1 /* 2 * Copyright 2017 Rockchip Electronics Co., Ltd 3 * Frank Wang <frank.wang@rock-chips.com> 4 * 5 * SPDX-License-Identifier: GPL-2.0+ 6 */ 7 8 #include <asm/io.h> 9 #include <android_avb/avb_ops_user.h> 10 #include <android_avb/rk_avb_ops_user.h> 11 #include <asm/arch/boot_mode.h> 12 #include <asm/arch/chip_info.h> 13 #include <asm/arch/rk_atags.h> 14 #include <write_keybox.h> 15 #include <linux/mtd/mtd.h> 16 #include <optee_include/OpteeClientInterface.h> 17 #include <mmc.h> 18 #include <stdlib.h> 19 #include <usbplug.h> 20 21 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION 22 #include <asm/arch/vendor.h> 23 #endif 24 #include <rockusb.h> 25 26 #define ROCKUSB_INTERFACE_CLASS 0xff 27 #define ROCKUSB_INTERFACE_SUB_CLASS 0x06 28 #define ROCKUSB_INTERFACE_PROTOCOL 0x05 29 30 #define ROCKCHIP_FLASH_BLOCK_SIZE 1024 31 #define ROCKCHIP_FLASH_PAGE_SIZE 4 32 33 static struct usb_interface_descriptor rkusb_intf_desc = { 34 .bLength = USB_DT_INTERFACE_SIZE, 35 .bDescriptorType = USB_DT_INTERFACE, 36 .bInterfaceNumber = 0x00, 37 .bAlternateSetting = 0x00, 38 .bNumEndpoints = 0x02, 39 .bInterfaceClass = ROCKUSB_INTERFACE_CLASS, 40 .bInterfaceSubClass = ROCKUSB_INTERFACE_SUB_CLASS, 41 .bInterfaceProtocol = ROCKUSB_INTERFACE_PROTOCOL, 42 }; 43 44 static struct usb_descriptor_header *rkusb_fs_function[] = { 45 (struct usb_descriptor_header *)&rkusb_intf_desc, 46 (struct usb_descriptor_header *)&fsg_fs_bulk_in_desc, 47 (struct usb_descriptor_header *)&fsg_fs_bulk_out_desc, 48 NULL, 49 }; 50 51 static struct usb_descriptor_header *rkusb_hs_function[] = { 52 (struct usb_descriptor_header *)&rkusb_intf_desc, 53 (struct usb_descriptor_header *)&fsg_hs_bulk_in_desc, 54 (struct usb_descriptor_header *)&fsg_hs_bulk_out_desc, 55 NULL, 56 }; 57 58 static struct usb_descriptor_header *rkusb_ss_function[] = { 59 (struct usb_descriptor_header *)&rkusb_intf_desc, 60 (struct usb_descriptor_header *)&fsg_ss_bulk_in_desc, 61 (struct usb_descriptor_header *)&fsg_ss_bulk_in_comp_desc, 62 (struct usb_descriptor_header *)&fsg_ss_bulk_out_desc, 63 (struct usb_descriptor_header *)&fsg_ss_bulk_out_comp_desc, 64 NULL, 65 }; 66 67 struct rk_flash_info { 68 u32 flash_size; 69 u16 block_size; 70 u8 page_size; 71 u8 ecc_bits; 72 u8 access_time; 73 u8 manufacturer; 74 u8 flash_mask; 75 } __packed; 76 77 static int rkusb_rst_code; /* The subcode in reset command (0xFF) */ 78 79 int g_dnl_bind_fixup(struct usb_device_descriptor *dev, const char *name) 80 { 81 if (IS_RKUSB_UMS_DNL(name)) { 82 /* Fix to Rockchip's VID and PID */ 83 dev->idVendor = __constant_cpu_to_le16(0x2207); 84 dev->idProduct = __constant_cpu_to_le16(CONFIG_ROCKUSB_G_DNL_PID); 85 86 /* Enumerate as a loader device */ 87 #if defined(CONFIG_SUPPORT_USBPLUG) 88 dev->bcdUSB = cpu_to_le16(0x0200); 89 #else 90 dev->bcdUSB = cpu_to_le16(0x0201); 91 #endif 92 } else if (!strncmp(name, "usb_dnl_fastboot", 16)) { 93 /* Fix to Google's VID and PID */ 94 dev->idVendor = __constant_cpu_to_le16(0x18d1); 95 dev->idProduct = __constant_cpu_to_le16(0xd00d); 96 } else if (!strncmp(name, "usb_dnl_dfu", 11)) { 97 /* Fix to Rockchip's VID and PID for DFU */ 98 dev->idVendor = cpu_to_le16(0x2207); 99 dev->idProduct = cpu_to_le16(0x0107); 100 } else if (!strncmp(name, "usb_dnl_ums", 11)) { 101 dev->idVendor = cpu_to_le16(0x2207); 102 dev->idProduct = cpu_to_le16(0x0010); 103 } 104 105 return 0; 106 } 107 108 __maybe_unused 109 static inline void dump_cbw(struct fsg_bulk_cb_wrap *cbw) 110 { 111 assert(!cbw); 112 113 debug("%s:\n", __func__); 114 debug("Signature %x\n", cbw->Signature); 115 debug("Tag %x\n", cbw->Tag); 116 debug("DataTransferLength %x\n", cbw->DataTransferLength); 117 debug("Flags %x\n", cbw->Flags); 118 debug("LUN %x\n", cbw->Lun); 119 debug("Length %x\n", cbw->Length); 120 debug("OptionCode %x\n", cbw->CDB[0]); 121 debug("SubCode %x\n", cbw->CDB[1]); 122 debug("SectorAddr %x\n", get_unaligned_be32(&cbw->CDB[2])); 123 debug("BlkSectors %x\n\n", get_unaligned_be16(&cbw->CDB[7])); 124 } 125 126 static int rkusb_check_lun(struct fsg_common *common) 127 { 128 struct fsg_lun *curlun; 129 130 /* Check the LUN */ 131 if (common->lun >= 0 && common->lun < common->nluns) { 132 curlun = &common->luns[common->lun]; 133 if (common->cmnd[0] != SC_REQUEST_SENSE) { 134 curlun->sense_data = SS_NO_SENSE; 135 curlun->info_valid = 0; 136 } 137 } else { 138 curlun = NULL; 139 common->bad_lun_okay = 0; 140 141 /* 142 * INQUIRY and REQUEST SENSE commands are explicitly allowed 143 * to use unsupported LUNs; all others may not. 144 */ 145 if (common->cmnd[0] != SC_INQUIRY && 146 common->cmnd[0] != SC_REQUEST_SENSE) { 147 debug("unsupported LUN %d\n", common->lun); 148 return -EINVAL; 149 } 150 } 151 152 return 0; 153 } 154 155 static void __do_reset(struct usb_ep *ep, struct usb_request *req) 156 { 157 u32 boot_flag = BOOT_NORMAL; 158 159 if (rkusb_rst_code == 0x03) 160 boot_flag = BOOT_BROM_DOWNLOAD; 161 162 rkusb_rst_code = 0; /* restore to default */ 163 writel(boot_flag, (void *)CONFIG_ROCKCHIP_BOOT_MODE_REG); 164 165 do_reset(NULL, 0, 0, NULL); 166 } 167 168 static int rkusb_do_reset(struct fsg_common *common, 169 struct fsg_buffhd *bh) 170 { 171 common->data_size_from_cmnd = common->cmnd[4]; 172 common->residue = 0; 173 bh->inreq->complete = __do_reset; 174 bh->state = BUF_STATE_EMPTY; 175 176 rkusb_rst_code = !common->cmnd[1] ? 0xff : common->cmnd[1]; 177 return 0; 178 } 179 180 __weak bool rkusb_usb3_capable(void) 181 { 182 return false; 183 } 184 185 static int rkusb_do_switch_to_usb3(struct fsg_common *common, 186 struct fsg_buffhd *bh) 187 { 188 g_dnl_set_serialnumber((char *)&common->cmnd[1]); 189 rkusb_switch_to_usb3_enable(true); 190 bh->state = BUF_STATE_EMPTY; 191 192 return 0; 193 } 194 195 static int rkusb_do_test_unit_ready(struct fsg_common *common, 196 struct fsg_buffhd *bh) 197 { 198 struct blk_desc *desc = &ums[common->lun].block_dev; 199 u32 usb_trb_size; 200 u16 residue; 201 202 if ((desc->if_type == IF_TYPE_MTD && desc->devnum == BLK_MTD_SPI_NOR) || 203 desc->if_type == IF_TYPE_SPINOR) 204 residue = 0x03; /* 128KB Max block xfer for SPI Nor */ 205 else if (common->cmnd[1] == 0xf7 && FSG_BUFLEN >= 0x400000) 206 residue = 0x0a; /* Max block xfer for USB DWC3 */ 207 else 208 residue = 0x06; /* Max block xfer support from host */ 209 210 usb_trb_size = (1 << residue) * 4096; 211 common->usb_trb_size = min(usb_trb_size, FSG_BUFLEN); 212 