1 /* 2 * Copyright 2017 Rockchip Electronics Co., Ltd 3 * Frank Wang <frank.wang@rock-chips.com> 4 * 5 * SPDX-License-Identifier: GPL-2.0+ 6 */ 7 8 #include <asm/io.h> 9 #include <android_avb/avb_ops_user.h> 10 #include <android_avb/rk_avb_ops_user.h> 11 #include <asm/arch/boot_mode.h> 12 #include <asm/arch/chip_info.h> 13 #include <asm/arch/rk_atags.h> 14 #include <write_keybox.h> 15 #include <linux/mtd/mtd.h> 16 #include <optee_include/OpteeClientInterface.h> 17 #include <dm.h> 18 #include <misc.h> 19 #include <mmc.h> 20 #include <scsi.h> 21 #include <stdlib.h> 22 #include <usbplug.h> 23 24 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION 25 #include <asm/arch/vendor.h> 26 #endif 27 #include <rockusb.h> 28 29 #define ROCKUSB_INTERFACE_CLASS 0xff 30 #define ROCKUSB_INTERFACE_SUB_CLASS 0x06 31 #define ROCKUSB_INTERFACE_PROTOCOL 0x05 32 33 #define ROCKCHIP_FLASH_BLOCK_SIZE 1024 34 #define ROCKCHIP_FLASH_PAGE_SIZE 4 35 36 static struct usb_interface_descriptor rkusb_intf_desc = { 37 .bLength = USB_DT_INTERFACE_SIZE, 38 .bDescriptorType = USB_DT_INTERFACE, 39 .bInterfaceNumber = 0x00, 40 .bAlternateSetting = 0x00, 41 .bNumEndpoints = 0x02, 42 .bInterfaceClass = ROCKUSB_INTERFACE_CLASS, 43 .bInterfaceSubClass = ROCKUSB_INTERFACE_SUB_CLASS, 44 .bInterfaceProtocol = ROCKUSB_INTERFACE_PROTOCOL, 45 }; 46 47 static struct usb_descriptor_header *rkusb_fs_function[] = { 48 (struct usb_descriptor_header *)&rkusb_intf_desc, 49 (struct usb_descriptor_header *)&fsg_fs_bulk_in_desc, 50 (struct usb_descriptor_header *)&fsg_fs_bulk_out_desc, 51 NULL, 52 }; 53 54 static struct usb_descriptor_header *rkusb_hs_function[] = { 55 (struct usb_descriptor_header *)&rkusb_intf_desc, 56 (struct usb_descriptor_header *)&fsg_hs_bulk_in_desc, 57 (struct usb_descriptor_header *)&fsg_hs_bulk_out_desc, 58 NULL, 59 }; 60 61 static struct usb_descriptor_header *rkusb_ss_function[] = { 62 (struct usb_descriptor_header *)&rkusb_intf_desc, 63 (struct usb_descriptor_header *)&fsg_ss_bulk_in_desc, 64 (struct usb_descriptor_header *)&fsg_ss_bulk_in_comp_desc, 65 (struct usb_descriptor_header *)&fsg_ss_bulk_out_desc, 66 (struct usb_descriptor_header *)&fsg_ss_bulk_out_comp_desc, 67 NULL, 68 }; 69 70 struct rk_flash_info { 71 u32 flash_size; 72 u16 block_size; 73 u8 page_size; 74 u8 ecc_bits; 75 u8 access_time; 76 u8 manufacturer; 77 u8 flash_mask; 78 } __packed; 79 80 static int rkusb_rst_code; /* The subcode in reset command (0xFF) */ 81 82 int g_dnl_bind_fixup(struct usb_device_descriptor *dev, const char *name) 83 { 84 if (IS_RKUSB_UMS_DNL(name)) { 85 /* Fix to Rockchip's VID and PID */ 86 dev->idVendor = __constant_cpu_to_le16(0x2207); 87 dev->idProduct = __constant_cpu_to_le16(CONFIG_ROCKUSB_G_DNL_PID); 88 89 /* Enumerate as a loader device */ 90 #if defined(CONFIG_SUPPORT_USBPLUG) 91 dev->bcdUSB = cpu_to_le16(0x0200); 92 #else 93 dev->bcdUSB = cpu_to_le16(0x0201); 94 #endif 95 } else if (!strncmp(name, "usb_dnl_fastboot", 16)) { 96 /* Fix to Google's VID and PID */ 97 dev->idVendor = __constant_cpu_to_le16(0x18d1); 98 dev->idProduct = __constant_cpu_to_le16(0xd00d); 99 } else if (!strncmp(name, "usb_dnl_dfu", 11)) { 100 /* Fix to Rockchip's VID and PID for DFU */ 101 dev->idVendor = cpu_to_le16(0x2207); 102 dev->idProduct = cpu_to_le16(0x0107); 103 } else if (!strncmp(name, "usb_dnl_ums", 11)) { 104 dev->idVendor = cpu_to_le16(0x2207); 105 dev->idProduct = cpu_to_le16(0x0010); 106 } 107 108 return 0; 109 } 110 111 __maybe_unused 112 static inline void dump_cbw(struct fsg_bulk_cb_wrap *cbw) 113 { 114 assert(!cbw); 115 116 debug("%s:\n", __func__); 117 debug("Signature %x\n", cbw->Signature); 118 debug("Tag %x\n", cbw->Tag); 119 debug("DataTransferLength %x\n", cbw->DataTransferLength); 120 debug("Flags %x\n", cbw->Flags); 121 debug("LUN %x\n", cbw->Lun); 122 debug("Length %x\n", cbw->Length); 123 debug("OptionCode %x\n", cbw->CDB[0]); 124 