1 /* 2 * (C) Copyright 2008 - 2009 3 * Windriver, <www.windriver.com> 4 * Tom Rix <Tom.Rix@windriver.com> 5 * 6 * Copyright 2011 Sebastian Andrzej Siewior <bigeasy@linutronix.de> 7 * 8 * Copyright 2014 Linaro, Ltd. 9 * Rob Herring <robh@kernel.org> 10 * 11 * SPDX-License-Identifier: GPL-2.0+ 12 */ 13 #include <config.h> 14 #include <common.h> 15 #include <console.h> 16 #include <errno.h> 17 #include <fastboot.h> 18 #include <malloc.h> 19 #include <linux/usb/ch9.h> 20 #include <linux/usb/gadget.h> 21 #include <linux/usb/composite.h> 22 #include <linux/compiler.h> 23 #include <u-boot/sha256.h> 24 #include <version.h> 25 #include <g_dnl.h> 26 #include <fs.h> 27 #include <android_avb/avb_ops_user.h> 28 #include <android_avb/rk_avb_ops_user.h> 29 #include <dm/uclass.h> 30 #include <power/fuel_gauge.h> 31 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 32 #include <fb_mmc.h> 33 #endif 34 #ifdef CONFIG_FASTBOOT_FLASH_NAND_DEV 35 #include <fb_nand.h> 36 #endif 37 #ifdef CONFIG_OPTEE_CLIENT 38 #include <optee_include/OpteeClientInterface.h> 39 #endif 40 #include <boot_rkimg.h> 41 #include <optee_include/tee_client_api.h> 42 43 #define FASTBOOT_VERSION "0.4" 44 45 #define FASTBOOT_INTERFACE_CLASS 0xff 46 #define FASTBOOT_INTERFACE_SUB_CLASS 0x42 47 #define FASTBOOT_INTERFACE_PROTOCOL 0x03 48 49 #define RX_ENDPOINT_MAXIMUM_PACKET_SIZE_2_0 (0x0200) 50 #define RX_ENDPOINT_MAXIMUM_PACKET_SIZE_1_1 (0x0040) 51 #define TX_ENDPOINT_MAXIMUM_PACKET_SIZE (0x0040) 52 53 #define EP_BUFFER_SIZE 4096 54 #define SLEEP_COUNT 20000 55 /* 56 * EP_BUFFER_SIZE must always be an integral multiple of maxpacket size 57 * (64 or 512 or 1024), else we break on certain controllers like DWC3 58 * that expect bulk OUT requests to be divisible by maxpacket size. 59 */ 60 61 struct f_fastboot { 62 struct usb_function usb_function; 63 64 /* IN/OUT EP's and corresponding requests */ 65 struct usb_ep *in_ep, *out_ep; 66 struct usb_request *in_req, *out_req; 67 }; 68 69 static inline struct f_fastboot *func_to_fastboot(struct usb_function *f) 70 { 71 return container_of(f, struct f_fastboot, usb_function); 72 } 73 74 static struct f_fastboot *fastboot_func; 75 static unsigned int download_size; 76 static unsigned int download_bytes; 77 static unsigned int upload_size; 78 static unsigned int upload_bytes; 79 static bool start_upload; 80 static unsigned intthread_wakeup_needed; 81 82 static struct usb_endpoint_descriptor fs_ep_in = { 83 .bLength = USB_DT_ENDPOINT_SIZE, 84 .bDescriptorType = USB_DT_ENDPOINT, 85 .bEndpointAddress = USB_DIR_IN, 86 .bmAttributes = USB_ENDPOINT_XFER_BULK, 87 .wMaxPacketSize = cpu_to_le16(64), 88 }; 89 90 static struct usb_endpoint_descriptor fs_ep_out = { 91 .bLength = USB_DT_ENDPOINT_SIZE, 92 .bDescriptorType = USB_DT_ENDPOINT, 93 .bEndpointAddress = USB_DIR_OUT, 94 .bmAttributes = USB_ENDPOINT_XFER_BULK, 95 .wMaxPacketSize = cpu_to_le16(64), 96 }; 97 98 static struct usb_endpoint_descriptor hs_ep_in = { 99 .bLength = USB_DT_ENDPOINT_SIZE, 100 .bDescriptorType = USB_DT_ENDPOINT, 101 .bEndpointAddress = USB_DIR_IN, 102 .bmAttributes = USB_ENDPOINT_XFER_BULK, 103 .wMaxPacketSize = cpu_to_le16(512), 104 }; 105 106 static struct usb_endpoint_descriptor hs_ep_out = { 107 .bLength = USB_DT_ENDPOINT_SIZE, 108 .bDescriptorType = USB_DT_ENDPOINT, 109 .bEndpointAddress = USB_DIR_OUT, 110 .bmAttributes = USB_ENDPOINT_XFER_BULK, 111 .wMaxPacketSize = cpu_to_le16(512), 112 }; 113 114 static struct usb_interface_descriptor interface_desc = { 115 .bLength = USB_DT_INTERFACE_SIZE, 116 .bDescriptorType = USB_DT_INTERFACE, 117 .bInterfaceNumber = 0x00, 118 .bAlternateSetting = 0x00, 119 .bNumEndpoints = 0x02, 120 .bInterfaceClass = FASTBOOT_INTERFACE_CLASS, 121 .bInterfaceSubClass = FASTBOOT_INTERFACE_SUB_CLASS, 122 .bInterfaceProtocol = FASTBOOT_INTERFACE_PROTOCOL, 123 }; 124 125 static struct usb_descriptor_header *fb_fs_function[] = { 126 (struct usb_descriptor_header *)&interface_desc, 127 (struct usb_descriptor_header *)&fs_ep_in, 128 (struct usb_descriptor_header *)&fs_ep_out, 129 }; 130 131 static struct usb_descriptor_header *fb_hs_function[] = { 132 (struct usb_descriptor_header *)&interface_desc, 133 (struct usb_descriptor_header *)&hs_ep_in, 134 (struct usb_descriptor_header *)&hs_ep_out, 135 NULL, 136 }; 137 138 static struct usb_endpoint_descriptor * 139 fb_ep_desc(struct usb_gadget *g, struct usb_endpoint_descriptor *fs, 140 struct usb_endpoint_descriptor *hs) 141 { 142 if (gadget_is_dualspeed(g) && g->speed == USB_SPEED_HIGH) 143 return hs; 144 return fs; 145 } 146 147 /* 148 * static strings, in UTF-8 149 */ 150 static const char fastboot_name[] = "Android Fastboot"; 151 152 static struct usb_string fastboot_string_defs[] = { 153 [0].s = fastboot_name, 154 { } /* end of list */ 155 }; 156 157 static struct usb_gadget_strings stringtab_fastboot = { 158 .language = 0x0409, /* en-us */ 159 .strings = fastboot_string_defs, 160 }; 161 162 static struct usb_gadget_strings *fastboot_strings[] = { 163 &stringtab_fastboot, 164 NULL, 165 }; 166 167 static void rx_handler_command(struct usb_ep *ep, struct usb_request *req); 168 static int strcmp_l1(const char *s1, const char *s2); 169 static void wakeup_thread(void) 170 { 171 intthread_wakeup_needed = false; 172 } 173 174 static void busy_indicator(void) 175 { 176 static int state; 177 178 switch (state) { 179 case 0: 180 puts("\r|"); break; 181 case 1: 182 puts("\r/"); break; 183 case 2: 