common->residue = residue << 24; 213 common->data_dir = DATA_DIR_NONE; 214 bh->state = BUF_STATE_EMPTY; 215 216 return 0; 217 } 218 219 static int rkusb_do_read_flash_id(struct fsg_common *common, 220 struct fsg_buffhd *bh) 221 { 222 u8 *buf = (u8 *)bh->buf; 223 u32 len = 5; 224 enum if_type type = ums[common->lun].block_dev.if_type; 225 u32 devnum = ums[common->lun].block_dev.devnum; 226 const char *str; 227 228 switch (type) { 229 case IF_TYPE_MMC: 230 str = "EMMC "; 231 break; 232 case IF_TYPE_RKNAND: 233 str = "NAND "; 234 break; 235 case IF_TYPE_MTD: 236 if (devnum == BLK_MTD_SPI_NAND) 237 str ="SNAND"; 238 else if (devnum == BLK_MTD_NAND) 239 str = "NAND "; 240 else 241 str = "NOR "; 242 break; 243 default: 244 str = "UNKN "; /* unknown */ 245 break; 246 } 247 248 memcpy((void *)&buf[0], str, len); 249 250 /* Set data xfer size */ 251 common->residue = common->data_size_from_cmnd = len; 252 common->data_size = len; 253 254 return len; 255 } 256 257 static int rkusb_do_test_bad_block(struct fsg_common *common, 258 struct fsg_buffhd *bh) 259 { 260 u8 *buf = (u8 *)bh->buf; 261 u32 len = 64; 262 263 memset((void *)&buf[0], 0, len); 264 265 /* Set data xfer size */ 266 common->residue = common->data_size_from_cmnd = len; 267 common->data_size = len; 268 269 return len; 270 } 271 272 static int rkusb_do_read_flash_info(struct fsg_common *common, 273 struct fsg_buffhd *bh) 274 { 275 struct blk_desc *desc = &ums[common->lun].block_dev; 276 u8 *buf = (u8 *)bh->buf; 277 u32 len = sizeof(struct rk_flash_info); 278 struct rk_flash_info finfo = { 279 .block_size = ROCKCHIP_FLASH_BLOCK_SIZE, 280 .ecc_bits = 0, 281 .page_size = ROCKCHIP_FLASH_PAGE_SIZE, 282 .access_time = 40, 283 .manufacturer = 0, 284 .flash_mask = 0 285 }; 286 287 finfo.flash_size = (u32)desc->lba; 288 289 if (desc->if_type == IF_TYPE_MTD && 290 (desc->devnum == BLK_MTD_NAND || 291 desc->devnum == BLK_MTD_SPI_NAND)) { 292 struct mtd_info *mtd = (struct mtd_info *)desc->bdev->priv; 293 294 if (mtd) { 295 finfo.block_size = mtd->erasesize >> 9; 296 finfo.page_size = mtd->writesize >> 9; 297 } 298 } 299 300 if (desc->if_type == IF_TYPE_MTD && desc->devnum == BLK_MTD_SPI_NOR) { 301 /* RV1126/RK3308 mtd spinor keep the former upgrade mode */ 302 #if !defined(CONFIG_ROCKCHIP_RV1126) && !defined(CONFIG_ROCKCHIP_RK3308) 303 finfo.block_size = 0x80; /* Aligned to 64KB */ 304 #else 305 finfo.block_size = ROCKCHIP_FLASH_BLOCK_SIZE; 306 #endif 307 } 308 309 debug("Flash info: block_size= %x page_size= %x\n", finfo.block_size, 310 finfo.page_size); 311 312 if (finfo.flash_size) 313 finfo.flash_mask = 1; 314 315 memset((void *)&buf[0], 0, len); 316 memcpy((void *)&buf[0], (void *)&finfo, len); 317 318 /* Set data xfer size */ 319 common->residue = common->data_size_from_cmnd = len; 320 /* legacy upgrade_tool does not set correct transfer size */ 321 common->data_size = len; 322 323 return len; 324 } 325 326 static int rkusb_do_get_chip_info(struct fsg_common *common, 327 struct fsg_buffhd *bh) 328 { 329 u8 *buf = (u8 *)bh->buf; 330 u32 len = common->data_size; 331 u32 chip_info[4]; 332 333 memset((void *)chip_info, 0, sizeof(chip_info)); 334 rockchip_rockusb_get_chip_info(chip_info); 335 