1 /* 2 * (C) Copyright 2008 - 2009 3 * Windriver, <www.windriver.com> 4 * Tom Rix <Tom.Rix@windriver.com> 5 * 6 * Copyright 2011 Sebastian Andrzej Siewior <bigeasy@linutronix.de> 7 * 8 * Copyright 2014 Linaro, Ltd. 9 * Rob Herring <robh@kernel.org> 10 * 11 * SPDX-License-Identifier: GPL-2.0+ 12 */ 13 #include <config.h> 14 #include <common.h> 15 #include <errno.h> 16 #include <fastboot.h> 17 #include <malloc.h> 18 #include <linux/usb/ch9.h> 19 #include <linux/usb/gadget.h> 20 #include <linux/usb/composite.h> 21 #include <linux/compiler.h> 22 #include <version.h> 23 #include <g_dnl.h> 24 #include <android_avb/avb_ops_user.h> 25 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 26 #include <fb_mmc.h> 27 #endif 28 #ifdef CONFIG_FASTBOOT_FLASH_NAND_DEV 29 #include <fb_nand.h> 30 #endif 31 32 #define FASTBOOT_VERSION "0.4" 33 34 #define FASTBOOT_INTERFACE_CLASS 0xff 35 #define FASTBOOT_INTERFACE_SUB_CLASS 0x42 36 #define FASTBOOT_INTERFACE_PROTOCOL 0x03 37 38 #define RX_ENDPOINT_MAXIMUM_PACKET_SIZE_2_0 (0x0200) 39 #define RX_ENDPOINT_MAXIMUM_PACKET_SIZE_1_1 (0x0040) 40 #define TX_ENDPOINT_MAXIMUM_PACKET_SIZE (0x0040) 41 42 #define EP_BUFFER_SIZE 4096 43 /* 44 * EP_BUFFER_SIZE must always be an integral multiple of maxpacket size 45 * (64 or 512 or 1024), else we break on certain controllers like DWC3 46 * that expect bulk OUT requests to be divisible by maxpacket size. 47 */ 48 49 struct f_fastboot { 50 struct usb_function usb_function; 51 52 /* IN/OUT EP's and corresponding requests */ 53 struct usb_ep *in_ep, *out_ep; 54 struct usb_request *in_req, *out_req; 55 }; 56 57 static inline struct f_fastboot *func_to_fastboot(struct usb_function *f) 58 { 59 return container_of(f, struct f_fastboot, usb_function); 60 } 61 62 static struct f_fastboot *fastboot_func; 63 static unsigned int download_size; 64 static unsigned int download_bytes; 65 static unsigned int upload_size; 66 static unsigned int upload_bytes; 67 static bool start_upload; 68 69 static struct usb_endpoint_descriptor fs_ep_in = { 70 .bLength = USB_DT_ENDPOINT_SIZE, 71 .bDescriptorType = USB_DT_ENDPOINT, 72 .bEndpointAddress = USB_DIR_IN, 73 .bmAttributes = USB_ENDPOINT_XFER_BULK, 74 .wMaxPacketSize = cpu_to_le16(64), 75 }; 76 77 static struct usb_endpoint_descriptor fs_ep_out = { 78 .bLength = USB_DT_ENDPOINT_SIZE, 79 .bDescriptorType = USB_DT_ENDPOINT, 80 .bEndpointAddress = USB_DIR_OUT, 81 .bmAttributes = USB_ENDPOINT_XFER_BULK, 82 .wMaxPacketSize = cpu_to_le16(64), 83 }; 84 85 static struct usb_endpoint_descriptor hs_ep_in = { 86 .bLength = USB_DT_ENDPOINT_SIZE, 87 .bDescriptorType = USB_DT_ENDPOINT, 88 .bEndpointAddress = USB_DIR_IN, 89 .bmAttributes = USB_ENDPOINT_XFER_BULK, 90 .wMaxPacketSize = cpu_to_le16(512), 91 }; 92 93 static struct usb_endpoint_descriptor hs_ep_out = { 94 .bLength = USB_DT_ENDPOINT_SIZE, 95 .bDescriptorType = USB_DT_ENDPOINT, 96 .bEndpointAddress = USB_DIR_OUT, 97 .bmAttributes = USB_ENDPOINT_XFER_BULK, 98 .wMaxPacketSize = cpu_to_le16(512), 99 }; 100 101 static struct usb_interface_descriptor interface_desc = { 102 .bLength = USB_DT_INTERFACE_SIZE, 103 .bDescriptorType = USB_DT_INTERFACE, 104 .bInterfaceNumber = 0x00, 105 .bAlternateSetting = 0x00, 106 .bNumEndpoints = 0x02, 107 .bInterfaceClass = FASTBOOT_INTERFACE_CLASS, 108 .bInterfaceSubClass = FASTBOOT_INTERFACE_SUB_CLASS, 109 .bInterfaceProtocol = FASTBOOT_INTERFACE_PROTOCOL, 110 }; 111 112 static struct usb_descriptor_header *fb_fs_function[] = { 113 (struct usb_descriptor_header *)&interface_desc, 114 (struct usb_descriptor_header *)&fs_ep_in, 115 (struct usb_descriptor_header *)&fs_ep_out, 116 }; 117 118 static struct usb_descriptor_header *fb_hs_function[] = { 119 (struct usb_descriptor_header *)&interface_desc, 120 (struct usb_descriptor_header *)&hs_ep_in, 121 (struct usb_descriptor_header *)&hs_ep_out, 122 NULL, 123 }; 124 125 static struct usb_endpoint_descriptor * 126 fb_ep_desc(struct usb_gadget *g, struct usb_endpoint_descriptor *fs, 127 struct usb_endpoint_descriptor *hs) 128 { 129 if (gadget_is_dualspeed(g) && g->speed == USB_SPEED_HIGH) 130 return hs; 131 return fs; 132 } 133 134 /* 135 * static strings, in UTF-8 136 */ 137 static const char fastboot_name[] = "Android Fastboot"; 138 139 static struct usb_string fastboot_string_defs[] = { 140 [0].s = fastboot_name, 141 { } /* end of list */ 142 }; 143 144 static struct usb_gadget_strings stringtab_fastboot = { 145 .language = 0x0409, /* en-us */ 146 .strings = fastboot_string_defs, 147 }; 148 149 static struct usb_gadget_strings *fastboot_strings[] = { 150 &stringtab_fastboot, 151 NULL, 152 }; 153 154 static void rx_handler_command(struct usb_ep *ep, struct usb_request *req); 155 static int strcmp_l1(const char *s1, const char *s2); 156 157 static void fastboot_complete(struct usb_ep *ep, struct usb_request *req) 158 { 159 int status = req->status; 160 if (!status) 161 return; 162 printf("status: %d ep '%s' trans: %d\n", status, ep->name, req->actual); 163 } 164 165 static int fastboot_bind(struct usb_configuration *c, struct usb_function *f) 166 { 167 int id; 168 struct usb_gadget *gadget = c->cdev->gadget; 169 struct f_fastboot *f_fb = func_to_fastboot(f); 170 const char *s; 171 172 /* DYNAMIC interface numbers assignments */ 173 id = usb_interface_id(c, f); 174 if (id < 0) 175 return id; 176 interface_desc.bInterfaceNumber = id; 177 178 id = usb_string_id(c->cdev); 179 if (id < 0) 180 return id; 181 fastboot_string_defs[0].id = id; 182 interface_desc.iInterface = id; 183 184 f_fb->in_ep = usb_ep_autoconfig(gadget, &fs_ep_in); 185 if (!f_fb->in_ep) 186 return -ENODEV; 187 f_fb->in_ep->driver_data = c->cdev; 188 189 f_fb->out_ep = usb_ep_autoconfig(gadget, &fs_ep_out); 190 if (!f_fb->out_ep) 191 return -ENODEV; 192 f_fb->out_ep->driver_data = c->cdev; 193 194 f->descriptors = fb_fs_function; 195 196 if (gadget_is_dualspeed(gadget)) { 197 /* Assume endpoint addresses are the same for both speeds */ 198 hs_ep_in.bEndpointAddress = fs_ep_in.bEndpointAddress; 199 hs_ep_out.bEndpointAddress = fs_ep_out.bEndpointAddress; 200 /* copy HS descriptors */ 201 f->hs_descriptors = fb_hs_function; 202 } 203 204 s = env_get("serial#"); 205 if (s) 206 g_dnl_set_serialnumber((char *)s); 207 208 return 0; 209 } 210 211 static void fastboot_unbind(struct usb_configuration *c, struct usb_function *f) 212 { 213 memset(fastboot_func, 0, sizeof(*fastboot_func)); 214 } 215 216 static void fastboot_disable(struct usb_function *f) 217 { 218 struct f_fastboot *f_fb = func_to_fastboot(f); 219 220 usb_ep_disable(f_fb->out_ep); 221 usb_ep_disable(f_fb->in_ep); 222 223 if (f_fb->out_req) { 224 free(f_fb->out_req->buf); 225 usb_ep_free_request(f_fb->out_ep, f_fb->out_req); 226 f_fb->out_req = NULL; 227 } 228 if (f_fb->in_req) { 229 free(f_fb->in_req->buf); 230 usb_ep_free_request(f_fb->in_ep, f_fb->in_req); 231 f_fb->in_req = NULL; 232 } 233 } 234 235 static struct usb_request *fastboot_start_ep(struct usb_ep *ep) 236 { 237 struct usb_request *req; 238 239 req = usb_ep_alloc_request(ep, 0); 240 if (!req) 241 return NULL; 242 243 req->length = EP_BUFFER_SIZE; 244 req->buf = memalign(CONFIG_SYS_CACHELINE_SIZE, EP_BUFFER_SIZE); 245 if (!req->buf) { 246 usb_ep_free_request(ep, req); 247 return NULL; 248 } 249 250 memset(req->buf, 0, req->length); 251 return req; 252 } 253 254 static int fastboot_set_alt(struct usb_function *f, 255 unsigned interface, unsigned alt) 256 { 257 int ret; 258 struct usb_composite_dev *cdev = f->config->cdev; 259 struct usb_gadget *gadget = cdev->gadget; 260 struct f_fastboot *f_fb = func_to_fastboot(f); 261 const struct usb_endpoint_descriptor *d; 262 263 debug("%s: func: %s intf: %d alt: %d\n", 264 __func__, f->name, interface, alt); 265 266 d = fb_ep_desc(gadget, &fs_ep_out, &hs_ep_out); 267 ret = usb_ep_enable(f_fb->out_ep, d); 268 if (ret) { 269 puts("failed to enable out ep\n"); 270 return ret; 271 } 272 273 f_fb->out_req = fastboot_start_ep(f_fb->out_ep); 274 if (!f_fb->out_req) { 275 puts("failed to alloc out req\n"); 276 ret = -EINVAL; 277 goto err; 278 } 279 f_fb->out_req->complete = rx_handler_command; 280 281 d = fb_ep_desc(gadget, &fs_ep_in, &hs_ep_in); 