184 puts("\r-"); break; 185 case 3: 186 puts("\r\\"); break; 187 case 4: 188 puts("\r|"); break; 189 case 5: 190 puts("\r/"); break; 191 case 6: 192 puts("\r-"); break; 193 case 7: 194 puts("\r\\"); break; 195 default: 196 state = 0; 197 } 198 if (state++ == 8) 199 state = 0; 200 } 201 202 static int sleep_thread(void) 203 { 204 int rc = 0; 205 int i = 0, k = 0; 206 207 /* Wait until a signal arrives or we are woken up */ 208 for (;;) { 209 if (!intthread_wakeup_needed) 210 break; 211 212 if (++i == SLEEP_COUNT) { 213 busy_indicator(); 214 i = 0; 215 k++; 216 } 217 218 if (k == 10) { 219 /* Handle CTRL+C */ 220 if (ctrlc()) 221 return -EPIPE; 222 223 /* Check cable connection */ 224 if (!g_dnl_board_usb_cable_connected()) 225 return -EIO; 226 227 k = 0; 228 } 229 230 usb_gadget_handle_interrupts(0); 231 } 232 intthread_wakeup_needed = true; 233 return rc; 234 } 235 236 static void fastboot_complete(struct usb_ep *ep, struct usb_request *req) 237 { 238 int status = req->status; 239 240 wakeup_thread(); 241 if (!status) 242 return; 243 printf("status: %d ep '%s' trans: %d\n", status, ep->name, req->actual); 244 } 245 246 static int fastboot_bind(struct usb_configuration *c, struct usb_function *f) 247 { 248 int id; 249 struct usb_gadget *gadget = c->cdev->gadget; 250 struct f_fastboot *f_fb = func_to_fastboot(f); 251 const char *s; 252 253 /* DYNAMIC interface numbers assignments */ 254 id = usb_interface_id(c, f); 255 if (id < 0) 256 return id; 257 interface_desc.bInterfaceNumber = id; 258 259 id = usb_string_id(c->cdev); 260 if (id < 0) 261 return id; 262 fastboot_string_defs[0].id = id; 263 interface_desc.iInterface = id; 264 265 f_fb->in_ep = usb_ep_autoconfig(gadget, &fs_ep_in); 266 if (!f_fb->in_ep) 267 return -ENODEV; 268 f_fb->in_ep->driver_data = c->cdev; 269 270 f_fb->out_ep = usb_ep_autoconfig(gadget, &fs_ep_out); 271 if (!f_fb->out_ep) 272 return -ENODEV; 273 f_fb->out_ep->driver_data = c->cdev; 274 275 f->descriptors = fb_fs_function; 276 277 if (gadget_is_dualspeed(gadget)) { 278 /* Assume endpoint addresses are the same for both speeds */ 279 hs_ep_in.bEndpointAddress = fs_ep_in.bEndpointAddress; 280 hs_ep_out.bEndpointAddress = fs_ep_out.bEndpointAddress; 281 /* copy HS descriptors */ 282 f->hs_descriptors = fb_hs_function; 283 } 284 285 s = env_get("serial#"); 286 if (s) 287 g_dnl_set_serialnumber((char *)s); 288 289 return 0; 290 } 291 292 static void fastboot_unbind(struct usb_configuration *c, struct usb_function *f) 293 { 294 memset(fastboot_func, 0, sizeof(*fastboot_func)); 295 } 296 297 static void fastboot_disable(struct usb_function *f) 298 { 299 struct f_fastboot *f_fb = func_to_fastboot(f); 300 301 usb_ep_disable(f_fb->out_ep); 302 usb_ep_disable(f_fb->in_ep); 303 304 if (f_fb->out_req) { 305 free(f_fb->out_req->buf); 306 usb_ep_free_request(f_fb->out_ep, f_fb->out_req); 307 f_fb->out_req = NULL; 308 } 309 if (f_fb->in_req) { 310 free(f_fb->in_req->buf); 311 usb_ep_free_request(f_fb->in_ep, f_fb->in_req); 312 f_fb->in_req = NULL; 313 } 314 } 315 316 static struct usb_request *fastboot_start_ep(struct usb_ep *ep) 317 { 318 struct usb_request *req; 319 320 req = usb_ep_alloc_request(ep, 0); 321 if (!req) 322 return NULL; 323 324 req->length = EP_BUFFER_SIZE; 325 req->buf = memalign(CONFIG_SYS_CACHELINE_SIZE, EP_BUFFER_SIZE); 326 if (!req->buf) { 327 usb_ep_free_request(ep, req); 328 return NULL; 329 } 330 331 memset(req->buf, 0, req->length); 332 return req; 333 } 334 335 static int fastboot_set_alt(struct usb_function *f, 336 unsigned interface, unsigned alt) 337 { 338 int ret; 339 struct usb_composite_dev *cdev = f->config->cdev; 340 struct usb_gadget *gadget = cdev->gadget; 341 struct f_fastboot *f_fb = func_to_fastboot(f); 342 const struct usb_endpoint_descriptor *d; 343 344 debug("%s: func: %s intf: %d alt: %d\n", 345 __func__, f->name, interface, alt); 346 347 d = fb_ep_desc(gadget, &fs_ep_out, &hs_ep_out); 348 ret = usb_ep_enable(f_fb->out_ep, d); 349 if (ret) { 350 puts("failed to enable out ep\n"); 351 return ret; 352 } 353 354 f_fb->out_req = fastboot_start_ep(f_fb->out_ep); 355 if (!f_fb->out_req) { 356 puts("failed to alloc out req\n"); 357 ret = -EINVAL; 358 goto err; 359 } 360 f_fb->out_req->complete = rx_handler_command; 361 362 d = fb_ep_desc(gadget, &fs_ep_in, &hs_ep_in); 363 ret = usb_ep_enable(f_fb->in_ep, d); 364 if (ret) { 365 puts("failed to enable in ep\n"); 366 goto err; 367 } 368 369 f_fb->in_req = fastboot_start_ep(f_fb->in_ep); 370 if (!f_fb->in_req) { 371 puts("failed alloc req in\n"); 372 ret = -EINVAL; 373 goto err; 374 } 375 f_fb->in_req->complete = fastboot_complete; 376 377 ret = usb_ep_queue(f_fb->out_ep, f_fb->out_req, 0); 378 if (ret) 379 goto err; 380 381 return 0; 382 err: 383 fastboot_disable(f); 384 return ret; 385 } 386 387 static int fastboot_add(struct usb_configuration *c) 388 { 389 struct f_fastboot *f_fb = fastboot_func; 390 int status; 391 392 debug("%s: cdev: 0x%p\n", __func__, c->cdev); 393 394 if (!f_fb) { 395 f_fb = memalign(CONFIG_SYS_CACHELINE_SIZE, sizeof(*f_fb)); 396 if (!f_fb) 397 return -ENOMEM; 398 399 fastboot_func = f_fb; 400 memset(f_fb, 0, sizeof(*f_fb)); 401 } 402 403 f_fb->usb_function.name = "f_fastboot"; 404 f_fb->usb_function.bind = fastboot_bind; 405 f_fb->usb_function.unbind = fastboot_unbind; 406 f_fb->usb_function.set_alt = fastboot_set_alt; 407 f_fb->usb_function.disable = fastboot_disable; 408 f_fb->usb_function.strings = fastboot_strings; 409 410 status = usb_add_function(c, &f_fb->usb_function); 411 if (status) { 412 free(f_fb); 413 fastboot_func = f_fb; 414 } 415 416 return status; 417 } 418 DECLARE_GADGET_BIND_CALLBACK(usb_dnl_fastboot, fastboot_add); 419 420 static int fastboot_tx_write(const char *buffer, unsigned int buffer_size) 421 { 422 struct usb_request *in_req = fastboot_func->in_req; 423 int ret; 424 425 memcpy(in_req->buf, buffer, buffer_size); 426 in_req->length = buffer_size; 427 428 usb_ep_dequeue(fastboot_func->in_ep, in_req); 429 430 ret = usb_ep_queue(fastboot_func->in_ep, in_req, 0); 431 if (ret) 432 printf("Error %d on queue\n", ret); 433 return 0; 434 } 435 436 static int fastboot_tx_write_str(const char *buffer) 437 { 438 int ret; 439 440 ret = sleep_thread(); 441 if (ret < 0) 442 printf("warning: 0x%x, usb transmission is abnormal!\n", ret); 443 444 return fastboot_tx_write(buffer, strlen(buffer)); 445 } 446 447 static void compl_do_reset(struct usb_ep *ep, struct usb_request *req) 448 { 449 do_reset(NULL, 0, 0, NULL); 450 } 451 452 int __weak fb_set_reboot_flag(void) 453 { 454 return -ENOSYS; 455 } 456 457 static void cb_reboot(struct usb_ep *ep, struct usb_request *req) 458 { 459 char *cmd = req->buf; 460 if (!strcmp_l1("reboot-bootloader", cmd)) { 461 if (fb_set_reboot_flag()) { 462 fastboot_tx_write_str("FAILCannot set reboot flag"); 463 return; 464 } 465 } 466 fastboot_func->in_req->complete = compl_do_reset; 467 fastboot_tx_write_str("OKAY"); 468 } 469 470 static int strcmp_l1(const char *s1, const char *s2) 471 { 472 if (!s1 || !s2) 473 return -1; 474 return strncmp(s1, s2, strlen(s1)); 475 } 476 477 static void cb_getvar(struct usb_ep *ep, struct usb_request *req) 478 { 479 char *cmd = req->buf; 480 char response[FASTBOOT_RESPONSE_LEN]; 481 const char *s; 482 size_t chars_left; 483 484 strcpy(response, "OKAY"); 485 chars_left = sizeof(response) - strlen(response) - 1; 486 487 strsep(&cmd, ":"); 488 if (!cmd) { 489 pr_err("missing variable"); 490 fastboot_tx_write_str("FAILmissing var"); 491 return; 492 } 493 494 if (!strcmp_l1("version", cmd)) { 495 strncat(response, FASTBOOT_VERSION, chars_left); 496 } else if (!strcmp_l1("bootloader-version", cmd)) { 497 strncat(response, U_BOOT_VERSION, chars_left); 498 } else if (!strcmp_l1("product", cmd)) { 499 strncat(response, CONFIG_SYS_BOARD, chars_left); 500 } else if (!strcmp_l1("variant", cmd)) { 501 strncat(response, "userdebug", chars_left); 502 } else if (!strcmp_l1("secure", cmd)) { 503 strncat(response, "no", chars_left); 504 } else if (!strcmp_l1("unlocked", cmd)) { 505 strncat(response, "yes", chars_left); 506 } else if (!strcmp_l1("off-mode-charge", cmd)) { 507 strncat(response, "0", chars_left); 508 } else if (!strcmp_l1("battery-voltage", cmd)) { 509 strncat(response, "7.4", chars_left); 510 } else if (!strcmp_l1("battery-soc-ok", cmd)) { 511 strncat(response, "yes", chars_left); 512 } else if (!strcmp_l1("downloadsize", cmd) || 513 !strcmp_l1("max-download-size", cmd)) { 514 char str_num[12]; 515 516 sprintf(str_num, "0x%08x", CONFIG_FASTBOOT_BUF_SIZE); 517 strncat(response, str_num, chars_left); 518 } else if (!strcmp_l1("serialno", cmd)) { 519 s = env_get("serial#"); 520 if (s) 521 strncat(response, s, chars_left); 522 else 523 strcpy(response, "FAILValue not set"); 524 } else if (strncmp("at-attest-dh", cmd, 12) == 0) { 525 #ifdef CONFIG_OPTEE_CLIENT 526 char dhbuf[8]; 527 uint32_t dh_len = 8; 528 uint32_t res = trusty_attest_dh((uint8_t *)dhbuf, &dh_len); 529 if (res) 530 strcpy(response, "FAILdh not set"); 531 else 532 strncat(response, dhbuf, chars_left); 533 #else 534 fastboot_tx_write_str("FAILnot implemented"); 535 return; 536 #endif 537 } else if (strncmp("at-attest-uuid", cmd, 14) == 0) { 538 #ifdef CONFIG_OPTEE_CLIENT 539 char uuid[32] = {0}; 540 uint32_t uuid_len = 32; 541 uint32_t res = trusty_attest_uuid((uint8_t *)uuid, &uuid_len); 542 if (res) 543 strcpy(response, "FAILuuid not set"); 544 else 545 strncat(response, uuid, chars_left); 546 #else 547 fastboot_tx_write_str("FAILnot implemented"); 548 return; 549 #endif 550 } else if (strncmp("at-vboot-state", cmd, 14) == 0) { 551 char uuid[32] = {0}; 552 553 strncat(response, uuid, chars_left); 554 } else if (!strcmp_l1("slot-count", cmd)) { 555 #ifdef CONFIG_RK_AVB_LIBAVB_USER 556 char slot_count[2]; 557 char temp; 558 559 slot_count[1] = '\0'; 560 rk_avb_read_slot_count(&temp); 561 slot_count[0] = temp + 0x30; 562 strncat(response, slot_count, chars_left); 563 #else 564 fastboot_tx_write_str("FAILnot implemented"); 565 return; 566 #endif 567 } else if (!strcmp_l1("current-slot", cmd)) { 568 #ifdef CONFIG_RK_AVB_LIBAVB_USER 569 char slot_surrent[8] = {0}; 570 571 if (!rk_avb_get_current_slot(slot_surrent)) 572 strncat(response, slot_surrent+1, chars_left); 573 else 574 strcpy(response, "FAILgeterror"); 575 #else 576 fastboot_tx_write_str("FAILnot implemented"); 577 return; 578 #endif 579 } else if (!strcmp_l1("slot-suffixes", cmd)) { 580 #ifdef CONFIG_RK_AVB_LIBAVB_USER 581 char slot_suffixes_temp[4]; 582 char slot_suffixes[9]; 583 int slot_cnt = 0; 584 585 memset(slot_suffixes_temp, 0, 4); 586 memset(slot_suffixes, 0, 9); 587 rk_avb_read_slot_suffixes(slot_suffixes_temp); 588 while (slot_suffixes_temp[slot_cnt] != '\0') { 589 slot_suffixes[slot_cnt * 2] 590 = slot_suffixes_temp[slot_cnt]; 591 slot_suffixes[slot_cnt * 2 + 1] = ','; 592 slot_cnt++; 593 } 594 strncat(response, slot_suffixes, chars_left); 