336 memset((void *)&buf[0], 0, len); 337 memcpy((void *)&buf[0], (void *)chip_info, len); 338 339 /* Set data xfer size */ 340 common->residue = common->data_size_from_cmnd = len; 341 342 return len; 343 } 344 345 static int rkusb_do_lba_erase(struct fsg_common *common, 346 struct fsg_buffhd *bh) 347 { 348 struct fsg_lun *curlun = &common->luns[common->lun]; 349 u32 lba, amount; 350 loff_t file_offset; 351 int rc; 352 353 lba = get_unaligned_be32(&common->cmnd[2]); 354 if (lba >= curlun->num_sectors) { 355 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 356 rc = -EINVAL; 357 goto out; 358 } 359 360 file_offset = ((loff_t) lba) << 9; 361 amount = get_unaligned_be16(&common->cmnd[7]) << 9; 362 if (unlikely(amount == 0)) { 363 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 364 rc = -EIO; 365 goto out; 366 } 367 368 /* Perform the erase */ 369 rc = ums[common->lun].erase_sector(&ums[common->lun], 370 file_offset / SECTOR_SIZE, 371 amount / SECTOR_SIZE); 372 if (!rc) { 373 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 374 rc = -EIO; 375 } 376 377 out: 378 common->data_dir = DATA_DIR_NONE; 379 bh->state = BUF_STATE_EMPTY; 380 381 return rc; 382 } 383 384 static int rkusb_do_erase_force(struct fsg_common *common, 385 struct fsg_buffhd *bh) 386 { 387 struct blk_desc *desc = &ums[common->lun].block_dev; 388 struct fsg_lun *curlun = &common->luns[common->lun]; 389 u16 block_size = ROCKCHIP_FLASH_BLOCK_SIZE; 390 u32 lba, amount; 391 loff_t file_offset; 392 int rc; 393 394 lba = get_unaligned_be32(&common->cmnd[2]); 395 if (lba >= curlun->num_sectors) { 396 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 397 rc = -EINVAL; 398 goto out; 399 } 400 401 if (desc->if_type == IF_TYPE_MTD && 402 (desc->devnum == BLK_MTD_NAND || 403 desc->devnum == BLK_MTD_SPI_NAND)) { 404 struct mtd_info *mtd = (struct mtd_info *)desc->bdev->priv; 405 406 if (mtd) 407 block_size = mtd->erasesize >> 9; 408 } 409 410 file_offset = ((loff_t)lba) * block_size; 411 amount = get_unaligned_be16(&common->cmnd[7]) * block_size; 412 413 debug("%s lba= %x, nsec= %x\n", __func__, lba, 414 (u32)get_unaligned_be16(&common->cmnd[7])); 415 416 if (unlikely(amount == 0)) { 417 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 418 rc = -EIO; 419 goto out; 420 } 421 422 /* Perform the erase */ 423 rc = ums[common->lun].erase_sector(&ums[common->lun], 424 file_offset, 425 amount); 426 if (!rc) { 427 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 428 rc = -EIO; 429 } 430 431 out: 432 common->data_dir = DATA_DIR_NONE; 433 bh->state = BUF_STATE_EMPTY; 434 435 return rc; 436 } 437 438 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION 439 static int rkusb_do_vs_write(struct fsg_common *common) 440 { 441 struct fsg_lun *curlun = &common->luns[common->lun]; 442 u16 type = get_unaligned_be16(&common->cmnd[4]); 443 struct vendor_item *vhead; 444 struct fsg_buffhd *bh; 445 void *data; 446 int rc; 447 448 if (common->data_size >= (u32)65536) { 449 /* _MUST_ small than 64K */ 450 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 451 return -EINVAL; 452 } 453 454 common->residue = common->data_size; 455 common->usb_amount_left = common->data_size; 456 457 /* Carry out the file writes */ 458 if (unlikely(common->data_size == 0)) 459 return -EIO; /* No data to write */ 460 461 for (;;) { 462 if (common->usb_amount_left > 0) { 463 /* Wait for the next buffer to become available */ 464 bh = common->next_buffhd_to_fill; 465 if (bh->state != BUF_STATE_EMPTY) 466 goto wait; 467 468 /* Request the next buffer */ 469 common->usb_amount_left -= common->data_size; 470 bh->outreq->length = common->data_size; 471 bh->bulk_out_intended_length = common->data_size; 472 bh->outreq->short_not_ok = 1; 473 474 START_TRANSFER_OR(common, bulk_out, bh->outreq, 475 &bh->outreq_busy, &bh->state) 476 /* 477 * Don't know what to do if 478 * common->fsg is NULL 479 */ 480 return -EIO; 481 common->next_buffhd_to_fill = bh->next; 482 } else { 483 /* Then, wait for the data to become available */ 484 bh = common->next_buffhd_to_drain; 485 if (bh->state != BUF_STATE_FULL) 486 goto wait; 487 488 common->next_buffhd_to_drain = bh->next; 489 bh->state = BUF_STATE_EMPTY; 490 491 /* Did something go wrong with the transfer? */ 492 if (bh->outreq->status != 0) { 493 curlun->sense_data = SS_COMMUNICATION_FAILURE; 494 curlun->info_valid = 1; 495 break; 496 } 497 498 /* Perform the write */ 499 vhead = (struct vendor_item *)bh->buf; 500 data = bh->buf + sizeof(struct vendor_item); 501 502 if (!type) { 503 #ifndef CONFIG_SUPPORT_USBPLUG 504 if (vhead->id == HDCP_14_HDMI_ID || 505 vhead->id == HDCP_14_HDMIRX_ID || 506 vhead->id == HDCP_14_DP_ID) { 507 rc = vendor_handle_hdcp(vhead); 508 if (rc < 0) { 509 curlun->sense_data = SS_WRITE_ERROR; 510 return -EIO; 511 } 512 } 513 #endif 514 515 /* Vendor storage */ 516 rc = vendor_storage_write(vhead->id, 517 (char __user *)data, 518 vhead->size); 519 if (rc < 0) { 520 curlun->sense_data = SS_WRITE_ERROR; 521 return -EIO; 522 } 523 } else if (type == 1) { 524 /* RPMB */ 525 rc = 526 write_keybox_to_secure_storage((u8 *)data, 527 vhead->size); 528 if (rc < 0) { 529 curlun->sense_data = SS_WRITE_ERROR; 530 return -EIO; 531 } 532 } else if (type == 2) { 533 /* security storage */ 534 #ifdef CONFIG_RK_AVB_LIBAVB_USER 535 debug("%s call rk_avb_write_perm_attr %d, %d\n", 536 __func__, vhead->id, vhead->size); 537 rc = rk_avb_write_perm_attr(vhead->id, 538 (char __user *)data, 539 vhead->size); 540 if (rc < 0) { 541 curlun->sense_data = SS_WRITE_ERROR; 542 return -EIO; 543 } 544 #else 545 printf("Please enable CONFIG_RK_AVB_LIBAVB_USER\n"); 546 #endif 547 } else if (type == 3) { 548 /* efuse or otp*/ 549 #ifdef CONFIG_OPTEE_CLIENT 550 if (memcmp(data, "TAEK", 4) == 0) { 551 if (vhead->size - 8 != 32) { 552 printf("check ta encryption key size fail!\n"); 553 curlun->sense_data = SS_WRITE_ERROR; 554 return -EIO; 555 } 556 if (trusty_write_ta_encryption_key((uint32_t *)(data + 8), 8) != 0) { 557 printf("trusty_write_ta_encryption_key error!"); 558 curlun->sense_data = SS_WRITE_ERROR; 559 return -EIO; 560 } 561 } else if (memcmp(data, "EHUK", 4) == 0) { 562 if (vhead->size - 8 != 32) { 563 printf("check oem huk size fail!