor_header *)&hs_ep_in, 130 (struct usb_descriptor_header *)&hs_ep_out, 131 NULL, 132 }; 133 134 static struct usb_endpoint_descriptor * 135 fb_ep_desc(struct usb_gadget *g, struct usb_endpoint_descriptor *fs, 136 struct usb_endpoint_descriptor *hs) 137 { 138 if (gadget_is_dualspeed(g) && g->speed == USB_SPEED_HIGH) 139 return hs; 140 return fs; 141 } 142 143 /* 144 * static strings, in UTF-8 145 */ 146 static const char fastboot_name[] = "Android Fastboot"; 147 148 static struct usb_string fastboot_string_defs[] = { 149 [0].s = fastboot_name, 150 { } /* end of list */ 151 }; 152 153 static struct usb_gadget_strings stringtab_fastboot = { 154 .language = 0x0409, /* en-us */ 155 .strings = fastboot_string_defs, 156 }; 157 158 static struct usb_gadget_strings *fastboot_strings[] = { 159 &stringtab_fastboot, 160 NULL, 161 }; 162 163 static void rx_handler_command(struct usb_ep *ep, struct usb_request *req); 164 static int strcmp_l1(const char *s1, const char *s2); 165 166 static void fastboot_complete(struct usb_ep *ep, struct usb_request *req) 167 { 168 int status = req->status; 169 if (!status) 170 return; 171 printf("status: %d ep '%s' trans: %d\n", status, ep->name, req->actual); 172 } 173 174 static int fastboot_bind(struct usb_configuration *c, struct usb_function *f) 175 { 176 int id; 177 struct usb_gadget *gadget = c->cdev->gadget; 178 struct f_fastboot *f_fb = func_to_fastboot(f); 179 const char *s; 180 181 /* DYNAMIC interface numbers assignments */ 182 id = usb_interface_id(c, f); 183 if (id < 0) 184 return id; 185 interface_desc.bInterfaceNumber = id; 186 187 id = usb_string_id(c->cdev); 188 if (id < 0) 189 return id; 190 fastboot_string_defs[0].id = id; 191 interface_desc.iInterface = id; 192 193 f_fb->in_ep = usb_ep_autoconfig(gadget, &fs_ep_in); 194 if (!f_fb->in_ep) 195 return -ENODEV; 196 f_fb->in_ep->driver_data = c->cdev; 197 198 f_fb->out_ep = usb_ep_autoconfig(gadget, &fs_ep_out); 199 if (!f_fb->out_ep) 200 return -ENODEV; 201 f_fb->out_ep->driver_data = c->cdev; 202 203 f->descriptors = fb_fs_function; 204 205 if (gadget_is_dualspeed(gadget)) { 206 /* Assume endpoint addresses are the same for both speeds */ 207 hs_ep_in.bEndpointAddress = fs_ep_in.bEndpointAddress; 208 hs_ep_out.bEndpointAddress = fs_ep_out.bEndpointAddress; 209 /* copy HS descriptors */ 210 f->hs_descriptors = fb_hs_function; 211 } 212 213 s = env_get("serial#"); 214 if (s) 215 g_dnl_set_serialnumber((char *)s); 216 217 return 0; 218 } 219 220 static void fastboot_unbind(struct usb_configuration *c, struct usb_function *f) 221 { 222 memset(fastboot_func, 0, sizeof(*fastboot_func)); 223 } 224 225 static void fastboot_disable(struct usb_function *f) 226 { 227 struct f_fastboot *f_fb = func_to_fastboot(f); 228 229 usb_ep_disable(f_fb->out_ep); 230 usb_ep_disable(f_fb->in_ep); 231 232 if (f_fb->out_req) { 233 free(f_fb->out_req->buf); 234 usb_ep_free_request(f_fb->out_ep, f_fb->out_req); 235 f_fb->out_req = NULL; 236 } 237 if (f_fb->in_req) { 238 free(f_fb->in_req->buf); 239 usb_ep_free_request(f_fb->in_ep, f_fb->in_req); 240 f_fb->in_req = NULL; 241 } 242 } 243 244 static struct usb_request *fastboot_start_ep(struct usb_ep *ep) 245 { 246 struct usb_request *req; 247 248 req = usb_ep_alloc_request(ep, 0); 249 if (!req) 250 return NULL; 251 252 req->length = EP_BUFFER_SIZE; 253 req->buf = memalign(CONFIG_SYS_CACHELINE_SIZE, EP_BUFFER_SIZE); 254 if (!req->buf) { 255 usb_ep_free_request(ep, req); 256 return NULL; 257 } 258 259 memset(req->buf, 0, req->length); 260 return req; 261 } 262 263 static int fastboot_set_alt(struct usb_function *f, 264 unsigned interface, unsigned alt) 265 { 266 int ret; 267 struct usb_composite_dev *cdev = f->config->cdev; 268 struct usb_gadget *gadget = cdev->gadget; 269 struct f_fastboot *f_fb = func_to_fastboot(f); 270 const struct usb_endpoint_descriptor *d; 271 272 debug("%s: func: %s intf: %d alt: %d\n", 273 __func__, f->name, interface, alt); 274 275 d = fb_ep_desc(gadget, &fs_ep_out, &hs_ep_out); 276 ret = usb_ep_enable(f_fb->out_ep, d); 277 if (ret) { 278 puts("failed to enable out ep\n"); 279 return ret; 280 } 281 282 f_fb->out_req = fastboot_start_ep(f_fb->out_ep); 283 if (!f_fb->out_req) { 284 puts("failed to alloc out req\n"); 285 ret = -EINVAL; 286 goto err; 287 } 288 f_fb->out_req->complete = rx_handler_command; 289 290 d = fb_ep_desc(gadget, &fs_ep_in, &hs_ep_in); 291 ret = usb_ep_enable(f_fb->in_ep, d); 292 if (ret) { 293 puts("failed to enable in ep\n"); 294 goto err; 295 } 296 297 f_fb->in_req = fastboot_start_ep(f_fb->in_ep); 298 if (!f_fb->in_req) { 299 puts("failed alloc req in\n"); 300 ret = -EINVAL; 301 goto err; 302 } 303 f_fb->in_req->complete = fastboot_complete; 304 305 ret = usb_ep_queue(f_fb->out_ep, f_fb->out_req, 0); 306 if (ret) 307 goto err; 308 309 return 0; 310 err: 311 fastboot_disable(f); 312 return ret; 313 } 314 315 static int fastboot_add(struct usb_configuration *c) 316 { 317 struct f_fastboot *f_fb = fastboot_func; 318 int status; 319 320 debug("%s: cdev: 0x%p\n", __func__, c->cdev); 321 322 if (!f_fb) { 323 f_fb = memalign(CONFIG_SYS_CACHELINE_SIZE, sizeof(*f_fb)); 324 if (!f_fb) 325 return -ENOMEM; 326 327 fastboot_func = f_fb; 328 memset(f_fb, 0, sizeof(*f_fb)); 329 } 330 331 f_fb->usb_function.name = "f_fastboot"; 332 f_fb->usb_function.bind = fastboot_bind; 333 f_fb->usb_function.unbind = fastboot_unbind; 334 f_fb->usb_function.set_alt = fastboot_set_alt; 335 f_fb->usb_function.disable = fastboot_disable; 336 f_fb->usb_function.strings = fastboot_strings; 337 338 status = usb_add_function(c, &f_fb->usb_function); 339 if (status) { 340 free(f_fb); 341 fastboot_func = f_fb; 342 } 343 344 return status; 345 } 346 DECLARE_GADGET_BIND_CALLBACK(usb_dnl_fastboot, fastboot_add); 347 348 static int fastboot_tx_write(const char *buffer, unsigned int buffer_size) 349 { 350 struct usb_request *in_req = fastboot_func->in_req; 351 int ret; 352 353 memcpy(in_req->buf, buffer, buffer_size); 354 in_req->length = buffer_size; 355 356 usb_ep_dequeue(fastboot_func->in_ep, in_req); 357 358 ret = usb_ep_queue(fastboot_func->in_ep, in_req, 0); 359 if (ret) 360 printf("Error %d on queue\n", ret); 361 return 0; 362 } 363 364 static int fastboot_tx_write_str(const char *buffer) 365 { 366 return fastboot_tx_write(buffer, strlen(buffer)); 367 } 368 369 static void compl_do_reset(struct usb_ep *ep, struct usb_request *req) 370 { 371 do_reset(NULL, 0, 0, NULL); 372 } 373 374 int __weak fb_set_reboot_flag(void) 375 { 376 return -ENOSYS; 377 } 378 379 static void cb_reboot(struct usb_ep *ep, struct usb_request *req) 380 { 381 char *cmd = req->buf; 382 if (!strcmp_l1("reboot-bootloader", cmd)) { 383 if (fb_set_reboot_flag()) { 384 fastboot_tx_write_str("FAILCannot set reboot flag"); 385 return; 386 } 387 } 388 fastboot_func->in_req->complete = compl_do_reset; 389 fastboot_tx_write_str("OKAY"); 390 } 391 392 static int strcmp_l1(const char *s1, const char *s2) 393 { 394 if (!s1 || !s2) 395 return -1; 396 return strncmp(s1, s2, strlen(s1)); 397 } 398 399 static void cb_getvar(struct usb_ep *ep, struct usb_request *req) 400 { 401 char *cmd = req->buf; 402 char response[FASTBOOT_RESPONSE_LEN]; 403 const char *s; 404 size_t chars_left; 405 406 strcpy(response, "OKAY"); 407 chars_left = sizeof(response) - strlen(response) - 1; 408 409 strsep(&cmd, ":"); 410 if (!cmd) { 411 pr_err("missing variable"); 412 fastboot_tx_write_str("FAILmissing var"); 413 return; 414 } 415 416 if (!strcmp_l1("version", cmd)) { 417 strncat(response, FASTBOOT_VERSION, chars_left); 418 } else if (!strcmp_l1("bootloader-version", cmd)) { 419 strncat(response, U_BOOT_VERSION, chars_left); 420 } else if (!strcmp_l1("product", cmd)) { 421 strncat(response, CONFIG_SYS_BOARD, chars_left); 422 } else if (!strcmp_l1("variant", cmd)) { 423 strncat(response, "userdebug", chars_left); 424 } else if (!strcmp_l1("secure", cmd)) { 425 strncat(response, "no", chars_left); 426 } else if (!strcmp_l1("unlocked", cmd)) { 427 strncat(response, "yes", chars_left); 428 } else if (!strcmp_l1("off-mode-charge", cmd)) { 429 strncat(response, "0", chars_left); 430 } else if (!strcmp_l1("battery-voltage", cmd)) { 431 strncat(response, "7.4", chars_left); 432 } else if (!strcmp_l1("battery-soc-ok", cmd)) { 433 strncat(response, "yes", chars_left); 434 } else if (!strcmp_l1("downloadsize", cmd) || 435 !strcmp_l1("max-download-size", cmd)) { 