1 /* 2 * (C) Copyright 2008 - 2009 3 * Windriver, <www.windriver.com> 4 * Tom Rix <Tom.Rix@windriver.com> 5 * 6 * Copyright 2011 Sebastian Andrzej Siewior <bigeasy@linutronix.de> 7 * 8 * Copyright 2014 Linaro, Ltd. 9 * Rob Herring <robh@kernel.org> 10 * 11 * SPDX-License-Identifier: GPL-2.0+ 12 */ 13 #include <config.h> 14 #include <common.h> 15 #include <console.h> 16 #include <errno.h> 17 #include <fastboot.h> 18 #include <malloc.h> 19 #include <linux/usb/ch9.h> 20 #include <linux/usb/gadget.h> 21 #include <linux/usb/composite.h> 22 #include <linux/compiler.h> 23 #include <u-boot/sha256.h> 24 #include <version.h> 25 #include <g_dnl.h> 26 #include <fs.h> 27 #include <android_avb/avb_ops_user.h> 28 #include <android_avb/rk_avb_ops_user.h> 29 #include <dm/uclass.h> 30 #include <power/fuel_gauge.h> 31 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 32 #include <fb_mmc.h> 33 #endif 34 #ifdef CONFIG_FASTBOOT_FLASH_NAND_DEV 35 #include <fb_nand.h> 36 #endif 37 #ifdef CONFIG_OPTEE_CLIENT 38 #include <optee_include/OpteeClientInterface.h> 39 #endif 40 #include <boot_rkimg.h> 41 #include <optee_include/tee_client_api.h> 42 43 #define FASTBOOT_VERSION "0.4" 44 45 #define FASTBOOT_INTERFACE_CLASS 0xff 46 #define FASTBOOT_INTERFACE_SUB_CLASS 0x42 47 #define FASTBOOT_INTERFACE_PROTOCOL 0x03 48 49 #define RX_ENDPOINT_MAXIMUM_PACKET_SIZE_2_0 (0x0200) 50 #define RX_ENDPOINT_MAXIMUM_PACKET_SIZE_1_1 (0x0040) 51 #define TX_ENDPOINT_MAXIMUM_PACKET_SIZE (0x0040) 52 53 #define EP_BUFFER_SIZE 4096 54 #define SLEEP_COUNT 20000 55 /* 56 * EP_BUFFER_SIZE must always be an integral multiple of maxpacket size 57 * (64 or 512 or 1024), else we break on certain controllers like DWC3 58 * that expect bulk OUT requests to be divisible by maxpacket size. 59 */ 60 61 struct f_fastboot { 62 struct usb_function usb_function; 63 64 /* IN/OUT EP's and corresponding requests */ 65 struct usb_ep *in_ep, *out_ep; 66 struct usb_request *in_req, *out_req; 67 }; 68 69 static inline struct f_fastboot *func_to_fastboot(struct usb_function *f) 70 { 71 return container_of(f, struct f_fastboot, usb_function); 72 } 73 74 static struct f_fastboot *fastboot_func; 75 static unsigned int download_size; 76 static unsigned int download_bytes; 77 static unsigned int upload_size; 78 static unsigned int upload_bytes; 79 static bool start_upload; 80 static unsigned intthread_wakeup_needed; 81 82 static struct usb_endpoint_descriptor fs_ep_in = { 83 .bLength = USB_DT_ENDPOINT_SIZE, 84 .bDescriptorType = USB_DT_ENDPOINT, 85 .bEndpointAddress = USB_DIR_IN, 86 .bmAttributes = USB_ENDPOINT_XFER_BULK, 87 .wMaxPacketSize = cpu_to_le16(64), 88 }; 89 90 static struct usb_endpoint_descriptor fs_ep_out = { 91 .bLength = USB_DT_ENDPOINT_SIZE, 92 .bDescriptorType = USB_DT_ENDPOINT, 93 .bEndpointAddress = USB_DIR_OUT, 94 .bmAttributes = USB_ENDPOINT_XFER_BULK, 95 .wMaxPacketSize = cpu_to_le16(64), 96 }; 97 98 static struct usb_endpoint_descriptor hs_ep_in = { 99 .bLength = USB_DT_ENDPOINT_SIZE, 100 .bDescriptorType = USB_DT_ENDPOINT, 101 .bEndpointAddress = USB_DIR_IN, 102 .bmAttributes = USB_ENDPOINT_XFER_BULK, 103 .wMaxPacketSize = cpu_to_le16(512), 104 }; 105 106 static struct usb_endpoint_descriptor hs_ep_out = { 107 .bLength = USB_DT_ENDPOINT_SIZE, 108 .bDescriptorType = USB_DT_ENDPOINT, 109 .bEndpointAddress = USB_DIR_OUT, 110 .bmAttributes = USB_ENDPOINT_XFER_BULK, 111 .wMaxPacketSize = cpu_to_le16(512), 112 }; 113 114 static struct usb_interface_descriptor interface_desc = { 115 .bLength = USB_DT_INTERFACE_SIZE, 116 .bDescriptorType = USB_DT_INTERFACE, 117 .bInterfaceNumber = 0x00, 118 .bAlternateSetting = 0x00, 119 .bNumEndpoints = 0x02, 120 .bInterfaceClass = FASTBOOT_INTERFACE_CLASS, 121 .bInterfaceSubClass = FASTBOOT_INTERFACE_SUB_CLASS, 122 .bInterfaceProtocol = FASTBOOT_INTERFACE_PROTOCOL, 123 }; 124 125 static struct usb_descriptor_header *fb_fs_function[] = { 126 (struct usb_descriptor_header *)&interface_desc, 127 (struct usb_descriptor_header *)&fs_ep_in, 128 (struct usb_descriptor_header *)&fs_ep_out, 129 }; 130 131 static struct usb_descriptor_header *fb_hs_function[] = { 132 (struct usb_descriptor_header *)&interface_desc, 133 (struct usb_descriptor_header *)&hs_ep_in, 134 (struct usb_descriptor_header *)&hs_ep_out, 135 NULL, 136 }; 137 138 static struct usb_endpoint_descriptor * 139 fb_ep_desc(struct usb_gadget *g, struct usb_endpoint_descriptor *fs, 140 struct usb_endpoint_descriptor *hs) 141 { 142 if (gadget_is_dualspeed(g) && g->speed == USB_SPEED_HIGH) 143 return hs; 144 return fs; 145 } 146 147 /* 148 * static strings, in UTF-8 149 */ 150 static const char fastboot_name[] = "Android Fastboot"; 151 152 static struct usb_string fastboot_string_defs[] = { 153 [0].s = fastboot_name, 154 { } /* end of list */ 155 }; 156 157 static struct usb_gadget_strings stringtab_fastboot = { 158 .language = 0x0409, /* en-us */ 159 .strings = fastboot_string_defs, 160 }; 161 162 static struct usb_gadget_strings *fastboot_strings[] = { 163 &stringtab_fastboot, 164 NULL, 165 }; 166 167 static void rx_handler_command(struct usb_ep *ep, struct usb_request *req); 168 static int strcmp_l1(const char *s1, const char *s2); 169 static void wakeup_thread(void) 170 { 171 intthread_wakeup_needed = false; 172 } 173 174 static void busy_indicator(void) 175 { 176 static int state; 177 178 switch (state) { 179 case 0: 180 puts("\r|"); break; 181 case 1: 182 puts("\r/"); break; 183 case 2: 184 puts("\r-"); break; 185 case 3: 186 puts("\r\\"); break; 187 case 4: 188 puts("\r|"); break; 189 case 5: 190 puts("\r/"); break; 