1 /* 2 * (C) Copyright 2008 - 2009 3 * Windriver, <www.windriver.com> 4 * Tom Rix <Tom.Rix@windriver.com> 5 * 6 * Copyright 2011 Sebastian Andrzej Siewior <bigeasy@linutronix.de> 7 * 8 * Copyright 2014 Linaro, Ltd. 9 * Rob Herring <robh@kernel.org> 10 * 11 * SPDX-License-Identifier: GPL-2.0+ 12 */ 13 #include <config.h> 14 #include <common.h> 15 #include <console.h> 16 #include <android_bootloader.h> 17 #include <errno.h> 18 #include <fastboot.h> 19 #include <malloc.h> 20 #include <linux/usb/ch9.h> 21 #include <linux/usb/gadget.h> 22 #include <linux/usb/composite.h> 23 #include <linux/compiler.h> 24 #include <u-boot/sha256.h> 25 #include <version.h> 26 #include <g_dnl.h> 27 #include <fs.h> 28 #include <android_avb/avb_ops_user.h> 29 #include <android_avb/rk_avb_ops_user.h> 30 #include <dm/uclass.h> 31 #include <power/fuel_gauge.h> 32 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 33 #include <fb_mmc.h> 34 #endif 35 #ifdef CONFIG_FASTBOOT_FLASH_NAND_DEV 36 #include <fb_nand.h> 37 #endif 38 #ifdef CONFIG_OPTEE_CLIENT 39 #include <optee_include/OpteeClientInterface.h> 40 #endif 41 #include <boot_rkimg.h> 42 #include <optee_include/tee_client_api.h> 43 #ifdef CONFIG_FASTBOOT_OEM_UNLOCK 44 #include <keymaster.h> 45 #endif 46 #ifdef CONFIG_ANDROID_AB 47 #include <android_ab.h> 48 #endif 49 50 #define FASTBOOT_VERSION "0.4" 51 52 #define FASTBOOT_INTERFACE_CLASS 0xff 53 #define FASTBOOT_INTERFACE_SUB_CLASS 0x42 54 #define FASTBOOT_INTERFACE_PROTOCOL 0x03 55 56 #define RX_ENDPOINT_MAXIMUM_PACKET_SIZE_2_0 (0x0200) 57 #define RX_ENDPOINT_MAXIMUM_PACKET_SIZE_1_1 (0x0040) 58 #define TX_ENDPOINT_MAXIMUM_PACKET_SIZE (0x0040) 59 60 #define EP_BUFFER_SIZE 4096 61 #define SLEEP_COUNT 20000 62 #define MAX_PART_NUM_STR_SIZE 4 63 #define PARTITION_TYPE_STRINGS "partition-type" 64 65 /* 66 * EP_BUFFER_SIZE must always be an integral multiple of maxpacket size 67 * (64 or 512 or 1024), else we break on certain controllers like DWC3 68 * that expect bulk OUT requests to be divisible by maxpacket size. 69 */ 70 71 struct f_fastboot { 72 struct usb_function usb_function; 73 74 /* IN/OUT EP's and corresponding requests */ 75 struct usb_ep *in_ep, *out_ep; 76 struct usb_request *in_req, *out_req; 77 }; 78 79 static inline struct f_fastboot *func_to_fastboot(struct usb_function *f) 80 { 81 return container_of(f, struct f_fastboot, usb_function); 82 } 83 84 static struct f_fastboot *fastboot_func; 85 static unsigned int download_size; 86 static unsigned int download_bytes; 87 static unsigned int upload_size; 88 static unsigned int upload_bytes; 89 static bool start_upload; 90 static unsigned intthread_wakeup_needed; 91 92 static struct usb_endpoint_descriptor fs_ep_in = { 93 .bLength = USB_DT_ENDPOINT_SIZE, 94 .bDescriptorType = USB_DT_ENDPOINT, 95 .bEndpointAddress = USB_DIR_IN, 96 .bmAttributes = USB_ENDPOINT_XFER_BULK, 97 .wMaxPacketSize = cpu_to_le16(64), 98 }; 99 100 static struct usb_endpoint_descriptor fs_ep_out = { 101 .bLength = USB_DT_ENDPOINT_SIZE, 102 .bDescriptorType = USB_DT_ENDPOINT, 103 .bEndpointAddress = USB_DIR_OUT, 104 .bmAttributes = USB_ENDPOINT_XFER_BULK, 105 .wMaxPacketSize = cpu_to_le16(64), 106 }; 107 108 static struct usb_endpoint_descriptor hs_ep_in = { 109 .bLength = USB_DT_ENDPOINT_SIZE, 110 .bDescriptorType = USB_DT_ENDPOINT, 111 .bEndpointAddress = USB_DIR_IN, 112 .bmAttributes = USB_ENDPOINT_XFER_BULK, 113 .wMaxPacketSize = cpu_to_le16(512), 114 }; 115 116 static struct usb_endpoint_descriptor hs_ep_out = { 117 .bLength = USB_DT_ENDPOINT_SIZE, 118 .bDescriptorType = USB_DT_ENDPOINT, 119 .bEndpointAddress = USB_DIR_OUT, 120 .bmAttributes = USB_ENDPOINT_XFER_BULK, 121 .wMaxPacketSize = cpu_to_le16(512), 122 }; 123 124 static struct usb_endpoint_descriptor ss_ep_in = { 125 .bLength = USB_DT_ENDPOINT_SIZE, 126 .bDescriptorType = USB_DT_ENDPOINT, 127 .bEndpointAddress = USB_DIR_IN, 128 .bmAttributes = USB_ENDPOINT_XFER_BULK, 129 .wMaxPacketSize = cpu_to_le16(1024), 130 }; 131 132 static struct usb_ss_ep_comp_descriptor ss_ep_in_comp_desc = { 133 .bLength = sizeof(ss_ep_in_comp_desc), 134 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 135 /* .bMaxBurst = DYNAMIC, */ 136 }; 137 138 static struct usb_endpoint_descriptor ss_ep_out = { 139 .bLength = USB_DT_ENDPOINT_SIZE, 140 .bDescriptorType = USB_DT_ENDPOINT, 141 .bEndpointAddress = USB_DIR_OUT, 142 .bmAttributes = USB_ENDPOINT_XFER_BULK, 143 .wMaxPacketSize = cpu_to_le16(1024), 144 }; 145 146 static struct usb_ss_ep_comp_descriptor ss_ep_out_comp_desc = { 147 .bLength = sizeof(ss_ep_out_comp_desc), 148 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 149 /* .bMaxBurst = DYNAMIC, */ 150 }; 151 152 static struct usb_interface_descriptor interface_desc = { 153 .bLength = USB_DT_INTERFACE_SIZE, 154 .bDescriptorType = USB_DT_INTERFACE, 155 .bInterfaceNumber = 0x00, 156 .bAlternateSetting = 0x00, 157 .bNumEndpoints = 0x02, 158 .bInterfaceClass = FASTBOOT_INTERFACE_CLASS, 159 .bInterfaceSubClass = FASTBOOT_INTERFACE_SUB_CLASS, 160 .bInterfaceProtocol = FASTBOOT_INTERFACE_PROTOCOL, 161 }; 162 163 static struct usb_descriptor_header *fb_fs_function[] = { 164 (struct usb_descriptor_header *)&interface_desc, 165 (struct usb_descriptor_header *)&fs_ep_in, 166 (struct usb_descriptor_header *)&fs_ep_out, 167 }; 168 169 static struct usb_descriptor_header *fb_hs_function[] = { 170 (struct usb_descriptor_header *)&interface_desc, 171 (struct usb_descriptor_header *)&hs_ep_in, 172 (struct usb_descriptor_header *)&hs_ep_out, 173 NULL, 174 }; 175 176 static struct usb_descriptor_header *fb_ss_function[] = { 177 (struct usb_descriptor_header *)&interface_desc, 178 (struct usb_descriptor_header *)&ss_ep_in, 179 (struct usb_descriptor_header *)&ss_ep_in_comp_desc, 180 (struct usb_descriptor_header *)&ss_ep_out, 181 (struct usb_descriptor_header *)&ss_ep_out_comp_desc, 182 NULL, 183 }; 184 185 static struct usb_endpoint_descriptor * 186 fb_ep_desc(struct usb_gadget *g, struct usb_endpoint_descriptor *fs, 187 struct usb_endpoint_descriptor *hs, 188 struct usb_endpoint_descriptor *ss, 189 struct usb_ss_ep_comp_descriptor *comp_desc, 190 struct usb_ep *ep) 191 { 192 struct usb_endpoint_descriptor *speed_desc = NULL; 193 194 /* select desired speed */ 195 switch (g->speed) { 196 case USB_SPEED_SUPER: 197 if (gadget_is_superspeed(g)) { 198 speed_desc = ss; 199 ep->comp_desc = comp_desc; 200 break; 201 } 202 /* else: Fall trough */ 203 case USB_SPEED_HIGH: 204 if (gadget_is_dualspeed(g)) { 205 speed_desc = hs; 206 break; 207 } 208 /* else: fall through */ 209 default: 210 speed_desc = fs; 211 } 212 213 return speed_desc; 214 } 215 216 /* 217 * static strings, in UTF-8 218 */ 219 static const char fastboot_name[] = "Android Fastboot"; 220 221 static struct usb_string fastboot_string_defs[] = { 222 [0].s = fastboot_name, 223 { } /* end of list */ 224 }; 225 226 static struct usb_gadget_strings stringtab_fastboot = { 227 .language = 0x0409, /* en-us */ 228 .strings = fastboot_string_defs, 229 }; 230 231 static struct usb_gadget_strings *fastboot_strings[] = { 232 &stringtab_fastboot, 233 NULL, 234 }; 235 236 static void rx_handler_command(struct usb_ep *ep, struct usb_request *req); 237 static int strcmp_l1(const char *s1, const char *s2); 238 static void wakeup_thread(void) 239 { 240 intthread_wakeup_needed = false; 241 } 242 243 static void busy_indicator(void) 244 { 245 static int state; 246 247 switch (state) { 248 case 0: 249 puts("\r|"); break; 250 case 1: 251 puts("\r/"); break; 252 case 2: 253 puts("\r-"); break; 254 case 3: 255 puts("\r\\"); break; 256 case 4: 257 puts("\r|"); break; 258 case 5: 259 puts("\r/"); break; 260 case 6: 261 puts("\r-"); break; 262 case 7: 263 puts("\r\\"); break; 264 default: 265 state = 0; 266 } 267 if (state++ == 8) 268 state = 0; 269 } 270 271 static int fb_get_fstype(const char *ifname, const int part_num, 272 const char **fs_type) 273 { 274 char part_num_str[MAX_PART_NUM_STR_SIZE] = {0}; 275 276 snprintf(part_num_str, ARRAY_SIZE(part_num_str), ":%x", part_num); 277 278 if (fs_set_blk_dev(ifname, part_num_str, FS_TYPE_ANY)) 279 return -1; 280 281 if (fs_get_fstype(fs_type)) 282 return -1; 283 284 return 0; 285 } 286 287 static int sleep_thread(void) 288 { 289 int rc = 0; 290 int i = 0, k = 0; 291 292 /* Wait until a signal arrives or we are woken up */ 293 for (;;) { 294 if (!intthread_wakeup_needed) 295 break; 296 297 if (++i == SLEEP_COUNT) { 298 busy_indicator(); 