debug("SubCode %x\n", cbw->CDB[1]); 125 debug("SectorAddr %x\n", get_unaligned_be32(&cbw->CDB[2])); 126 debug("BlkSectors %x\n\n", get_unaligned_be16(&cbw->CDB[7])); 127 } 128 129 static int rkusb_check_lun(struct fsg_common *common) 130 { 131 struct fsg_lun *curlun; 132 133 /* Check the LUN */ 134 if (common->lun >= 0 && common->lun < common->nluns) { 135 curlun = &common->luns[common->lun]; 136 if (common->cmnd[0] != SC_REQUEST_SENSE) { 137 curlun->sense_data = SS_NO_SENSE; 138 curlun->info_valid = 0; 139 } 140 } else { 141 curlun = NULL; 142 common->bad_lun_okay = 0; 143 144 /* 145 * INQUIRY and REQUEST SENSE commands are explicitly allowed 146 * to use unsupported LUNs; all others may not. 147 */ 148 if (common->cmnd[0] != SC_INQUIRY && 149 common->cmnd[0] != SC_REQUEST_SENSE) { 150 debug("unsupported LUN %d\n", common->lun); 151 return -EINVAL; 152 } 153 } 154 155 return 0; 156 } 157 158 static void __do_reset(struct usb_ep *ep, struct usb_request *req) 159 { 160 u32 boot_flag = BOOT_NORMAL; 161 162 if (rkusb_rst_code == 0x03) 163 boot_flag = BOOT_BROM_DOWNLOAD; 164 165 rkusb_rst_code = 0; /* restore to default */ 166 writel(boot_flag, (void *)CONFIG_ROCKCHIP_BOOT_MODE_REG); 167 168 do_reset(NULL, 0, 0, NULL); 169 } 170 171 static int rkusb_do_reset(struct fsg_common *common, 172 struct fsg_buffhd *bh) 173 { 174 common->data_size_from_cmnd = common->cmnd[4]; 175 common->residue = 0; 176 bh->inreq->complete = __do_reset; 177 bh->state = BUF_STATE_EMPTY; 178 179 rkusb_rst_code = !common->cmnd[1] ? 0xff : common->cmnd[1]; 180 return 0; 181 } 182 183 __weak bool rkusb_usb3_capable(void) 184 { 185 return false; 186 } 187 188 static int rkusb_do_switch_to_usb3(struct fsg_common *common, 189 struct fsg_buffhd *bh) 190 { 191 g_dnl_set_serialnumber((char *)&common->cmnd[1]); 192 rkusb_switch_to_usb3_enable(true); 193 bh->state = BUF_STATE_EMPTY; 194 195 return 0; 196 } 197 198 static int rkusb_do_test_unit_ready(struct fsg_common *common, 199 struct fsg_buffhd *bh) 200 { 201 struct blk_desc *desc = &ums[common->lun].block_dev; 202 u32 usb_trb_size; 203 u16 residue; 204 205 if ((desc->if_type == IF_TYPE_MTD && desc->devnum == BLK_MTD_SPI_NOR) || 206 desc->if_type == IF_TYPE_SPINOR) 207 residue = 0x03; /* 128KB Max block xfer for SPI Nor */ 208 else if (common->cmnd[1] == 0xf7 && FSG_BUFLEN >= 0x400000) 209 residue = 0x0a; /* Max block xfer for USB DWC3 */ 210 else 211 residue = 0x06; /* Max block xfer support from host */ 212 213 usb_trb_size = (1 << residue) * 4096; 214 common->usb_trb_size = min(usb_trb_size, FSG_BUFLEN); 215 common->residue = residue << 24; 216 common->data_dir = DATA_DIR_NONE; 217 bh->state = BUF_STATE_EMPTY; 218 219 return 0; 220 } 221 222 static int rkusb_do_read_flash_id(struct fsg_common *common, 223 struct fsg_buffhd *bh) 224 { 225 u8 *buf = (u8 *)bh->buf; 226 u32 len = 5; 227 enum if_type type = ums[common->lun].block_dev.if_type; 228 u32 devnum = ums[common->lun].block_dev.devnum; 229 const char *str; 230 231 switch (type) { 232 case IF_TYPE_MMC: 233 str = "EMMC "; 234 break; 235 case IF_TYPE_RKNAND: 236 str = "NAND "; 237 break; 238 case IF_TYPE_MTD: 239 if (devnum == BLK_MTD_SPI_NAND) 240 str ="SNAND"; 241 else if (devnum == BLK_MTD_NAND) 242 str = "NAND "; 243 else 244 str = "NOR "; 245 break; 246 default: 247 str = "UNKN "; /* unknown */ 248 break; 249 } 250 251 memcpy((void *)&buf[0], str, len); 252 253 /* Set data xfer size */ 254 common->residue = common->data_size_from_cmnd = len; 255 common->data_size = len; 256 257 return len; 258 } 259 260 static int rkusb_do_test_bad_block(struct fsg_common *common, 261 struct fsg_buffhd *bh) 262 { 263 u8 *buf = (u8 *)bh->buf; 264 u32 len = 64; 265 266 memset((void *)&buf[0], 0, len); 267 268 /* Set data xfer size */ 269 common->residue = common->data_size_from_cmnd = len; 270 common->data_size = len; 271 272 return len; 273 } 274 275 static int