191 case 6: 192 puts("\r-"); break; 193 case 7: 194 puts("\r\\"); break; 195 default: 196 state = 0; 197 } 198 if (state++ == 8) 199 state = 0; 200 } 201 202 static int sleep_thread(void) 203 { 204 int rc = 0; 205 int i = 0, k = 0; 206 207 /* Wait until a signal arrives or we are woken up */ 208 for (;;) { 209 if (!intthread_wakeup_needed) 210 break; 211 212 if (++i == SLEEP_COUNT) { 213 busy_indicator(); 214 i = 0; 215 k++; 216 } 217 218 if (k == 10) { 219 /* Handle CTRL+C */ 220 if (ctrlc()) 221 return -EPIPE; 222 223 /* Check cable connection */ 224 if (!g_dnl_board_usb_cable_connected()) 225 return -EIO; 226 227 k = 0; 228 } 229 230 usb_gadget_handle_interrupts(0); 231 } 232 intthread_wakeup_needed = true; 233 return rc; 234 } 235 236 static void fastboot_complete(struct usb_ep *ep, struct usb_request *req) 237 { 238 int status = req->status; 239 240 wakeup_thread(); 241 if (!status) 242 return; 243 printf("status: %d ep '%s' trans: %d\n", status, ep->name, req->actual); 244 } 245 246 static int fastboot_bind(struct usb_configuration *c, struct usb_function *f) 247 { 248 int id; 249 struct usb_gadget *gadget = c->cdev->gadget; 250 struct f_fastboot *f_fb = func_to_fastboot(f); 251 const char *s; 252 253 /* DYNAMIC interface numbers assignments */ 254 id = usb_interface_id(c, f); 255 if (id < 0) 256 return id; 257 interface_desc.bInterfaceNumber = id; 258 259 id = usb_string_id(c->cdev); 260 if (id < 0) 261 return id; 262 fastboot_string_defs[0].id = id; 263 interface_desc.iInterface = id; 264 265 f_fb->in_ep = usb_ep_autoconfig(gadget, &fs_ep_in); 266 if (!f_fb->in_ep) 267 return -ENODEV; 268 f_fb->in_ep->driver_data = c->cdev; 269 270 f_fb->out_ep = usb_ep_autoconfig(gadget, &fs_ep_out); 271 if (!f_fb->out_ep) 272 return -ENODEV; 273 f_fb->out_ep->driver_data = c->cdev; 274 275 f->descriptors = fb_fs_function; 276 277 if (gadget_is_dualspeed(gadget)) { 278 /* Assume endpoint addresses are the same for both speeds */ 279 hs_ep_in.bEndpointAddress = fs_ep_in.bEndpointAddress; 280 hs_ep_out.bEndpointAddress = fs_ep_out.bEndpointAddress; 281 /* copy HS descriptors */ 282 f->hs_descriptors = fb_hs_function; 283 } 284 285 s = env_get("serial#"); 286 if (s) 287 g_dnl_set_serialnumber((char *)s); 288 289 return 0; 290 } 291 292 static void fastboot_unbind(struct usb_configuration *c, struct usb_function *f) 293 { 294 memset(fastboot_func, 0, sizeof(*fastboot_func)); 295 } 296 297 static void fastboot_disable(struct usb_function *f) 298 { 299 struct f_fastboot *f_fb = func_to_fastboot(f); 300 301 usb_ep_disable(f_fb->out_ep); 302 usb_ep_disable(f_fb->in_ep); 303 304 if (f_fb->out_req) { 305 free(f_fb->out_req->buf); 306 usb_ep_free_request(f_fb->out_ep, f_fb->out_req); 307 f_fb->out_req = NULL; 308 } 309 if (f_fb->in_req) { 310 free(f_fb->in_req->buf); 311 usb_ep_free_request(f_fb->in_ep, f_fb->in_req); 312 f_fb->in_req = NULL; 313 } 314 } 315 316 static struct usb_request *fastboot_start_ep(struct usb_ep *ep) 317 { 318 struct usb_request *req; 319 320 req = usb_ep_alloc_request(ep, 0); 321 if (!req) 322 return NULL; 323 324 req->length = EP_BUFFER_SIZE; 325 req->buf = memalign(CONFIG_SYS_CACHELINE_SIZE, EP_BUFFER_SIZE); 326 if (!req->buf) { 327 usb_ep_free_request(ep, req); 328 return NULL; 329 } 330 331 memset(req->buf, 0, req->length); 332 return req; 333 } 334 335 static int fastboot_set_alt(struct usb_function *f, 336 unsigned interface, unsigned alt) 337 { 338 int ret; 339 struct usb_composite_dev *cdev = f->config->cdev; 340 struct usb_gadget *gadget = cdev->gadget; 341 struct f_fastboot *f_fb = func_to_fastboot(f); 342 const struct usb_endpoint_descriptor *d; 343 344 debug("%s: func: %s intf: %d alt: %d\n", 345 __func__, f->name, interface, alt); 346 347 d = fb_ep_desc(gadget, &fs_ep_out, &hs_ep_out); 348 ret = usb_ep_enable(f_fb->out_ep, d); 349 if (ret) { 350 puts("failed to enable out ep\n"); 351 return ret; 352 } 353 354 f_fb->out_req = fastboot_start_ep(f_fb->out_ep); 355 if (!f_fb->out_req) { 356 puts("failed to alloc out req\n"); 357 ret = -EINVAL; 358 goto err; 359 } 360 f_fb->out_req->complete = rx_handler_command; 361 362 d = fb_ep_desc(gadget, &fs_ep_in, &hs_ep_in); 363 ret = usb_ep_enable(f_fb->in_ep, d); 364 if (ret) { 365 puts("failed to enable in ep\n"); 366 goto err; 367 } 368 369 f_fb->in_req = fastboot_start_ep(f_fb->in_ep); 370 if (!f_fb->in_req) { 371 puts("failed alloc req in\n"); 372 ret = -EINVAL; 373 goto err; 374 } 375 f_fb->in_req->complete = fastboot_complete; 376 377 ret = usb_ep_queue(f_fb->out_ep, f_fb->out_req, 0); 378 if (ret) 379 goto err; 380 381 return 0; 382 err: 383 fastboot_disable(f); 384 return ret; 385 } 386 387 static int fastboot_add(struct usb_configuration *c) 388 { 389 struct f_fastboot *f_fb = fastboot_func; 390 int status; 391 392 debug("%s: cdev: 0x%p\n", __func__, c->cdev); 393 394 if (!f_fb) { 395 f_fb = memalign(CONFIG_SYS_CACHELINE_SIZE, sizeof(*f_fb)); 396 if (!f_fb) 397 return -ENOMEM; 398 399 fastboot_func = f_fb; 400 memset(f_fb, 0, sizeof(*f_fb)); 401 } 402 403 f_fb->usb_function.name = "f_fastboot"; 404 f_fb->usb_function.bind = fastboot_bind; 405 f_fb->usb_function.unbind = fastboot_unbind; 406 f_fb->usb_function.set_alt = fastboot_set_alt; 407 f_fb->usb_function.disable = fastboot_disable; 408 f_fb->usb_function.strings = fastboot_strings; 409 410 status = usb_add_function(c, &f_fb->usb_function); 411 if (status) { 412 free(f_fb); 413 fastboot_func = f_fb; 414 } 415 416 return status; 417 } 418 DECLARE_GADGET_BIND_CALLBACK(usb_dnl_fastboot, fastboot_add); 419 420 static int fastboot_tx_write(const char *buffer, unsigned int buffer_size) 421 { 422 struct usb_request *in_req = fastboot_func->in_req; 423 int ret; 424 425 memcpy(in_req->buf, buffer, buffer_size); 426 in_req->length = buffer_size; 427 428 usb_ep_dequeue(fastboot_func->in_ep, in_req); 429 430 ret = usb_ep_queue(fastboot_func->in_ep, in_req, 0); 431 if (ret) 432 printf("Error %d on queue\n", ret); 433 return 0; 434 } 435 436 static int fastboot_tx_write_str(const char *buffer) 437 { 438 int ret; 439 440 ret = sleep_thread(); 441 if (ret < 0) 442 printf("warning: 0x%x, usb transmission is abnormal!