299 i = 0; 300 k++; 301 } 302 303 if (k == 10) { 304 /* Handle CTRL+C */ 305 if (ctrlc()) 306 return -EPIPE; 307 308 /* Check cable connection */ 309 if (!g_dnl_board_usb_cable_connected()) 310 return -EIO; 311 312 k = 0; 313 } 314 315 usb_gadget_handle_interrupts(0); 316 } 317 intthread_wakeup_needed = true; 318 return rc; 319 } 320 321 static void fastboot_complete(struct usb_ep *ep, struct usb_request *req) 322 { 323 int status = req->status; 324 325 wakeup_thread(); 326 if (!status) 327 return; 328 printf("status: %d ep '%s' trans: %d\n", status, ep->name, req->actual); 329 } 330 331 static int fastboot_bind(struct usb_configuration *c, struct usb_function *f) 332 { 333 int id; 334 struct usb_gadget *gadget = c->cdev->gadget; 335 struct f_fastboot *f_fb = func_to_fastboot(f); 336 const char *s; 337 338 /* DYNAMIC interface numbers assignments */ 339 id = usb_interface_id(c, f); 340 if (id < 0) 341 return id; 342 interface_desc.bInterfaceNumber = id; 343 344 id = usb_string_id(c->cdev); 345 if (id < 0) 346 return id; 347 fastboot_string_defs[0].id = id; 348 interface_desc.iInterface = id; 349 350 f_fb->in_ep = usb_ep_autoconfig(gadget, &fs_ep_in); 351 if (!f_fb->in_ep) 352 return -ENODEV; 353 f_fb->in_ep->driver_data = c->cdev; 354 355 f_fb->out_ep = usb_ep_autoconfig(gadget, &fs_ep_out); 356 if (!f_fb->out_ep) 357 return -ENODEV; 358 f_fb->out_ep->driver_data = c->cdev; 359 360 f->descriptors = fb_fs_function; 361 362 if (gadget_is_dualspeed(gadget)) { 363 /* Assume endpoint addresses are the same for both speeds */ 364 hs_ep_in.bEndpointAddress = fs_ep_in.bEndpointAddress; 365 hs_ep_out.bEndpointAddress = fs_ep_out.bEndpointAddress; 366 /* copy HS descriptors */ 367 f->hs_descriptors = fb_hs_function; 368 } 369 370 if (gadget_is_superspeed(gadget)) { 371 /* Assume endpoint addresses are the same as full speed */ 372 ss_ep_in.bEndpointAddress = fs_ep_in.bEndpointAddress; 373 ss_ep_out.bEndpointAddress = fs_ep_out.bEndpointAddress; 374 /* copy SS descriptors */ 375 f->ss_descriptors = fb_ss_function; 376 } 377 378 s = env_get("serial#"); 379 if (s) 380 g_dnl_set_serialnumber((char *)s); 381 382 return 0; 383 } 384 385 static void fastboot_unbind(struct usb_configuration *c, struct usb_function *f) 386 { 387 memset(fastboot_func, 0, sizeof(*fastboot_func)); 388 } 389 390 static void fastboot_disable(struct usb_function *f) 391 { 392 struct f_fastboot *f_fb = func_to_fastboot(f); 393 394 usb_ep_disable(f_fb->out_ep); 395 usb_ep_disable(f_fb->in_ep); 396 397 if (f_fb->out_req) { 398 free(f_fb->out_req->buf); 399 usb_ep_free_request(f_fb->out_ep, f_fb->out_req); 400 f_fb->out_req = NULL; 401 } 402 if (f_fb->in_req) { 403 free(f_fb->in_req->buf); 404 usb_ep_free_request(f_fb->in_ep, f_fb->in_req); 405 f_fb->in_req = NULL; 406 } 407 } 408 409 static struct usb_request *fastboot_start_ep(struct usb_ep *ep) 410 { 411 struct usb_request *req; 412 413 req = usb_ep_alloc_request(ep, 0); 414 if (!req) 415 return NULL; 416 417 req->length = EP_BUFFER_SIZE; 418 req->buf = memalign(CONFIG_SYS_CACHELINE_SIZE, EP_BUFFER_SIZE); 419 if (!req->buf) { 420 usb_ep_free_request(ep, req); 421 return NULL; 422 } 423 424 memset(req->buf, 0, req->length); 425 return req; 426 } 427 428 static int fastboot_set_alt(struct usb_function *f, 429 unsigned interface, unsigned alt) 430 { 431 int ret; 432 struct usb_composite_dev *cdev = f->config->cdev; 433 struct usb_gadget *gadget = cdev->gadget; 434 struct f_fastboot *f_fb = func_to_fastboot(f); 435 const struct usb_endpoint_descriptor *d; 436 437 debug("%s: func: %s intf: %d alt: %d\n", 438 __func__, f->name, interface, alt); 439 440 d = fb_ep_desc(gadget, &fs_ep_out, &hs_ep_out, &ss_ep_out, 441 &ss_ep_out_comp_desc, f_fb->out_ep); 442 ret = usb_ep_enable(f_fb->out_ep, d); 443 if (ret) { 444 puts("failed to enable out ep\n"); 445 return ret; 446 } 447 448 f_fb->out_req = fastboot_start_ep(f_fb->out_ep); 449 if (!f_fb->out_req) { 450 puts("failed to alloc out req\n"); 451 ret = -EINVAL; 452 goto err; 453 } 454 f_fb->out_req->complete = rx_handler_command; 455 456 d = fb_ep_desc(gadget, &fs_ep_in, &hs_ep_in, &ss_ep_in, 457 &ss_ep_in_comp_desc, f_fb->in_ep); 458 ret = usb_ep_enable(f_fb->in_ep, d); 459 if (ret) { 460 puts("failed to enable in ep\n"); 461 goto err; 462 } 463 464 f_fb->in_req = fastboot_start_ep(f_fb->in_ep); 465 if (!f_fb->in_req) { 466 puts("failed alloc req in\n"); 467 ret = -EINVAL; 468 goto err; 469 } 470 f_fb->in_req->complete = fastboot_complete; 471 472 ret = usb_ep_queue(f_fb->out_ep, f_fb->out_req, 0); 473 if (ret) 474 goto err; 475 476 return 0; 477 err: 478 fastboot_disable(f); 479 return ret; 480 } 481 482 static int fastboot_add(struct usb_configuration *c) 483 { 484 struct f_fastboot *f_fb = fastboot_func; 485 int status; 486 487 debug("%s: cdev: 0x%p\n", __func__, c->cdev); 488 489 if (!f_fb) { 490 f_fb = memalign(CONFIG_SYS_CACHELINE_SIZE, sizeof(*f_fb)); 491 if (!f_fb) 492 return -ENOMEM; 493 494 fastboot_func = f_fb; 495 memset(f_fb, 0, sizeof(*f_fb)); 496 } 497 498 f_fb->usb_function.name = "f_fastboot"; 499 f_fb->usb_function.bind = fastboot_bind; 500 f_fb->usb_function.unbind = fastboot_unbind; 501 f_fb->usb_function.set_alt = fastboot_set_alt; 502 f_fb->usb_function.disable = fastboot_disable; 503 f_fb->usb_function.strings = fastboot_strings; 504 505 status = usb_add_function(c, &f_fb->usb_function); 506 if (status) { 507 free(f_fb); 508 fastboot_func = f_fb; 509 } 510 511 return status; 512 } 513 DECLARE_GADGET_BIND_CALLBACK(usb_dnl_fastboot, fastboot_add); 514 515 static int fastboot_tx_write(const char *buffer, unsigned int buffer_size) 516 { 517 struct usb_request *in_req = fastboot_func->in_req; 518 int ret; 519 520 memcpy(in_req->buf, buffer, buffer_size); 521 in_req->length = buffer_size; 522 523 usb_ep_dequeue(fastboot_func->in_ep, in_req); 524 525 ret = usb_ep_queue(fastboot_func->in_ep, in_req, 0); 526 if (ret) 527 printf("Error %d on queue\n", ret); 528 return 0; 529 } 530 531 static int fastboot_tx_write_str(const char *buffer) 532 { 533 int ret; 534 535 ret = sleep_thread(); 536 if (ret < 0) 537 printf("warning: 0x%x, usb transmission is abnormal!\n", ret); 538 539 return fastboot_tx_write(buffer, strlen(buffer)); 540 } 541 542 static void compl_do_reset(struct usb_ep *ep, struct usb_request *req) 543 { 544 do_reset(NULL, 0, 0, NULL); 545 } 546 547 int __weak fb_set_reboot_flag(void) 548 { 549 return -ENOSYS; 550 } 551 552 static void cb_reboot(struct usb_ep *ep, struct usb_request *req) 553 { 554 char *cmd = req->buf; 555 556 if (!strcmp_l1("reboot-bootloader", cmd)) { 557 if (fb_set_reboot_flag()) { 558 fastboot_tx_write_str("FAILCannot set reboot flag"); 559 return; 560 } 561 } 562 #ifdef CONFIG_ANDROID_BOOTLOADER 563 if (!strcmp_l1("reboot-fastboot", cmd)) { 564 if (android_bcb_write("boot-fastboot")) { 565 fastboot_tx_write_str("FAILCannot set boot-fastboot"); 566 return; 567 } 568 } 569 570 if (!strcmp_l1("reboot-recovery", cmd)) { 571 if (android_bcb_write("boot-recovery")) { 572 fastboot_tx_write_str("FAILCannot set boot-recovery"); 573 return; 574 } 575 } 576 #endif 577 fastboot_func->in_req->complete = compl_do_reset; 578 fastboot_tx_write_str("OKAY"); 579 } 580 581 static int strcmp_l1(const char *s1, const char *s2) 582 { 583 if (!s1 || !s2) 584 return -1; 585 return strncmp(s1, s2, strlen(s1)); 586 } 587 588 struct name_string { 589 const char *str; 590 int expects_args; 591 char delim; 592 }; 593 594 #define NAME_NO_ARGS(s) {.str = s, .expects_args = 0} 595 #define NAME_ARGS(s, d) {.str = s, .expects_args = 1, .delim = d} 596 597 static size_t name_check_match(const char *str, size_t len, 598 const struct name_string *name) 599 { 600 size_t str_len = strlen(name->str); 601 602 /* If name len is greater than input, return 0. */ 603 if (str_len > len) 604 return 0; 605 606 /* If name str does not match input string, return 0. */ 607 if (memcmp(name->str, str, str_len)) 608 return 0; 609 610 if (name->expects_args) { 611 /* string should have space for delim */ 612 if (len == str_len) 613 return 0; 614 615 /* Check delim match */ 616 if (name->delim != str[str_len]) 617 return 0; 618 } else { 619 /* Name str len should match input len */ 620 if (str_len != len) 621 return 0; 622 } 623 624 return str_len + name->expects_args; 625 } 626 627 static void fb_add_string(char *dst, size_t chars_left, 628 const char *str, const char *args) 629 { 630 if (!str) 631 