rkusb_do_read_flash_info(struct fsg_common *common, 276 struct fsg_buffhd *bh) 277 { 278 struct blk_desc *desc = &ums[common->lun].block_dev; 279 u8 *buf = (u8 *)bh->buf; 280 u32 len = sizeof(struct rk_flash_info); 281 struct rk_flash_info finfo = { 282 .block_size = ROCKCHIP_FLASH_BLOCK_SIZE, 283 .ecc_bits = 0, 284 .page_size = ROCKCHIP_FLASH_PAGE_SIZE, 285 .access_time = 40, 286 .manufacturer = 0, 287 .flash_mask = 0 288 }; 289 290 /* Set the raw block size for tools to creat GPT with 4K block size */ 291 if (desc->rawblksz == 0x1000) 292 finfo.manufacturer = 208; 293 294 finfo.flash_size = (u32)desc->lba; 295 296 if (desc->if_type == IF_TYPE_MTD && 297 (desc->devnum == BLK_MTD_NAND || 298 desc->devnum == BLK_MTD_SPI_NAND)) { 299 struct mtd_info *mtd = (struct mtd_info *)desc->bdev->priv; 300 301 if (mtd) { 302 finfo.block_size = mtd->erasesize >> 9; 303 finfo.page_size = mtd->writesize >> 9; 304 #ifdef CONFIG_SUPPORT_USBPLUG 305 /* Using 4KB pagesize as 2KB for idblock */ 306 if (finfo.page_size == 8 && desc->devnum == BLK_MTD_SPI_NAND) 307 finfo.page_size |= (4 << 4); 308 #endif 309 } 310 } 311 312 if (desc->if_type == IF_TYPE_MTD && desc->devnum == BLK_MTD_SPI_NOR) { 313 /* RV1126/RK3308 mtd spinor keep the former upgrade mode */ 314 #if !defined(CONFIG_ROCKCHIP_RV1126) && !defined(CONFIG_ROCKCHIP_RK3308) 315 finfo.block_size = 0x80; /* Aligned to 64KB */ 316 #else 317 finfo.block_size = ROCKCHIP_FLASH_BLOCK_SIZE; 318 #endif 319 } 320 321 debug("Flash info: block_size= %x page_size= %x\n", finfo.block_size, 322 finfo.page_size); 323 324 if (finfo.flash_size) 325 finfo.flash_mask = 1; 326 327 memset((void *)&buf[0], 0, len); 328 memcpy((void *)&buf[0], (void *)&finfo, len); 329 330 /* Set data xfer size */ 331 common->residue = common->data_size_from_cmnd = len; 332 /* legacy upgrade_tool does not set correct transfer size */ 333 common->data_size = len; 334 335 return len; 336 } 337 338 static int rkusb_do_get_chip_info(struct fsg_common *common, 339 struct fsg_buffhd *bh) 340 { 341 u8 *buf = (u8 *)bh->buf; 342 u32 len = common->data_size; 343 u32 chip_info[4]; 344 345 memset((void *)chip_info, 0, sizeof(chip_info)); 346 rockchip_rockusb_get_chip_info(chip_info); 347 348 memset((void *)&buf[0], 0, len); 349 memcpy((void *)&buf[0], (void *)chip_info, len); 350 351 /* Set data xfer size */ 352 common->residue = common->data_size_from_cmnd = len; 353 354 return len; 355 } 356 357 static int rkusb_do_lba_erase(struct fsg_common *common, 358 struct fsg_buffhd *bh) 359 { 360 struct fsg_lun *curlun = &common->luns[common->lun]; 361 u32 lba, amount; 362 loff_t file_offset; 363 int rc; 364 365 lba = get_unaligned_be32(&common->cmnd[2]); 366 if (lba >= curlun->num_sectors) { 367 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 368 rc = -EINVAL; 369 goto out; 370 } 371 372 file_offset = ((loff_t) lba) << 9; 373 amount = get_unaligned_be16(&common->cmnd[7]) << 9; 374 if (unlikely(amount == 0)) { 375 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 376 rc = -EIO; 377 goto out; 378 } 379 380 /* Perform the erase */ 381 rc = ums[common->lun].erase_sector(&ums[common->lun], 382 file_offset / SECTOR_SIZE, 383 amount / SECTOR_SIZE); 384 if (!rc) { 385 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 386 rc = -EIO; 387 } 388 389 out: 390 common->data_dir = DATA_DIR_NONE; 391 bh->state = BUF_STATE_EMPTY; 392 393 return rc; 394 } 395 396 static int rkusb_do_erase_force(struct fsg_common *common, 397 struct fsg_buffhd *bh) 398 { 399 struct blk_desc *desc = &ums[common->lun].block_dev; 400 struct fsg_lun *curlun = &common->luns[common->lun]; 401 u16 block_size = ROCKCHIP_FLASH_BLOCK_SIZE; 402 u32 lba, amount; 403 loff_t file_offset; 404 int rc; 405 406 lba = get_unaligned_be32(&common->cmnd[2]); 407 if (lba >= curlun->num_sectors) { 408 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 409 rc = -EINVAL; 410 goto out; 