\n"); 564 curlun->sense_data = SS_WRITE_ERROR; 565 return -EIO; 566 } 567 if (trusty_write_oem_huk((uint32_t *)(data + 8), 8) != 0) { 568 printf("trusty_write_oem_huk error!"); 569 curlun->sense_data = SS_WRITE_ERROR; 570 return -EIO; 571 } 572 } else if (memcmp(data, "ENDA", 4) == 0) { 573 if (vhead->size - 8 != 16) { 574 printf("check oem encrypt data size fail!\n"); 575 curlun->sense_data = SS_WRITE_ERROR; 576 return -EIO; 577 } 578 if (trusty_write_oem_encrypt_data((uint32_t *)(data + 8), 4) != 0) { 579 printf("trusty_write_oem_encrypt_data error!"); 580 curlun->sense_data = SS_WRITE_ERROR; 581 return -EIO; 582 } 583 } else if (memcmp(data, "OTPK", 4) == 0) { 584 uint32_t key_len = vhead->size - 9; 585 uint8_t key_id = *((uint8_t *)data + 8); 586 if (key_len != 16 && key_len != 24 && key_len != 32) { 587 printf("check oem otp key size fail!\n"); 588 curlun->sense_data = SS_WRITE_ERROR; 589 return -EIO; 590 } 591 if (trusty_write_oem_otp_key(key_id, (uint8_t *)(data + 9), key_len) != 0) { 592 printf("trusty_write_oem_huk error!"); 593 curlun->sense_data = SS_WRITE_ERROR; 594 return -EIO; 595 } 596 } else { 597 printf("Unknown tag\n"); 598 curlun->sense_data = SS_WRITE_ERROR; 599 return -EIO; 600 } 601 #else 602 printf("Please enable CONFIG_OPTEE_CLIENT\n"); 603 #endif 604 } else { 605 return -EINVAL; 606 } 607 608 common->residue -= common->data_size; 609 610 /* Did the host decide to stop early? */ 611 if (bh->outreq->actual != bh->outreq->length) 612 common->short_packet_received = 1; 613 break; /* Command done */ 614 } 615 wait: 616 /* Wait for something to happen */ 617 rc = sleep_thread(common); 618 if (rc) 619 return rc; 620 } 621 622 return -EIO; /* No default reply */ 623 } 624 625 static int rkusb_do_vs_read(struct fsg_common *common) 626 { 627 struct fsg_lun *curlun = &common->luns[common->lun]; 628 u16 type = get_unaligned_be16(&common->cmnd[4]); 629 struct vendor_item *vhead; 630 struct fsg_buffhd *bh; 631 void *data; 632 int rc; 633 634 if (common->data_size >= (u32)65536) { 635 /* _MUST_ small than 64K */ 636 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 637 return -EINVAL; 638 } 639 640 common->residue = common->data_size; 641 common->usb_amount_left = common->data_size; 642 643 /* Carry out the file reads */ 644 if (unlikely(common->data_size == 0)) 645 return -EIO; /* No default reply */ 646 647 for (;;) { 648 /* Wait for the next buffer to become available */ 649 bh = common->next_buffhd_to_fill; 650 while (bh->state != BUF_STATE_EMPTY) { 651 rc = sleep_thread(common); 652 if (rc) 653 return rc; 654 } 655 656 memset(bh->buf, 0, FSG_BUFLEN); 657 vhead = (struct vendor_item *)bh->buf; 658 data = bh->buf + sizeof(struct vendor_item); 659 vhead->id = get_unaligned_be16(&common->cmnd[2]); 660 661 if (!type) { 662 /* Vendor storage */ 663 rc = vendor_storage_read(vhead->id, 664 (char __user *)data, 665 common->data_size); 666 if (!rc) { 667 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 668 return -EIO; 669 } 670 vhead->size = rc; 671 } else if (type == 1) { 672 /* RPMB */ 673 rc = 674 read_raw_data_from_secure_storage((u8 *)data, 675 common->data_size); 676 if (!rc) { 677 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 678 return -EIO; 679 } 680 vhead->size = rc; 681 } else if (type == 2) { 682 /* security storage */ 683 #ifdef CONFIG_RK_AVB_LIBAVB_USER 684 rc = rk_avb_read_perm_attr(vhead->id, 685 (char __user *)data, 686 vhead->size); 687 if (rc < 0) 688 return -EIO; 689 vhead->size = rc; 690 #else 691 printf("Please enable CONFIG_RK_AVB_LIBAVB_USER!