return; 632 633 int ret = snprintf(dst, chars_left, str, args); 634 635 if (ret < 0) 636 pr_err("snprintf is error!"); 637 } 638 639 static void fb_add_number(char *dst, size_t chars_left, 640 const char *format, size_t num) 641 { 642 if (!format) 643 return; 644 645 int ret = snprintf(dst, chars_left, format, num); 646 647 if (ret > chars_left) 648 pr_err("snprintf is error!"); 649 } 650 651 static int fb_read_var(char *cmd, char *response, 652 fb_getvar_t var, size_t chars_left) 653 { 654 const char *s; 655 int ret = 0; 656 657 switch (var) { 658 case FB_VERSION: 659 fb_add_string(response, chars_left, FASTBOOT_VERSION, NULL); 660 break; 661 case FB_BOOTLOADER_VERSION: 662 fb_add_string(response, chars_left, U_BOOT_VERSION, NULL); 663 break; 664 case FB_BASEBAND_VERSION: 665 fb_add_string(response, chars_left, "N/A", NULL); 666 break; 667 case FB_PRODUCT: 668 fb_add_string(response, chars_left, CONFIG_SYS_BOARD, NULL); 669 break; 670 case FB_SERIAL_NO: 671 s = env_get("serial#"); 672 if (s) 673 fb_add_string(response, chars_left, s, NULL); 674 else 675 ret = -1; 676 break; 677 case FB_SECURE: 678 fb_add_string(response, chars_left, "yes", NULL); 679 break; 680 case FB_VARIANT: 681 fb_add_string(response, chars_left, "userdebug", NULL); 682 break; 683 case FB_DWNLD_SIZE: 684 fb_add_number(response, chars_left, "0x%08x", 685 CONFIG_FASTBOOT_BUF_SIZE); 686 break; 687 case FB_PART_SIZE: 688 case FB_PART_TYPE: { 689 char *part_name = cmd; 690 691 cmd = strsep(&part_name, ":"); 692 if (!cmd || !part_name) { 693 fb_add_string(response, chars_left, 694 "argument Invalid!", NULL); 695 ret = -1; 696 break; 697 } 698 699 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 700 disk_partition_t part_info; 701 struct blk_desc *dev_desc; 702 int part_num = -1; 703 const char *fs_type = NULL; 704 705 #ifdef CONFIG_RKIMG_BOOTLOADER 706 dev_desc = rockchip_get_bootdev(); 707 #else 708 dev_desc = NULL; 709 #endif 710 if (!dev_desc) { 711 fb_add_string(response, chars_left, 712 "block device not found", NULL); 713 ret = -1; 714 break; 715 } 716 717 part_num = part_get_info_by_name(dev_desc, part_name, 718 &part_info); 719 if (part_num < 0) { 720 fb_add_string(response, chars_left, 721 "partition not found", NULL); 722 ret = -1; 723 } else if (!strncmp(PARTITION_TYPE_STRINGS, cmd, 724 strlen(PARTITION_TYPE_STRINGS))) { 725 if (fb_get_fstype("mmc", part_num, &fs_type)) { 726 fb_add_string(response, chars_left, 727 (char *)part_info.type, NULL); 728 } else { 729 fb_add_string(response, chars_left, 730 fs_type, NULL); 731 } 732 } else if (!strncmp("partition-size", cmd, 14)) { 733 u64 part_size; 734 735 part_size = (uint64_t)part_info.size; 736 snprintf(response, chars_left, "0x%llx", 737 part_size * dev_desc->blksz); 738 } 739 #else 740 fb_add_string(response, chars_left, "not implemented", NULL); 741 ret = -1; 742 #endif 743 break; 744 } 745 case FB_BLK_SIZE: { 746 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 747 struct blk_desc *dev_desc; 748 749 #ifdef CONFIG_RKIMG_BOOTLOADER 750 dev_desc = rockchip_get_bootdev(); 751 #else 752 dev_desc = NULL; 753 #endif 754 if (!dev_desc) { 755 fb_add_string(response, chars_left, 756 "block device not found", NULL); 757 ret = -1; 758 } else { 759 fb_add_number(response, chars_left, 760 "0x%lx", dev_desc->blksz); 761 } 762 #else 763 fb_add_string(response, chars_left, "not implemented", NULL); 764 ret = -1; 765 #endif 766 break; 767 } 768 case FB_ERASE_SIZE: { 769 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 770 lbaint_t erase_grp_size; 771 772 erase_grp_size = fb_mmc_get_erase_grp_size(); 773 if (erase_grp_size < 0) { 774 fb_add_string(response, chars_left, 775 "block device not found", NULL); 776 ret = -1; 777 } else { 778 fb_add_number(response, chars_left, "0x"LBAF"", 779 erase_grp_size); 780 } 781 #else 782 fb_add_string(response, chars_left, "not implemented", NULL); 783 ret = -1; 784 #endif 785 break; 786 } 787 case FB_UNLOCKED: { 788 #ifdef CONFIG_RK_AVB_LIBAVB_USER 789 uint8_t flash_lock_state = 0; 790 791 if (rk_avb_read_flash_lock_state(&flash_lock_state)) 792 fb_add_string(response, chars_left, "yes", NULL); 793 else 794 fb_add_string(response, chars_left, "no", NULL); 795 #else 796 fb_add_string(response, chars_left, "not implemented", NULL); 797 ret = -1; 798 #endif 799 break; 800 } 801 case FB_OFF_MODE_CHARGE: { 802 fb_add_string(response, chars_left, "not implemented", NULL); 803 break; 804 } 805 case FB_BATT_VOLTAGE: { 806 fb_add_string(response, chars_left, "not implemented", NULL); 807 break; 808 } 809 case FB_BATT_SOC_OK: { 810 fb_add_string(response, chars_left, "no", NULL); 811 break; 812 } 813 case FB_IS_USERSPACE: { 814 fb_add_string(response, chars_left, "no", NULL); 815 break; 816 } 817 #ifdef CONFIG_RK_AVB_LIBAVB_USER 818 case FB_HAS_COUNT: { 819 char slot_count[2]; 820 char temp; 821 822 slot_count[1] = '\0'; 823 if (rk_avb_read_slot_count(&temp) < 0) { 824 fb_add_number(response, chars_left, "%d", 0); 825 ret = -1; 826 break; 827 } 828 slot_count[0] = temp + 0x30; 829 fb_add_string(response, chars_left, slot_count, NULL); 830 break; 831 } 832 case FB_HAS_SLOT: { 833 char *part_name = cmd; 834 int has_slot = -1; 835 836 cmd = strsep(&part_name, ":"); 837 if (!cmd || !part_name) { 838 fb_add_string(response, chars_left, 839 "argument Invalid!", NULL); 840 ret = -1; 841 break; 842 } 843 844 has_slot = rk_avb_get_part_has_slot_info(part_name); 845 if (has_slot < 0) 846 fb_add_string(response, chars_left, "no", NULL); 847 else 848 fb_add_string(response, chars_left, "yes", NULL); 849 break; 850 } 851 case FB_CURR_SLOT: { 852 char slot_surrent[8] = {0}; 853 854 if (!rk_avb_get_current_slot(slot_surrent)) { 855 fb_add_string(response, chars_left, 856 slot_surrent + 1, NULL); 857 } else { 858 fb_add_string(response, chars_left, "get error", NULL); 859 ret = -1; 860 } 861 break; 862 } 863 case FB_SLOT_SUFFIXES: { 864 char slot_suffixes_temp[4] = {0}; 865 char slot_suffixes[9] = {0}; 866 int slot_cnt = 0; 867 868 rk_avb_read_slot_suffixes(slot_suffixes_temp); 869 while (slot_suffixes_temp[slot_cnt] != '\0') { 870 slot_suffixes[slot_cnt * 2] 871 = slot_suffixes_temp[slot_cnt]; 872 slot_suffixes[slot_cnt * 2 + 1] = ','; 873 slot_cnt++; 874 } 875 876 slot_suffixes[(slot_cnt - 1) * 2 + 1] = '\0'; 877 fb_add_string(response, chars_left, slot_suffixes, NULL); 878 break; 879 } 880 case FB_SLOT_SUCCESSFUL:{ 881 char *slot_name = cmd; 882 AvbABData ab_info; 883 884 cmd = strsep(&slot_name, ":"); 885 if (!cmd || !slot_name) { 886 fb_add_string(response, chars_left, 887 "argument Invalid!", NULL); 888 ret = -1; 889 break; 890 } 891 892 if (rk_avb_get_ab_info(&ab_info) < 0) { 893 fb_add_string(response, chars_left, 894 "get ab info failed!", NULL); 895 ret = -1; 896 break; 897 } 898 899 if (!strcmp(slot_name, "a")) { 900 if (ab_info.slots[0].successful_boot) 901 fb_add_string(response, chars_left, 902 "yes", NULL); 903 else 904 fb_add_string(response, chars_left, 905 "no", NULL); 906 } else if (!strcmp(slot_name, "b")) { 907 if (ab_info.slots[1].successful_boot) 908 fb_add_string(response, chars_left, 909 "yes", NULL); 910 else 911 fb_add_string(response, chars_left, 912 "no", NULL); 913 } else { 914 fb_add_string(response, chars_left, "no", NULL); 915 } 916 break; 917 } 918 case FB_SLOT_UNBOOTABLE: { 919 char *slot_name = cmd; 920 AvbABData ab_info; 921 922 cmd = strsep(&slot_name, ":"); 923 924 if (!cmd || !slot_name) { 925 fb_add_string(response, chars_left, 926 "argument Invalid!", NULL); 927 ret = -1; 928 break; 929 } 930 931 if (rk_avb_get_ab_info(&ab_info) < 0) { 932 fb_add_string(response, chars_left, 933 "get ab info failed!", NULL); 934 ret = -1; 935 break; 936 } 937 938 if (!strcmp(slot_name, "a")) { 939 if (!ab_info.slots[0].successful_boot && 940 !ab_info.slots[0].tries_remaining && 941 !ab_info.slots[0].priority) 942 fb_add_string(response, chars_left, 943 "yes", NULL); 944 else 945 fb_add_string(response, chars_left, "no", NULL); 946 } else if (!strcmp(slot_name, "b")) { 947 if (!ab_info.slots[1].successful_boot && 948 !ab_info.slots[1].tries_remaining && 949 !ab_info.slots[1].priority) 950 fb_add_string(response, chars_left, 951 "yes", NULL); 952 else 953 fb_add_string(response, chars_left, "no", NULL); 954 } else { 955 fb_add_string(response, chars_left, "no", NULL); 956 } 957 break; 958 } 959 case FB_SLOT_RETRY_COUNT: { 960 char *slot_name = cmd; 961 AvbABData ab_info; 962 963 