411 } 412 413 if (desc->if_type == IF_TYPE_MTD && 414 (desc->devnum == BLK_MTD_NAND || 415 desc->devnum == BLK_MTD_SPI_NAND)) { 416 struct mtd_info *mtd = (struct mtd_info *)desc->bdev->priv; 417 418 if (mtd) 419 block_size = mtd->erasesize >> 9; 420 } 421 422 file_offset = ((loff_t)lba) * block_size; 423 amount = get_unaligned_be16(&common->cmnd[7]) * block_size; 424 425 debug("%s lba= %x, nsec= %x\n", __func__, lba, 426 (u32)get_unaligned_be16(&common->cmnd[7])); 427 428 if (unlikely(amount == 0)) { 429 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 430 rc = -EIO; 431 goto out; 432 } 433 434 /* Perform the erase */ 435 rc = ums[common->lun].erase_sector(&ums[common->lun], 436 file_offset, 437 amount); 438 if (!rc) { 439 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 440 rc = -EIO; 441 } 442 443 out: 444 common->data_dir = DATA_DIR_NONE; 445 bh->state = BUF_STATE_EMPTY; 446 447 return rc; 448 } 449 450 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION 451 static int rkusb_do_vs_write(struct fsg_common *common) 452 { 453 struct fsg_lun *curlun = &common->luns[common->lun]; 454 u16 type = get_unaligned_be16(&common->cmnd[4]); 455 struct vendor_item *vhead; 456 struct fsg_buffhd *bh; 457 void *data; 458 int rc; 459 460 if (common->data_size >= (u32)65536) { 461 /* _MUST_ small than 64K */ 462 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 463 return -EINVAL; 464 } 465 466 common->residue = common->data_size; 467 common->usb_amount_left = common->data_size; 468 469 /* Carry out the file writes */ 470 if (unlikely(common->data_size == 0)) 471 return -EIO; /* No data to write */ 472 473 for (;;) { 474 if (common->usb_amount_left > 0) { 475 /* Wait for the next buffer to become available */ 476 bh = common->next_buffhd_to_fill; 477 if (bh->state != BUF_STATE_EMPTY) 478 goto wait; 479 480 /* Request the next buffer */ 481 common->usb_amount_left -= common->data_size; 482 bh->outreq->length = common->data_size; 483 bh->bulk_out_intended_length = common->data_size; 484 bh->outreq->short_not_ok = 1; 485 486 START_TRANSFER_OR(common, bulk_out, bh->outreq, 487 &bh->outreq_busy, &bh->state) 488 /* 489 * Don't know what to do if 490 * common->fsg is NULL 491 */ 492 return -EIO; 493 common->next_buffhd_to_fill = bh->next; 494 } else { 495 /* Then, wait for the data to become available */ 496 bh = common->next_buffhd_to_drain; 497 if (bh->state != BUF_STATE_FULL) 498 goto wait; 499 500 common->next_buffhd_to_drain = bh->next; 501 bh->state = BUF_STATE_EMPTY; 502 503 /* Did something go wrong with the transfer? */ 504 if (bh->outreq->status != 0) { 505 curlun->sense_data = SS_COMMUNICATION_FAILURE; 506 curlun->info_valid = 1; 507 break; 508 } 509 510 /* Perform the write */ 511 vhead = (struct vendor_item *)bh->buf; 512 data = bh->buf + sizeof(struct vendor_item); 513 514 if (!type) { 515 #ifndef CONFIG_SUPPORT_USBPLUG 516 if (vhead->id == HDCP_14_HDMI_ID || 517 vhead->id == HDCP_14_HDMIRX_ID || 518 vhead->id == HDCP_14_DP_ID) { 519 rc = vendor_handle_hdcp(vhead); 520 if (rc < 0) { 521 curlun->sense_data = SS_WRITE_ERROR; 522 return -EIO; 523 } 524 } 525 #endif 526 527 /* Vendor storage */ 528 rc = vendor_storage_write(vhead->id, 529 (char __user *)data, 530 vhead->size); 531 if (rc < 0) { 532 curlun->sense_data = SS_WRITE_ERROR; 533 return -EIO; 534 } 535 } else if (type == 1) { 536 /* RPMB */ 537 rc = 538 write_keybox_to_secure_storage((u8 *)data, 539 vhead->size); 540 if (rc < 0) { 541 curlun->sense_data = SS_WRITE_ERROR; 542 return -EIO; 543 } 544 } else if (type == 2) { 545 /* security storage */ 546 #ifdef CONFIG_RK_AVB_LIBAVB_USER 547 debug("%s call rk_avb_write_perm_attr %d, %d\n", 548 __func__, vhead->id, vhead->size); 549 rc = rk_avb_write_perm_attr(vhead->id, 550 (char __user *)data, 551 vhead->size); 552 if (rc < 0) { 553 curlun->sense_data = SS_WRITE_ERROR; 554 return -EIO; 555 } 556 #else 557 printf("Please enable CONFIG_RK_AVB_LIBAVB_USER\n"); 558 #endif 559 } else if (type == 3) { 560 /* efuse or otp*/ 561 #ifdef CONFIG_OPTEE_CLIENT 562 if (memcmp(data, "TAEK", 4) == 0) { 563 if (vhead->size - 8 != 32) { 564 printf("check ta encryption key size fail!