436 char str_num[12]; 437 438 sprintf(str_num, "0x%08x", CONFIG_FASTBOOT_BUF_SIZE); 439 strncat(response, str_num, chars_left); 440 } else if (!strcmp_l1("serialno", cmd)) { 441 s = env_get("serial#"); 442 if (s) 443 strncat(response, s, chars_left); 444 else 445 strcpy(response, "FAILValue not set"); 446 } else if (strncmp("at-attest-dh", cmd, 12) == 0) { 447 #ifdef CONFIG_OPTEE_CLIENT 448 char dhbuf[8]; 449 uint32_t dh_len = 8; 450 uint32_t res = trusty_attest_dh((uint8_t *)dhbuf, &dh_len); 451 if (res) 452 strcpy(response, "FAILdh not set"); 453 else 454 strncat(response, dhbuf, chars_left); 455 #else 456 fastboot_tx_write_str("FAILnot implemented"); 457 return; 458 #endif 459 } else if (strncmp("at-attest-uuid", cmd, 14) == 0) { 460 #ifdef CONFIG_OPTEE_CLIENT 461 char uuid[32] = {0}; 462 uint32_t uuid_len = 32; 463 uint32_t res = trusty_attest_uuid((uint8_t *)uuid, &uuid_len); 464 if (res) 465 strcpy(response, "FAILuuid not set"); 466 else 467 strncat(response, uuid, chars_left); 468 #else 469 fastboot_tx_write_str("FAILnot implemented"); 470 return; 471 #endif 472 } else if (strncmp("at-vboot-state", cmd, 14) == 0) { 473 char uuid[32] = {0}; 474 475 strncat(response, uuid, chars_left); 476 } else if (!strcmp_l1("slot-count", cmd)) { 477 #ifdef CONFIG_RK_AVB_LIBAVB_USER 478 char slot_count[2]; 479 char temp; 480 481 slot_count[1] = '\0'; 482 rk_avb_read_slot_count(&temp); 483 slot_count[0] = temp + 0x30; 484 strncat(response, slot_count, chars_left); 485 #else 486 fastboot_tx_write_str("FAILnot implemented"); 487 return; 488 #endif 489 } else if (!strcmp_l1("current-slot", cmd)) { 490 #ifdef CONFIG_RK_AVB_LIBAVB_USER 491 char slot_surrent[8] = {0}; 492 493 if (!rk_avb_get_current_slot(slot_surrent)) 494 strncat(response, slot_surrent+1, chars_left); 495 else 496 strcpy(response, "FAILgeterror"); 497 #else 498 fastboot_tx_write_str("FAILnot implemented"); 499 return; 500 #endif 501 } else if (!strcmp_l1("slot-suffixes", cmd)) { 502 #ifdef CONFIG_RK_AVB_LIBAVB_USER 503 char slot_suffixes_temp[4]; 504 char slot_suffixes[9]; 505 int slot_cnt = 0; 506 507 memset(slot_suffixes_temp, 0, 4); 508 memset(slot_suffixes, 0, 9); 509 rk_avb_read_slot_suffixes(slot_suffixes_temp); 510 while (slot_suffixes_temp[slot_cnt] != '\0') { 511 slot_suffixes[slot_cnt * 2] 512 = slot_suffixes_temp[slot_cnt]; 513 slot_suffixes[slot_cnt * 2 + 1] = ','; 514 slot_cnt++; 515 } 516 strncat(response, slot_suffixes, chars_left); 517 #else 518 fastboot_tx_write_str("FAILnot implemented"); 519 return; 520 #endif 521 } else if (!strncmp("has-slot", cmd, 8)) { 522 #ifdef CONFIG_RK_AVB_LIBAVB_USER 523 char *part_name = cmd; 524 525 cmd = strsep(&part_name, ":"); 526 if (!strcmp(part_name, "boot") || 527 !strcmp(part_name, "system") || 528 !strcmp(part_name, "vendor") || 529 !strcmp(part_name, "vbmeta") || 530 !strcmp(part_name, "oem")) { 531 strncat(response, "yes", chars_left); 532 } else { 533 strcpy(response, "FAILno"); 534 } 535 #else 536 fastboot_tx_write_str("FAILnot implemented"); 537 return; 538 #endif 539 } else if (!strncmp("slot-unbootable", cmd, 15)) { 540 #ifdef CONFIG_RK_AVB_LIBAVB_USER 541 char *slot_name = cmd; 542 543 cmd = strsep(&slot_name, ":"); 544 if (!strcmp(slot_name, "a") || 545 !strcmp(slot_name, "b")) { 546 strncat(response, "no", chars_left); 547 } else { 548 strcpy(response, "FAILno"); 549 } 550 #else 551 fastboot_tx_write_str("FAILnot implemented"); 552 return; 553 #endif 554 } else if (!strncmp("slot-successful", cmd, 15)) { 555 #ifdef CONFIG_RK_AVB_LIBAVB_USER 556 char *slot_name = cmd; 557 558 cmd = strsep(&slot_name, ":"); 559 if (!strcmp(slot_name, "a") || 560 !strcmp(slot_name, "b")) { 561 strncat(response, "no", chars_left); 562 } else { 563 strcpy(response, "FAILno"); 564 } 565 #else 566 fastboot_tx_write_str("FAILnot implemented"); 567 return; 568 #endif 569 } else if (!strncmp("slot-retry-count", cmd, 16)) { 570 #ifdef CONFIG_RK_AVB_LIBAVB_USER 571 char *slot_name = cmd; 572 char count[10] = {0}; 573 static int cnt[2] = {0}; 574 575 cmd = strsep(&slot_name, ":"); 576 if (!strcmp(slot_name, "a")) { 577 sprintf(count, "%c", 0x30+cnt[0]); 578 strncat(response, count, chars_left); 