cmd = strsep(&slot_name, ":"); 964 if (!cmd || !slot_name) { 965 fb_add_string(response, chars_left, 966 "argument Invalid!", NULL); 967 ret = -1; 968 break; 969 } 970 971 if (rk_avb_get_ab_info(&ab_info) < 0) { 972 fb_add_string(response, chars_left, 973 "get ab info failed!", NULL); 974 ret = -1; 975 break; 976 } 977 978 if (!strcmp(slot_name, "a")) { 979 fb_add_number(response, chars_left, 980 "%d", ab_info.slots[0].tries_remaining); 981 } else if (!strcmp(slot_name, "b")) { 982 fb_add_number(response, chars_left, "%d", 983 ab_info.slots[1].tries_remaining); 984 985 } else { 986 strcpy(response, "FAILno"); 987 } 988 break; 989 } 990 case FB_AT_VBST: { 991 char vbst[VBOOT_STATE_SIZE] = {0}; 992 char *p_vbst; 993 994 strcpy(response, "INFO"); 995 rk_avb_get_at_vboot_state(vbst); 996 p_vbst = vbst; 997 do { 998 cmd = strsep(&p_vbst, "\n"); 999 if (strlen(cmd) > 0) { 1000 memcpy(&response[4], cmd, chars_left); 1001 fastboot_tx_write_str(response); 1002 } 1003 } while (strlen(cmd)); 1004 break; 1005 } 1006 case FB_SNAPSHOT_STATUS: { 1007 #ifdef CONFIG_ANDROID_AB 1008 struct misc_virtual_ab_message state; 1009 1010 memset(&state, 0x0, sizeof(state)); 1011 if (read_misc_virtual_ab_message(&state) != 0) { 1012 printf("FB_SNAPSHOT_STATUS read_misc_virtual_ab_message failed!\n"); 1013 fb_add_string(response, chars_left, "get error", NULL); 1014 ret = -1; 1015 } 1016 1017 if (state.magic != MISC_VIRTUAL_AB_MAGIC_HEADER) { 1018 printf("FB_SNAPSHOT_STATUS not virtual A/B metadata!\n"); 1019 fb_add_string(response, chars_left, "get error", NULL); 1020 ret = -1; 1021 } 1022 1023 if (state.merge_status == ENUM_MERGE_STATUS_MERGING) { 1024 fb_add_string(response, chars_left, "merging", NULL); 1025 } else if (state.merge_status == ENUM_MERGE_STATUS_SNAPSHOTTED) { 1026 fb_add_string(response, chars_left, "snapshotted", NULL); 1027 } else { 1028 fb_add_string(response, chars_left, "none", NULL); 1029 } 1030 #else 1031 fb_add_string(response, chars_left, "get error", NULL); 1032 ret = -1; 1033 #endif 1034 break; 1035 } 1036 1037 #endif 1038 #ifdef CONFIG_OPTEE_CLIENT 1039 case FB_AT_DH: { 1040 char dhbuf[ATTEST_DH_SIZE]; 1041 uint32_t dh_len = ATTEST_DH_SIZE; 1042 uint32_t res = trusty_attest_dh((uint8_t *)dhbuf, &dh_len); 1043 1044 if (res) { 1045 fb_add_string(response, chars_left, "dh not set", NULL); 1046 ret = -1; 1047 } else { 1048 fb_add_string(response, chars_left, dhbuf, NULL); 1049 } 1050 break; 1051 } 1052 case FB_AT_UUID: { 1053 char uuid[ATTEST_UUID_SIZE] = {0}; 1054 uint32_t uuid_len = ATTEST_UUID_SIZE; 1055 uint32_t res = trusty_attest_uuid((uint8_t *)uuid, &uuid_len); 1056 1057 uuid[ATTEST_UUID_SIZE - 1] = 0; 1058 if (res) { 1059 fb_add_string(response, chars_left, "dh not set", NULL); 1060 ret = -1; 1061 } else { 1062 fb_add_string(response, chars_left, uuid, NULL); 1063 } 1064 break; 1065 } 1066 #endif 1067 default: { 1068 char *envstr; 1069 1070 envstr = malloc(strlen("fastboot.") + strlen(cmd) + 1); 1071 if (!envstr) { 1072 fb_add_string(response, chars_left, 1073 "malloc error", NULL); 1074 ret = -1; 1075 break; 1076 } 1077 1078 sprintf(envstr, "fastboot.%s", cmd); 1079 s = env_get(envstr); 1080 if (s) { 1081 strncat(response, s, chars_left); 1082 } else { 1083 printf("WARNING: unknown variable: %s\n", cmd); 1084 fb_add_string(response, chars_left, 1085 "not implemented", NULL); 1086 } 1087 1088 free(envstr); 1089 break; 1090 } 1091 } 1092 1093 return ret; 1094 } 1095 1096 static const struct { 1097 /* 1098 *any changes to this array require an update to the corresponding 1099 *enum in fastboot.h 1100 */ 1101 struct name_string name; 1102 fb_getvar_t var; 1103 } getvar_table[] = { 1104 { NAME_NO_ARGS("version"), FB_VERSION}, 1105 { NAME_NO_ARGS("version-bootloader"), FB_BOOTLOADER_VERSION}, 1106 { NAME_NO_ARGS("version-baseband"), FB_BASEBAND_VERSION}, 1107 { NAME_NO_ARGS("product"), FB_PRODUCT}, 1108 { NAME_NO_ARGS("serialno"), FB_SERIAL_NO}, 1109 { NAME_NO_ARGS("secure"), FB_SECURE}, 1110 { NAME_NO_ARGS("max-download-size"), FB_DWNLD_SIZE}, 1111 { NAME_NO_ARGS("logical-block-size"), FB_BLK_SIZE}, 1112 { NAME_NO_ARGS("erase-block-size"), FB_ERASE_SIZE}, 1113 { NAME_ARGS("partition-type", ':'), FB_PART_TYPE}, 1114 { NAME_ARGS("partition-size", ':'), FB_PART_SIZE}, 1115 { NAME_NO_ARGS("unlocked"), FB_UNLOCKED}, 1116 { NAME_NO_ARGS("off-mode-charge"), FB_OFF_MODE_CHARGE}, 1117 { NAME_NO_ARGS("battery-voltage"), FB_BATT_VOLTAGE}, 1118 { NAME_NO_ARGS("variant"), FB_VARIANT}, 1119 { NAME_NO_ARGS("battery-soc-ok"), FB_BATT_SOC_OK}, 1120 { NAME_NO_ARGS("is-userspace"), FB_IS_USERSPACE}, 1121 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1122 /* Slots related */ 1123 { NAME_NO_ARGS("slot-count"), FB_HAS_COUNT}, 1124 { NAME_ARGS("has-slot", ':'), FB_HAS_SLOT}, 1125 { NAME_NO_ARGS("current-slot"), FB_CURR_SLOT}, 1126 { NAME_NO_ARGS("slot-suffixes"), FB_SLOT_SUFFIXES}, 1127 { NAME_ARGS("slot-successful", ':'), FB_SLOT_SUCCESSFUL}, 1128 { NAME_ARGS("slot-unbootable", ':'), FB_SLOT_UNBOOTABLE}, 1129 { NAME_ARGS("slot-retry-count", ':'), FB_SLOT_RETRY_COUNT}, 1130 { NAME_NO_ARGS("at-vboot-state"), FB_AT_VBST}, 1131 { NAME_NO_ARGS("snapshot-update-status"), FB_SNAPSHOT_STATUS}, 1132 #endif 1133 /* 1134 * OEM specific : 1135 * Spec says names starting with lowercase letter are reserved. 1136 */ 1137 #ifdef CONFIG_OPTEE_CLIENT 1138 { NAME_NO_ARGS("at-attest-dh"), FB_AT_DH}, 1139 { NAME_NO_ARGS("at-attest-uuid"), FB_AT_UUID}, 1140 #endif 1141 }; 1142 1143 static int fb_getvar_single(char *cmd, char *response, size_t chars_left) 1144 { 1145 int i; 1146 size_t match_len = 0; 1147 size_t len = strlen(cmd); 1148 1149 for (i = 0; i < ARRAY_SIZE(getvar_table); i++) { 1150 match_len = name_check_match(cmd, len, &getvar_table[i].name); 1151 if (match_len) 1152 break; 1153 } 1154 1155 if (match_len == 0) { 1156 fb_add_string(response, chars_left, "unknown variable", NULL); 1157 return -1; 1158 } 1159 1160 if (fb_read_var(cmd, response, getvar_table[i].var, chars_left) < 0) 1161 return -1; 1162 1163 return 0; 1164 } 1165 1166 static void fb_getvar_all(void) 1167 { 1168 char response[FASTBOOT_RESPONSE_LEN] = {0}; 1169 char resp_tmp[FASTBOOT_RESPONSE_LEN] = {0}; 1170 char *actual_resp; 1171 size_t chars_left; 1172 int i, p; 1173 disk_partition_t part_info; 1174 struct blk_desc *dev_desc; 1175 1176 strcpy(response, "INFO"); 1177 chars_left = sizeof(response) - strlen(response) - 1; 1178 actual_resp = response + strlen(response); 1179 1180 for (i = 0; i < ARRAY_SIZE(getvar_table); i++) { 1181 fb_getvar_t var = getvar_table[i].var; 1182 1183 switch (var) { 1184 case FB_PART_TYPE: 1185 case FB_PART_SIZE: { 1186 const char *fs_type = NULL; 1187 #ifdef CONFIG_RKIMG_BOOTLOADER 1188 dev_desc = rockchip_get_bootdev(); 1189 #else 1190 dev_desc = NULL; 1191 #endif 1192 if (!dev_desc) { 1193 fb_add_string(actual_resp, chars_left, 1194 "%s:block device not found", 1195 getvar_table[i].name.str); 1196 fastboot_tx_write_str(response); 1197 break; 1198 } 1199 1200 for (p = 1; p <= MAX_SEARCH_PARTITIONS; p++) { 1201 if (part_get_info(dev_desc, p, 1202 &part_info) < 0) { 1203 break; 1204 } 1205 1206 if (var == FB_PART_TYPE) { 1207 fs_type = NULL; 1208 if (fb_get_fstype("mmc", p, 1209 &fs_type)) { 1210 fb_add_string( 1211 resp_tmp, 1212 FASTBOOT_RESPONSE_LEN, 1213 (char *)part_info.type, 1214 NULL); 1215 } else { 1216 fb_add_string( 1217 resp_tmp, 1218 FASTBOOT_RESPONSE_LEN, 1219 fs_type, 1220 NULL); 1221 } 1222 1223 snprintf(actual_resp, 1224 chars_left, 1225 "%s:%s:%s", 1226 getvar_table[i].name.str, 1227 part_info.name, 1228 resp_tmp); 1229 } else { 1230 uint64_t part_size; 1231 1232 part_size = (uint64_t)part_info.size; 1233 snprintf(actual_resp, 1234 chars_left, 1235 "%s:%s:0x%llx", 1236 getvar_table[i].name.str, 1237 part_info.name, 1238 part_size * dev_desc->blksz); 1239 } 1240 fastboot_tx_write_str(response); 1241 } 1242 break; 1243 } 1244 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1245 case FB_HAS_SLOT: { 1246 uchar *ptr_name_tmp; 1247 char c = '_'; 1248 int has_slot = -1; 1249 1250 #ifdef CONFIG_RKIMG_BOOTLOADER 1251 dev_desc = rockchip_get_bootdev(); 1252 #else 1253 dev_desc = NULL; 1254 #endif 1255 if (!dev_desc) { 1256 fb_add_string(actual_resp, chars_left, 1257 "%s:block device not found", 1258 getvar_table[i].name.str); 1259 fastboot_tx_write_str(response); 1260 break; 1261 } 1262 1263 for (p = 1; p <= MAX_SEARCH_PARTITIONS; p++) { 1264 if (part_get_info(dev_desc, p, 1265 &part_info) < 0) { 1266 break; 1267 } else { 1268 ptr_name_tmp = (uchar *)strrchr( 1269 (char *)part_info.name, c); 1270 if (ptr_name_tmp && 1271 part_info.name[ptr_name_tmp - 1272 part_info.name + 2] == '\0') 1273 fb_add_string( 1274 resp_tmp, 1275 ptr_name_tmp - 1276 part_info.name + 1, 1277 (char *)part_info.name, 1278 NULL); 1279 else 1280 strcpy(resp_tmp, 1281 (char *)part_info.name); 1282 1283 has_slot = rk_avb_get_part_has_slot_info( 1284 resp_tmp); 1285 if (has_slot < 0) { 1286 snprintf(actual_resp, 1287 chars_left, 1288 "%s:%s:no", 1289 getvar_table[i].name.str, 1290 resp_tmp); 1291 } else { 1292 snprintf(actual_resp, 1293 chars_left, 1294 "%s:%s:yes", 1295 getvar_table[i].name.str, 1296 resp_tmp); 1297 p++; 1298 } 1299 1300 fastboot_tx_write_str(response); 1301 } 1302 } 1303 break; 1304 } 1305 1306 case FB_SLOT_SUCCESSFUL: { 1307 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1308 AvbABData ab_info; 1309 1310 if (rk_avb_get_ab_info(&ab_info) < 0) { 1311 fb_add_string(actual_resp, 1312 chars_left, 1313 "%s:get ab info failed!", 1314 getvar_table[i].name.str); 1315 fastboot_tx_write_str(response); 1316 break; 1317 } 1318 1319 if (ab_info.slots[0].successful_boot) 1320 fb_add_string(actual_resp, chars_left, 1321 "%s:a:yes", 1322 getvar_table[i].name.str); 1323 else 1324 fb_add_string(actual_resp, chars_left, 1325 "%s:a:no", 1326 getvar_table[i].name.str); 1327 fastboot_tx_write_str(response); 1328 1329 if (ab_info.slots[1].successful_boot) 1330 fb_add_string(actual_resp, chars_left, 1331 "%s:b:yes", 1332 getvar_table[i].name.str); 1333 else 1334 fb_add_string(actual_resp, chars_left, 1335 "%s:b:no", 1336 getvar_table[i].name.str); 1337 fastboot_tx_write_str(response); 1338 #else 1339 fb_add_string(actual_resp, chars_left, 1340 "%s:not find ab info!", 1341 getvar_table[i].name.str); 1342 fastboot_tx_write_str(response); 1343 #endif 1344 break; 1345 } 1346 1347 case FB_SLOT_UNBOOTABLE: { 1348 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1349 AvbABData ab_info; 1350 1351 if (rk_avb_get_ab_info(&ab_info) < 0) { 1352 fb_add_string(actual_resp, chars_left, 1353 "%s:not find ab info!", 1354 getvar_table[i].name.str); 1355 fastboot_tx_write_str(response); 1356 break; 1357 } 1358 1359 if (!ab_info.slots[0].successful_boot && 1360 !ab_info.slots[0].tries_remaining && 1361 !ab_info.slots[0].priority) 1362 fb_add_string(actual_resp, chars_left, 1363 "%s:a:yes", 1364 getvar_table[i].name.str); 1365 else 1366 fb_add_string(actual_resp, chars_left, 1367 "%s:a:no", 1368 getvar_table[i].name.str); 1369 fastboot_tx_write_str(response); 1370 1371 if (!ab_info.slots[1].successful_boot && 1372 !ab_info.slots[1].tries_remaining && 1373 !ab_info.slots[1].priority) 1374 fb_add_string(actual_resp, chars_left, 1375 "%s:b:yes", 1376 getvar_table[i].name.str); 1377 else 1378 fb_add_string(actual_resp, chars_left, 1379 "%s:b:no", 1380 getvar_table[i].name.str); 1381 1382 fastboot_tx_write_str(response); 1383 #else 1384 fb_add_string(actual_resp, chars_left, 1385 "%s:not find ab info!", 1386 getvar_table[i].name.str); 1387 fastboot_tx_write_str(response); 1388 #endif 1389 break; 1390 } 1391 1392 case FB_SLOT_RETRY_COUNT: { 1393 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1394 AvbABData ab_info; 1395 1396 if (rk_avb_get_ab_info(&ab_info) < 0) { 1397 fb_add_string(actual_resp, chars_left, 1398 "%s:not find ab info!", 1399 getvar_table[i].name.str); 1400 fastboot_tx_write_str(response); 1401 break; 1402 } 1403 1404 snprintf(actual_resp, chars_left, "%s:a:%d", 1405 getvar_table[i].name.str, 1406 ab_info.slots[1].tries_remaining); 1407 fastboot_tx_write_str(response); 1408 snprintf(actual_resp, chars_left, "%s:b:%d", 1409 getvar_table[i].name.str, 1410 ab_info.slots[1].tries_remaining); 1411 fastboot_tx_write_str(response); 1412 #else 1413 fb_add_string(actual_resp, chars_left, 1414 "%s:not find ab info!", 1415 getvar_table[i].name.str); 1416 fastboot_tx_write_str(response); 1417 #endif 1418 break; 1419 } 1420 #endif 1421 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1422 case FB_AT_VBST: 1423 break; 1424 #endif 1425 default: 1426 fb_getvar_single((char *)getvar_table[i].name.str, 1427 resp_tmp, FASTBOOT_RESPONSE_LEN); 1428 snprintf(actual_resp, chars_left, "%s:%s", 1429 getvar_table[i].name.str, resp_tmp); 1430 fastboot_tx_write_str(response); 1431 } 1432 } 1433 } 1434 1435 #ifdef CONFIG_ANDROID_AB 1436 static int get_current_slot(void) 1437 { 1438 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1439 char cmd[8] = {0}; 1440 unsigned int slot_number = -1; 1441 1442 memset(cmd, 0x0, sizeof(cmd)); 1443 rk_avb_get_current_slot(cmd); 1444 if (strncmp("_a", cmd, 2) == 0) { 1445 slot_number = 0; 1446 } else if (strncmp("_b", cmd, 2) == 0) { 1447 slot_number = 1; 1448 } else { 1449 pr_err("%s: FAILunkown slot name\n", __func__); 1450 return -1; 1451 } 1452 1453 return slot_number; 1454 #else 1455 pr_err("%s: FAILnot implemented\n", __func__); 1456 return -1; 1457 #endif 1458 } 1459 1460 #ifdef CONFIG_FASTBOOT_FLASH 1461 static int should_prevent_userdata_wipe(void) 1462 { 1463 struct misc_virtual_ab_message state; 1464 1465 memset(&state, 0x0, sizeof(state)); 1466 if (read_misc_virtual_ab_message(&state) != 0) { 1467 pr_err("%s: read_misc_virtual_ab_message failed!\n", __func__); 1468 return 0; 1469 } 1470 1471 if (state.magic != MISC_VIRTUAL_AB_MAGIC_HEADER) { 1472 pr_err("%s: NOT virtual A/B metadata!\n", __func__); 1473 return 0; 1474 } 1475 1476 if (state.merge_status == (uint8_t)ENUM_MERGE_STATUS_MERGING || 1477 (state.merge_status == (uint8_t)ENUM_MERGE_STATUS_SNAPSHOTTED && 1478 state.source_slot != get_current_slot())) { 1479 return 1; 1480 } 1481 1482 return 0; 1483 } 1484 #endif 1485 1486 static int get_virtual_ab_merge_status(void) 1487 { 1488 struct misc_virtual_ab_message state; 1489 1490 memset(&state, 0x0, sizeof(state)); 1491 if (read_misc_virtual_ab_message(&state) != 0) { 1492 pr_err("%s: read_misc_virtual_ab_message failed!\n", __func__); 1493 return -1; 1494 } 1495 1496 if (state.magic != MISC_VIRTUAL_AB_MAGIC_HEADER) { 1497 pr_err("%s: NOT virtual A/B metadata!\n", __func__); 1498 return -1; 1499 } 1500 1501 return state.merge_status; 1502 } 1503 #endif 1504 1505 static void cb_getvar(struct usb_ep *ep, struct usb_request *req) 1506 { 1507 char *cmd = req->buf; 1508 char response[FASTBOOT_RESPONSE_LEN] = {0}; 1509 const char *str_read_all = "all"; 1510 size_t len = 0; 1511 size_t chars_left; 1512 1513 strsep(&cmd, ":"); 1514 if (!cmd) { 1515 pr_err("missing variable"); 1516 fastboot_tx_write_str("FAILmissing var"); 1517 return; 1518 } 1519 1520 len = strlen(cmd); 1521 if (len == strlen(str_read_all) && 1522 (strncmp(cmd, str_read_all, len) == 0)) { 1523 fb_getvar_all(); 1524 fastboot_tx_write_str("OKAYDone!"); 1525 } else { 1526 strcpy(response, "OKAY"); 1527 chars_left = sizeof(response) - strlen(response) - 1; 1528 1529 if (fb_getvar_single(cmd, &response[strlen(response)], 1530 chars_left) < 0) { 1531 strcpy(cmd, "FAILunknown variable"); 1532 strncat(cmd, &response[strlen(response)], chars_left); 1533 fastboot_tx_write_str(cmd); 1534 return; 1535 } 1536 fastboot_tx_write_str(response); 1537 } 1538 1539 return; 1540 } 1541 1542 static unsigned int rx_bytes_expected(struct usb_ep *ep) 1543 { 1544 int rx_remain = download_size - download_bytes; 1545 unsigned int rem; 1546 unsigned int maxpacket = ep->maxpacket; 1547 1548 if (rx_remain <= 0) 1549 return 0; 1550 else if (rx_remain > EP_BUFFER_SIZE) 1551 return EP_BUFFER_SIZE; 1552 1553 /* 1554 * Some controllers e.g. DWC3 don't like OUT transfers to be 1555 * not ending in maxpacket boundary. So just make them happy by 1556 * always requesting for integral multiple of maxpackets. 1557 * This shouldn't bother controllers that don't care about it. 1558 */ 1559 rem = rx_remain % maxpacket; 1560 if (rem > 0) 1561 rx_remain = rx_remain + (maxpacket - rem); 1562 1563 return rx_remain; 1564 } 1565 1566 #define BYTES_PER_DOT 0x20000 1567 static void rx_handler_dl_image(struct usb_ep *ep, struct usb_request *req) 1568 { 1569 char response[FASTBOOT_RESPONSE_LEN]; 1570 unsigned int transfer_size = download_size - download_bytes; 1571 const unsigned char *buffer = req->buf; 1572 unsigned int buffer_size = req->actual; 1573 unsigned int pre_dot_num, now_dot_num; 1574 1575 if (req->status != 0) { 1576 printf("Bad status: %d\n", req->status); 1577 return; 1578 } 1579 1580 if (buffer_size < transfer_size) 1581 transfer_size = buffer_size; 1582 1583 memcpy((void *)CONFIG_FASTBOOT_BUF_ADDR + download_bytes, 1584 buffer, transfer_size); 1585 1586 pre_dot_num = download_bytes / BYTES_PER_DOT; 1587 download_bytes += transfer_size; 1588 now_dot_num = download_bytes / BYTES_PER_DOT; 1589 1590 if (pre_dot_num != now_dot_num) { 1591 putc('.'); 1592 if (!