595 #else 596 fastboot_tx_write_str("FAILnot implemented"); 597 return; 598 #endif 599 } else if (!strncmp("has-slot", cmd, 8)) { 600 #ifdef CONFIG_RK_AVB_LIBAVB_USER 601 char *part_name = cmd; 602 603 cmd = strsep(&part_name, ":"); 604 if (!strcmp(part_name, "boot") || 605 !strcmp(part_name, "system") || 606 !strcmp(part_name, "vendor") || 607 !strcmp(part_name, "vbmeta") || 608 !strcmp(part_name, "oem")) { 609 strncat(response, "yes", chars_left); 610 } else { 611 strcpy(response, "FAILno"); 612 } 613 #else 614 fastboot_tx_write_str("FAILnot implemented"); 615 return; 616 #endif 617 } else if (!strncmp("slot-unbootable", cmd, 15)) { 618 #ifdef CONFIG_RK_AVB_LIBAVB_USER 619 char *slot_name = cmd; 620 621 cmd = strsep(&slot_name, ":"); 622 if (!strcmp(slot_name, "a") || 623 !strcmp(slot_name, "b")) { 624 strncat(response, "no", chars_left); 625 } else { 626 strcpy(response, "FAILno"); 627 } 628 #else 629 fastboot_tx_write_str("FAILnot implemented"); 630 return; 631 #endif 632 } else if (!strncmp("slot-successful", cmd, 15)) { 633 #ifdef CONFIG_RK_AVB_LIBAVB_USER 634 char *slot_name = cmd; 635 636 cmd = strsep(&slot_name, ":"); 637 if (!strcmp(slot_name, "a") || 638 !strcmp(slot_name, "b")) { 639 strncat(response, "no", chars_left); 640 } else { 641 strcpy(response, "FAILno"); 642 } 643 #else 644 fastboot_tx_write_str("FAILnot implemented"); 645 return; 646 #endif 647 } else if (!strncmp("slot-retry-count", cmd, 16)) { 648 #ifdef CONFIG_RK_AVB_LIBAVB_USER 649 char *slot_name = cmd; 650 char count[10] = {0}; 651 static int cnt[2] = {0}; 652 653 cmd = strsep(&slot_name, ":"); 654 if (!strcmp(slot_name, "a")) { 655 sprintf(count, "%c", 0x30+cnt[0]); 656 strncat(response, count, chars_left); 657 if (cnt[0] > 0) 658 cnt[0]--; 659 } else if (!strcmp(slot_name, "b")) { 660 sprintf(count, "%c", 0x30+cnt[1]); 661 strncat(response, count, chars_left); 662 if (cnt[1] > 0) 663 cnt[1]--; 664 } else { 665 strcpy(response, "FAILno"); 666 } 667 #else 668 fastboot_tx_write_str("FAILnot implemented"); 669 return; 670 #endif 671 } else if (!strncmp("partition-type", cmd, 14) || 672 !strncmp("partition-size", cmd, 14)) { 673 disk_partition_t part_info; 674 struct blk_desc *dev_desc; 675 char *part_name = cmd; 676 char part_size_str[20]; 677 678 cmd = strsep(&part_name, ":"); 679 dev_desc = blk_get_dev("mmc", 0); 680 if (!dev_desc) { 681 strcpy(response, "FAILblock device not found"); 682 } else if (part_get_info_by_name(dev_desc, part_name, &part_info) < 0) { 683 strcpy(response, "FAILpartition not found"); 684 } else if (!strncmp("partition-type", cmd, 14)) { 685 strncat(response, (char *)part_info.type, chars_left); 686 } else if (!strncmp("partition-size", cmd, 14)) { 687 sprintf(part_size_str, "0x%016x", (int)part_info.size); 688 strncat(response, part_size_str, chars_left); 689 } 690 } else if (!strncmp("oem-unlock", cmd, 10)) { 691 #ifdef CONFIG_OPTEE_CLIENT 692 #ifdef CONFIG_RK_AVB_LIBAVB_USER 693 fastboot_tx_write_str("FAILnot implemented"); 694 return; 695 #else 696 697 char msg[50] = {0}; 698 uint8_t unlock = 0; 699 TEEC_Result result; 700 701 result = trusty_read_oem_unlock(&unlock); 702 if (result) { 703 printf("read oem unlock status with error : 0x%x\n", result); 704 fastboot_tx_write_str("FAILRead oem unlock status failed"); 705 return; 706 } 707 sprintf(msg, "Device is %s, Status Code: %d\n", 708 unlock == 0 ? "LOCKED" : "UNLOCKED", unlock); 709 710 printf(msg); 711 strncat(response, msg, chars_left); 712 #endif 713 #else 714 fastboot_tx_write_str("FAILnot implemented"); 715 return; 716 #endif 717 } else { 718 char *envstr; 719 720 envstr = malloc(strlen("fastboot.") + strlen(cmd) + 1); 721 if (!envstr) { 722 fastboot_tx_write_str("FAILmalloc error"); 723 return; 724 } 725 726 sprintf(envstr, "fastboot.%s", cmd); 727 s = env_get(envstr); 728 if (s) { 729 strncat(response, s, chars_left); 730 } else { 731 printf("WARNING: unknown variable: %s\n", cmd); 732 strcpy(response, "FAILVariable not implemented"); 733 } 734 735 free(envstr); 736 } 737 fastboot_tx_write_str(response); 738 } 739 740 static unsigned int rx_bytes_expected(struct usb_ep *ep) 741 { 742 int rx_remain = download_size - download_bytes; 743 unsigned int rem; 744 unsigned int maxpacket = ep->maxpacket; 745 746 if (rx_remain <= 0) 747 return 0; 748 else if (rx_remain > EP_BUFFER_SIZE) 749 return EP_BUFFER_SIZE; 750 751 /* 752 * Some controllers e.g. DWC3 don't like OUT transfers to be 753 * not ending in maxpacket boundary. So just make them happy by 754 * always requesting for integral multiple of maxpackets. 755 * This shouldn't bother controllers that don't care about it. 756 */ 757 rem = rx_remain % maxpacket; 758 if (rem > 0) 759 rx_remain = rx_remain + (maxpacket - rem); 760 761 return rx_remain; 762 } 763 764 #define BYTES_PER_DOT 0x20000 765 static void rx_handler_dl_image(struct usb_ep *ep, struct usb_request *req) 766 { 767 char response[FASTBOOT_RESPONSE_LEN]; 768 unsigned int transfer_size = download_size - download_bytes; 769 const unsigned char *buffer = req->buf; 770 unsigned int buffer_size = req->actual; 771 unsigned int pre_dot_num, now_dot_num; 772 773 if (req->status != 0) { 774 printf("Bad status: %d\n", req->status); 775 return; 776 } 777 778 if (buffer_size < transfer_size) 779 transfer_size = buffer_size; 780 781 memcpy((void *)CONFIG_FASTBOOT_BUF_ADDR + download_bytes, 782 buffer, transfer_size); 783 784 pre_dot_num = download_bytes / BYTES_PER_DOT; 785 download_bytes += transfer_size; 786 now_dot_num = download_bytes / BYTES_PER_DOT; 787 788 if (pre_dot_num != now_dot_num) { 789 putc('.'); 790 if (!