282 ret = usb_ep_enable(f_fb->in_ep, d); 283 if (ret) { 284 puts("failed to enable in ep\n"); 285 goto err; 286 } 287 288 f_fb->in_req = fastboot_start_ep(f_fb->in_ep); 289 if (!f_fb->in_req) { 290 puts("failed alloc req in\n"); 291 ret = -EINVAL; 292 goto err; 293 } 294 f_fb->in_req->complete = fastboot_complete; 295 296 ret = usb_ep_queue(f_fb->out_ep, f_fb->out_req, 0); 297 if (ret) 298 goto err; 299 300 return 0; 301 err: 302 fastboot_disable(f); 303 return ret; 304 } 305 306 static int fastboot_add(struct usb_configuration *c) 307 { 308 struct f_fastboot *f_fb = fastboot_func; 309 int status; 310 311 debug("%s: cdev: 0x%p\n", __func__, c->cdev); 312 313 if (!f_fb) { 314 f_fb = memalign(CONFIG_SYS_CACHELINE_SIZE, sizeof(*f_fb)); 315 if (!f_fb) 316 return -ENOMEM; 317 318 fastboot_func = f_fb; 319 memset(f_fb, 0, sizeof(*f_fb)); 320 } 321 322 f_fb->usb_function.name = "f_fastboot"; 323 f_fb->usb_function.bind = fastboot_bind; 324 f_fb->usb_function.unbind = fastboot_unbind; 325 f_fb->usb_function.set_alt = fastboot_set_alt; 326 f_fb->usb_function.disable = fastboot_disable; 327 f_fb->usb_function.strings = fastboot_strings; 328 329 status = usb_add_function(c, &f_fb->usb_function); 330 if (status) { 331 free(f_fb); 332 fastboot_func = f_fb; 333 } 334 335 return status; 336 } 337 DECLARE_GADGET_BIND_CALLBACK(usb_dnl_fastboot, fastboot_add); 338 339 static int fastboot_tx_write(const char *buffer, unsigned int buffer_size) 340 { 341 struct usb_request *in_req = fastboot_func->in_req; 342 int ret; 343 344 memcpy(in_req->buf, buffer, buffer_size); 345 in_req->length = buffer_size; 346 347 usb_ep_dequeue(fastboot_func->in_ep, in_req); 348 349 ret = usb_ep_queue(fastboot_func->in_ep, in_req, 0); 350 if (ret) 351 printf("Error %d on queue\n", ret); 352 return 0; 353 } 354 355 static int fastboot_tx_write_str(const char *buffer) 356 { 357 return fastboot_tx_write(buffer, strlen(buffer)); 358 } 359 360 static void compl_do_reset(struct usb_ep *ep, struct usb_request *req) 361 { 362 do_reset(NULL, 0, 0, NULL); 363 } 364 365 int __weak fb_set_reboot_flag(void) 366 { 367 return -ENOSYS; 368 } 369 370 static void cb_reboot(struct usb_ep *ep, struct usb_request *req) 371 { 372 char *cmd = req->buf; 373 if (!strcmp_l1("reboot-bootloader", cmd)) { 374 if (fb_set_reboot_flag()) { 375 fastboot_tx_write_str("FAILCannot set reboot flag"); 376 return; 377 } 378 } 379 fastboot_func->in_req->complete = compl_do_reset; 380 fastboot_tx_write_str("OKAY"); 381 } 382 383 static int strcmp_l1(const char *s1, const char *s2) 384 { 385 if (!s1 || !s2) 386 return -1; 387 return strncmp(s1, s2, strlen(s1)); 388 } 389 390 static void cb_getvar(struct usb_ep *ep, struct usb_request *req) 391 { 392 char *cmd = req->buf; 393 char response[FASTBOOT_RESPONSE_LEN]; 394 const char *s; 395 size_t chars_left; 396 397 strcpy(response, "OKAY"); 398 chars_left = sizeof(response) - strlen(response) - 1; 399 400 strsep(&cmd, ":"); 401 if (!cmd) { 402 error("missing variable"); 403 fastboot_tx_write_str("FAILmissing var"); 404 return; 405 } 406 407 if (!strcmp_l1("version", cmd)) { 408 strncat(response, FASTBOOT_VERSION, chars_left); 409 } else if (!strcmp_l1("bootloader-version", cmd)) { 410 strncat(response, U_BOOT_VERSION, chars_left); 411 } else if (!strcmp_l1("product", cmd)) { 412 strncat(response, CONFIG_SYS_BOARD, chars_left); 413 } else if (!strcmp_l1("variant", cmd)) { 414 strncat(response, "userdebug", chars_left); 415 } else if (!strcmp_l1("secure", cmd)) { 416 strncat(response, "no", chars_left); 417 } else if (!strcmp_l1("unlocked", cmd)) { 418 strncat(response, "yes", chars_left); 419 } else if (!strcmp_l1("off-mode-charge", cmd)) { 420 strncat(response, "0", chars_left); 421 } else if (!strcmp_l1("battery-voltage", cmd)) { 422 strncat(response, "7.4", chars_left); 423 } else if (!strcmp_l1("battery-soc-ok", cmd)) { 424 strncat(response, "yes", chars_left); 425 } else if (!strcmp_l1("downloadsize", cmd) || 426 !strcmp_l1("max-download-size", cmd)) { 427 char str_num[12]; 428 429 sprintf(str_num, "0x%08x", CONFIG_FASTBOOT_BUF_SIZE); 