(now_dot_num % 74)) 1593 putc('\n'); 1594 } 1595 1596 /* Check if transfer is done */ 1597 if (download_bytes >= download_size) { 1598 /* 1599 * Reset global transfer variable, keep download_bytes because 1600 * it will be used in the next possible flashing command 1601 */ 1602 download_size = 0; 1603 req->complete = rx_handler_command; 1604 req->length = EP_BUFFER_SIZE; 1605 1606 strcpy(response, "OKAY"); 1607 fastboot_tx_write_str(response); 1608 1609 printf("\ndownloading of %d bytes finished\n", download_bytes); 1610 } else { 1611 req->length = rx_bytes_expected(ep); 1612 } 1613 1614 req->actual = 0; 1615 usb_ep_queue(ep, req, 0); 1616 } 1617 1618 static void cb_download(struct usb_ep *ep, struct usb_request *req) 1619 { 1620 char *cmd = req->buf; 1621 char response[FASTBOOT_RESPONSE_LEN]; 1622 1623 strsep(&cmd, ":"); 1624 download_size = simple_strtoul(cmd, NULL, 16); 1625 download_bytes = 0; 1626 1627 printf("Starting download of %d bytes\n", download_size); 1628 1629 if (0 == download_size) { 1630 strcpy(response, "FAILdata invalid size"); 1631 } else if (download_size > CONFIG_FASTBOOT_BUF_SIZE) { 1632 download_size = 0; 1633 strcpy(response, "FAILdata too large"); 1634 } else { 1635 sprintf(response, "DATA%08x", download_size); 1636 req->complete = rx_handler_dl_image; 1637 req->length = rx_bytes_expected(ep); 1638 } 1639 1640 fastboot_tx_write_str(response); 1641 } 1642 1643 static void tx_handler_ul(struct usb_ep *ep, struct usb_request *req) 1644 { 1645 unsigned int xfer_size = 0; 1646 unsigned int pre_dot_num, now_dot_num; 1647 unsigned int remain_size = 0; 1648 unsigned int transferred_size = req->actual; 1649 1650 if (req->status != 0) { 1651 printf("Bad status: %d\n", req->status); 1652 return; 1653 } 1654 1655 if (start_upload) { 1656 pre_dot_num = upload_bytes / BYTES_PER_DOT; 1657 upload_bytes += transferred_size; 1658 now_dot_num = upload_bytes / BYTES_PER_DOT; 1659 1660 if (pre_dot_num != now_dot_num) { 1661 putc('.'); 1662 if (!(now_dot_num % 74)) 1663 putc('\n'); 1664 } 1665 } 1666 1667 remain_size = upload_size - upload_bytes; 1668 xfer_size = (remain_size > EP_BUFFER_SIZE) ? 1669 EP_BUFFER_SIZE : remain_size; 1670 1671 debug("%s: remain_size=%d, transferred_size=%d", 1672 __func__, remain_size, transferred_size); 1673 debug("xfer_size=%d, upload_bytes=%d, upload_size=%d!\n", 1674 xfer_size, upload_bytes, upload_size); 1675 1676 if (remain_size <= 0) { 1677 fastboot_func->in_req->complete = fastboot_complete; 1678 wakeup_thread(); 1679 fastboot_tx_write_str("OKAY"); 1680 printf("\nuploading of %d bytes finished\n", upload_bytes); 1681 upload_bytes = 0; 1682 upload_size = 0; 1683 start_upload = false; 1684 return; 1685 } 1686 1687 /* Remove the transfer callback which response the upload */ 1688 /* request from host */ 1689 if (!upload_bytes) 1690 start_upload = true; 1691 1692 fastboot_tx_write((char *)((phys_addr_t)CONFIG_FASTBOOT_BUF_ADDR + \ 1693 upload_bytes), 1694 xfer_size); 1695 } 1696 1697 static void cb_upload(struct usb_ep *ep, struct usb_request *req) 1698 { 1699 char response[FASTBOOT_RESPONSE_LEN]; 1700 1701 printf("Starting upload of %d bytes\n", upload_size); 1702 1703 if (0 == upload_size) { 1704 strcpy(response, "FAILdata invalid size"); 1705 } else { 1706 start_upload = false; 1707 sprintf(response, "DATA%08x", upload_size); 1708 fastboot_func->in_req->complete = tx_handler_ul; 1709 } 1710 1711 fastboot_tx_write_str(response); 1712 } 1713 1714 static void do_bootm_on_complete(struct usb_ep *ep, struct usb_request *req) 1715 { 1716 char boot_addr_start[12]; 1717 char *bootm_args[] = { "bootm", boot_addr_start, NULL }; 1718 1719 puts("Booting kernel..\n"); 1720 1721 sprintf(boot_addr_start, "0x%lx", (long)CONFIG_FASTBOOT_BUF_ADDR); 1722 do_bootm(NULL, 0, 2, bootm_args); 1723 1724 /* This only happens if image is somehow faulty so we start over */ 1725 do_reset(NULL, 0, 0, NULL); 1726 } 1727 1728 static void cb_boot(struct usb_ep *ep, struct usb_request *req) 1729 { 1730 fastboot_func->in_req->complete = do_bootm_on_complete; 1731 fastboot_tx_write_str("OKAY"); 1732 } 1733 1734 static void do_exit_on_complete(struct usb_ep *ep, struct usb_request *req) 1735 { 1736 g_dnl_trigger_detach(); 1737 } 1738 1739 static void cb_continue(struct usb_ep *ep, struct usb_request *req) 1740 { 1741 fastboot_func->in_req->complete = do_exit_on_complete; 1742 fastboot_tx_write_str("OKAY"); 1743 } 1744 1745 static void cb_set_active(struct usb_ep *ep, struct usb_request *req) 1746 { 1747 char *cmd = req->buf; 1748 1749 debug("%s: %s\n", __func__, cmd); 1750 1751 strsep(&cmd, ":"); 1752 if (!cmd) { 1753 pr_err("missing slot name"); 1754 fastboot_tx_write_str("FAILmissing slot name"); 1755 return; 1756 } 1757 #ifdef CONFIG_ANDROID_AB 1758 if (get_virtual_ab_merge_status() == ENUM_MERGE_STATUS_MERGING) { 1759 pr_err("virtual A/B is merging, abort the operation"); 1760 fastboot_tx_write_str("FAILvirtual A/B is merging, abort"); 1761 return; 1762 } 1763 #endif 1764 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1765 unsigned int slot_number; 1766 if (strncmp("a", cmd, 1) == 0) { 1767 slot_number = 0; 1768 rk_avb_set_slot_active(&slot_number); 1769 } else if (strncmp("b", cmd, 1) == 0) { 1770 slot_number = 1; 1771 rk_avb_set_slot_active(&slot_number); 1772 } else { 1773 fastboot_tx_write_str("FAILunkown slot name"); 1774 return; 1775 } 1776 1777 fastboot_tx_write_str("OKAY"); 1778 return; 1779 #else 1780 fastboot_tx_write_str("FAILnot implemented"); 1781 return; 1782 #endif 1783 } 1784 1785 #ifdef CONFIG_FASTBOOT_FLASH 1786 static void cb_flash(struct usb_ep *ep, struct usb_request *req) 1787 { 1788 char *cmd = req->buf; 1789 char response[FASTBOOT_RESPONSE_LEN] = {0}; 1790 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1791 uint8_t flash_lock_state; 1792 1793 if (rk_avb_read_flash_lock_state(&flash_lock_state)) { 1794 /* write the device flashing unlock when first read */ 1795 if (rk_avb_write_flash_lock_state(1)) { 1796 fastboot_tx_write_str("FAILflash lock state write failure"); 1797 return; 1798 } 1799 if (rk_avb_read_flash_lock_state(&flash_lock_state)) { 1800 fastboot_tx_write_str("FAILflash lock state read failure"); 1801 return; 1802 } 1803 } 1804 1805 if (flash_lock_state == 0) { 1806 fastboot_tx_write_str("FAILThe device is locked, can not flash!"); 1807 printf("The device is locked, can not flash!\n"); 1808 return; 1809 } 1810 #endif 1811 strsep(&cmd, ":"); 1812 if (!cmd) { 1813 pr_err("missing partition name"); 1814 fastboot_tx_write_str("FAILmissing partition name"); 1815 return; 1816 } 1817 #ifdef CONFIG_ANDROID_AB 1818 if ((strcmp(cmd, PART_USERDATA) == 0) || (strcmp(cmd, PART_METADATA) == 0)) { 1819 if (should_prevent_userdata_wipe()) { 1820 pr_err("FAILThe virtual A/B merging, can not flash userdata or metadata!