(now_dot_num % 74)) 791 putc('\n'); 792 } 793 794 /* Check if transfer is done */ 795 if (download_bytes >= download_size) { 796 /* 797 * Reset global transfer variable, keep download_bytes because 798 * it will be used in the next possible flashing command 799 */ 800 download_size = 0; 801 req->complete = rx_handler_command; 802 req->length = EP_BUFFER_SIZE; 803 804 strcpy(response, "OKAY"); 805 fastboot_tx_write_str(response); 806 807 printf("\ndownloading of %d bytes finished\n", download_bytes); 808 } else { 809 req->length = rx_bytes_expected(ep); 810 } 811 812 req->actual = 0; 813 usb_ep_queue(ep, req, 0); 814 } 815 816 static void cb_download(struct usb_ep *ep, struct usb_request *req) 817 { 818 char *cmd = req->buf; 819 char response[FASTBOOT_RESPONSE_LEN]; 820 821 strsep(&cmd, ":"); 822 download_size = simple_strtoul(cmd, NULL, 16); 823 download_bytes = 0; 824 825 printf("Starting download of %d bytes\n", download_size); 826 827 if (0 == download_size) { 828 strcpy(response, "FAILdata invalid size"); 829 } else if (download_size > CONFIG_FASTBOOT_BUF_SIZE) { 830 download_size = 0; 831 strcpy(response, "FAILdata too large"); 832 } else { 833 sprintf(response, "DATA%08x", download_size); 834 req->complete = rx_handler_dl_image; 835 req->length = rx_bytes_expected(ep); 836 } 837 838 fastboot_tx_write_str(response); 839 } 840 841 static void tx_handler_ul(struct usb_ep *ep, struct usb_request *req) 842 { 843 unsigned int xfer_size = 0; 844 unsigned int pre_dot_num, now_dot_num; 845 unsigned int remain_size = 0; 846 unsigned int transferred_size = req->actual; 847 848 if (req->status != 0) { 849 printf("Bad status: %d\n", req->status); 850 return; 851 } 852 853 if (start_upload) { 854 pre_dot_num = upload_bytes / BYTES_PER_DOT; 855 upload_bytes += transferred_size; 856 now_dot_num = upload_bytes / BYTES_PER_DOT; 857 858 if (pre_dot_num != now_dot_num) { 859 putc('.'); 860 if (!(now_dot_num % 74)) 861 putc('\n'); 862 } 863 } 864 865 remain_size = upload_size - upload_bytes; 866 xfer_size = (remain_size > EP_BUFFER_SIZE) ? 867 EP_BUFFER_SIZE : remain_size; 868 869 debug("%s: remain_size=%d, transferred_size=%d", 870 __func__, remain_size, transferred_size); 871 debug("xfer_size=%d, upload_bytes=%d, upload_size=%d!\n", 872 xfer_size, upload_bytes, upload_size); 873 874 if (remain_size <= 0) { 875 fastboot_func->in_req->complete = fastboot_complete; 876 fastboot_tx_write_str("OKAY"); 877 printf("\nuploading of %d bytes finished\n", upload_bytes); 878 upload_bytes = 0; 879 upload_size = 0; 880 start_upload = false; 881 return; 882 } 883 884 /* Remove the transfer callback which response the upload */ 885 /* request from host */ 886 if (!upload_bytes) 887 start_upload = true; 888 889 fastboot_tx_write((char *)((phys_addr_t)CONFIG_FASTBOOT_BUF_ADDR + \ 890 upload_bytes), 891 xfer_size); 892 } 893 894 static void cb_upload(struct usb_ep *ep, struct usb_request *req) 895 { 896 char response[FASTBOOT_RESPONSE_LEN]; 897 898 printf("Starting upload of %d bytes\n", upload_size); 899 900 if (0 == upload_size) { 901 strcpy(response, "FAILdata invalid size"); 902 } else { 903 start_upload = false; 904 sprintf(response, "DATA%08x", upload_size); 905 fastboot_func->in_req->complete = tx_handler_ul; 906 } 907 908 fastboot_tx_write_str(response); 909 } 910 911 static void do_bootm_on_complete(struct usb_ep *ep, struct usb_request *req) 912 { 913 char boot_addr_start[12]; 914 char *bootm_args[] = { "bootm", boot_addr_start, NULL }; 915 916 puts("Booting kernel..\n"); 917 918 sprintf(boot_addr_start, "0x%lx", (long)CONFIG_FASTBOOT_BUF_ADDR); 919 do_bootm(NULL, 0, 2, bootm_args); 920 921 /* This only happens if image is somehow faulty so we start over */ 922 do_reset(NULL, 0, 0, NULL); 923 } 924 925 static void cb_boot(struct usb_ep *ep, struct usb_request *req) 926 { 927 fastboot_func->in_req->complete = do_bootm_on_complete; 928 fastboot_tx_write_str("OKAY"); 929 } 930 931 static void do_exit_on_complete(struct usb_ep *ep, struct usb_request *req) 932 { 933 g_dnl_trigger_detach(); 934 } 935 936 static void cb_continue(struct usb_ep *ep, struct usb_request *req) 937 { 938 fastboot_func->in_req->complete = do_exit_on_complete; 939 fastboot_tx_write_str("OKAY"); 940 } 941 942 static void cb_set_active(struct usb_ep *ep, struct usb_request *req) 943 { 944 char *cmd = req->buf; 945 946 debug("%s: %s\n", __func__, cmd); 947 948 strsep(&cmd, ":"); 949 if (!cmd) { 950 pr_err("missing slot name"); 951 fastboot_tx_write_str("FAILmissing slot name"); 952 return; 953 } 954 #ifdef CONFIG_RK_AVB_LIBAVB_USER 955 unsigned int slot_number; 956 if (strncmp("a", cmd, 1) == 0) { 957 slot_number = 0; 958 rk_avb_set_slot_active(&slot_number); 959 } else if (strncmp("b", cmd, 1) == 0) { 960 slot_number = 1; 961 rk_avb_set_slot_active(&slot_number); 962 } else { 963 fastboot_tx_write_str("FAILunkown slot name"); 964 return; 965 } 966 967 fastboot_tx_write_str("OKAY"); 968 return; 969 #else 970 fastboot_tx_write_str("FAILnot implemented"); 971 return; 972 #endif 973 } 974 975 #ifdef CONFIG_FASTBOOT_FLASH 976 static void cb_flash(struct usb_ep *ep, struct usb_request *req) 977 { 978 char *cmd = req->buf; 979 char response[FASTBOOT_RESPONSE_LEN] = {0}; 980 #ifdef CONFIG_RK_AVB_LIBAVB_USER 981 uint8_t flash_lock_state; 982 983 if (rk_avb_read_flash_lock_state(&flash_lock_state)) { 984 /* write the device flashing unlock when first read */ 985 if (rk_avb_write_flash_lock_state(1)) { 986 fastboot_tx_write_str("FAILflash lock state write failure"); 987 return; 988 } 989 if (rk_avb_read_flash_lock_state(&flash_lock_state)) { 990 fastboot_tx_write_str("FAILflash lock state read failure"); 991 return; 992 } 993 } 994 995 if (flash_lock_state == 0) { 996 fastboot_tx_write_str("FAILThe device is locked, can not flash!"); 997 printf("The device is locked, can not flash!