430 strncat(response, str_num, chars_left); 431 } else if (!strcmp_l1("serialno", cmd)) { 432 s = env_get("serial#"); 433 if (s) 434 strncat(response, s, chars_left); 435 else 436 strcpy(response, "FAILValue not set"); 437 } else if (strncmp("at-attest-dh", cmd, 12) == 0) { 438 char dh[32] = {0}; 439 440 strncat(response, dh, chars_left); 441 } else if (strncmp("at-attest-uuid", cmd, 14) == 0) { 442 char uuid[32] = {0}; 443 444 strncat(response, uuid, chars_left); 445 } else if (strncmp("at-vboot-state", cmd, 14) == 0) { 446 char uuid[32] = {0}; 447 448 strncat(response, uuid, chars_left); 449 } else if (!strcmp_l1("slot-count", cmd)) { 450 #ifdef CONFIG_AVB_LIBAVB_USER 451 char slot_count[2]; 452 char temp; 453 454 slot_count[1] = '\0'; 455 avb_read_slot_count(&temp); 456 slot_count[0] = temp + 0x30; 457 strncat(response, slot_count, chars_left); 458 #else 459 fastboot_tx_write_str("FAILnot implemented"); 460 return; 461 #endif 462 } else if (!strcmp_l1("current-slot", cmd)) { 463 #ifdef CONFIG_AVB_LIBAVB_USER 464 char slot_surrent[8] = {0}; 465 466 if (!avb_get_current_slot(slot_surrent)) 467 strncat(response, slot_surrent+1, chars_left); 468 else 469 strcpy(response, "FAILgeterror"); 470 #else 471 fastboot_tx_write_str("FAILnot implemented"); 472 return; 473 #endif 474 } else if (!strcmp_l1("slot-suffixes", cmd)) { 475 #ifdef CONFIG_AVB_LIBAVB_USER 476 char slot_suffixes_temp[4]; 477 char slot_suffixes[9]; 478 int slot_cnt = 0; 479 480 memset(slot_suffixes_temp, 0, 4); 481 memset(slot_suffixes, 0, 9); 482 avb_read_slot_suffixes(slot_suffixes_temp); 483 while (slot_suffixes_temp[slot_cnt] != '\0') { 484 slot_suffixes[slot_cnt * 2] 485 = slot_suffixes_temp[slot_cnt]; 486 slot_suffixes[slot_cnt * 2 + 1] = ','; 487 slot_cnt++; 488 } 489 strncat(response, slot_suffixes, chars_left); 490 #else 491 fastboot_tx_write_str("FAILnot implemented"); 492 return; 493 #endif 494 } else if (!strncmp("has-slot", cmd, 8)) { 495 #ifdef CONFIG_AVB_LIBAVB_USER 496 char *part_name = cmd; 497 498 cmd = strsep(&part_name, ":"); 499 if (!strcmp(part_name, "boot") || 500 !strcmp(part_name, "system") || 501 !strcmp(part_name, "vendor") || 502 !strcmp(part_name, "vbmeta") || 503 !strcmp(part_name, "oem")) { 504 strncat(response, "yes", chars_left); 505 } else { 506 strcpy(response, "FAILno"); 507 } 508 #else 509 fastboot_tx_write_str("FAILnot implemented"); 510 return; 511 #endif 512 } else if (!strncmp("slot-unbootable", cmd, 15)) { 513 #ifdef CONFIG_AVB_LIBAVB_USER 514 char *slot_name = cmd; 515 516 cmd = strsep(&slot_name, ":"); 517 if (!strcmp(slot_name, "a") || 518 !strcmp(slot_name, "b")) { 519 strncat(response, "no", chars_left); 520 } else { 521 strcpy(response, "FAILno"); 522 } 523 #else 524 fastboot_tx_write_str("FAILnot implemented"); 525 return; 526 #endif 527 } else if (!strncmp("slot-successful", cmd, 15)) { 528 #ifdef CONFIG_AVB_LIBAVB_USER 529 char *slot_name = cmd; 530 531 cmd = strsep(&slot_name, ":"); 532 if (!strcmp(slot_name, "a") || 533 !strcmp(slot_name, "b")) { 534 strncat(response, "no", chars_left); 535 } else { 536 strcpy(response, "FAILno"); 537 } 538 #else 539 fastboot_tx_write_str("FAILnot implemented"); 540 return; 541 #endif 542 } else if (!strncmp("slot-retry-count", cmd, 16)) { 543 #ifdef CONFIG_AVB_LIBAVB_USER 544 char *slot_name = cmd; 545 char count[10] = {0}; 546 static int cnt[2] = {0}; 547 548 cmd = strsep(&slot_name, ":"); 549 if (!strcmp(slot_name, "a")) { 550 sprintf(count, "%c", 0x30+cnt[0]); 551 strncat(response, count, chars_left); 552 if (cnt[0] > 0) 553 cnt[0]--; 554 } else if (!strcmp(slot_name, "b")) { 555 sprintf(count, "%c", 0x30+cnt[1]); 556 strncat(response, count, chars_left); 557 if (cnt[1] > 0) 558 cnt[1]--; 559 } else { 560 strcpy(response, "FAILno"); 561 } 562 #else 563 fastboot_tx_write_str("FAILnot implemented"); 564 return; 565 #endif 566 } else if (!strncmp("partition-type", cmd, 14) || 567 !strncmp("partition-size", cmd, 14)) { 568 disk_partition_t part_info; 569 struct blk_desc *dev_desc; 570 char *part_name = cmd; 571 char