\n", ret); 443 444 return fastboot_tx_write(buffer, strlen(buffer)); 445 } 446 447 static void compl_do_reset(struct usb_ep *ep, struct usb_request *req) 448 { 449 do_reset(NULL, 0, 0, NULL); 450 } 451 452 int __weak fb_set_reboot_flag(void) 453 { 454 return -ENOSYS; 455 } 456 457 static void cb_reboot(struct usb_ep *ep, struct usb_request *req) 458 { 459 char *cmd = req->buf; 460 if (!strcmp_l1("reboot-bootloader", cmd)) { 461 if (fb_set_reboot_flag()) { 462 fastboot_tx_write_str("FAILCannot set reboot flag"); 463 return; 464 } 465 } 466 fastboot_func->in_req->complete = compl_do_reset; 467 fastboot_tx_write_str("OKAY"); 468 } 469 470 static int strcmp_l1(const char *s1, const char *s2) 471 { 472 if (!s1 || !s2) 473 return -1; 474 return strncmp(s1, s2, strlen(s1)); 475 } 476 477 static void cb_getvar(struct usb_ep *ep, struct usb_request *req) 478 { 479 char *cmd = req->buf; 480 char response[FASTBOOT_RESPONSE_LEN]; 481 const char *s; 482 size_t chars_left; 483 484 strcpy(response, "OKAY"); 485 chars_left = sizeof(response) - strlen(response) - 1; 486 487 strsep(&cmd, ":"); 488 if (!cmd) { 489 pr_err("missing variable"); 490 fastboot_tx_write_str("FAILmissing var"); 491 return; 492 } 493 494 if (!strcmp_l1("version", cmd)) { 495 strncat(response, FASTBOOT_VERSION, chars_left); 496 } else if (!strcmp_l1("bootloader-version", cmd)) { 497 strncat(response, U_BOOT_VERSION, chars_left); 498 } else if (!strcmp_l1("product", cmd)) { 499 strncat(response, CONFIG_SYS_BOARD, chars_left); 500 } else if (!strcmp_l1("variant", cmd)) { 501 strncat(response, "userdebug", chars_left); 502 } else if (!strcmp_l1("secure", cmd)) { 503 strncat(response, "no", chars_left); 504 } else if (!strcmp_l1("unlocked", cmd)) { 505 strncat(response, "yes", chars_left); 506 } else if (!strcmp_l1("off-mode-charge", cmd)) { 507 strncat(response, "0", chars_left); 508 } else if (!strcmp_l1("battery-voltage", cmd)) { 509 strncat(response, "7.4", chars_left); 510 } else if (!strcmp_l1("battery-soc-ok", cmd)) { 511 strncat(response, "yes", chars_left); 512 } else if (!strcmp_l1("downloadsize", cmd) || 513 !strcmp_l1("max-download-size", cmd)) { 514 char str_num[12]; 515 516 sprintf(str_num, "0x%08x", CONFIG_FASTBOOT_BUF_SIZE); 517 strncat(response, str_num, chars_left); 518 } else if (!strcmp_l1("serialno", cmd)) { 519 s = env_get("serial#"); 520 if (s) 521 strncat(response, s, chars_left); 522 else 523 strcpy(response, "FAILValue not set"); 524 } else if (strncmp("at-attest-dh", cmd, 12) == 0) { 525 #ifdef CONFIG_OPTEE_CLIENT 526 char dhbuf[8]; 527 uint32_t dh_len = 8; 528 uint32_t res = trusty_attest_dh((uint8_t *)dhbuf, &dh_len); 529 if (res) 530 strcpy(response, "FAILdh not set"); 531 else 532 strncat(response, dhbuf, chars_left); 533 #else 534 fastboot_tx_write_str("FAILnot implemented"); 535 return; 536 #endif 537 } else if (strncmp("at-attest-uuid", cmd, 14) == 0) { 538 #ifdef CONFIG_OPTEE_CLIENT 539 char uuid[32] = {0}; 540 uint32_t uuid_len = 32; 541 uint32_t res = trusty_attest_uuid((uint8_t *)uuid, &uuid_len); 542 if (res) 543 strcpy(response, "FAILuuid not set"); 544 else 545 strncat(response, uuid, chars_left); 546 #else 547 fastboot_tx_write_str("FAILnot implemented"); 548 return; 549 #endif 550 } else if (strncmp("at-vboot-state", cmd, 14) == 0) { 551 char uuid[32] = {0}; 552 553 strncat(response, uuid, chars_left); 554 } else if (!strcmp_l1("slot-count", cmd)) { 555 #ifdef CONFIG_RK_AVB_LIBAVB_USER 556 char slot_count[2]; 557 char temp; 558 559 slot_count[1] = '\0'; 560 rk_avb_read_slot_count(&temp); 561 slot_count[0] = temp + 0x30; 562 strncat(response, slot_count, chars_left); 563 #else 564 fastboot_tx_write_str("FAILnot implemented"); 565 return; 566 #endif 567 } else if (!strcmp_l1("current-slot", cmd)) { 568 #ifdef CONFIG_RK_AVB_LIBAVB_USER 569 char slot_surrent[8] = {0}; 570 571 if (!rk_avb_get_current_slot(slot_surrent)) 572 strncat(response, slot_surrent+1, chars_left); 573 else 574 strcpy(response, "FAILgeterror"); 575 #else 576 fastboot_tx_write_str("FAILnot implemented"); 577 return; 578 #endif 579 } else if (!strcmp_l1("slot-suffixes", cmd)) { 580 #ifdef CONFIG_RK_AVB_LIBAVB_USER 581 char slot_suffixes_temp[4]; 582 char slot_suffixes[9]; 583 int slot_cnt = 0; 584 585 memset(slot_suffixes_temp, 0, 4); 586 memset(slot_suffixes, 0, 9); 587 rk_avb_read_slot_suffixes(slot_suffixes_temp); 588 while (slot_suffixes_temp[slot_cnt] != '\0') { 589 slot_suffixes[slot_cnt * 2] 590 = slot_suffixes_temp[slot_cnt]; 591 slot_suffixes[slot_cnt * 2 + 1] = ','; 592 slot_cnt++; 593 } 594 strncat(response, slot_suffixes, chars_left); 595 #else 596 fastboot_tx_write_str("FAILnot implemented"); 597 return; 598 #endif 599 } else if (!strncmp("has-slot", cmd, 8)) { 600 #ifdef CONFIG_RK_AVB_LIBAVB_USER 601 char *part_name = cmd; 602 603 cmd = strsep(&part_name, ":"); 604 if (!strcmp(part_name, "boot") || 605 !strcmp(part_name, "system") || 606 !strcmp(part_name, "vendor") || 607 !strcmp(part_name, "vbmeta") || 608 !strcmp(part_name, "oem")) { 609 strncat(response, "yes", chars_left); 610 } else { 611 strcpy(response, "FAILno"); 612 } 613 #else 614 fastboot_tx_write_str("FAILnot implemented"); 615 return; 616 #endif 617 } else if (!strncmp("slot-unbootable", cmd, 15)) { 618 #ifdef CONFIG_RK_AVB_LIBAVB_USER 619 char *slot_name = cmd; 620 621 cmd = strsep(&slot_name, ":"); 622 if (!strcmp(slot_name, "a") || 623 !strcmp(slot_name, "b")) { 624 strncat(response, "no", chars_left); 625 } else { 626 strcpy(response, "FAILno"); 627 } 628 #else 629 fastboot_tx_write_str("FAILnot implemented"); 630 return; 631 #endif 632 } else if (!strncmp("slot-successful", cmd, 15)) { 633 #ifdef CONFIG_RK_AVB_LIBAVB_USER 634 char *slot_name = cmd; 635 636 cmd = strsep(&slot_name, ":"); 637 if (!strcmp(slot_name, "a") || 638 !strcmp(slot_name, "b")) { 639 strncat(response, "no", chars_left); 640 } else { 641 strcpy(response, "FAILno"); 642 } 643 #else 644 fastboot_tx_write_str("FAILnot implemented"); 645 return; 646 #endif 647 } else if (!strncmp("slot-retry-count", cmd, 16)) { 648 #ifdef CONFIG_RK_AVB_LIBAVB_USER 649 char *slot_name = cmd; 650 char count[10] = {0}; 651 static int cnt[2] = {0}; 652 653 cmd = strsep(&slot_name, ":"); 654 if (!strcmp(slot_name, "a")) { 655 sprintf(count, "%c", 0x30+cnt[0]); 656 strncat(response, count, chars_left); 657 if (cnt[0] > 0) 658 cnt[0]--; 659 } else if (!strcmp(slot_name, "b")) { 660 sprintf(count, "%c", 0x30+cnt[1]); 661 strncat(response, count, chars_left); 662 if (cnt[1] > 0) 663 cnt[1]--; 664 } else { 665 strcpy(response, "FAILno"); 666 } 667 #else 668 fastboot_tx_write_str("FAILnot implemented"); 669 return; 670 #endif 671 } else if (!strncmp("partition-type", cmd, 14) || 672 !strncmp("partition-size", cmd, 14)) { 673 disk_partition_t part_info; 674 struct blk_desc *dev_desc; 675 char *part_name = cmd; 676 char part_size_str[20]; 677 678 cmd = strsep(&part_name, ":"); 679 dev_desc = blk_get_dev("mmc", 0); 680 if (!dev_desc) { 681 strcpy(response, "FAILblock device not found"); 682 } else if (part_get_info_by_name(dev_desc, part_name, &part_info) < 0) { 683 strcpy(response, "FAILpartition not found"); 684 } else if (!strncmp("partition-type", cmd, 14)) { 685 strncat(response, (char *)part_info.type, chars_left); 686 } else if (!strncmp("partition-size", cmd, 14)) { 687 sprintf(part_size_str, "0x%016x", (int)part_info.size); 688 strncat(response, part_size_str, chars_left); 689 } 690 } else if (!strncmp("oem-unlock", cmd, 10)) { 691 #ifdef CONFIG_OPTEE_CLIENT 692 #ifdef CONFIG_RK_AVB_LIBAVB_USER 693 fastboot_tx_write_str("FAILnot implemented"); 694 return; 695 #else 696 697 char msg[50] = {0}; 698 uint8_t unlock = 0; 699 TEEC_Result result; 700 701 result = trusty_read_oem_unlock(&unlock); 702 if (result) { 703 printf("read oem unlock status with error : 0x%x\n", result); 704 fastboot_tx_write_str("FAILRead oem unlock status failed"); 705 return; 706 } 707 sprintf(msg, "Device is %s, Status Code: %d\n", 708 unlock == 0 ? "LOCKED" : "UNLOCKED", unlock); 709 710 printf(msg); 711 strncat(response, msg, chars_left); 712 #endif 713 #else 714 fastboot_tx_write_str("FAILnot implemented"); 715 return; 716 #endif 717 } else { 718 char *envstr; 719 720 envstr = malloc(strlen("fastboot.") + strlen(cmd) + 1); 721 if (!envstr) { 722 fastboot_tx_write_str("FAILmalloc error"); 723 return; 724 } 725 726 sprintf(envstr, "fastboot.%s", cmd); 727 s = env_get(envstr); 728 if (s) { 729 strncat(response, s, chars_left); 730 } else { 731 printf("WARNING: unknown variable: %s\n", cmd); 732 strcpy(response, "FAILVariable not implemented"); 733 } 734 735 free(envstr); 736 } 737 fastboot_tx_write_str(response); 738 } 739 740 static unsigned int rx_bytes_expected(struct usb_ep *ep) 741 { 742 int rx_remain = download_size - download_bytes; 743 unsigned int rem; 744 unsigned int maxpacket = ep->maxpacket; 745 746 if (rx_remain <= 0) 747 return 0; 748 else if (rx_remain > EP_BUFFER_SIZE) 749 return EP_BUFFER_SIZE; 750 751 /* 752 * Some controllers e.g. DWC3 don't like OUT transfers to be 753 * not ending in maxpacket boundary. So just make them happy by 754 * always requesting for integral multiple of maxpackets. 755 * This shouldn't bother controllers that don't care about it. 756 */ 757 rem = rx_remain % maxpacket; 758 if (rem > 0) 759 rx_remain = rx_remain + (maxpacket - rem); 760 761 return rx_remain; 762 } 763 764 #define BYTES_PER_DOT 0x20000 765 static void rx_handler_dl_image(struct usb_ep *ep, struct usb_request *req) 766 { 767 char response[FASTBOOT_RESPONSE_LEN]; 768 unsigned int transfer_size = download_size - download_bytes; 769 const unsigned char *buffer = req->buf; 770 unsigned int buffer_size = req->actual; 771 unsigned int pre_dot_num, now_dot_num; 772 773 if (req->status != 0) { 774 printf("Bad status: %d\n", req->status); 775 return; 776 } 777 778 if (buffer_size < transfer_size) 779 transfer_size = buffer_size; 780 781 memcpy((void *)CONFIG_FASTBOOT_BUF_ADDR + download_bytes, 782 buffer, transfer_size); 783 784 pre_dot_num = download_bytes / BYTES_PER_DOT; 785 download_bytes += transfer_size; 786 now_dot_num = download_bytes / BYTES_PER_DOT; 787 788 if (pre_dot_num != now_dot_num) { 789 putc('.'); 790 if (!