\n"); 565 curlun->sense_data = SS_WRITE_ERROR; 566 return -EIO; 567 } 568 if (trusty_write_ta_encryption_key((uint32_t *)(data + 8), 8) != 0) { 569 printf("trusty_write_ta_encryption_key error!"); 570 curlun->sense_data = SS_WRITE_ERROR; 571 return -EIO; 572 } 573 } else if (memcmp(data, "EHUK", 4) == 0) { 574 if (vhead->size - 8 != 32) { 575 printf("check oem huk size fail!\n"); 576 curlun->sense_data = SS_WRITE_ERROR; 577 return -EIO; 578 } 579 if (trusty_write_oem_huk((uint32_t *)(data + 8), 8) != 0) { 580 printf("trusty_write_oem_huk error!"); 581 curlun->sense_data = SS_WRITE_ERROR; 582 return -EIO; 583 } 584 } else if (memcmp(data, "ENDA", 4) == 0) { 585 if (vhead->size - 8 != 16) { 586 printf("check oem encrypt data size fail!\n"); 587 curlun->sense_data = SS_WRITE_ERROR; 588 return -EIO; 589 } 590 if (trusty_write_oem_encrypt_data((uint32_t *)(data + 8), 4) != 0) { 591 printf("trusty_write_oem_encrypt_data error!"); 592 curlun->sense_data = SS_WRITE_ERROR; 593 return -EIO; 594 } 595 } else if (memcmp(data, "OTPK", 4) == 0) { 596 uint32_t key_len = vhead->size - 9; 597 uint8_t key_id = *((uint8_t *)data + 8); 598 if (key_len != 16 && key_len != 24 && key_len != 32) { 599 printf("check oem otp key size fail!\n"); 600 curlun->sense_data = SS_WRITE_ERROR; 601 return -EIO; 602 } 603 if (trusty_write_oem_otp_key(key_id, (uint8_t *)(data + 9), key_len) != 0) { 604 printf("trusty_write_oem_huk error!"); 605 curlun->sense_data = SS_WRITE_ERROR; 606 return -EIO; 607 } 608 } else { 609 printf("Unknown tag\n"); 610 curlun->sense_data = SS_WRITE_ERROR; 611 return -EIO; 612 } 613 #else 614 printf("Please enable CONFIG_OPTEE_CLIENT\n"); 615 #endif 616 } else { 617 return -EINVAL; 618 } 619 620 common->residue -= common->data_size; 621 622 /* Did the host decide to stop early? */ 623 if (bh->outreq->actual != bh->outreq->length) 624 common->short_packet_received = 1; 625 break; /* Command done */ 626 } 627 wait: 628 /* Wait for something to happen */ 629 rc = sleep_thread(common); 630 if (rc) 631 return rc; 632 } 633 634 return -EIO; /* No default reply */ 635 } 636 637 static int rkusb_do_vs_read(struct fsg_common *common) 638 { 639 struct fsg_lun *curlun = &common->luns[common->lun]; 640 u16 type = get_unaligned_be16(&common->cmnd[4]); 641 struct vendor_item *vhead; 642 struct fsg_buffhd *bh; 643 void *data; 644 int rc; 645 646 if (common->data_size >= (u32)65536) { 647 /* _MUST_ small than 64K */ 648 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 649 return -EINVAL; 650 } 651 652 common->residue = common->data_size; 653 common->usb_amount_left = common->data_size; 654 655 /* Carry out the file reads */ 656 if (unlikely(common->data_size == 0)) 657 return -EIO; /* No default reply */ 658 659 for (;;) { 660 /* Wait for the next buffer to become available */ 661 bh = common->next_buffhd_to_fill; 662 while (bh->state != BUF_STATE_EMPTY) { 663 rc = sleep_thread(common); 664 if (rc) 665 return rc; 666 } 667 668 memset(bh->buf, 0, FSG_BUFLEN); 669 vhead = (struct vendor_item *)bh->buf; 670 data = bh->buf + sizeof(struct vendor_item); 671 vhead->id = get_unaligned_be16(&common->cmnd[2]); 672 673 if (!type) { 674 /* Vendor storage */ 675 rc = vendor_storage_read(vhead->id, 676 (char __user *)data, 677 common->data_size); 678 if (!rc) { 679 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 680 return -EIO; 681 } 682 vhead->size = rc; 683 } else if (type == 1) { 684 /* RPMB */ 685 rc = 686 read_raw_data_from_secure_storage((u8 *)data, 687 common->data_size); 688 if (!rc) { 689 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 690 return -EIO; 691 } 692 vhead->size = rc; 693 } else if (type == 2) { 694 /* security storage */ 695 #ifdef CONFIG_RK_AVB_LIBAVB_USER 696 rc = rk_avb_read_perm_attr(vhead->id, 697 (char __user *)data, 698 vhead->size); 699 if (rc < 0) 700 return -EIO; 701 vhead->size = rc; 702 #else 703 printf("Please enable CONFIG_RK_AVB_LIBAVB_USER!