\n"); 998 return; 999 } 1000 #endif 1001 strsep(&cmd, ":"); 1002 if (!cmd) { 1003 pr_err("missing partition name"); 1004 fastboot_tx_write_str("FAILmissing partition name"); 1005 return; 1006 } 1007 1008 fastboot_fail("no flash device defined", response); 1009 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 1010 fb_mmc_flash_write(cmd, (void *)CONFIG_FASTBOOT_BUF_ADDR, 1011 download_bytes, response); 1012 #endif 1013 #ifdef CONFIG_FASTBOOT_FLASH_NAND_DEV 1014 fb_nand_flash_write(cmd, (void *)CONFIG_FASTBOOT_BUF_ADDR, 1015 download_bytes, response); 1016 #endif 1017 fastboot_tx_write_str(response); 1018 } 1019 1020 static void cb_flashing(struct usb_ep *ep, struct usb_request *req) 1021 { 1022 char *cmd = req->buf; 1023 1024 if (strncmp("lock", cmd + 9, 4) == 0) { 1025 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1026 uint8_t flash_lock_state; 1027 flash_lock_state = 0; 1028 if (rk_avb_write_flash_lock_state(flash_lock_state)) 1029 fastboot_tx_write_str("FAILflash lock state" 1030 " write failure"); 1031 else 1032 fastboot_tx_write_str("OKAY"); 1033 #else 1034 fastboot_tx_write_str("FAILnot implemented"); 1035 #endif 1036 } else if (strncmp("unlock", cmd + 9, 6) == 0) { 1037 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1038 uint8_t flash_lock_state; 1039 flash_lock_state = 1; 1040 if (rk_avb_write_flash_lock_state(flash_lock_state)) 1041 fastboot_tx_write_str("FAILflash lock state" 1042 " write failure"); 1043 else 1044 fastboot_tx_write_str("OKAY"); 1045 #else 1046 fastboot_tx_write_str("FAILnot implemented"); 1047 #endif 1048 } else if (strncmp("lock_critical", cmd + 9, 12) == 0) { 1049 fastboot_tx_write_str("FAILnot implemented"); 1050 } else if (strncmp("unlock_critical", cmd + 9, 14) == 0) { 1051 fastboot_tx_write_str("FAILnot implemented"); 1052 } else if (strncmp("get_unlock_ability", cmd + 9, 17) == 0) { 1053 fastboot_tx_write_str("FAILnot implemented"); 1054 } else if (strncmp("get_unlock_bootloader_nonce", cmd + 4, 27) == 0) { 1055 fastboot_tx_write_str("FAILnot implemented"); 1056 } else if (strncmp("unlock_bootloader", cmd + 9, 17) == 0) { 1057 fastboot_tx_write_str("FAILnot implemented"); 1058 } else if (strncmp("lock_bootloader", cmd + 9, 15) == 0) { 1059 fastboot_tx_write_str("FAILnot implemented"); 1060 } else { 1061 fastboot_tx_write_str("FAILunknown flashing command"); 1062 } 1063 } 1064 #endif 1065 1066 static void cb_oem_perm_attr(void) 1067 { 1068 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1069 sha256_context ctx; 1070 uint8_t digest[SHA256_SUM_LEN] = {0}; 1071 uint8_t digest_temp[SHA256_SUM_LEN] = {0}; 1072 uint8_t perm_attr_temp[PERM_ATTR_TOTAL_SIZE] = {0}; 1073 uint8_t flag = 0; 1074 1075 if (PERM_ATTR_TOTAL_SIZE != download_bytes) { 1076 printf("Permanent attribute size is not equal!\n"); 1077 fastboot_tx_write_str("FAILincorrect perm attribute size"); 1078 return; 1079 } 1080 1081 if (rk_avb_read_perm_attr_flag(&flag)) { 1082 printf("rk_avb_read_perm_attr_flag error!\n"); 1083 fastboot_tx_write_str("FAILperm attr read failed"); 1084 return; 1085 } 1086 1087 if (flag == PERM_ATTR_SUCCESS_FLAG) { 1088 if (rk_avb_read_attribute_hash(digest_temp, 1089 SHA256_SUM_LEN)) { 1090 printf("The efuse IO can not be used!\n"); 1091 fastboot_tx_write_str("FAILefuse IO can not be used"); 1092 return; 1093 } 1094 1095 if (memcmp(digest, digest_temp, SHA256_SUM_LEN) != 0) { 1096 if (rk_avb_read_permanent_attributes(perm_attr_temp, 1097 PERM_ATTR_TOTAL_SIZE)) { 1098 printf("rk_avb_write_permanent_attributes error!\n"); 1099 fastboot_tx_write_str("FAILread perm attr error"); 1100 return; 1101 } 1102 1103 sha256_starts(&ctx); 1104 sha256_update(&ctx, 1105 (const uint8_t *)perm_attr_temp, 1106 PERM_ATTR_TOTAL_SIZE); 1107 sha256_finish(&ctx, digest); 1108 if (memcmp(digest, digest_temp, SHA256_SUM_LEN) == 0) { 1109 printf("The hash has been written!\n"); 1110 fastboot_tx_write_str("OKAY"); 1111 return; 1112 } 1113 } 1114 1115 if (rk_avb_write_perm_attr_flag(0)) { 1116 fastboot_tx_write_str("FAILperm attr flag write failure"); 1117 return; 1118 } 1119 } 1120 1121 if (rk_avb_write_permanent_attributes((uint8_t *) 1122 CONFIG_FASTBOOT_BUF_ADDR, 1123 download_bytes)) { 1124 if (rk_avb_write_perm_attr_flag(0)) { 1125 fastboot_tx_write_str("FAILperm attr flag write failure"); 1126 return; 1127 } 1128 fastboot_tx_write_str("FAILperm attr write failed"); 1129 return; 1130 } 1131 1132 memset(digest, 0, SHA256_SUM_LEN); 1133 sha256_starts(&ctx); 1134 sha256_update(&ctx, (const uint8_t *)CONFIG_FASTBOOT_BUF_ADDR, 1135 PERM_ATTR_TOTAL_SIZE); 1136 sha256_finish(&ctx, digest); 1137 1138 if (rk_avb_write_attribute_hash((uint8_t *)digest, 1139 SHA256_SUM_LEN)) { 1140 if (rk_avb_read_attribute_hash(digest_temp, 1141 SHA256_SUM_LEN)) { 1142 printf("The efuse IO can not be used!