part_size_str[20]; 572 573 cmd = strsep(&part_name, ":"); 574 dev_desc = blk_get_dev("mmc", 0); 575 if (!dev_desc) { 576 strcpy(response, "FAILblock device not found"); 577 } else if (part_get_info_by_name(dev_desc, part_name, &part_info) < 0) { 578 strcpy(response, "FAILpartition not found"); 579 } else if (!strncmp("partition-type", cmd, 14)) { 580 strncat(response, (char *)part_info.type, chars_left); 581 } else if (!strncmp("partition-size", cmd, 14)) { 582 sprintf(part_size_str, "0x%016x", (int)part_info.size); 583 strncat(response, part_size_str, chars_left); 584 } 585 } else { 586 char *envstr; 587 588 envstr = malloc(strlen("fastboot.") + strlen(cmd) + 1); 589 if (!envstr) { 590 fastboot_tx_write_str("FAILmalloc error"); 591 return; 592 } 593 594 sprintf(envstr, "fastboot.%s", cmd); 595 s = env_get(envstr); 596 if (s) { 597 strncat(response, s, chars_left); 598 } else { 599 printf("WARNING: unknown variable: %s\n", cmd); 600 strcpy(response, "FAILVariable not implemented"); 601 } 602 603 free(envstr); 604 } 605 fastboot_tx_write_str(response); 606 } 607 608 static unsigned int rx_bytes_expected(struct usb_ep *ep) 609 { 610 int rx_remain = download_size - download_bytes; 611 unsigned int rem; 612 unsigned int maxpacket = ep->maxpacket; 613 614 if (rx_remain <= 0) 615 return 0; 616 else if (rx_remain > EP_BUFFER_SIZE) 617 return EP_BUFFER_SIZE; 618 619 /* 620 * Some controllers e.g. DWC3 don't like OUT transfers to be 621 * not ending in maxpacket boundary. So just make them happy by 622 * always requesting for integral multiple of maxpackets. 623 * This shouldn't bother controllers that don't care about it. 624 */ 625 rem = rx_remain % maxpacket; 626 if (rem > 0) 627 rx_remain = rx_remain + (maxpacket - rem); 628 629 return rx_remain; 630 } 631 632 #define BYTES_PER_DOT 0x20000 633 static void rx_handler_dl_image(struct usb_ep *ep, struct usb_request *req) 634 { 635 char response[FASTBOOT_RESPONSE_LEN]; 636 unsigned int transfer_size = download_size - download_bytes; 637 const unsigned char *buffer = req->buf; 638 unsigned int buffer_size = req->actual; 639 unsigned int pre_dot_num, now_dot_num; 640 641 if (req->status != 0) { 642 printf("Bad status: %d\n", req->status); 643 return; 644 } 645 646 if (buffer_size < transfer_size) 647 transfer_size = buffer_size; 648 649 memcpy((void *)CONFIG_FASTBOOT_BUF_ADDR + download_bytes, 650 buffer, transfer_size); 651 652 pre_dot_num = download_bytes / BYTES_PER_DOT; 653 download_bytes += transfer_size; 654 now_dot_num = download_bytes / BYTES_PER_DOT; 655 656 if (pre_dot_num != now_dot_num) { 657 putc('.'); 658 if (!(now_dot_num % 74)) 659 putc('\n'); 660 } 661 662 /* Check if transfer is done */ 663 if (download_bytes >= download_size) { 664 /* 665 * Reset global transfer variable, keep download_bytes because 666 * it will be used in the next possible flashing command 667 */ 668 download_size = 0; 669 req->complete = rx_handler_command; 670 req->length = EP_BUFFER_SIZE; 671 672 strcpy(response, "OKAY"); 673 fastboot_tx_write_str(response); 674 675 printf("\ndownloading of %d bytes finished\n", download_bytes); 676 } else { 677 req->length = rx_bytes_expected(ep); 678 } 679 680 req->actual = 0; 681 usb_ep_queue(ep, req, 0); 682 } 683 684 static void cb_download(struct usb_ep *ep, struct usb_request *req) 685 { 686 char *cmd = req->buf; 687 char response[FASTBOOT_RESPONSE_LEN]; 688 689 strsep(&cmd, ":"); 690 download_size = simple_strtoul(cmd, NULL, 16); 691 download_bytes = 0; 692 693 printf("Starting download of %d bytes\n", download_size); 694 695 if (0 == download_size) { 696 strcpy(response, "FAILdata invalid size"); 697 } else if (download_size > CONFIG_FASTBOOT_BUF_SIZE) { 698 download_size = 0; 699 strcpy(response, "FAILdata too large"); 700 } else { 701 sprintf(response, "DATA%08x", download_size); 702 req->complete = rx_handler_dl_image; 703 req->length = rx_bytes_expected(ep); 704 } 705 706 fastboot_tx_write_str(response); 707 } 708 709 static void tx_handler_ul(struct usb_ep *ep, struct usb_request *req) 710 { 711 unsigned int xfer_size = 0; 712 unsigned int pre_dot_num, now_dot_num; 713 unsigned int remain_size = 0; 714 unsigned int transferred_size = req->actual; 715 716 if (req->status != 0) { 717 printf("Bad status: %d\n", req->status); 718 return; 719 } 720 721 if (start_upload) { 722 pre_dot_num = upload_bytes / BYTES_PER_DOT; 723 upload_bytes += transferred_size; 724 now_dot_num = upload_bytes / BYTES_PER_DOT; 725 726 if (pre_dot_num != now_dot_num) { 727 putc('.'); 728 if (!