579 if (cnt[0] > 0) 580 cnt[0]--; 581 } else if (!strcmp(slot_name, "b")) { 582 sprintf(count, "%c", 0x30+cnt[1]); 583 strncat(response, count, chars_left); 584 if (cnt[1] > 0) 585 cnt[1]--; 586 } else { 587 strcpy(response, "FAILno"); 588 } 589 #else 590 fastboot_tx_write_str("FAILnot implemented"); 591 return; 592 #endif 593 } else if (!strncmp("partition-type", cmd, 14) || 594 !strncmp("partition-size", cmd, 14)) { 595 disk_partition_t part_info; 596 struct blk_desc *dev_desc; 597 char *part_name = cmd; 598 char part_size_str[20]; 599 600 cmd = strsep(&part_name, ":"); 601 dev_desc = blk_get_dev("mmc", 0); 602 if (!dev_desc) { 603 strcpy(response, "FAILblock device not found"); 604 } else if (part_get_info_by_name(dev_desc, part_name, &part_info) < 0) { 605 strcpy(response, "FAILpartition not found"); 606 } else if (!strncmp("partition-type", cmd, 14)) { 607 strncat(response, (char *)part_info.type, chars_left); 608 } else if (!strncmp("partition-size", cmd, 14)) { 609 sprintf(part_size_str, "0x%016x", (int)part_info.size); 610 strncat(response, part_size_str, chars_left); 611 } 612 } else { 613 char *envstr; 614 615 envstr = malloc(strlen("fastboot.") + strlen(cmd) + 1); 616 if (!envstr) { 617 fastboot_tx_write_str("FAILmalloc error"); 618 return; 619 } 620 621 sprintf(envstr, "fastboot.%s", cmd); 622 s = env_get(envstr); 623 if (s) { 624 strncat(response, s, chars_left); 625 } else { 626 printf("WARNING: unknown variable: %s\n", cmd); 627 strcpy(response, "FAILVariable not implemented"); 628 } 629 630 free(envstr); 631 } 632 fastboot_tx_write_str(response); 633 } 634 635 static unsigned int rx_bytes_expected(struct usb_ep *ep) 636 { 637 int rx_remain = download_size - download_bytes; 638 unsigned int rem; 639 unsigned int maxpacket = ep->maxpacket; 640 641 if (rx_remain <= 0) 642 return 0; 643 else if (rx_remain > EP_BUFFER_SIZE) 644 return EP_BUFFER_SIZE; 645 646 /* 647 * Some controllers e.g. DWC3 don't like OUT transfers to be 648 * not ending in maxpacket boundary. So just make them happy by 649 * always requesting for integral multiple of maxpackets. 650 * This shouldn't bother controllers that don't care about it. 651 */ 652 rem = rx_remain % maxpacket; 653 if (rem > 0) 654 rx_remain = rx_remain + (maxpacket - rem); 655 656 return rx_remain; 657 } 658 659 #define BYTES_PER_DOT 0x20000 660 static void rx_handler_dl_image(struct usb_ep *ep, struct usb_request *req) 661 { 662 char response[FASTBOOT_RESPONSE_LEN]; 663 unsigned int transfer_size = download_size - download_bytes; 664 const unsigned char *buffer = req->buf; 665 unsigned int buffer_size = req->actual; 666 unsigned int pre_dot_num, now_dot_num; 667 668 if (req->status != 0) { 669 printf("Bad status: %d\n", req->status); 670 return; 671 } 672 673 if (buffer_size < transfer_size) 674 transfer_size = buffer_size; 675 676 memcpy((void *)CONFIG_FASTBOOT_BUF_ADDR + download_bytes, 677 buffer, transfer_size); 678 679 pre_dot_num = download_bytes / BYTES_PER_DOT; 680 download_bytes += transfer_size; 681 now_dot_num = download_bytes / BYTES_PER_DOT; 682 683 if (pre_dot_num != now_dot_num) { 684 putc('.'); 685 if (!(now_dot_num % 74)) 686 putc('\n'); 687 } 688 689 /* Check if transfer is done */ 690 if (download_bytes >= download_size) { 691 /* 692 * Reset global transfer variable, keep download_bytes because 693 * it will be used in the next possible flashing command 694 */ 695 download_size = 0; 696 req->complete = rx_handler_command; 697 req->length = EP_BUFFER_SIZE; 698 699 strcpy(response, "OKAY"); 700 fastboot_tx_write_str(response); 701 702 printf("\ndownloading of %d bytes finished\n", download_bytes); 703 } else { 704 req->length = rx_bytes_expected(ep); 705 } 706 707 req->actual = 0; 708 usb_ep_queue(ep, req, 0); 709 } 710 711 static void cb_download(struct usb_ep *ep, struct usb_request *req) 712 { 713 char *cmd = req->buf; 714 char response[FASTBOOT_RESPONSE_LEN]; 715 716 strsep(&cmd, ":"); 717 download_size = simple_strtoul(cmd, NULL, 16); 718 download_bytes = 0; 719 720 printf("Starting download of %d bytes\n", download_size); 721 722 if (0 == download_size) { 723 strcpy(response, "FAILdata invalid size"); 724 } else