\n"); 1143 fastboot_tx_write_str("FAILefuse IO can not be used"); 1144 return; 1145 } 1146 if (memcmp(digest, digest_temp, SHA256_SUM_LEN) != 0) { 1147 if (rk_avb_write_perm_attr_flag(0)) { 1148 fastboot_tx_write_str("FAILperm attr flag write failure"); 1149 return; 1150 } 1151 printf("The hash has been written, but is different!\n"); 1152 fastboot_tx_write_str("FAILhash comparison failure"); 1153 return; 1154 } 1155 } 1156 1157 if (rk_avb_write_perm_attr_flag(PERM_ATTR_SUCCESS_FLAG)) { 1158 fastboot_tx_write_str("FAILperm attr flag write failure"); 1159 return; 1160 } 1161 1162 fastboot_tx_write_str("OKAY"); 1163 #else 1164 fastboot_tx_write_str("FAILnot implemented"); 1165 #endif 1166 } 1167 1168 static void cb_oem(struct usb_ep *ep, struct usb_request *req) 1169 { 1170 char *cmd = req->buf; 1171 1172 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 1173 if (strncmp("format", cmd + 4, 6) == 0) { 1174 char cmdbuf[32]; 1175 sprintf(cmdbuf, "gpt write mmc %x $partitions", 1176 CONFIG_FASTBOOT_FLASH_MMC_DEV); 1177 if (run_command(cmdbuf, 0)) 1178 fastboot_tx_write_str("FAILmmc write failure"); 1179 else 1180 fastboot_tx_write_str("OKAY"); 1181 } else 1182 #endif 1183 if (strncmp("unlock", cmd + 4, 8) == 0) { 1184 #ifdef CONFIG_OPTEE_CLIENT 1185 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1186 fastboot_tx_write_str("FAILnot implemented"); 1187 return; 1188 #else 1189 uint8_t unlock = 0; 1190 TEEC_Result result; 1191 debug("oem unlock\n"); 1192 result = trusty_read_oem_unlock(&unlock); 1193 if (result) { 1194 printf("read oem unlock status with error : 0x%x\n", result); 1195 fastboot_tx_write_str("FAILRead oem unlock status failed"); 1196 return; 1197 } 1198 if (unlock) { 1199 printf("oem unlock ignored, device already unlocked\n"); 1200 fastboot_tx_write_str("FAILalready unlocked"); 1201 return; 1202 } 1203 printf("oem unlock requested:\n"); 1204 printf("\tUnlocking forces a factory reset and could\n"); 1205 printf("\topen your device up to a world of hurt. If you\n"); 1206 printf("\tare sure you know what you're doing, then accept\n"); 1207 printf("\tvia 'fastboot oem unlock_accept'.\n"); 1208 env_set("unlock", "unlock"); 1209 fastboot_tx_write_str("OKAY"); 1210 #endif 1211 #else 1212 fastboot_tx_write_str("FAILnot implemented"); 1213 return; 1214 #endif 1215 } else if (strncmp("unlock_accept", cmd + 4, 13) == 0) { 1216 #ifdef CONFIG_OPTEE_CLIENT 1217 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1218 fastboot_tx_write_str("FAILnot implemented"); 1219 return; 1220 #else 1221 char *unlock = env_get("unlock"); 1222 TEEC_Result result; 1223 debug("oem unlock_accept\n"); 1224 if (unlock == NULL || strncmp("unlock", unlock, 6) != 0) { 1225 printf("oem unlock_accept ignored, not pending\n"); 1226 fastboot_tx_write_str("FAILoem unlock not requested"); 1227 return; 1228 } 1229 env_set("unlock", ""); 1230 printf("Erasing userdata partition\n"); 1231 struct blk_desc *dev_desc; 1232 disk_partition_t part_info; 1233 dev_desc = rockchip_get_bootdev(); 1234 int ret = part_get_info_by_name(dev_desc, "userdata", 1235 &part_info); 1236 if (ret < 0) { 1237 printf("not found userdata partition"); 1238 printf("Erase failed with error %d\n", ret); 1239 fastboot_tx_write_str("FAILErasing userdata failed"); 1240 return; 1241 } 1242 ret = blk_derase(dev_desc, part_info.start, part_info.size); 1243 if (ret != part_info.size) { 1244 printf("Erase failed with error %d\n", ret); 1245 fastboot_tx_write_str("FAILErasing userdata failed"); 1246 return; 1247 } 1248 printf("Erasing succeeded\n"); 1249 1250 result = trusty_write_oem_unlock(1); 1251 if (result) { 1252 printf("write oem unlock status with error : 0x%x\n", result); 1253 fastboot_tx_write_str("FAILWrite oem unlock status failed"); 1254 return; 1255 } 1256 fastboot_tx_write_str("OKAY"); 1257 1258 /* 1259 * now reboot into recovery to do a format of the 1260 * userdata partition so it's ready to use on next boot 1261 */ 1262 board_run_recovery_wipe_data(); 1263 #endif 1264 #else 1265 fastboot_tx_write_str("FAILnot implemented"); 1266 return; 1267 #endif 1268 } else if (strncmp("lock", cmd + 4, 8) == 0) { 1269 #ifdef CONFIG_OPTEE_CLIENT 1270 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1271 fastboot_tx_write_str("FAILnot implemented"); 1272 return; 1273 #else 1274 TEEC_Result result; 1275 uint8_t unlock = 0; 1276 trusty_read_oem_unlock(&unlock); 1277 if (!unlock) { 1278 printf("oem lock ignored, already locked\n"); 1279 fastboot_tx_write_str("FAILalready locked"); 1280 return; 1281 } 1282 1283 result = trusty_write_oem_unlock(0); 1284 if (result) { 1285 printf("write oem unlock status with error : 0x%x\n", result); 1286 fastboot_tx_write_str("FAILWrite oem unlock status failed"); 1287 return; 1288 } 1289 fastboot_tx_write_str("OKAY"); 1290 #endif 1291 #else 1292 fastboot_tx_write_str("FAILnot implemented"); 1293 return; 1294 #endif 1295 } else if (strncmp("at-get-ca-request", cmd + 4, 17) == 0) { 1296 #ifdef CONFIG_OPTEE_CLIENT 1297 uint8_t out[ATTEST_CA_OUT_SIZE]; 1298 uint32_t operation_size = download_bytes; 1299 uint32_t out_len = ATTEST_CA_OUT_SIZE; 1300 uint32_t res = 0; 1301 1302 res = trusty_attest_get_ca((uint8_t *)CONFIG_FASTBOOT_BUF_ADDR, 1303 &operation_size, out, &out_len); 1304 if (res) { 1305 fastboot_tx_write_str("FAILtrusty_attest_get_ca failed"); 1306 return; 1307 } 1308 upload_size = out_len; 1309 memcpy((void *)CONFIG_FASTBOOT_BUF_ADDR, out, out_len); 1310 fastboot_tx_write_str("OKAY"); 