(now_dot_num % 74)) 729 putc('\n'); 730 } 731 } 732 733 remain_size = upload_size - upload_bytes; 734 xfer_size = (remain_size > EP_BUFFER_SIZE) ? 735 EP_BUFFER_SIZE : remain_size; 736 737 debug("%s: remain_size=%d, transferred_size=%d", 738 __func__, remain_size, transferred_size); 739 debug("xfer_size=%d, upload_bytes=%d, upload_size=%d!\n", 740 xfer_size, upload_bytes, upload_size); 741 742 if (remain_size <= 0) { 743 fastboot_func->in_req->complete = fastboot_complete; 744 fastboot_tx_write_str("OKAY"); 745 printf("\nuploading of %d bytes finished\n", upload_bytes); 746 upload_bytes = 0; 747 upload_size = 0; 748 start_upload = false; 749 return; 750 } 751 752 /* Remove the transfer callback which response the upload */ 753 /* request from host */ 754 if (!upload_bytes) 755 start_upload = true; 756 757 fastboot_tx_write((char *)(CONFIG_FASTBOOT_BUF_ADDR + upload_bytes), 758 xfer_size); 759 } 760 761 static void cb_upload(struct usb_ep *ep, struct usb_request *req) 762 { 763 char response[FASTBOOT_RESPONSE_LEN]; 764 765 upload_size = download_bytes; 766 767 printf("Starting upload of %d bytes\n", upload_size); 768 769 if (0 == upload_size) { 770 strcpy(response, "FAILdata invalid size"); 771 } else { 772 start_upload = false; 773 sprintf(response, "DATA%08x", upload_size); 774 fastboot_func->in_req->complete = tx_handler_ul; 775 } 776 777 fastboot_tx_write_str(response); 778 } 779 780 static void do_bootm_on_complete(struct usb_ep *ep, struct usb_request *req) 781 { 782 char boot_addr_start[12]; 783 char *bootm_args[] = { "bootm", boot_addr_start, NULL }; 784 785 puts("Booting kernel..\n"); 786 787 sprintf(boot_addr_start, "0x%lx", (long)CONFIG_FASTBOOT_BUF_ADDR); 788 do_bootm(NULL, 0, 2, bootm_args); 789 790 /* This only happens if image is somehow faulty so we start over */ 791 do_reset(NULL, 0, 0, NULL); 792 } 793 794 static void cb_boot(struct usb_ep *ep, struct usb_request *req) 795 { 796 fastboot_func->in_req->complete = do_bootm_on_complete; 797 fastboot_tx_write_str("OKAY"); 798 } 799 800 static void do_exit_on_complete(struct usb_ep *ep, struct usb_request *req) 801 { 802 g_dnl_trigger_detach(); 803 } 804 805 static void cb_continue(struct usb_ep *ep, struct usb_request *req) 806 { 807 fastboot_func->in_req->complete = do_exit_on_complete; 808 fastboot_tx_write_str("OKAY"); 809 } 810 811 static void cb_set_active(struct usb_ep *ep, struct usb_request *req) 812 { 813 char *cmd = req->buf; 814 815 debug("%s: %s\n", __func__, cmd); 816 817 strsep(&cmd, ":"); 818 if (!cmd) { 819 error("missing slot name"); 820 fastboot_tx_write_str("FAIL: missing slot name"); 821 return; 822 } 823 #ifdef CONFIG_AVB_LIBAVB_USER 824 unsigned int slot_number; 825 if (strncmp("a", cmd, 1) == 0) { 826 slot_number = 0; 827 avb_set_slot_active(&slot_number); 828 } else if (strncmp("b", cmd, 1) == 0) { 829 slot_number = 1; 830 avb_set_slot_active(&slot_number); 831 } else { 832 fastboot_tx_write_str("FAIL: unkown slot name"); 833 return; 834 } 835 836 fastboot_tx_write_str("OKAY"); 837 return; 838 #else 839 fastboot_tx_write_str("FAILnot implemented"); 840 return; 841 #endif 842 } 843 844 #ifdef CONFIG_FASTBOOT_FLASH 845 static void cb_flash(struct usb_ep *ep, struct usb_request *req) 846 { 847 char *cmd = req->buf; 848 char response[FASTBOOT_RESPONSE_LEN] = {0}; 849 #ifdef CONFIG_AVB_LIBAVB_USER 850 uint8_t flash_lock_state; 851 852 if (avb_read_flash_lock_state(&flash_lock_state)) { 853 fastboot_tx_write_str("FAIL"); 854 return; 855 } 856 857 if (flash_lock_state == 0) { 858 fastboot_tx_write_str("FAILThe device is locked, can not flash!"); 859 printf("The device is locked, can not flash!