(now_dot_num % 74)) 791 putc('\n'); 792 } 793 794 /* Check if transfer is done */ 795 if (download_bytes >= download_size) { 796 /* 797 * Reset global transfer variable, keep download_bytes because 798 * it will be used in the next possible flashing command 799 */ 800 download_size = 0; 801 req->complete = rx_handler_command; 802 req->length = EP_BUFFER_SIZE; 803 804 strcpy(response, "OKAY"); 805 fastboot_tx_write_str(response); 806 807 printf("\ndownloading of %d bytes finished\n", download_bytes); 808 } else { 809 req->length = rx_bytes_expected(ep); 810 } 811 812 req->actual = 0; 813 usb_ep_queue(ep, req, 0); 814 } 815 816 static void cb_download(struct usb_ep *ep, struct usb_request *req) 817 { 818 char *cmd = req->buf; 819 char response[FASTBOOT_RESPONSE_LEN]; 820 821 strsep(&cmd, ":"); 822 download_size = simple_strtoul(cmd, NULL, 16); 823 download_bytes = 0; 824 825 printf("Starting download of %d bytes\n", download_size); 826 827 if (0 == download_size) { 828 strcpy(response, "FAILdata invalid size"); 829 } else if (download_size > CONFIG_FASTBOOT_BUF_SIZE) { 830 download_size = 0; 831 strcpy(response, "FAILdata too large"); 832 } else { 833 sprintf(response, "DATA%08x", download_size); 834 req->complete = rx_handler_dl_image; 835 req->length = rx_bytes_expected(ep); 836 } 837 838 fastboot_tx_write_str(response); 839 } 840 841 static void tx_handler_ul(struct usb_ep *ep, struct usb_request *req) 842 { 843 unsigned int xfer_size = 0; 844 unsigned int pre_dot_num, now_dot_num; 845 unsigned int remain_size = 0; 846 unsigned int transferred_size = req->actual; 847 848 if (req->status != 0) { 849 printf("Bad status: %d\n", req->status); 850 return; 851 } 852 853 if (start_upload) { 854 pre_dot_num = upload_bytes / BYTES_PER_DOT; 855 upload_bytes += transferred_size; 856 now_dot_num = upload_bytes / BYTES_PER_DOT; 857 858 if (pre_dot_num != now_dot_num) { 859 putc('.'); 860 if (!(now_dot_num % 74)) 861 putc('\n'); 862 } 863 } 864 865 remain_size = upload_size - upload_bytes; 866 xfer_size = (remain_size > EP_BUFFER_SIZE) ? 867 EP_BUFFER_SIZE : remain_size; 868 869 debug("%s: remain_size=%d, transferred_size=%d", 870 __func__, remain_size, transferred_size); 871 debug("xfer_size=%d, upload_bytes=%d, upload_size=%d!\n", 872 xfer_size, upload_bytes, upload_size); 873 874 if (remain_size <= 0) { 875 fastboot_func->in_req->complete = fastboot_complete; 876 wakeup_thread(); 877 fastboot_tx_write_str("OKAY"); 878 printf("\nuploading of %d bytes finished\n", upload_bytes); 879 upload_bytes = 0; 880 upload_size = 0; 881 start_upload = false; 882 return; 883 } 884 885 /* Remove the transfer callback which response the upload */ 886 /* request from host */ 887 if (!upload_bytes) 888 start_upload = true; 889 890 fastboot_tx_write((char *)((phys_addr_t)CONFIG_FASTBOOT_BUF_ADDR + \ 891 upload_bytes), 892 xfer_size); 893 } 894 895 static void cb_upload(struct usb_ep *ep, struct usb_request *req) 896 { 897 char response[FASTBOOT_RESPONSE_LEN]; 898 899 printf("Starting upload of %d bytes\n", upload_size); 900 901 if (0 == upload_size) { 902 strcpy(response, "FAILdata invalid size"); 903 } else { 904 start_upload = false; 905 sprintf(response, "DATA%08x", upload_size); 906 fastboot_func->in_req->complete = tx_handler_ul; 907 } 908 909 fastboot_tx_write_str(response); 910 } 911 912 static void do_bootm_on_complete(struct usb_ep *ep, struct usb_request *req) 913 { 914 char boot_addr_start[12]; 915 char *bootm_args[] = { "bootm", boot_addr_start, NULL }; 916 917 puts("Booting kernel..\n"); 918 919 sprintf(boot_addr_start, "0x%lx", (long)CONFIG_FASTBOOT_BUF_ADDR); 920 do_bootm(NULL, 0, 2, bootm_args); 921 922 /* This only happens if image is somehow faulty so we start over */ 923 do_reset(NULL, 0, 0, NULL); 924 } 925 926 static void cb_boot(struct usb_ep *ep, struct usb_request *req) 927 { 928 fastboot_func->in_req->complete = do_bootm_on_complete; 929 fastboot_tx_write_str("OKAY"); 930 } 931 932 static void do_exit_on_complete(struct usb_ep *ep, struct usb_request *req) 933 { 934 g_dnl_trigger_detach(); 935 } 936 937 static void cb_continue(struct usb_ep *ep, struct usb_request *req) 938 { 939 fastboot_func->in_req->complete = do_exit_on_complete; 940 fastboot_tx_write_str("OKAY"); 941 } 942 943 static void cb_set_active(struct usb_ep *ep, struct usb_request *req) 944 { 945 char *cmd = req->buf; 946 947 debug("%s: %s\n", __func__, cmd); 948 949 strsep(&cmd, ":"); 950 if (!cmd) { 951 pr_err("missing slot name"); 952 fastboot_tx_write_str("FAILmissing slot name"); 953 return; 954 } 955 #ifdef CONFIG_RK_AVB_LIBAVB_USER 956 unsigned int slot_number; 957 if (strncmp("a", cmd, 1) == 0) { 958 slot_number = 0; 959 rk_avb_set_slot_active(&slot_number); 960 } else if (strncmp("b", cmd, 1) == 0) { 961 slot_number = 1; 962 rk_avb_set_slot_active(&slot_number); 963 } else { 964 fastboot_tx_write_str("FAILunkown slot name"); 965 return; 966 } 967 968 fastboot_tx_write_str("OKAY"); 969 return; 970 #else 971 fastboot_tx_write_str("FAILnot implemented"); 972 return; 973 #endif 974 } 975 976 #ifdef CONFIG_FASTBOOT_FLASH 977 static void cb_flash(struct usb_ep *ep, struct usb_request *req) 978 { 979 char *cmd = req->buf; 980 char response[FASTBOOT_RESPONSE_LEN] = {0}; 981 #ifdef CONFIG_RK_AVB_LIBAVB_USER 982 uint8_t flash_lock_state; 983 984 if (rk_avb_read_flash_lock_state(&flash_lock_state)) { 985 /* write the device flashing unlock when first read */ 986 if (rk_avb_write_flash_lock_state(1)) { 987 fastboot_tx_write_str("FAILflash lock state write failure"); 988 return; 989 } 990 if (rk_avb_read_flash_lock_state(&flash_lock_state)) { 991 fastboot_tx_write_str("FAILflash lock state read failure"); 992 return; 993 } 994 } 995 996 if (flash_lock_state == 0) { 997 fastboot_tx_write_str("FAILThe device is locked, can not flash!"); 998 printf("The device is locked, can not flash!