if (download_size > CONFIG_FASTBOOT_BUF_SIZE) { 725 download_size = 0; 726 strcpy(response, "FAILdata too large"); 727 } else { 728 sprintf(response, "DATA%08x", download_size); 729 req->complete = rx_handler_dl_image; 730 req->length = rx_bytes_expected(ep); 731 } 732 733 fastboot_tx_write_str(response); 734 } 735 736 static void tx_handler_ul(struct usb_ep *ep, struct usb_request *req) 737 { 738 unsigned int xfer_size = 0; 739 unsigned int pre_dot_num, now_dot_num; 740 unsigned int remain_size = 0; 741 unsigned int transferred_size = req->actual; 742 743 if (req->status != 0) { 744 printf("Bad status: %d\n", req->status); 745 return; 746 } 747 748 if (start_upload) { 749 pre_dot_num = upload_bytes / BYTES_PER_DOT; 750 upload_bytes += transferred_size; 751 now_dot_num = upload_bytes / BYTES_PER_DOT; 752 753 if (pre_dot_num != now_dot_num) { 754 putc('.'); 755 if (!(now_dot_num % 74)) 756 putc('\n'); 757 } 758 } 759 760 remain_size = upload_size - upload_bytes; 761 xfer_size = (remain_size > EP_BUFFER_SIZE) ? 762 EP_BUFFER_SIZE : remain_size; 763 764 debug("%s: remain_size=%d, transferred_size=%d", 765 __func__, remain_size, transferred_size); 766 debug("xfer_size=%d, upload_bytes=%d, upload_size=%d!\n", 767 xfer_size, upload_bytes, upload_size); 768 769 if (remain_size <= 0) { 770 fastboot_func->in_req->complete = fastboot_complete; 771 fastboot_tx_write_str("OKAY"); 772 printf("\nuploading of %d bytes finished\n", upload_bytes); 773 upload_bytes = 0; 774 upload_size = 0; 775 start_upload = false; 776 return; 777 } 778 779 /* Remove the transfer callback which response the upload */ 780 /* request from host */ 781 if (!upload_bytes) 782 start_upload = true; 783 784 fastboot_tx_write((char *)((phys_addr_t)CONFIG_FASTBOOT_BUF_ADDR + \ 785 upload_bytes), 786 xfer_size); 787 } 788 789 static void cb_upload(struct usb_ep *ep, struct usb_request *req) 790 { 791 char response[FASTBOOT_RESPONSE_LEN]; 792 793 printf("Starting upload of %d bytes\n", upload_size); 794 795 if (0 == upload_size) { 796 strcpy(response, "FAILdata invalid size"); 797 } else { 798 start_upload = false; 799 sprintf(response, "DATA%08x", upload_size); 800 fastboot_func->in_req->complete = tx_handler_ul; 801 } 802 803 fastboot_tx_write_str(response); 804 } 805 806 static void do_bootm_on_complete(struct usb_ep *ep, struct usb_request *req) 807 { 808 char boot_addr_start[12]; 809 char *bootm_args[] = { "bootm", boot_addr_start, NULL }; 810 811 puts("Booting kernel..\n"); 812 813 sprintf(boot_addr_start, "0x%lx", (long)CONFIG_FASTBOOT_BUF_ADDR); 814 do_bootm(NULL, 0, 2, bootm_args); 815 816 /* This only happens if image is somehow faulty so we start over */ 817 do_reset(NULL, 0, 0, NULL); 818 } 819 820 static void cb_boot(struct usb_ep *ep, struct usb_request *req) 821 { 822 fastboot_func->in_req->complete = do_bootm_on_complete; 823 fastboot_tx_write_str("OKAY"); 824 } 825 826 static void do_exit_on_complete(struct usb_ep *ep, struct usb_request *req) 827 { 828 g_dnl_trigger_detach(); 829 } 830 831 static void cb_continue(struct usb_ep *ep, struct usb_request *req) 832 { 833 fastboot_func->in_req->complete = do_exit_on_complete; 834 fastboot_tx_write_str("OKAY"); 835 } 836 837 static void cb_set_active(struct usb_ep *ep, struct usb_request *req) 838 { 839 char *cmd = req->buf; 840 841 debug("%s: %s\n", __func__, cmd); 842 843 strsep(&cmd, ":"); 844 if (!cmd) { 845 pr_err("missing slot name"); 846 fastboot_tx_write_str("FAILmissing slot name"); 847 return; 848 } 849 #ifdef CONFIG_RK_AVB_LIBAVB_USER 850 unsigned int slot_number; 851 if (strncmp("a", cmd, 1) == 0) { 852 slot_number = 0; 853 rk_avb_set_slot_active(&slot_number); 854 } else if (strncmp("b", cmd, 1) == 0) { 855 slot_number = 1; 856 rk_avb_set_slot_active(&slot_number); 857 } else { 858 fastboot_tx_write_str("FAILunkown slot name"); 859 return; 860 } 861 862 fastboot_tx_write_str("OKAY"); 863 return; 864 #else 865 fastboot_tx_write_str("FAILnot implemented"); 866 return; 867 #endif 868 } 869 870 #ifdef CONFIG_FASTBOOT_FLASH 871 static void cb_flash(struct usb_ep *ep, struct usb_request *req) 872 { 873 char *cmd = req->buf; 874 char response[FASTBOOT_RESPONSE_LEN] = {0}; 875 #ifdef CONFIG_RK_AVB_LIBAVB_USER 876 uint8_t flash_lock_state; 877 878 if (rk_avb_read_flash_lock_state(&flash_lock_state)) { 879 /* write the device flashing unlock when first read */ 880 if (rk_avb_write_flash_lock_state(1)) { 881 fastboot_tx_write_str("FAILflash lock state write failure"); 882 return; 883 } 884 if (rk_avb_read_flash_lock_state(&flash_lock_state)) { 885 fastboot_tx_write_str("FAILflash lock state read failure"); 886 return; 887 } 888 } 889 890 if (flash_lock_state == 0) { 891 fastboot_tx_write_str("FAILThe device is locked, can not flash!"); 892 printf("The device is locked, can not flash!