\n"); 704 #endif 705 } else if (type == 3) { 706 /* efuse or otp*/ 707 #ifdef CONFIG_OPTEE_CLIENT 708 if (vhead->id == 120) { 709 u8 value; 710 char *written_str = "key is written!"; 711 char *not_written_str = "key is not written!"; 712 if (trusty_ta_encryption_key_is_written(&value) != 0) { 713 printf("trusty_ta_encryption_key_is_written error!"); 714 return -EIO; 715 } 716 if (value) { 717 memcpy(data, written_str, strlen(written_str)); 718 vhead->size = strlen(written_str); 719 } else { 720 memcpy(data, not_written_str, strlen(not_written_str)); 721 vhead->size = strlen(not_written_str); 722 } 723 } else { 724 printf("Unknown tag\n"); 725 return -EIO; 726 } 727 #else 728 printf("Please enable CONFIG_OPTEE_CLIENT\n"); 729 #endif 730 } else { 731 return -EINVAL; 732 } 733 734 common->residue -= common->data_size; 735 bh->inreq->length = common->data_size; 736 bh->state = BUF_STATE_FULL; 737 738 break; /* No more left to read */ 739 } 740 741 return -EIO; /* No default reply */ 742 } 743 #endif 744 745 static int rkusb_do_switch_storage(struct fsg_common *common) 746 { 747 enum if_type type, cur_type = ums[common->lun].block_dev.if_type; 748 int devnum, cur_devnum = ums[common->lun].block_dev.devnum; 749 struct blk_desc *block_dev; 750 u32 media = BOOT_TYPE_UNKNOWN; 751 752 media = 1 << common->cmnd[1]; 753 754 switch (media) { 755 #ifdef CONFIG_MMC 756 case BOOT_TYPE_EMMC: 757 type = IF_TYPE_MMC; 758 devnum = 0; 759 mmc_initialize(gd->bd); 760 break; 761 #endif 762 case BOOT_TYPE_MTD_BLK_NAND: 763 type = IF_TYPE_MTD; 764 devnum = 0; 765 break; 766 case BOOT_TYPE_MTD_BLK_SPI_NAND: 767 type = IF_TYPE_MTD; 768 devnum = 1; 769 break; 770 case BOOT_TYPE_MTD_BLK_SPI_NOR: 771 type = IF_TYPE_MTD; 772 devnum = 2; 773 break; 774 #if defined(CONFIG_SCSI) && defined(CONFIG_CMD_SCSI) && (defined(CONFIG_AHCI) || defined(CONFIG_UFS)) 775 case BOOT_TYPE_SATA: 776 type = IF_TYPE_SCSI; 777 devnum = 0; 778 break; 779 #endif 780 default: 781 printf("Bootdev 0x%x is not support\n", media); 782 return -ENODEV; 783 } 784 785 if (cur_type == type && cur_devnum == devnum) 786 return 0; 787 788 #if CONFIG_IS_ENABLED(SUPPORT_USBPLUG) 789 block_dev = usbplug_blk_get_devnum_by_type(type, devnum); 790 #else 791 block_dev = blk_get_devnum_by_type(type, devnum); 792 #endif 793 if (!block_dev) { 794 printf("Bootdev if_type=%d num=%d toggle fail\n", type, devnum); 795 return -ENODEV; 796 } 797 798 ums[common->lun].num_sectors = block_dev->lba; 799 ums[common->lun].block_dev = *block_dev; 800 801 printf("RKUSB: LUN %d, dev %d, hwpart %d, sector %#x, count %#x\n", 802 0, 803 ums[common->lun].block_dev.devnum, 804 ums[common->lun].block_dev.hwpart, 805 ums[common->lun].start_sector, 806 ums[common->lun].num_sectors); 807 808 return 0; 809 } 810 811 static int rkusb_do_get_storage_info(struct fsg_common *common, 812 struct fsg_buffhd *bh) 813 { 814 enum if_type type = ums[common->lun].block_dev.if_type; 815 int devnum = ums[common->lun].block_dev.devnum; 816 u32 media = BOOT_TYPE_UNKNOWN; 817 u32 len = common->data_size; 818 u8 *buf = (u8 *)bh->buf; 819 820 if (len > 4) 821 len = 4; 822 823 switch (type) { 824 case IF_TYPE_MMC: 825 media = BOOT_TYPE_EMMC; 826 break; 827 828 case IF_TYPE_SD: 829 media = BOOT_TYPE_SD0; 830 break; 831 832 case IF_TYPE_MTD: 833 if (devnum == BLK_MTD_SPI_NAND) 834 media = BOOT_TYPE_MTD_BLK_SPI_NAND; 835 else if (devnum == BLK_MTD_NAND) 836 media = BOOT_TYPE_NAND; 837 else 838 media = BOOT_TYPE_MTD_BLK_SPI_NOR; 839 break; 840 841 case IF_TYPE_SCSI: 842 media = BOOT_TYPE_SATA; 843 break; 844 845 case IF_TYPE_RKNAND: 