\n"); 999 return; 1000 } 1001 #endif 1002 strsep(&cmd, ":"); 1003 if (!cmd) { 1004 pr_err("missing partition name"); 1005 fastboot_tx_write_str("FAILmissing partition name"); 1006 return; 1007 } 1008 1009 fastboot_fail("no flash device defined", response); 1010 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 1011 fb_mmc_flash_write(cmd, (void *)CONFIG_FASTBOOT_BUF_ADDR, 1012 download_bytes, response); 1013 #endif 1014 #ifdef CONFIG_FASTBOOT_FLASH_NAND_DEV 1015 fb_nand_flash_write(cmd, (void *)CONFIG_FASTBOOT_BUF_ADDR, 1016 download_bytes, response); 1017 #endif 1018 fastboot_tx_write_str(response); 1019 } 1020 1021 static void cb_flashing(struct usb_ep *ep, struct usb_request *req) 1022 { 1023 char *cmd = req->buf; 1024 1025 if (strncmp("lock", cmd + 9, 4) == 0) { 1026 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1027 uint8_t flash_lock_state; 1028 flash_lock_state = 0; 1029 if (rk_avb_write_flash_lock_state(flash_lock_state)) 1030 fastboot_tx_write_str("FAILflash lock state" 1031 " write failure"); 1032 else 1033 fastboot_tx_write_str("OKAY"); 1034 #else 1035 fastboot_tx_write_str("FAILnot implemented"); 1036 #endif 1037 } else if (strncmp("unlock", cmd + 9, 6) == 0) { 1038 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1039 uint8_t flash_lock_state; 1040 flash_lock_state = 1; 1041 if (rk_avb_write_flash_lock_state(flash_lock_state)) 1042 fastboot_tx_write_str("FAILflash lock state" 1043 " write failure"); 1044 else 1045 fastboot_tx_write_str("OKAY"); 1046 #else 1047 fastboot_tx_write_str("FAILnot implemented"); 1048 #endif 1049 } else if (strncmp("lock_critical", cmd + 9, 12) == 0) { 1050 fastboot_tx_write_str("FAILnot implemented"); 1051 } else if (strncmp("unlock_critical", cmd + 9, 14) == 0) { 1052 fastboot_tx_write_str("FAILnot implemented"); 1053 } else if (strncmp("get_unlock_ability", cmd + 9, 17) == 0) { 1054 fastboot_tx_write_str("FAILnot implemented"); 1055 } else if (strncmp("get_unlock_bootloader_nonce", cmd + 4, 27) == 0) { 1056 fastboot_tx_write_str("FAILnot implemented"); 1057 } else if (strncmp("unlock_bootloader", cmd + 9, 17) == 0) { 1058 fastboot_tx_write_str("FAILnot implemented"); 1059 } else if (strncmp("lock_bootloader", cmd + 9, 15) == 0) { 1060 fastboot_tx_write_str("FAILnot implemented"); 1061 } else { 1062 fastboot_tx_write_str("FAILunknown flashing command"); 1063 } 1064 } 1065 #endif 1066 1067 static void cb_oem_perm_attr(void) 1068 { 1069 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1070 sha256_context ctx; 1071 uint8_t digest[SHA256_SUM_LEN] = {0}; 1072 uint8_t digest_temp[SHA256_SUM_LEN] = {0}; 1073 uint8_t perm_attr_temp[PERM_ATTR_TOTAL_SIZE] = {0}; 1074 uint8_t flag = 0; 1075 1076 if (PERM_ATTR_TOTAL_SIZE != download_bytes) { 1077 printf("Permanent attribute size is not equal!\n"); 1078 fastboot_tx_write_str("FAILincorrect perm attribute size"); 1079 return; 1080 } 1081 1082 if (rk_avb_read_perm_attr_flag(&flag)) { 1083 printf("rk_avb_read_perm_attr_flag error!\n"); 1084 fastboot_tx_write_str("FAILperm attr read failed"); 1085 return; 1086 } 1087 1088 if (flag == PERM_ATTR_SUCCESS_FLAG) { 1089 if (rk_avb_read_attribute_hash(digest_temp, 1090 SHA256_SUM_LEN)) { 1091 printf("The efuse IO can not be used!\n"); 1092 fastboot_tx_write_str("FAILefuse IO can not be used"); 1093 return; 1094 } 1095 1096 if (memcmp(digest, digest_temp, SHA256_SUM_LEN) != 0) { 1097 if (rk_avb_read_permanent_attributes(perm_attr_temp, 1098 PERM_ATTR_TOTAL_SIZE)) { 1099 printf("rk_avb_write_permanent_attributes error!\n"); 1100 fastboot_tx_write_str("FAILread perm attr error"); 1101 return; 1102 } 1103 1104 sha256_starts(&ctx); 1105 sha256_update(&ctx, 1106 (const uint8_t *)perm_attr_temp, 1107 PERM_ATTR_TOTAL_SIZE); 1108 sha256_finish(&ctx, digest); 1109 if (memcmp(digest, digest_temp, SHA256_SUM_LEN) == 0) { 1110 printf("The hash has been written!\n"); 1111 fastboot_tx_write_str("OKAY"); 1112 return; 1113 } 1114 } 1115 1116 if (rk_avb_write_perm_attr_flag(0)) { 1117 fastboot_tx_write_str("FAILperm attr flag write failure"); 1118 return; 1119 } 1120 } 1121 1122 if (rk_avb_write_permanent_attributes((uint8_t *) 1123 CONFIG_FASTBOOT_BUF_ADDR, 1124 download_bytes)) { 1125 if (rk_avb_write_perm_attr_flag(0)) { 1126 fastboot_tx_write_str("FAILperm attr flag write failure"); 1127 return; 1128 } 1129 fastboot_tx_write_str("FAILperm attr write failed"); 1130 return; 1131 } 1132 1133 memset(digest, 0, SHA256_SUM_LEN); 1134 sha256_starts(&ctx); 1135 sha256_update(&ctx, (const uint8_t *)CONFIG_FASTBOOT_BUF_ADDR, 1136 PERM_ATTR_TOTAL_SIZE); 1137 sha256_finish(&ctx, digest); 1138 1139 if (rk_avb_write_attribute_hash((uint8_t *)digest, 1140 SHA256_SUM_LEN)) { 1141 if (rk_avb_read_attribute_hash(digest_temp, 1142 SHA256_SUM_LEN)) { 1143 printf("The efuse IO can not be used!\n"); 1144 fastboot_tx_write_str("FAILefuse IO can not be used"); 1145 return; 1146 } 1147 if (memcmp(digest, digest_temp, SHA256_SUM_LEN) != 0) { 1148 if (rk_avb_write_perm_attr_flag(0)) { 1149 fastboot_tx_write_str("FAILperm attr flag write failure"); 1150 return; 1151 } 1152 printf("The hash has been written, but is different!