\n"); 893 return; 894 } 895 #endif 896 strsep(&cmd, ":"); 897 if (!cmd) { 898 pr_err("missing partition name"); 899 fastboot_tx_write_str("FAILmissing partition name"); 900 return; 901 } 902 903 fastboot_fail("no flash device defined", response); 904 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 905 fb_mmc_flash_write(cmd, (void *)CONFIG_FASTBOOT_BUF_ADDR, 906 download_bytes, response); 907 #endif 908 #ifdef CONFIG_FASTBOOT_FLASH_NAND_DEV 909 fb_nand_flash_write(cmd, (void *)CONFIG_FASTBOOT_BUF_ADDR, 910 download_bytes, response); 911 #endif 912 fastboot_tx_write_str(response); 913 } 914 915 static void cb_flashing(struct usb_ep *ep, struct usb_request *req) 916 { 917 char *cmd = req->buf; 918 919 if (strncmp("lock", cmd + 9, 4) == 0) { 920 #ifdef CONFIG_RK_AVB_LIBAVB_USER 921 uint8_t flash_lock_state; 922 flash_lock_state = 0; 923 if (rk_avb_write_flash_lock_state(flash_lock_state)) 924 fastboot_tx_write_str("FAILflash lock state" 925 " write failure"); 926 else 927 fastboot_tx_write_str("OKAY"); 928 #else 929 fastboot_tx_write_str("FAILnot implemented"); 930 #endif 931 } else if (strncmp("unlock", cmd + 9, 6) == 0) { 932 #ifdef CONFIG_RK_AVB_LIBAVB_USER 933 uint8_t flash_lock_state; 934 flash_lock_state = 1; 935 if (rk_avb_write_flash_lock_state(flash_lock_state)) 936 fastboot_tx_write_str("FAILflash lock state" 937 " write failure"); 938 else 939 fastboot_tx_write_str("OKAY"); 940 #else 941 fastboot_tx_write_str("FAILnot implemented"); 942 #endif 943 } else if (strncmp("lock_critical", cmd + 9, 12) == 0) { 944 fastboot_tx_write_str("FAILnot implemented"); 945 } else if (strncmp("unlock_critical", cmd + 9, 14) == 0) { 946 fastboot_tx_write_str("FAILnot implemented"); 947 } else if (strncmp("get_unlock_ability", cmd + 9, 17) == 0) { 948 fastboot_tx_write_str("FAILnot implemented"); 949 } else if (strncmp("get_unlock_bootloader_nonce", cmd + 4, 27) == 0) { 950 fastboot_tx_write_str("FAILnot implemented"); 951 } else if (strncmp("unlock_bootloader", cmd + 9, 17) == 0) { 952 fastboot_tx_write_str("FAILnot implemented"); 953 } else if (strncmp("lock_bootloader", cmd + 9, 15) == 0) { 954 fastboot_tx_write_str("FAILnot implemented"); 955 } else { 956 fastboot_tx_write_str("FAILunknown flashing command"); 957 } 958 } 959 #endif 960 961 static void cb_oem_perm_attr(void) 962 { 963 #ifdef CONFIG_RK_AVB_LIBAVB_USER 964 sha256_context ctx; 965 uint8_t digest[SHA256_SUM_LEN] = {0}; 966 uint8_t digest_temp[SHA256_SUM_LEN] = {0}; 967 uint8_t perm_attr_temp[PERM_ATTR_TOTAL_SIZE] = {0}; 968 uint8_t flag = 0; 969 970 if (PERM_ATTR_TOTAL_SIZE != download_bytes) { 971 printf("Permanent attribute size is not equal!\n"); 972 fastboot_tx_write_str("FAILincorrect perm attribute size"); 973 return; 974 } 975 976 if (rk_avb_read_perm_attr_flag(&flag)) { 977 printf("rk_avb_read_perm_attr_flag error!\n"); 978 fastboot_tx_write_str("FAILperm attr read failed"); 979 return; 980 } 981 982 if (flag == PERM_ATTR_SUCCESS_FLAG) { 983 if (rk_avb_read_attribute_hash(digest_temp, 984 SHA256_SUM_LEN)) { 985 printf("The efuse IO can not be used!\n"); 986 fastboot_tx_write_str("FAILefuse IO can not be used"); 987 return; 988 } 989 990 if (memcmp(digest, digest_temp, SHA256_SUM_LEN) != 0) { 991 if (rk_avb_read_permanent_attributes(perm_attr_temp, 992 PERM_ATTR_TOTAL_SIZE)) { 993 printf("rk_avb_write_permanent_attributes error!\n"); 994 fastboot_tx_write_str("FAILread perm attr error"); 995 return; 996 } 997 998 sha256_starts(&ctx); 999 sha256_update(&ctx, 1000 (const uint8_t *)perm_attr_temp, 1001 PERM_ATTR_TOTAL_SIZE); 1002 sha256_finish(&ctx, digest); 1003 if (memcmp(digest, digest_temp, SHA256_SUM_LEN) == 0) { 1004 printf("The hash has been written!