\n"); 692 #endif 693 } else if (type == 3) { 694 /* efuse or otp*/ 695 #ifdef CONFIG_OPTEE_CLIENT 696 if (vhead->id == 120) { 697 u8 value; 698 char *written_str = "key is written!"; 699 char *not_written_str = "key is not written!"; 700 if (trusty_ta_encryption_key_is_written(&value) != 0) { 701 printf("trusty_ta_encryption_key_is_written error!"); 702 return -EIO; 703 } 704 if (value) { 705 memcpy(data, written_str, strlen(written_str)); 706 vhead->size = strlen(written_str); 707 } else { 708 memcpy(data, not_written_str, strlen(not_written_str)); 709 vhead->size = strlen(not_written_str); 710 } 711 } else { 712 printf("Unknown tag\n"); 713 return -EIO; 714 } 715 #else 716 printf("Please enable CONFIG_OPTEE_CLIENT\n"); 717 #endif 718 } else { 719 return -EINVAL; 720 } 721 722 common->residue -= common->data_size; 723 bh->inreq->length = common->data_size; 724 bh->state = BUF_STATE_FULL; 725 726 break; /* No more left to read */ 727 } 728 729 return -EIO; /* No default reply */ 730 } 731 #endif 732 733 static int rkusb_do_switch_storage(struct fsg_common *common) 734 { 735 enum if_type type, cur_type = ums[common->lun].block_dev.if_type; 736 int devnum, cur_devnum = ums[common->lun].block_dev.devnum; 737 struct blk_desc *block_dev; 738 u32 media = BOOT_TYPE_UNKNOWN; 739 740 media = 1 << common->cmnd[1]; 741 742 switch (media) { 743 #ifdef CONFIG_MMC 744 case BOOT_TYPE_EMMC: 745 type = IF_TYPE_MMC; 746 devnum = 0; 747 mmc_initialize(gd->bd); 748 break; 749 #endif 750 case BOOT_TYPE_MTD_BLK_NAND: 751 type = IF_TYPE_MTD; 752 devnum = 0; 753 break; 754 case BOOT_TYPE_MTD_BLK_SPI_NAND: 755 type = IF_TYPE_MTD; 756 devnum = 1; 757 break; 758 case BOOT_TYPE_MTD_BLK_SPI_NOR: 759 type = IF_TYPE_MTD; 760 devnum = 2; 761 break; 762 default: 763 printf("Bootdev 0x%x is not support\n", media); 764 return -ENODEV; 765 } 766 767 if (cur_type == type && cur_devnum == devnum) 768 return 0; 769 770 #if CONFIG_IS_ENABLED(SUPPORT_USBPLUG) 771 block_dev = usbplug_blk_get_devnum_by_type(type, devnum); 772 #else 773 block_dev = blk_get_devnum_by_type(type, devnum); 774 #endif 775 if (!block_dev) { 776 printf("Bootdev if_type=%d num=%d toggle fail\n", type, devnum); 777 return -ENODEV; 778 } 779 780 ums[common->lun].num_sectors = block_dev->lba; 781 ums[common->lun].block_dev = *block_dev; 782 783 printf("RKUSB: LUN %d, dev %d, hwpart %d, sector %#x, count %#x\n", 784 0, 785 ums[common->lun].block_dev.devnum, 786 ums[common->lun].block_dev.hwpart, 787 ums[common->lun].start_sector, 788 ums[common->lun].num_sectors); 789 790 return 0; 791 } 792 793 static int rkusb_do_get_storage_info(struct fsg_common *common, 794 struct fsg_buffhd *bh) 795 { 796 enum if_type type = ums[common->lun].block_dev.if_type; 797 int devnum = ums[common->lun].block_dev.devnum; 798 u32 media = BOOT_TYPE_UNKNOWN; 799 u32 len = common->data_size; 800 u8 *buf = (u8 *)bh->buf; 801 802 if (len > 4) 803 len = 4; 804 805 switch (type) { 806 case IF_TYPE_MMC: 807 media = BOOT_TYPE_EMMC; 808 break; 809 810 case