\n"); 1153 fastboot_tx_write_str("FAILhash comparison failure"); 1154 return; 1155 } 1156 } 1157 1158 if (rk_avb_write_perm_attr_flag(PERM_ATTR_SUCCESS_FLAG)) { 1159 fastboot_tx_write_str("FAILperm attr flag write failure"); 1160 return; 1161 } 1162 1163 fastboot_tx_write_str("OKAY"); 1164 #else 1165 fastboot_tx_write_str("FAILnot implemented"); 1166 #endif 1167 } 1168 1169 static void cb_oem(struct usb_ep *ep, struct usb_request *req) 1170 { 1171 char *cmd = req->buf; 1172 1173 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 1174 if (strncmp("format", cmd + 4, 6) == 0) { 1175 char cmdbuf[32]; 1176 sprintf(cmdbuf, "gpt write mmc %x $partitions", 1177 CONFIG_FASTBOOT_FLASH_MMC_DEV); 1178 if (run_command(cmdbuf, 0)) 1179 fastboot_tx_write_str("FAILmmc write failure"); 1180 else 1181 fastboot_tx_write_str("OKAY"); 1182 } else 1183 #endif 1184 if (strncmp("unlock", cmd + 4, 8) == 0) { 1185 #ifdef CONFIG_OPTEE_CLIENT 1186 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1187 fastboot_tx_write_str("FAILnot implemented"); 1188 return; 1189 #else 1190 uint8_t unlock = 0; 1191 TEEC_Result result; 1192 debug("oem unlock\n"); 1193 result = trusty_read_oem_unlock(&unlock); 1194 if (result) { 1195 printf("read oem unlock status with error : 0x%x\n", result); 1196 fastboot_tx_write_str("FAILRead oem unlock status failed"); 1197 return; 1198 } 1199 if (unlock) { 1200 printf("oem unlock ignored, device already unlocked\n"); 1201 fastboot_tx_write_str("FAILalready unlocked"); 1202 return; 1203 } 1204 printf("oem unlock requested:\n"); 1205 printf("\tUnlocking forces a factory reset and could\n"); 1206 printf("\topen your device up to a world of hurt. If you\n"); 1207 printf("\tare sure you know what you're doing, then accept\n"); 1208 printf("\tvia 'fastboot oem unlock_accept'.\n"); 1209 env_set("unlock", "unlock"); 1210 fastboot_tx_write_str("OKAY"); 1211 #endif 1212 #else 1213 fastboot_tx_write_str("FAILnot implemented"); 1214 return; 1215 #endif 1216 } else if (strncmp("unlock_accept", cmd + 4, 13) == 0) { 1217 #ifdef CONFIG_OPTEE_CLIENT 1218 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1219 fastboot_tx_write_str("FAILnot implemented"); 1220 return; 1221 #else 1222 char *unlock = env_get("unlock"); 1223 TEEC_Result result; 1224 debug("oem unlock_accept\n"); 1225 if (unlock == NULL || strncmp("unlock", unlock, 6) != 0) { 1226 printf("oem unlock_accept ignored, not pending\n"); 1227 fastboot_tx_write_str("FAILoem unlock not requested"); 1228 return; 1229 } 1230 env_set("unlock", ""); 1231 printf("Erasing userdata partition\n"); 1232 struct blk_desc *dev_desc; 1233 disk_partition_t part_info; 1234 dev_desc = rockchip_get_bootdev(); 1235 if (!dev_desc) { 1236 printf("%s: dev_desc is NULL!\n", __func__); 1237 return; 1238 } 1239 int ret = part_get_info_by_name(dev_desc, "userdata", 1240 &part_info); 1241 if (ret < 0) { 1242 printf("not found userdata partition"); 1243 printf("Erase failed with error %d\n", ret); 1244 fastboot_tx_write_str("FAILErasing userdata failed"); 1245 return; 1246 } 1247 ret = blk_derase(dev_desc, part_info.start, part_info.size); 1248 if (ret != part_info.size) { 1249 printf("Erase failed with error %d\n", ret); 1250 fastboot_tx_write_str("FAILErasing userdata failed"); 1251 return; 1252 } 1253 printf("Erasing succeeded\n"); 1254 1255 result = trusty_write_oem_unlock(1); 1256 if (result) { 1257 printf("write oem unlock status with error : 0x%x\n", result); 1258 fastboot_tx_write_str("FAILWrite oem unlock status failed"); 1259 return; 1260 } 1261 fastboot_tx_write_str("OKAY"); 1262 1263 /* 1264 * now reboot into recovery to do a format of the 1265 * userdata partition so it's ready to use on next boot 1266 */ 1267 board_run_recovery_wipe_data(); 1268 #endif 1269 #else 1270 fastboot_tx_write_str("FAILnot implemented"); 1271 return; 1272 #endif 1273 } else if (strncmp("lock", cmd + 4, 8) == 0) { 1274 #ifdef CONFIG_OPTEE_CLIENT 1275 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1276 fastboot_tx_write_str("FAILnot implemented"); 1277 return; 1278 #else 1279 TEEC_Result result; 1280 uint8_t unlock = 0; 1281 trusty_read_oem_unlock(&unlock); 1282 if (!unlock) { 1283 printf("oem lock ignored, already locked\n"); 1284 fastboot_tx_write_str("FAILalready locked"); 1285 return; 1286 } 1287 1288 result = trusty_write_oem_unlock(0); 1289 if (result) { 1290 printf("write oem unlock status with error : 0x%x\n", result); 1291 fastboot_tx_write_str("FAILWrite oem unlock status failed"); 1292 return; 1293 } 1294 fastboot_tx_write_str("OKAY"); 1295 #endif 1296 #else 1297 fastboot_tx_write_str("FAILnot implemented"); 1298 return; 1299 #endif 1300 } else if (strncmp("at-get-ca-request", cmd + 4, 17) == 0) { 1301 #ifdef CONFIG_OPTEE_CLIENT 1302 uint8_t out[ATTEST_CA_OUT_SIZE]; 1303 uint32_t operation_size = download_bytes; 1304 uint32_t out_len = ATTEST_CA_OUT_SIZE; 1305 uint32_t res = 0; 1306 1307 res = trusty_attest_get_ca((uint8_t *)CONFIG_FASTBOOT_BUF_ADDR, 1308 &operation_size, out, &out_len); 1309 if (res) { 1310 fastboot_tx_write_str("FAILtrusty_attest_get_ca failed"); 1311 return; 1312 } 1313 upload_size = out_len; 1314 memcpy((void *)CONFIG_FASTBOOT_BUF_ADDR, out, out_len); 1315 fastboot_tx_write_str("OKAY"); 1316 #else 1317 fastboot_tx_write_str("FAILnot implemented"); 1318 return; 1319 #endif 1320 } else if (strncmp("at-set-ca-response", cmd + 4, 18) == 0) { 1321 #ifdef CONFIG_OPTEE_CLIENT 1322 uint32_t ca_response_size = download_bytes; 1323 uint32_t res = 0; 1324 1325 res = trusty_attest_set_ca((uint8_t *)CONFIG_FASTBOOT_BUF_ADDR, 1326 &ca_response_size); 1327 if (res) 1328 fastboot_tx_write_str("FAILtrusty_attest_set_ca failed"); 1329 else 1330 fastboot_tx_write_str("OKAY"); 1331 #else 1332 fastboot_tx_write_str("FAILnot implemented"); 1333 return; 1334 #endif 1335 } else if (strncmp("at-get-vboot-unlock-challenge", cmd + 4, 29) == 0) { 1336 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1337 uint32_t challenge_len = 0; 