846 media = BOOT_TYPE_NAND; 847 break; 848 849 case IF_TYPE_NVME: 850 media = BOOT_TYPE_PCIE; 851 break; 852 853 default: 854 break; 855 } 856 857 memcpy((void *)&buf[0], (void *)&media, len); 858 common->residue = len; 859 common->data_size_from_cmnd = len; 860 861 return len; 862 } 863 864 static int rkusb_do_read_capacity(struct fsg_common *common, 865 struct fsg_buffhd *bh) 866 { 867 u8 *buf = (u8 *)bh->buf; 868 u32 len = common->data_size; 869 enum if_type type = ums[common->lun].block_dev.if_type; 870 int devnum = ums[common->lun].block_dev.devnum; 871 872 /* 873 * bit[0]: Direct LBA, 0: Disabled; 874 * bit[1]: Vendor Storage API, 0: Disabed (default); 875 * bit[2]: First 4M Access, 0: Disabled; 876 * bit[3]: Read LBA On, 0: Disabed (default); 877 * bit[4]: New Vendor Storage API, 0: Disabed; 878 * bit[5]: Read uart data from ram 879 * bit[6]: Read IDB config 880 * bit[7]: Read SecureMode 881 * bit[8]: New IDB feature 882 * bit[9]: Get storage media info 883 * bit[10]: LBAwrite Parity 884 * bit[11]: Read Otp Data 885 * bit[12]: usb3 download 886 * bit[13]: Write OTP proof 887 * bit[14]: Write Cipher Key 888 * bit[15:63}: Reserved. 889 */ 890 memset((void *)&buf[0], 0, len); 891 if (type == IF_TYPE_MMC || type == IF_TYPE_SD || type == IF_TYPE_NVME) 892 buf[0] = BIT(0) | BIT(2) | BIT(4); 893 else 894 buf[0] = BIT(0) | BIT(4); 895 896 if (type == IF_TYPE_MTD && 897 (devnum == BLK_MTD_NAND || 898 devnum == BLK_MTD_SPI_NAND)) 899 buf[0] |= (1 << 6); 900 901 #if !defined(CONFIG_ROCKCHIP_RV1126) && !defined(CONFIG_ROCKCHIP_RK3308) 902 if (type == IF_TYPE_MTD && devnum == BLK_MTD_SPI_NOR) 903 buf[0] |= (1 << 6); 904 #endif 905 906 #if defined(CONFIG_ROCKCHIP_NEW_IDB) 907 buf[1] = BIT(0); 908 #endif 909 buf[1] |= BIT(1); /* Switch Storage */ 910 buf[1] |= BIT(2); /* LBAwrite Parity */ 911 912 if (rkusb_usb3_capable() && !rkusb_force_usb2_enabled()) 913 buf[1] |= BIT(4); 914 else 915 buf[1] &= ~BIT(4); 916 917 #ifdef CONFIG_ROCKCHIP_OTP 918 buf[1] |= BIT(3); /* Read Otp Data */ 919 buf[1] |= BIT(5); /* Write OTP proof */ 920 buf[1] |= BIT(6); /* Write Cipher Key */ 921 #endif 922 923 /* Set data xfer size */ 924 common->residue = len; 925 common->data_size_from_cmnd = len; 926 927 return len; 928 } 929 930 #ifdef CONFIG_ROCKCHIP_OTP 931 static int rkusb_do_read_otp(struct fsg_common *common, 932 struct fsg_buffhd *bh) 933 { 934 u32 len = common->data_size; 935 u32 type = common->cmnd[1]; 936 u8 *buf = (u8 *)bh->buf; 937 struct udevice *dev; 938 939 buf[0] = 0; 940 if (type == 0) { /* soc uuid */ 941 if (!uclass_get_device_by_driver(UCLASS_MISC, DM_GET_DRIVER(rockchip_otp), &dev)) { 942 if (!misc_read(dev, CFG_CPUID_OFFSET, (void *)&buf[1], len)) 943 buf[0] = len; 944 } 945 } 946 947 common->residue = len; 948 common->data_size_from_cmnd = len; 949 950 return len; 951 } 952 #endif 953 954 static void rkusb_fixup_cbwcb(struct fsg_common *common, 955 struct fsg_buffhd *bh) 956 { 957 struct usb_request *req = bh->outreq; 958 struct fsg_bulk_cb_wrap *cbw = req->buf; 959 960 /* FIXME cbw.DataTransferLength was not set by Upgrade Tool */ 961 common->data_size = le32_to_cpu(cbw->DataTransferLength); 962 if (common->data_size == 0) { 963 common->data_size = 964 get_unaligned_be16(&common->cmnd[7]) << 9; 965 printf("Trasfer Length NOT set, please use new version tool\n"); 966 debug("%s %d, cmnd1 %x\n", __func__, 967 get_unaligned_be16(&common->cmnd[7]), 968 get_unaligned_be16(&common->cmnd[1])); 969 } 970 if (cbw->Flags & USB_BULK_IN_FLAG) 971 common->data_dir = DATA_DIR_TO_HOST; 972 else 973 common->data_dir = DATA_DIR_FROM_HOST; 974 975 /* Not support */ 976 common->cmnd[1] = 0; 977 } 978 979 static int rkusb_cmd_process(struct fsg_common *common, 980 struct fsg_buffhd *bh, int *reply) 981 { 982 struct usb_request *req = bh->outreq; 983 struct fsg_bulk_cb_wrap *cbw = req->buf; 984 int rc; 985 986 dump_cbw(cbw); 987 988 if (rkusb_check_lun(common)) { 989 *reply = -EINVAL; 990 return RKUSB_RC_ERROR; 991 } 992 993 switch (common->cmnd[0]) { 994 case RKUSB_TEST_UNIT_READY: 995 *reply = rkusb_do_test_unit_ready(common, bh); 996 rc = RKUSB_RC_FINISHED; 997 break; 998 999 case RKUSB_READ_FLASH_ID: 1000 *reply = rkusb_do_read_flash_id(common, bh); 1001 rc = RKUSB_RC_FINISHED; 1002 break; 1003 1004 case RKUSB_TEST_BAD_BLOCK: 1005 *reply = rkusb_do_test_bad_block(common, bh); 1006 rc = RKUSB_RC_FINISHED; 1007 break; 1008 1009 case RKUSB_ERASE_10_FORCE: 1010 *reply = rkusb_do_erase_force(common, bh); 1011 rc = RKUSB_RC_FINISHED; 1012 break; 1013 1014 case RKUSB_LBA_READ_10: 1015 rkusb_fixup_cbwcb(common, bh); 1016 common->cmnd[0] = SC_READ_10; 1017 common->cmnd[1] = 0; /* Not support */ 1018 rc = RKUSB_RC_CONTINUE; 1019 break; 1020 1021 case RKUSB_LBA_WRITE_10: 1022 rkusb_fixup_cbwcb(common, bh); 1023 common->cmnd[0] = SC_WRITE_10; 1024 common->cmnd[1] = 0; /* Not support */ 1025 rc = RKUSB_RC_CONTINUE; 1026 break; 1027 1028 case RKUSB_READ_FLASH_INFO: 1029 *reply = rkusb_do_read_flash_info(common, bh); 1030 rc = RKUSB_RC_FINISHED; 1031 break; 1032 1033 case RKUSB_GET_CHIP_VER: 1034 *reply = rkusb_do_get_chip_info(common, bh); 1035 rc = RKUSB_RC_FINISHED; 1036 break; 1037 1038 case RKUSB_LBA_ERASE: 1039 *reply = rkusb_do_lba_erase(common, bh); 1040 rc = RKUSB_RC_FINISHED; 1041 break; 1042 1043 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION 1044 case RKUSB_VS_WRITE: 1045 *reply = rkusb_do_vs_write(common); 1046 rc = RKUSB_RC_FINISHED; 1047 break; 1048 1049 case RKUSB_VS_READ: 1050 *reply = rkusb_do_vs_read(common); 1051 rc = RKUSB_RC_FINISHED; 1052 break; 1053 #endif 1054 case RKUSB_SWITCH_STORAGE: 1055 *reply = rkusb_do_switch_storage(common); 1056 rc = RKUSB_RC_FINISHED; 1057 break; 1058 case RKUSB_GET_STORAGE_MEDIA: 1059 *reply = rkusb_do_get_storage_info(common, bh); 1060 rc = RKUSB_RC_FINISHED; 1061 break; 1062 1063 case RKUSB_READ_CAPACITY: 1064 *reply = rkusb_do_read_capacity(common, bh); 1065 rc = RKUSB_RC_FINISHED; 1066 break; 1067 1068 case RKUSB_SWITCH_USB3: 1069 *reply = rkusb_do_switch_to_usb3(common, bh); 1070 rc = RKUSB_RC_FINISHED; 1071 break; 1072 1073 case RKUSB_RESET: 1074 *reply = rkusb_do_reset(common, bh); 1075 rc = RKUSB_RC_FINISHED; 1076 break; 1077 1078 #ifdef CONFIG_ROCKCHIP_OTP 1079 case RKUSB_READ_OTP_DATA: 1080 *reply = rkusb_do_read_otp(common, bh); 1081 rc = RKUSB_RC_FINISHED; 1082 break; 1083 #endif 1084 1085 case RKUSB_READ_10: 1086 case RKUSB_WRITE_10: 1087 printf("CMD Not support, pls use new version Tool\n"); 1088 case RKUSB_SET_DEVICE_ID: 1089 case RKUSB_ERASE_10: 1090 case RKUSB_WRITE_SPARE: 1091 case RKUSB_READ_SPARE: 1092 case RKUSB_GET_VERSION: 1093 case RKUSB_ERASE_SYS_DISK: 1094 case RKUSB_SDRAM_READ_10: 1095 case RKUSB_SDRAM_WRITE_10: 1096 case RKUSB_SDRAM_EXECUTE: 1097 case RKUSB_LOW_FORMAT: 1098 case RKUSB_SET_RESET_FLAG: 1099 case RKUSB_SPI_READ_10: 1100 case RKUSB_SPI_WRITE_10: 1101 /* Fall through */ 1102 default: 1103 rc = RKUSB_RC_UNKNOWN_CMND; 1104 break; 1105 } 1106 1107 return rc; 1108 } 1109 1110 int rkusb_do_check_parity(struct fsg_common *common) 1111 { 1112 int ret = 0, rc; 1113 u32 parity, i, usb_parity, lba, len; 1114 static u32 usb_check_buffer[1024 * 256]; 1115 1116 usb_parity = common->cmnd[9] | (common->cmnd[10] << 8) | 1117 (common->cmnd[11] << 16) | (common->cmnd[12] << 24); 1118 1119 if (common->cmnd[0] == SC_WRITE_10 && (usb_parity)) { 1120 lba = get_unaligned_be32(&common->cmnd[2]); 1121 len = common->data_size_from_cmnd >> 9; 1122 rc = blk_dread(&ums[common->lun].block_dev, lba, len, usb_check_buffer); 1123 parity = 0x000055aa; 1124 for (i = 0; i < len * 128; i++) 1125 parity += usb_check_buffer[i]; 1126 if (!rc || parity != usb_parity) 1127 common->phase_error = 1; 1128 } 1129 1130 return ret; 1131 } 1132 1133 DECLARE_GADGET_BIND_CALLBACK(rkusb_ums_dnl, fsg_add); 1134