\n"); 1821 fastboot_tx_write_str("FAILvirtual A/B merging,abort flash!"); 1822 return; 1823 } 1824 } 1825 #endif 1826 fastboot_fail("no flash device defined", response); 1827 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 1828 fb_mmc_flash_write(cmd, (void *)CONFIG_FASTBOOT_BUF_ADDR, 1829 download_bytes, response); 1830 #endif 1831 #ifdef CONFIG_FASTBOOT_FLASH_NAND_DEV 1832 fb_nand_flash_write(cmd, (void *)CONFIG_FASTBOOT_BUF_ADDR, 1833 download_bytes, response); 1834 #endif 1835 fastboot_tx_write_str(response); 1836 } 1837 1838 static void cb_flashing(struct usb_ep *ep, struct usb_request *req) 1839 { 1840 char *cmd = req->buf; 1841 1842 if (strncmp("lock", cmd + 9, 4) == 0) { 1843 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1844 uint8_t flash_lock_state; 1845 flash_lock_state = 0; 1846 if (rk_avb_write_flash_lock_state(flash_lock_state)) 1847 fastboot_tx_write_str("FAILflash lock state" 1848 " write failure"); 1849 else 1850 fastboot_tx_write_str("OKAY"); 1851 #else 1852 fastboot_tx_write_str("FAILnot implemented"); 1853 #endif 1854 } else if (strncmp("unlock", cmd + 9, 6) == 0) { 1855 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1856 uint8_t flash_lock_state; 1857 flash_lock_state = 1; 1858 if (rk_avb_write_flash_lock_state(flash_lock_state)) 1859 fastboot_tx_write_str("FAILflash lock state" 1860 " write failure"); 1861 else 1862 fastboot_tx_write_str("OKAY"); 1863 #else 1864 fastboot_tx_write_str("FAILnot implemented"); 1865 #endif 1866 } else if (strncmp("lock_critical", cmd + 9, 12) == 0) { 1867 fastboot_tx_write_str("FAILnot implemented"); 1868 } else if (strncmp("unlock_critical", cmd + 9, 14) == 0) { 1869 fastboot_tx_write_str("FAILnot implemented"); 1870 } else if (strncmp("get_unlock_ability", cmd + 9, 17) == 0) { 1871 fastboot_tx_write_str("FAILnot implemented"); 1872 } else if (strncmp("get_unlock_bootloader_nonce", cmd + 4, 27) == 0) { 1873 fastboot_tx_write_str("FAILnot implemented"); 1874 } else if (strncmp("unlock_bootloader", cmd + 9, 17) == 0) { 1875 fastboot_tx_write_str("FAILnot implemented"); 1876 } else if (strncmp("lock_bootloader", cmd + 9, 15) == 0) { 1877 fastboot_tx_write_str("FAILnot implemented"); 1878 } else { 1879 fastboot_tx_write_str("FAILunknown flashing command"); 1880 } 1881 } 1882 #endif 1883 1884 static void cb_oem_perm_attr(void) 1885 { 1886 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1887 #ifndef CONFIG_ROCKCHIP_PRELOADER_PUB_KEY 1888 sha256_context ctx; 1889 uint8_t digest[SHA256_SUM_LEN] = {0}; 1890 uint8_t digest_temp[SHA256_SUM_LEN] = {0}; 1891 uint8_t perm_attr_temp[PERM_ATTR_TOTAL_SIZE] = {0}; 1892 uint8_t flag = 0; 1893 #endif 1894 if (PERM_ATTR_TOTAL_SIZE != download_bytes) { 1895 printf("Permanent attribute size is not equal!\n"); 1896 fastboot_tx_write_str("FAILincorrect perm attribute size"); 1897 return; 1898 } 1899 #ifndef CONFIG_ROCKCHIP_PRELOADER_PUB_KEY 1900 if (rk_avb_read_perm_attr_flag(&flag)) { 1901 printf("rk_avb_read_perm_attr_flag error!\n"); 1902 fastboot_tx_write_str("FAILperm attr read failed"); 1903 return; 1904 } 1905 1906 if (flag == PERM_ATTR_SUCCESS_FLAG) { 1907 if (rk_avb_read_attribute_hash(digest_temp, 1908 SHA256_SUM_LEN)) { 1909 printf("The efuse IO can not be used!\n"); 1910 fastboot_tx_write_str("FAILefuse IO can not be used"); 1911 return; 1912 } 1913 1914 if (memcmp(digest, digest_temp, SHA256_SUM_LEN) != 0) { 1915 if (rk_avb_read_permanent_attributes(perm_attr_temp, 1916 PERM_ATTR_TOTAL_SIZE)) { 1917 printf("rk_avb_write_permanent_attributes error!\n"); 1918 fastboot_tx_write_str("FAILread perm attr error"); 1919 return; 1920 } 1921 1922 sha256_starts(&ctx); 1923 sha256_update(&ctx, 1924 (const uint8_t *)perm_attr_temp, 1925 PERM_ATTR_TOTAL_SIZE); 1926 sha256_finish(&ctx, digest); 1927 if (memcmp(digest, digest_temp, SHA256_SUM_LEN) == 0) { 1928 printf("The hash has been written!\n"); 1929 fastboot_tx_write_str("OKAY"); 1930 return; 1931 } 1932 } 1933 1934 if (rk_avb_write_perm_attr_flag(0)) { 1935 fastboot_tx_write_str("FAILperm attr flag write failure"); 1936 return; 1937 } 1938 } 1939 #endif 1940 if (rk_avb_write_permanent_attributes((uint8_t *) 1941 CONFIG_FASTBOOT_BUF_ADDR, 1942 download_bytes)) { 1943 if (rk_avb_write_perm_attr_flag(0)) { 1944 fastboot_tx_write_str("FAILperm attr flag write failure"); 1945 return; 1946 } 1947 fastboot_tx_write_str("FAILperm attr write failed"); 1948 return; 1949 } 1950 #ifndef CONFIG_ROCKCHIP_PRELOADER_PUB_KEY 1951 memset(digest, 0, SHA256_SUM_LEN); 1952 sha256_starts(&ctx); 1953 sha256_update(&ctx, (const uint8_t *)CONFIG_FASTBOOT_BUF_ADDR, 1954 PERM_ATTR_TOTAL_SIZE); 1955 sha256_finish(&ctx, digest); 1956 1957 if (rk_avb_write_attribute_hash((uint8_t *)digest, 1958 SHA256_SUM_LEN)) { 1959 if (rk_avb_read_attribute_hash(digest_temp, 1960 SHA256_SUM_LEN)) { 1961 printf("The efuse IO can not be used!\n"); 1962 fastboot_tx_write_str("FAILefuse IO can not be used"); 1963 return; 1964 } 1965 if (memcmp(digest, digest_temp, SHA256_SUM_LEN) != 0) { 1966 if (rk_avb_write_perm_attr_flag(0)) { 1967 fastboot_tx_write_str("FAILperm attr flag write failure"); 1968 return; 1969 } 1970 printf("The hash has been written, but is different!\n"); 1971 fastboot_tx_write_str("FAILhash comparison failure"); 1972 return; 1973 } 1974 } 1975 #endif 1976 if (rk_avb_write_perm_attr_flag(PERM_ATTR_SUCCESS_FLAG)) { 1977 fastboot_tx_write_str("FAILperm attr flag write failure"); 1978 return; 1979 } 1980 1981 fastboot_tx_write_str("OKAY"); 1982 #else 1983 fastboot_tx_write_str("FAILnot implemented"); 1984 #endif 1985 } 1986 1987 static void cb_oem_perm_attr_rsa_cer(void) 1988 { 1989 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1990 if (download_bytes != 256) { 1991 printf("Permanent attribute rsahash size is not equal!\n"); 1992 fastboot_tx_write_str("FAILperm attribute rsahash size error"); 1993 return; 1994 } 1995 1996 if (rk_avb_set_perm_attr_cer((uint8_t *)CONFIG_FASTBOOT_BUF_ADDR, 1997 download_bytes)) { 1998 fastboot_tx_write_str("FAILSet perm attr cer fail!"); 1999 return; 2000 } 2001 2002 fastboot_tx_write_str("OKAY"); 2003 #else 2004 fastboot_tx_write_str("FAILnot implemented"); 2005 #endif 2006 } 2007 2008 static void cb_oem(struct usb_ep *ep, struct usb_request *req) 2009 { 2010 char *cmd = req->buf; 2011 2012 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 2013 if (strncmp("format", cmd + 4, 6) == 0) { 2014 char cmdbuf[32]; 2015 sprintf(cmdbuf, "gpt write mmc %x $partitions", 2016 CONFIG_FASTBOOT_FLASH_MMC_DEV); 2017 #ifdef CONFIG_ANDROID_AB 2018 if (should_prevent_userdata_wipe()) { 2019 printf("FAILThe virtual A/B merging, can not format!\n"); 2020 fastboot_tx_write_str("FAILvirtual A/B merging,abort format!"); 2021 } else { 2022 if (run_command(cmdbuf, 0)) 2023 fastboot_tx_write_str("FAILmmc write failure"); 2024 else 2025 fastboot_tx_write_str("OKAY"); 2026 } 2027 #else 2028 if (run_command(cmdbuf, 0)) 2029 fastboot_tx_write_str("FAILmmc write failure"); 2030 else 2031 fastboot_tx_write_str("OKAY"); 2032 #endif 2033 } else 2034 #endif 2035 if (strncmp("unlock", cmd + 4, 8) == 0) { 2036 #ifdef CONFIG_FASTBOOT_OEM_UNLOCK 2037 #ifdef CONFIG_RK_AVB_LIBAVB_USER 2038 fastboot_tx_write_str("FAILnot implemented"); 2039 return; 2040 #else 2041 uint8_t unlock = 0; 2042 TEEC_Result result; 2043 debug("oem unlock\n"); 2044 result = trusty_read_oem_unlock(&unlock); 2045 if (result) { 2046 printf("read oem unlock status with error : 0x%x\n", result); 2047 fastboot_tx_write_str("FAILRead oem unlock status failed"); 2048 return; 2049 } 2050 if (unlock) { 2051 printf("oem unlock ignored, device already unlocked\n"); 2052 fastboot_tx_write_str("FAILalready unlocked"); 2053 return; 2054 } 2055 printf("oem unlock requested:\n"); 2056 printf("\tUnlocking forces a factory reset and could\n"); 2057 printf("\topen your device up to a world of hurt. If you\n"); 2058 printf("\tare sure you know what you're doing, then accept\n"); 2059 printf("\tvia 'fastboot oem unlock_accept'.\n"); 2060 env_set("unlock", "unlock"); 2061 fastboot_tx_write_str("OKAY"); 2062 #endif 2063 #else 2064 fastboot_tx_write_str("FAILnot implemented"); 2065 return; 2066 #endif 2067 } else if (strncmp("unlock_accept", cmd + 4, 13) == 0) { 2068 #ifdef CONFIG_FASTBOOT_OEM_UNLOCK 2069 #ifdef CONFIG_RK_AVB_LIBAVB_USER 2070 fastboot_tx_write_str("FAILnot implemented"); 2071 return; 2072 #else 2073 char *unlock = env_get("unlock"); 2074 TEEC_Result result; 2075 debug("oem unlock_accept\n"); 2076 if (unlock == NULL || strncmp("unlock", unlock, 6) != 0) { 2077 printf("oem unlock_accept ignored, not pending\n"); 2078 fastboot_tx_write_str("FAILoem unlock not requested"); 2079 return; 2080 } 2081 env_set("unlock", ""); 2082 printf("Erasing userdata partition\n"); 2083 struct blk_desc *dev_desc; 2084 disk_partition_t part_info; 2085 dev_desc = rockchip_get_bootdev(); 2086 if (!dev_desc) { 2087 printf("%s: dev_desc is NULL!