1338 int ret = 0; 1339 1340 ret = rk_generate_unlock_challenge((void *)CONFIG_FASTBOOT_BUF_ADDR, &challenge_len); 1341 if (ret == 0) { 1342 upload_size = challenge_len; 1343 fastboot_tx_write_str("OKAY"); 1344 } else { 1345 fastboot_tx_write_str("FAILgenerate unlock challenge fail!"); 1346 } 1347 #else 1348 fastboot_tx_write_str("FAILnot implemented"); 1349 return; 1350 #endif 1351 } else if (strncmp("at-lock-vboot", cmd + 4, 13) == 0) { 1352 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1353 uint8_t lock_state; 1354 lock_state = 0; 1355 if (rk_avb_write_lock_state(lock_state)) 1356 fastboot_tx_write_str("FAILwrite lock state failed"); 1357 else 1358 fastboot_tx_write_str("OKAY"); 1359 #else 1360 fastboot_tx_write_str("FAILnot implemented"); 1361 #endif 1362 } else if (strncmp("at-unlock-vboot", cmd + 4, 15) == 0) { 1363 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1364 uint8_t lock_state; 1365 char out_is_trusted; 1366 1367 if (rk_avb_read_lock_state(&lock_state)) 1368 fastboot_tx_write_str("FAILlock sate read failure"); 1369 if (lock_state >> 1 == 1) { 1370 fastboot_tx_write_str("FAILThe vboot is disable!"); 1371 } else { 1372 lock_state = 1; 1373 if (rk_auth_unlock((void *)CONFIG_FASTBOOT_BUF_ADDR, 1374 &out_is_trusted)) { 1375 printf("rk_auth_unlock ops error!\n"); 1376 fastboot_tx_write_str("FAILrk_auth_unlock ops error!"); 1377 return; 1378 } 1379 if (out_is_trusted == true) { 1380 if (rk_avb_write_lock_state(lock_state)) 1381 fastboot_tx_write_str("FAILwrite lock state failed"); 1382 else 1383 fastboot_tx_write_str("OKAY"); 1384 } else { 1385 fastboot_tx_write_str("FAILauthenticated unlock fail"); 1386 } 1387 } 1388 #else 1389 fastboot_tx_write_str("FAILnot implemented"); 1390 #endif 1391 } else if (strncmp("at-disable-unlock-vboot", cmd + 4, 23) == 0) { 1392 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1393 uint8_t lock_state; 1394 lock_state = 2; 1395 if (rk_avb_write_lock_state(lock_state)) 1396 fastboot_tx_write_str("FAILwrite lock state failed"); 1397 else 1398 fastboot_tx_write_str("OKAY"); 1399 #else 1400 fastboot_tx_write_str("FAILnot implemented"); 1401 #endif 1402 } else if (strncmp("fuse at-perm-attr", cmd + 4, 16) == 0) { 1403 cb_oem_perm_attr(); 1404 } else if (strncmp("fuse at-bootloader-vboot-key", cmd + 4, 27) == 0) { 1405 #ifdef CONFIG_RK_AVB_LIBAVB_USER 1406 sha256_context ctx; 1407 uint8_t digest[SHA256_SUM_LEN]; 1408 1409 if (download_bytes != VBOOT_KEY_HASH_SIZE) { 1410 fastboot_tx_write_str("FAILinvalid vboot key length"); 1411 printf("The vboot key size error!\n"); 1412 return; 1413 } 1414 1415 sha256_starts(&ctx); 1416 sha256_update(&ctx, (const uint8_t *)CONFIG_FASTBOOT_BUF_ADDR, 1417 VBOOT_KEY_SIZE); 1418 sha256_finish(&ctx, digest); 1419 1420 if (rk_avb_write_vbootkey_hash((uint8_t *)digest, 1421 SHA256_SUM_LEN)) { 1422 fastboot_tx_write_str("FAILvbootkey hash write failure"); 1423 return; 1424 } 1425 fastboot_tx_write_str("OKAY"); 1426 #else 1427 fastboot_tx_write_str("FAILnot implemented"); 1428 #endif 1429 } else { 1430 fastboot_tx_write_str("FAILunknown oem command"); 1431 } 1432 } 1433 1434 #ifdef CONFIG_FASTBOOT_FLASH 1435 static void cb_erase(struct usb_ep *ep, struct usb_request *req) 1436 { 1437 char *cmd = req->buf; 1438 char response[FASTBOOT_RESPONSE_LEN]; 1439 1440 strsep(&cmd, ":"); 1441 if (!cmd) { 1442 pr_err("missing partition name"); 1443 fastboot_tx_write_str("FAILmissing partition name"); 1444 return; 1445 } 1446 1447 fastboot_fail("no flash device defined", response); 1448 #ifdef CONFIG_FASTBOOT_FLASH_MMC_DEV 1449 fb_mmc_erase(cmd, response); 1450 #endif 1451 #ifdef CONFIG_FASTBOOT_FLASH_NAND_DEV 1452 fb_nand_erase(cmd, response); 1453 #endif 1454 fastboot_tx_write_str(response); 1455 } 1456 #endif 1457 1458 struct cmd_dispatch_info { 1459 char *cmd; 1460 void (*cb)(struct usb_ep *ep, struct usb_request *req); 1461 }; 1462 1463 static const struct cmd_dispatch_info cmd_dispatch_info[] = { 1464 { 1465 .cmd = "reboot", 1466 .cb = cb_reboot, 1467 }, { 1468 .cmd = "getvar:", 1469 .cb = cb_getvar, 1470 }, { 1471 .cmd = "download:", 1472 .cb = cb_download, 1473 }, { 1474 .cmd = "upload", 1475 .cb = cb_upload, 1476 }, { 1477 .cmd = "boot", 1478 .cb = cb_boot, 1479 }, { 1480 .cmd = "continue", 1481 .cb = cb_continue, 1482 }, { 1483 .cmd = "set_active", 1484 .cb = cb_set_active, 1485 }, 1486 #ifdef CONFIG_FASTBOOT_FLASH 1487 { 1488 .cmd = "flashing", 1489 .cb = cb_flashing, 1490 }, 1491 { 1492 .cmd = "flash", 1493 .cb = cb_flash, 1494 }, { 1495 .cmd = "erase", 1496 .cb = cb_erase, 1497 }, 1498 #endif 1499 { 1500 .cmd = "oem", 1501 .cb = cb_oem, 1502 }, 1503 }; 1504 1505 static void rx_handler_command(struct usb_ep *ep, struct usb_request *req) 1506 { 1507 char *cmdbuf = req->buf; 1508 void (*func_cb)(struct usb_ep *ep, struct usb_request *req) = NULL; 1509 int i; 1510 1511 if (req->status != 0 || req->length == 0) 1512 return; 1513 1514 for (i = 0; i < ARRAY_SIZE(cmd_dispatch_info); i++) { 1515 if (!strcmp_l1(cmd_dispatch_info[i].cmd, cmdbuf)) { 1516 func_cb = cmd_dispatch_info[i].cb; 1517 break; 1518 } 1519 } 1520 1521 if (!func_cb) { 1522 pr_err("unknown command: %.*s", req->actual, cmdbuf); 1523 fastboot_tx_write_str("FAILunknown command"); 1524 } else { 1525 if (req->actual < req->length) { 1526 u8 *buf = (u8 *)req->buf; 1527 buf[req->actual] = 0; 1528 func_cb(ep, req); 1529 } else { 1530 pr_err("buffer overflow"); 1531 fastboot_tx_write_str("FAILbuffer overflow"); 1532 } 1533 } 1534 1535 *cmdbuf = '\0'; 1536 req->actual = 0; 1537 usb_ep_queue(ep, req, 0); 1538 } 1539