\n"); 1005 fastboot_tx_write_str("OKAY"); 1006 return; 1007 } 1008 } 1009 1010 if (rk_avb_write_perm_attr_flag(0)) { 1011 fastboot_tx_write_str("FAILperm attr flag write failure"); 1012 return; 1013 } 1014 } 1015 1016 if (rk_avb_write_permanent_attributes((uint8_t *) 1017 CONFIG_FASTBOOT_BUF_ADDR, 1018 download_bytes)) { 1019 if (rk_avb_write_perm_attr_flag(0)) { 1020 fastboot_tx_write_str("FAILperm attr flag write failure"); 1021 return; 1022 } 1023 fastboot_tx_write_str("FAILperm attr write failed"); 1024 return; 1025 } 1026 1027 memset(digest, 0, SHA256_SUM_LEN); 1028 sha256_starts(&ctx); 1029 sha256_update(&ctx, (const uint8_t *)CONFIG_FASTBOOT_BUF_ADDR, 1030 PERM_ATTR_TOTAL_SIZE); 1031 sha256_finish(&ctx, digest); 1032 1033 if (rk_avb_write_attribute_hash((uint8_t *)digest, 1034 SHA256_SUM_LEN)) { 1035 if (rk_avb_read_attribute_hash(digest_temp, 1036 SHA256_SUM_LEN)) { 1037 printf("The efuse IO can not be used!\n"); 1038 fastboot_tx_write_str("FAILefuse IO can not be used"); 1039 return; 1040 } 1041 if (memcmp(digest, digest_temp, SHA256_SUM_LEN) != 0) { 1042 if (rk_avb_write_perm_attr_flag(0)) { 1043 fastboot_tx_write_str("FAILperm attr flag write failure"); 1044 return; 1045 } 1046 printf("The hash has been written, but is different!\n"); 1047 fastboot_tx_write_str("FAILhash comparison failure"); 1048 return; 1049 } 1050 } 1051 1052 if (rk_avb_write_perm_attr_flag(PERM_ATTR_SUCCESS_FLAG)) { 1053 fastboot_tx_write_str("FAILperm attr flag write failure"); 1054 return; 1055 } 1056 1057 fastboot_tx_write_str("OKAY"); 1058 #else 1059 fastboot_tx_write_str("FAILnot implemented"); 1060 #endif 1061 } 1062 1063 static void cb_oem(struct usb_ep *ep, struct usb_request *req) 1064 { 1065 char *cmd = req->buf; 1066 1067 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 1068 if (strncmp("format", cmd + 4, 6) == 0) { 1069 char cmdbuf[32]; 1070 sprintf(cmdbuf, "gpt write mmc %x $partitions", 1071 CONFIG_FASTBOOT_FLASH_MMC_DEV); 1072 if (run_command(cmdbuf, 0)) 1073 fastboot_tx_write_str("FAILmmc write failure"); 1074 else 1075 fastboot_tx_write_str("OKAY"); 1076 } else 1077 #endif 1078 if (strncmp("unlock", cmd + 4, 8) == 0) { 1079 fastboot_tx_write_str("FAILnot implemented"); 1080 } else if (strncmp("at-get-ca-request", cmd + 4, 17) == 0) { 1081 #ifdef CONFIG_OPTEE_CLIENT 1082 uint8_t out[ATTEST_CA_OUT_SIZE]; 1083 uint32_t operation_size = download_bytes; 1084 uint32_t out_len = ATTEST_CA_OUT_SIZE; 1085 uint32_t res = 0; 1086 1087 res = trusty_attest_get_ca((uint8_t *)CONFIG_FASTBOOT_BUF_ADDR, 1088 &operation_size, out, &out_len); 1089 if (res) { 1090 fastboot_tx_write_str("FAILtrusty_attest_get_ca failed"); 1091 return; 1092 } 1093 upload_size = out_len; 1094 memcpy((void *)CONFIG_FASTBOOT_BUF_ADDR, out, out_len); 1095 fastboot_tx_write_str("OKAY"); 1096 #else 1097 fastboot_tx_write_str("FAILnot implemented"); 1098 return; 1099 #endif 1100 } else if (strncmp("at-set-ca-response", cmd + 4, 18) == 0) { 1101 #ifdef CONFIG_OPTEE_CLIENT 1102 uint32_t ca_response_size = download_bytes; 1103 uint32_t res = 0; 1104 1105 res = trusty_attest_set_ca((uint8_t *)CONFIG_FASTBOOT_BUF_ADDR, 1106 &ca_response_size); 1107 if (res) 1108 fastboot_tx_write_str("FAILtrusty_attest_set_ca failed"); 1109 else 1110 fastboot_tx_write_str("OKAY"); 1111 #else 1112 fastboot_tx_write_str("FAILnot implemented"); 1113 return; 1114 #endif 1115 } else if (strncmp("at-lock-vboot", cmd + 4, 13) == 0) { 1116 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1117 uint8_t lock_state; 1118 lock_state = 0; 1119 if (rk_avb_write_lock_state(lock_state)) 1120 fastboot_tx_write_str("FAILwrite lock state failed"); 1121 else 1122 fastboot_tx_write_str("OKAY"); 1123 #else 1124 fastboot_tx_write_str("FAILnot implemented"); 1125 #endif 1126 } else if (strncmp("at-unlock-vboot", cmd + 4, 15) == 0) { 1127 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1128 uint8_t lock_state; 1129 if (rk_avb_read_lock_state(&lock_state)) 1130 fastboot_tx_write_str("FAILlock sate read failure"); 1131 if (lock_state >> 1 == 