\n"); 860 return; 861 } 862 #endif 863 strsep(&cmd, ":"); 864 if (!cmd) { 865 error("missing partition name"); 866 fastboot_tx_write_str("FAILmissing partition name"); 867 return; 868 } 869 870 fastboot_fail("no flash device defined", response); 871 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 872 fb_mmc_flash_write(cmd, (void *)CONFIG_FASTBOOT_BUF_ADDR, 873 download_bytes, response); 874 #endif 875 #ifdef CONFIG_FASTBOOT_FLASH_NAND_DEV 876 fb_nand_flash_write(cmd, (void *)CONFIG_FASTBOOT_BUF_ADDR, 877 download_bytes, response); 878 #endif 879 fastboot_tx_write_str(response); 880 } 881 #endif 882 883 static void cb_flashing(struct usb_ep *ep, struct usb_request *req) 884 { 885 char *cmd = req->buf; 886 887 if (strncmp("lock", cmd + 9, 4) == 0) { 888 #ifdef CONFIG_AVB_LIBAVB_USER 889 uint8_t flash_lock_state; 890 flash_lock_state = 0; 891 if (avb_write_flash_lock_state(flash_lock_state)) 892 fastboot_tx_write_str("FAIL"); 893 else 894 fastboot_tx_write_str("OKAY"); 895 #else 896 fastboot_tx_write_str("FAILnot implemented"); 897 #endif 898 } else if (strncmp("unlock", cmd + 9, 6) == 0) { 899 #ifdef CONFIG_AVB_LIBAVB_USER 900 uint8_t flash_lock_state; 901 flash_lock_state = 1; 902 if (avb_write_flash_lock_state(flash_lock_state)) 903 fastboot_tx_write_str("FAIL"); 904 else 905 fastboot_tx_write_str("OKAY"); 906 #else 907 fastboot_tx_write_str("FAILnot implemented"); 908 #endif 909 } else if (strncmp("lock_critical", cmd + 9, 12) == 0) { 910 fastboot_tx_write_str("FAILnot implemented"); 911 } else if (strncmp("unlock_critical", cmd + 9, 14) == 0) { 912 fastboot_tx_write_str("FAILnot implemented"); 913 } else if (strncmp("get_unlock_ability", cmd + 9, 17) == 0) { 914 fastboot_tx_write_str("FAILnot implemented"); 915 } else if (strncmp("get_unlock_bootloader_nonce", cmd + 4, 27) == 0) { 916 fastboot_tx_write_str("FAILnot implemented"); 917 } else if (strncmp("unlock_bootloader", cmd + 9, 17) == 0) { 918 fastboot_tx_write_str("FAILnot implemented"); 919 } else if (strncmp("lock_bootloader", cmd + 9, 15) == 0) { 920 fastboot_tx_write_str("FAILnot implemented"); 921 } else { 922 fastboot_tx_write_str("FAILunknown flashing command"); 923 } 924 } 925 926 static void cb_oem(struct usb_ep *ep, struct usb_request *req) 927 { 928 char *cmd = req->buf; 929 930 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 931 if (strncmp("format", cmd + 4, 6) == 0) { 932 char cmdbuf[32]; 933 sprintf(cmdbuf, "gpt write mmc %x $partitions", 934 CONFIG_FASTBOOT_FLASH_MMC_DEV); 935 if (run_command(cmdbuf, 0)) 936 fastboot_tx_write_str("FAIL"); 937 else 938 fastboot_tx_write_str("OKAY"); 939 } else 940 #endif 941 if (strncmp("unlock", cmd + 4, 8) == 0) { 942 fastboot_tx_write_str("FAILnot implemented"); 943 } else if (strncmp("at-get-ca-request", cmd + 4, 17) == 0) { 944 fastboot_tx_write_str("OKAY"); 945 } else if (strncmp("at-set-ca-response", cmd + 4, 18) == 0) { 946 fastboot_tx_write_str("OKAY"); 947 } else if (strncmp("at-lock-vboot", cmd + 4, 13) == 0) { 948 #ifdef CONFIG_AVB_LIBAVB_USER 949 uint8_t lock_state; 950 lock_state = 0; 951 if (avb_write_lock_state(lock_state)) 952 fastboot_tx_write_str("FAIL"); 953 else 954 fastboot_tx_write_str("OKAY"); 955 #else 956 fastboot_tx_write_str("FAILnot implemented"); 957 #endif 958 } else if (strncmp("at-unlock-vboot", cmd + 4, 15) == 0) { 959 #ifdef CONFIG_AVB_LIBAVB_USER 960 uint8_t lock_state; 961 if (avb_read_lock_state(&lock_state)) 962 fastboot_tx_write_str("FAIL"); 963 if (lock_state >> 1 == 1) { 964 fastboot_tx_write_str("FAILThe vboot is disable!"); 965 } else { 966 lock_state = 1; 967 if (avb_write_lock_state(lock_state)) 968 fastboot_tx_write_str("FAIL"); 969 else 970 fastboot_tx_write_str("OKAY"); 971 } 972 #else 973 fastboot_tx_write_str("FAILnot implemented"); 974 #endif 975 } else if (strncmp("at-disable-unlock-vboot", cmd + 4, 23) == 0) { 976 #ifdef CONFIG_AVB_LIBAVB_USER 977 uint8_t lock_state; 978 lock_state = 2; 979 if (avb_write_lock_state(lock_state)) 980 fastboot_tx_write_str("FAIL"); 981 else 982 fastboot_tx_write_str("OKAY"); 983 #else 984 fastboot_tx_write_str("FAILnot implemented"); 985 #endif 986 } else if (strncmp("fuse at-perm-attr", cmd + 4, 16) == 0) { 987 #ifdef CONFIG_AVB_LIBAVB_USER 988 if (PERM_ATTR_TOTAL_SIZE != download_bytes) { 989 printf("Permanent attribute size is not equal!