\n", __func__); 2088 return; 2089 } 2090 int ret = part_get_info_by_name(dev_desc, "userdata", 2091 &part_info); 2092 if (ret < 0) { 2093 printf("not found userdata partition"); 2094 printf("Erase failed with error %d\n", ret); 2095 fastboot_tx_write_str("FAILErasing userdata failed"); 2096 return; 2097 } 2098 ret = blk_derase(dev_desc, part_info.start, part_info.size); 2099 if (ret != part_info.size) { 2100 printf("Erase failed with error %d\n", ret); 2101 fastboot_tx_write_str("FAILErasing userdata failed"); 2102 return; 2103 } 2104 printf("Erasing succeeded\n"); 2105 2106 result = trusty_write_oem_unlock(1); 2107 if (result) { 2108 printf("write oem unlock status with error : 0x%x\n", result); 2109 fastboot_tx_write_str("FAILWrite oem unlock status failed"); 2110 return; 2111 } 2112 fastboot_tx_write_str("OKAY"); 2113 2114 /* 2115 * now reboot into recovery to do a format of the 2116 * userdata partition so it's ready to use on next boot 2117 */ 2118 board_run_recovery_wipe_data(); 2119 #endif 2120 #else 2121 fastboot_tx_write_str("FAILnot implemented"); 2122 return; 2123 #endif 2124 } else if (strncmp("lock", cmd + 4, 8) == 0) { 2125 #ifdef CONFIG_FASTBOOT_OEM_UNLOCK 2126 #ifdef CONFIG_RK_AVB_LIBAVB_USER 2127 fastboot_tx_write_str("FAILnot implemented"); 2128 return; 2129 #else 2130 TEEC_Result result; 2131 uint8_t unlock = 0; 2132 trusty_read_oem_unlock(&unlock); 2133 if (!unlock) { 2134 printf("oem lock ignored, already locked\n"); 2135 fastboot_tx_write_str("FAILalready locked"); 2136 return; 2137 } 2138 2139 result = trusty_write_oem_unlock(0); 2140 if (result) { 2141 printf("write oem unlock status with error : 0x%x\n", result); 2142 fastboot_tx_write_str("FAILWrite oem unlock status failed"); 2143 return; 2144 } 2145 fastboot_tx_write_str("OKAY"); 2146 #endif 2147 #else 2148 fastboot_tx_write_str("FAILnot implemented"); 2149 return; 2150 #endif 2151 } else if (strncmp("at-get-ca-request", cmd + 4, 17) == 0) { 2152 #ifdef CONFIG_OPTEE_CLIENT 2153 uint8_t out[ATTEST_CA_OUT_SIZE]; 2154 uint32_t operation_size = download_bytes; 2155 uint32_t out_len = ATTEST_CA_OUT_SIZE; 2156 uint32_t res = 0; 2157 2158 res = trusty_attest_get_ca((uint8_t *)CONFIG_FASTBOOT_BUF_ADDR, 2159 &operation_size, out, &out_len); 2160 if (res) { 2161 fastboot_tx_write_str("FAILtrusty_attest_get_ca failed"); 2162 return; 2163 } 2164 upload_size = out_len; 2165 memcpy((void *)CONFIG_FASTBOOT_BUF_ADDR, out, out_len); 2166 fastboot_tx_write_str("OKAY"); 2167 #else 2168 fastboot_tx_write_str("FAILnot implemented"); 2169 return; 2170 #endif 2171 } else if (strncmp("at-set-ca-response", cmd + 4, 18) == 0) { 2172 #ifdef CONFIG_OPTEE_CLIENT 2173 uint32_t ca_response_size = download_bytes; 2174 uint32_t res = 0; 2175 2176 res = trusty_attest_set_ca((uint8_t *)CONFIG_FASTBOOT_BUF_ADDR, 2177 &ca_response_size); 2178 if (res) 2179 fastboot_tx_write_str("FAILtrusty_attest_set_ca failed"); 2180 else 2181 fastboot_tx_write_str("OKAY"); 2182 #else 2183 fastboot_tx_write_str("FAILnot implemented"); 2184 return; 2185 #endif 2186 } else if (strncmp("at-get-vboot-unlock-challenge", cmd + 4, 29) == 0) { 2187 #ifdef CONFIG_RK_AVB_LIBAVB_USER 2188 uint32_t challenge_len = 0; 2189 int ret = 0; 2190 2191 ret = rk_generate_unlock_challenge((void *)CONFIG_FASTBOOT_BUF_ADDR, &challenge_len); 2192 if (ret == 0) { 2193 upload_size = challenge_len; 2194 fastboot_tx_write_str("OKAY"); 2195 } else { 2196 fastboot_tx_write_str("FAILgenerate unlock challenge fail!"); 2197 } 2198 #else 2199 fastboot_tx_write_str("FAILnot implemented"); 2200 return; 2201 #endif 2202 } else if (strncmp("at-lock-vboot", cmd + 4, 13) == 0) { 2203 #ifdef CONFIG_RK_AVB_LIBAVB_USER 2204 uint8_t lock_state; 2205 lock_state = 0; 2206 if (rk_avb_write_lock_state(lock_state)) 2207 fastboot_tx_write_str("FAILwrite lock state failed"); 2208 else 2209 fastboot_tx_write_str("OKAY"); 2210 #else 2211 fastboot_tx_write_str("FAILnot implemented"); 2212 #endif 2213 } else if (strncmp("at-unlock-vboot", cmd + 4, 15) == 0) { 2214 #ifdef CONFIG_RK_AVB_LIBAVB_USER 2215 uint8_t lock_state; 2216 char out_is_trusted = true; 2217 2218 if (rk_avb_read_lock_state(&lock_state)) 2219 fastboot_tx_write_str("FAILlock sate read failure"); 2220 if (lock_state >> 1 == 1) { 2221 fastboot_tx_write_str("FAILThe vboot is disable!"); 2222 } else { 2223 lock_state = 1; 2224 #ifdef CONFIG_RK_AVB_LIBAVB_ENABLE_ATH_UNLOCK 2225 if (rk_auth_unlock((void *)CONFIG_FASTBOOT_BUF_ADDR, 2226 &out_is_trusted)) { 2227 printf("rk_auth_unlock ops error!\n"); 2228 fastboot_tx_write_str("FAILrk_auth_unlock ops error!"); 2229 return; 2230 } 2231 #endif 2232 if (out_is_trusted == true) { 2233 if (rk_avb_write_lock_state(lock_state)) 2234 fastboot_tx_write_str("FAILwrite lock state failed"); 2235 else 2236 fastboot_tx_write_str("OKAY"); 2237 } else { 2238 fastboot_tx_write_str("FAILauthenticated unlock fail"); 2239 } 2240 } 2241 #else 2242 fastboot_tx_write_str("FAILnot implemented"); 2243 #endif 2244 } else if (strncmp("fuse at-perm-attr", cmd + 4, 16) == 0) { 2245 cb_oem_perm_attr(); 2246 } else if (strncmp("fuse at-rsa-perm-attr", cmd + 4, 25) == 0) { 2247 cb_oem_perm_attr_rsa_cer(); 2248 } else if (strncmp("fuse at-bootloader-vboot-key", cmd + 4, 27) == 0) { 2249 #ifdef CONFIG_RK_AVB_LIBAVB_USER 2250 sha256_context ctx; 2251 uint8_t digest[SHA256_SUM_LEN]; 2252 2253 if (download_bytes != VBOOT_KEY_HASH_SIZE) { 2254 fastboot_tx_write_str("FAILinvalid vboot key length"); 2255 printf("The vboot key size error!\n"); 2256 return; 2257 } 2258 2259 sha256_starts(&ctx); 2260 sha256_update(&ctx, (const uint8_t *)CONFIG_FASTBOOT_BUF_ADDR, 2261 VBOOT_KEY_SIZE); 2262 sha256_finish(&ctx, digest); 2263 2264 if (rk_avb_write_vbootkey_hash((uint8_t *)digest, 2265 SHA256_SUM_LEN)) { 2266 fastboot_tx_write_str("FAILvbootkey hash write failure"); 2267 return; 2268 } 2269 fastboot_tx_write_str("OKAY"); 2270 #else 2271 fastboot_tx_write_str("FAILnot implemented"); 2272 #endif 2273 } else if (strncmp("init-ab-metadata", cmd + 4, 16) == 0) { 2274 #ifdef CONFIG_RK_AVB_LIBAVB_USER 2275 if (rk_avb_init_ab_metadata()) { 2276 fastboot_tx_write_str("FAILinit ab data fail!"); 2277 return; 2278 } 2279 fastboot_tx_write_str("OKAY"); 2280 #else 2281 fastboot_tx_write_str("FAILnot implemented"); 2282 #endif 2283 } else { 2284 fastboot_tx_write_str("FAILunknown oem command"); 2285 } 2286 } 2287 2288 #ifdef CONFIG_FASTBOOT_FLASH 2289 static void cb_erase(struct usb_ep *ep, struct usb_request *req) 2290 { 2291 char *cmd = req->buf; 2292 char response[FASTBOOT_RESPONSE_LEN] = {0}; 2293 2294 strsep(&cmd, ":"); 2295 if (!cmd) { 2296 pr_err("missing partition name"); 2297 fastboot_tx_write_str("FAILmissing partition name"); 2298 return; 2299 } 2300 #ifdef CONFIG_ANDROID_AB 2301 if ((strcmp(cmd, PART_USERDATA) == 0) || (strcmp(cmd, PART_METADATA) == 0)) { 2302 if (should_prevent_userdata_wipe()) { 2303 pr_err("virtual A/B merging, can not erase userdata or metadata!\n"); 2304 fastboot_tx_write_str("FAILvirtual A/B merging,abort erase!"); 2305 return; 2306 } 2307 } 2308 #endif 2309 fastboot_fail("no flash device defined", response); 2310 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 2311 fb_mmc_erase(cmd, response); 2312 #endif 2313 #ifdef CONFIG_FASTBOOT_FLASH_NAND_DEV 2314 fb_nand_erase(cmd, response); 2315 #endif 2316 fastboot_tx_write_str(response); 2317 } 2318 #endif 2319 2320 struct cmd_dispatch_info { 2321 char *cmd; 2322 void (*cb)(struct usb_ep *ep, struct usb_request *req); 2323 }; 2324 2325 static const struct cmd_dispatch_info cmd_dispatch_info[] = { 2326 { 2327 .cmd = "reboot", 2328 .cb = cb_reboot, 2329 }, { 2330 .cmd = "getvar:", 2331 .cb = cb_getvar, 2332 }, { 2333 .cmd = "download:", 2334 .cb = cb_download, 2335 }, { 2336 .cmd = "upload", 2337 .cb = cb_upload, 2338 }, { 2339 .cmd = "boot", 2340 .cb = cb_boot, 2341 }, { 2342 .cmd = "continue", 2343 .cb = cb_continue, 2344 }, { 2345 .cmd = "set_active", 2346 .cb = cb_set_active, 2347 }, 2348 #ifdef CONFIG_FASTBOOT_FLASH 2349 { 2350 .cmd = "flashing", 2351 .cb = cb_flashing, 2352 }, 2353 { 2354 .cmd = "flash", 2355 .cb = cb_flash, 2356 }, { 2357 .cmd = "erase", 2358 .cb = cb_erase, 2359 }, 2360 #endif 2361 { 2362 .cmd = "oem", 2363 .cb = cb_oem, 2364 }, 2365 }; 2366 2367 static void rx_handler_command(struct usb_ep *ep, struct usb_request *req) 2368 { 2369 char *cmdbuf = req->buf; 2370 void (*func_cb)(struct usb_ep *ep, struct usb_request *req) = NULL; 2371 int i; 2372 2373 if (req->status != 0 || req->length == 0) 2374 return; 2375 2376 for (i = 0; i < ARRAY_SIZE(cmd_dispatch_info); i++) { 2377 if (!strcmp_l1(cmd_dispatch_info[i].cmd, cmdbuf)) { 2378 func_cb = cmd_dispatch_info[i].cb; 2379 break; 2380 } 2381 } 2382 2383 if (!func_cb) { 2384 pr_err("unknown command: %.*s", req->actual, cmdbuf); 2385 fastboot_tx_write_str("FAILunknown command"); 2386 } else { 2387 if (req->actual < req->length) { 2388 u8 *buf = (u8 *)req->buf; 2389 buf[req->actual] = 0; 2390 func_cb(ep, req); 2391 } else { 2392 pr_err("buffer overflow"); 2393 fastboot_tx_write_str("FAILbuffer overflow"); 2394 } 2395 } 2396 2397 *cmdbuf = '\0'; 2398 req->actual = 0; 2399 usb_ep_queue(ep, req, 0); 2400 } 2401