1) { 1132 fastboot_tx_write_str("FAILThe vboot is disable!"); 1133 } else { 1134 lock_state = 1; 1135 if (rk_avb_write_lock_state(lock_state)) 1136 fastboot_tx_write_str("FAILwrite lock state failed"); 1137 else 1138 fastboot_tx_write_str("OKAY"); 1139 } 1140 #else 1141 fastboot_tx_write_str("FAILnot implemented"); 1142 #endif 1143 } else if (strncmp("at-disable-unlock-vboot", cmd + 4, 23) == 0) { 1144 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1145 uint8_t lock_state; 1146 lock_state = 2; 1147 if (rk_avb_write_lock_state(lock_state)) 1148 fastboot_tx_write_str("FAILwrite lock state failed"); 1149 else 1150 fastboot_tx_write_str("OKAY"); 1151 #else 1152 fastboot_tx_write_str("FAILnot implemented"); 1153 #endif 1154 } else if (strncmp("fuse at-perm-attr", cmd + 4, 16) == 0) { 1155 cb_oem_perm_attr(); 1156 } else if (strncmp("fuse at-bootloader-vboot-key", cmd + 4, 27) == 0) { 1157 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1158 sha256_context ctx; 1159 uint8_t digest[SHA256_SUM_LEN]; 1160 1161 if (download_bytes != VBOOT_KEY_HASH_SIZE) { 1162 fastboot_tx_write_str("FAILinvalid vboot key length"); 1163 printf("The vboot key size error!\n"); 1164 return; 1165 } 1166 1167 sha256_starts(&ctx); 1168 sha256_update(&ctx, (const uint8_t *)CONFIG_FASTBOOT_BUF_ADDR, 1169 VBOOT_KEY_SIZE); 1170 sha256_finish(&ctx, digest); 1171 1172 if (rk_avb_write_vbootkey_hash((uint8_t *)digest, 1173 SHA256_SUM_LEN)) { 1174 fastboot_tx_write_str("FAILvbootkey hash write failure"); 1175 return; 1176 } 1177 fastboot_tx_write_str("OKAY"); 1178 #else 1179 fastboot_tx_write_str("FAILnot implemented"); 1180 #endif 1181 } else { 1182 fastboot_tx_write_str("FAILunknown oem command"); 1183 } 1184 } 1185 1186 #ifdef CONFIG_FASTBOOT_FLASH 1187 static void cb_erase(struct usb_ep *ep, struct usb_request *req) 1188 { 1189 char *cmd = req->buf; 1190 char response[FASTBOOT_RESPONSE_LEN]; 1191 1192 strsep(&cmd, ":"); 1193 if (!cmd) { 1194 pr_err("missing partition name"); 1195 fastboot_tx_write_str("FAILmissing partition name"); 1196 return; 1197 } 1198 1199 fastboot_fail("no flash device defined", response); 1200 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 1201 fb_mmc_erase(cmd, response); 1202 #endif 1203 #ifdef CONFIG_FASTBOOT_FLASH_NAND_DEV 1204 fb_nand_erase(cmd, response); 1205 #endif 1206 fastboot_tx_write_str(response); 1207 } 1208 #endif 1209 1210 struct cmd_dispatch_info { 1211 char *cmd; 1212 void (*cb)(struct usb_ep *ep, struct usb_request *req); 1213 }; 1214 1215 static const struct cmd_dispatch_info cmd_dispatch_info[] = { 1216 { 1217 .cmd = "reboot", 1218 .cb = cb_reboot, 1219 }, { 1220 .cmd = "getvar:", 1221 .cb = cb_getvar, 1222 }, { 1223 .cmd = "download:", 1224 .cb = cb_download, 1225 }, { 1226 .cmd = "upload", 1227 .cb = cb_upload, 1228 }, { 1229 .cmd = "boot", 1230 .cb = cb_boot, 1231 }, { 1232 .cmd = "continue", 1233 .cb = cb_continue, 1234 }, { 1235 .cmd = "set_active", 1236 .cb = cb_set_active, 1237 }, 1238 #ifdef CONFIG_FASTBOOT_FLASH 1239 { 1240 .cmd = "flashing", 1241 .cb = cb_flashing, 1242 }, 1243 { 1244 .cmd = "flash", 1245 .cb = cb_flash, 1246 }, { 1247 .cmd = "erase", 1248 .cb = cb_erase, 1249 }, 1250 #endif 1251 { 1252 .cmd = "oem", 1253 .cb = cb_oem, 1254 }, 1255 }; 1256 1257 static void rx_handler_command(struct usb_ep *ep, struct usb_request *req) 1258 { 1259 char *cmdbuf = req->buf; 1260 void (*func_cb)(struct usb_ep *ep, struct usb_request *req) = NULL; 1261 int i; 1262 1263 if (req->status != 0 || req->length == 0) 1264 return; 1265 1266 for (i = 0; i < ARRAY_SIZE(cmd_dispatch_info); i++) { 1267 if (!strcmp_l1(cmd_dispatch_info[i].cmd, cmdbuf)) { 1268 func_cb = cmd_dispatch_info[i].cb; 1269 break; 1270 } 1271 } 1272 1273 if (!func_cb) { 1274 pr_err("unknown command: %.*s", req->actual, cmdbuf); 1275 fastboot_tx_write_str("FAILunknown command"); 1276 } else { 1277 if (req->actual < req->length) { 1278 u8 *buf = (u8 *)req->buf; 1279 buf[req->actual] = 0; 1280 func_cb(ep, req); 1281 } else { 1282 pr_err("buffer overflow"); 1283 fastboot_tx_write_str("FAILbuffer overflow"); 1284 } 1285 } 1286 1287 *cmdbuf = '\0'; 1288 req->actual = 0; 1289 usb_ep_queue(ep, req, 0); 1290 } 1291