\n"); 990 fastboot_tx_write_str("FAIL"); 991 return; 992 } 993 994 if (avb_write_permanent_attributes((uint8_t *) 995 CONFIG_FASTBOOT_BUF_ADDR, 996 download_bytes 997 - PERM_ATTR_DIGEST_SIZE)) { 998 fastboot_tx_write_str("FAIL"); 999 return; 1000 } 1001 1002 if (avb_write_attribute_hash((uint8_t *) 1003 (CONFIG_FASTBOOT_BUF_ADDR 1004 + download_bytes 1005 - PERM_ATTR_DIGEST_SIZE), 1006 PERM_ATTR_DIGEST_SIZE)) { 1007 fastboot_tx_write_str("FAIL"); 1008 return; 1009 } 1010 1011 if (avb_write_perm_attr_flag(1)) { 1012 fastboot_tx_write_str("FAIL"); 1013 return; 1014 } 1015 1016 fastboot_tx_write_str("OKAY"); 1017 #else 1018 fastboot_tx_write_str("FAILnot implemented"); 1019 #endif 1020 } else if (strncmp("fuse at-bootloader-vboot-key", cmd + 4, 27) == 0) { 1021 #ifdef CONFIG_AVB_LIBAVB_USER 1022 if (download_bytes != VBOOT_KEY_HASH_SIZE) { 1023 fastboot_tx_write_str("FAIL"); 1024 printf("The vboot key size error!\n"); 1025 } 1026 1027 if (avb_write_vbootkey_hash((uint8_t *) 1028 CONFIG_FASTBOOT_BUF_ADDR, 1029 VBOOT_KEY_HASH_SIZE)) { 1030 fastboot_tx_write_str("FAIL"); 1031 return; 1032 } 1033 fastboot_tx_write_str("OKAY"); 1034 #else 1035 fastboot_tx_write_str("FAILnot implemented"); 1036 #endif 1037 } else { 1038 fastboot_tx_write_str("FAILunknown oem command"); 1039 } 1040 } 1041 1042 #ifdef CONFIG_FASTBOOT_FLASH 1043 static void cb_erase(struct usb_ep *ep, struct usb_request *req) 1044 { 1045 char *cmd = req->buf; 1046 char response[FASTBOOT_RESPONSE_LEN]; 1047 1048 strsep(&cmd, ":"); 1049 if (!cmd) { 1050 error("missing partition name"); 1051 fastboot_tx_write_str("FAILmissing partition name"); 1052 return; 1053 } 1054 1055 fastboot_fail("no flash device defined", response); 1056 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 1057 fb_mmc_erase(cmd, response); 1058 #endif 1059 #ifdef CONFIG_FASTBOOT_FLASH_NAND_DEV 1060 fb_nand_erase(cmd, response); 1061 #endif 1062 fastboot_tx_write_str(response); 1063 } 1064 #endif 1065 1066 struct cmd_dispatch_info { 1067 char *cmd; 1068 void (*cb)(struct usb_ep *ep, struct usb_request *req); 1069 }; 1070 1071 static const struct cmd_dispatch_info cmd_dispatch_info[] = { 1072 { 1073 .cmd = "reboot", 1074 .cb = cb_reboot, 1075 }, { 1076 .cmd = "getvar:", 1077 .cb = cb_getvar, 1078 }, { 1079 .cmd = "download:", 1080 .cb = cb_download, 1081 }, { 1082 .cmd = "upload", 1083 .cb = cb_upload, 1084 }, { 1085 .cmd = "boot", 1086 .cb = cb_boot, 1087 }, { 1088 .cmd = "continue", 1089 .cb = cb_continue, 1090 }, { 1091 .cmd = "set_active", 1092 .cb = cb_set_active, 1093 }, 1094 #ifdef CONFIG_FASTBOOT_FLASH 1095 { 1096 .cmd = "flashing", 1097 .cb = cb_flashing, 1098 }, 1099 { 1100 .cmd = "flash", 1101 .cb = cb_flash, 1102 }, { 1103 .cmd = "erase", 1104 .cb = cb_erase, 1105 }, 1106 #endif 1107 { 1108 .cmd = "oem", 1109 .cb = cb_oem, 1110 }, 1111 }; 1112 1113 static void rx_handler_command(struct usb_ep *ep, struct usb_request *req) 1114 { 1115 char *cmdbuf = req->buf; 1116 void (*func_cb)(struct usb_ep *ep, struct usb_request *req) = NULL; 1117 int i; 1118 1119 if (req->status != 0 || req->length == 0) 1120 return; 1121 1122 for (i = 0; i < ARRAY_SIZE(cmd_dispatch_info); i++) { 1123 if (!strcmp_l1(cmd_dispatch_info[i].cmd, cmdbuf)) { 1124 func_cb = cmd_dispatch_info[i].cb; 1125 break; 1126 } 1127 } 1128 1129 if (!func_cb) { 1130 error("unknown command: %.*s", req->actual, cmdbuf); 1131 fastboot_tx_write_str("FAILunknown command"); 1132 } else { 1133 if (req->actual < req->length) { 1134 u8 *buf = (u8 *)req->buf; 1135 buf[req->actual] = 0; 1136 func_cb(ep, req); 1137 } else { 1138 error("buffer overflow"); 1139 fastboot_tx_write_str("FAILbuffer overflow"); 1140 } 1141 } 1142 1143 *cmdbuf = '\0'; 1144 req->actual = 0; 1145 usb_ep_queue(ep, req, 0); 1146 } 1147