1311 #else 1312 fastboot_tx_write_str("FAILnot implemented"); 1313 return; 1314 #endif 1315 } else if (strncmp("at-set-ca-response", cmd + 4, 18) == 0) { 1316 #ifdef CONFIG_OPTEE_CLIENT 1317 uint32_t ca_response_size = download_bytes; 1318 uint32_t res = 0; 1319 1320 res = trusty_attest_set_ca((uint8_t *)CONFIG_FASTBOOT_BUF_ADDR, 1321 &ca_response_size); 1322 if (res) 1323 fastboot_tx_write_str("FAILtrusty_attest_set_ca failed"); 1324 else 1325 fastboot_tx_write_str("OKAY"); 1326 #else 1327 fastboot_tx_write_str("FAILnot implemented"); 1328 return; 1329 #endif 1330 } else if (strncmp("at-lock-vboot", cmd + 4, 13) == 0) { 1331 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1332 uint8_t lock_state; 1333 lock_state = 0; 1334 if (rk_avb_write_lock_state(lock_state)) 1335 fastboot_tx_write_str("FAILwrite lock state failed"); 1336 else 1337 fastboot_tx_write_str("OKAY"); 1338 #else 1339 fastboot_tx_write_str("FAILnot implemented"); 1340 #endif 1341 } else if (strncmp("at-unlock-vboot", cmd + 4, 15) == 0) { 1342 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1343 uint8_t lock_state; 1344 if (rk_avb_read_lock_state(&lock_state)) 1345 fastboot_tx_write_str("FAILlock sate read failure"); 1346 if (lock_state >> 1 == 1) { 1347 fastboot_tx_write_str("FAILThe vboot is disable!"); 1348 } else { 1349 lock_state = 1; 1350 if (rk_avb_write_lock_state(lock_state)) 1351 fastboot_tx_write_str("FAILwrite lock state failed"); 1352 else 1353 fastboot_tx_write_str("OKAY"); 1354 } 1355 #else 1356 fastboot_tx_write_str("FAILnot implemented"); 1357 #endif 1358 } else if (strncmp("at-disable-unlock-vboot", cmd + 4, 23) == 0) { 1359 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1360 uint8_t lock_state; 1361 lock_state = 2; 1362 if (rk_avb_write_lock_state(lock_state)) 1363 fastboot_tx_write_str("FAILwrite lock state failed"); 1364 else 1365 fastboot_tx_write_str("OKAY"); 1366 #else 1367 fastboot_tx_write_str("FAILnot implemented"); 1368 #endif 1369 } else if (strncmp("fuse at-perm-attr", cmd + 4, 16) == 0) { 1370 cb_oem_perm_attr(); 1371 } else if (strncmp("fuse at-bootloader-vboot-key", cmd + 4, 27) == 0) { 1372 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1373 sha256_context ctx; 1374 uint8_t digest[SHA256_SUM_LEN]; 1375 1376 if (download_bytes != VBOOT_KEY_HASH_SIZE) { 1377 fastboot_tx_write_str("FAILinvalid vboot key length"); 1378 printf("The vboot key size error!\n"); 1379 return; 1380 } 1381 1382 sha256_starts(&ctx); 1383 sha256_update(&ctx, (const uint8_t *)CONFIG_FASTBOOT_BUF_ADDR, 1384 VBOOT_KEY_SIZE); 1385 sha256_finish(&ctx, digest); 1386 1387 if (rk_avb_write_vbootkey_hash((uint8_t *)digest, 1388 SHA256_SUM_LEN)) { 1389 fastboot_tx_write_str("FAILvbootkey hash write failure"); 1390 return; 1391 } 1392 fastboot_tx_write_str("OKAY"); 1393 #else 1394 fastboot_tx_write_str("FAILnot implemented"); 1395 #endif 1396 } else { 1397 fastboot_tx_write_str("FAILunknown oem command"); 1398 } 1399 } 1400 1401 #ifdef CONFIG_FASTBOOT_FLASH 1402 static void cb_erase(struct usb_ep *ep, struct usb_request *req) 1403 { 1404 char *cmd = req->buf; 1405 char response[FASTBOOT_RESPONSE_LEN]; 1406 1407 strsep(&cmd, ":"); 1408 if (!cmd) { 1409 pr_err("missing partition name"); 1410 fastboot_tx_write_str("FAILmissing partition name"); 1411 return; 1412 } 1413 1414 fastboot_fail("no flash device defined", response); 1415 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 1416 fb_mmc_erase(cmd, response); 1417 #endif 1418 #ifdef CONFIG_FASTBOOT_FLASH_NAND_DEV 1419 fb_nand_erase(cmd, response); 1420 #endif 1421 fastboot_tx_write_str(response); 1422 } 1423 #endif 1424 1425 struct cmd_dispatch_info { 1426 char *cmd; 1427 void (*cb)(struct usb_ep *ep, struct usb_request *req); 1428 }; 1429 1430 static const struct cmd_dispatch_info cmd_dispatch_info[] = { 1431 { 1432 .cmd = "reboot", 1433 .cb = cb_reboot, 1434 }, { 1435 .cmd = "getvar:", 1436 .cb = cb_getvar, 1437 }, { 1438 .cmd = "download:", 1439 .cb = cb_download, 1440 }, { 1441 .cmd = "upload", 1442 .cb = cb_upload, 1443 }, { 1444 .cmd = "boot", 1445 .cb = cb_boot, 1446 }, { 1447 .cmd = "continue", 1448 .cb = cb_continue, 1449 }, { 1450 .cmd = "set_active", 1451 .cb = cb_set_active, 1452 }, 1453 #ifdef CONFIG_FASTBOOT_FLASH 1454 { 1455 .cmd = "flashing", 1456 .cb = cb_flashing, 1457 }, 1458 { 1459 .cmd = "flash", 1460 .cb = cb_flash, 1461 }, { 1462 .cmd = "erase", 1463 .cb = cb_erase, 1464 }, 1465 #endif 1466 { 1467 .cmd = "oem", 1468 .cb = cb_oem, 1469 }, 1470 }; 1471 1472 static void rx_handler_command(struct usb_ep *ep, struct usb_request *req) 1473 { 1474 char *cmdbuf = req->buf; 1475 void (*func_cb)(struct usb_ep *ep, struct usb_request *req) = NULL; 1476 int i; 1477 1478 if (req->status != 0 || req->length == 0) 1479 return; 1480 1481 for (i = 0; i < ARRAY_SIZE(cmd_dispatch_info); i++) { 1482 if (!strcmp_l1(cmd_dispatch_info[i].cmd, cmdbuf)) { 1483 func_cb = cmd_dispatch_info[i].cb; 1484 break; 1485 } 1486 } 1487 1488 if (!func_cb) { 1489 pr_err("unknown command: %.*s", req->actual, cmdbuf); 1490 fastboot_tx_write_str("FAILunknown command"); 1491 } else { 1492 if (req->actual < req->length) { 1493 u8 *buf = (u8 *)req->buf; 1494 buf[req->actual] = 0; 1495 func_cb(ep, req); 1496 } else { 1497 pr_err("buffer overflow"); 1498 fastboot_tx_write_str("FAILbuffer overflow"); 1499 } 1500 } 1501 1502 *cmdbuf = '\0'; 1503 req->actual = 0; 1504 usb_ep_queue(ep, req, 0); 1505 } 1506