IF_TYPE_SD: 811 media = BOOT_TYPE_SD0; 812 break; 813 814 case IF_TYPE_MTD: 815 if (devnum == BLK_MTD_SPI_NAND) 816 media = BOOT_TYPE_MTD_BLK_SPI_NAND; 817 else if (devnum == BLK_MTD_NAND) 818 media = BOOT_TYPE_NAND; 819 else 820 media = BOOT_TYPE_MTD_BLK_SPI_NOR; 821 break; 822 823 case IF_TYPE_SCSI: 824 media = BOOT_TYPE_SATA; 825 break; 826 827 case IF_TYPE_RKNAND: 828 media = BOOT_TYPE_NAND; 829 break; 830 831 case IF_TYPE_NVME: 832 media = BOOT_TYPE_PCIE; 833 break; 834 835 default: 836 break; 837 } 838 839 memcpy((void *)&buf[0], (void *)&media, len); 840 common->residue = len; 841 common->data_size_from_cmnd = len; 842 843 return len; 844 } 845 846 static int rkusb_do_read_capacity(struct fsg_common *common, 847 struct fsg_buffhd *bh) 848 { 849 u8 *buf = (u8 *)bh->buf; 850 u32 len = common->data_size; 851 enum if_type type = ums[common->lun].block_dev.if_type; 852 int devnum = ums[common->lun].block_dev.devnum; 853 854 /* 855 * bit[0]: Direct LBA, 0: Disabled; 856 * bit[1]: Vendor Storage API, 0: Disabed (default); 857 * bit[2]: First 4M Access, 0: Disabled; 858 * bit[3]: Read LBA On, 0: Disabed (default); 859 * bit[4]: New Vendor Storage API, 0: Disabed; 860 * bit[5]: Read uart data from ram 861 * bit[6]: Read IDB config 862 * bit[7]: Read SecureMode 863 * bit[8]: New IDB feature 864 * bit[9]: Get storage media info 865 * bit[10:63}: Reserved. 866 */ 867 memset((void *)&buf[0], 0, len); 868 if (type == IF_TYPE_MMC || type == IF_TYPE_SD || type == IF_TYPE_NVME) 869 buf[0] = BIT(0) | BIT(2) | BIT(4); 870 else 871 buf[0] = BIT(0) | BIT(4); 872 873 if (type == IF_TYPE_MTD && 874 (devnum == BLK_MTD_NAND || 875 devnum == BLK_MTD_SPI_NAND)) 876 buf[0] |= (1 << 6); 877 878 #if !defined(CONFIG_ROCKCHIP_RV1126) && !defined(CONFIG_ROCKCHIP_RK3308) 879 if (type == IF_TYPE_MTD && devnum == BLK_MTD_SPI_NOR) 880 buf[0] |= (1 << 6); 881 #endif 882 883 #if defined(CONFIG_ROCKCHIP_NEW_IDB) 884 buf[1] = BIT(0); 885 #endif 886 buf[1] |= BIT(1); /* Switch Storage */ 887 buf[1] |= BIT(2); /* LBAwrite Parity */ 888 889 if (rkusb_usb3_capable() && !rkusb_force_usb2_enabled()) 890 buf[1] |= BIT(4); 891 else 892 buf[1] &= ~BIT(4); 893 894 /* Set data xfer size */ 895 common->residue = len; 896 common->data_size_from_cmnd = len; 897 898 return len; 899 } 900 901 static void rkusb_fixup_cbwcb(struct fsg_common *common, 902 struct fsg_buffhd *bh) 903 { 904 struct usb_request *req = bh->outreq; 905 struct fsg_bulk_cb_wrap *cbw = req->buf; 906 907 /* FIXME cbw.DataTransferLength was not set by Upgrade Tool */ 908 common->data_size = le32_to_cpu(cbw->DataTransferLength); 909 if (common->data_size == 0) { 910 common->data_size = 911 get_unaligned_be16(&common->cmnd[7]) << 9; 912 printf("Trasfer Length NOT set, please use new version tool\n"); 913 debug("%s %d, cmnd1 %x\n", __func__, 914 get_unaligned_be16(&common->cmnd[7]), 915 get_unaligned_be16(&common->cmnd[1])); 916 } 917 if (cbw->Flags & USB_BULK_IN_FLAG) 918 common->data_dir = DATA_DIR_TO_HOST; 919 else 920 common->data_dir = DATA_DIR_FROM_HOST; 921 922 /* Not support */ 923 common->cmnd[1] = 0; 924 } 925 926 static int rkusb_cmd_process(struct fsg_common *common, 927 struct fsg_buffhd *bh, int *reply) 928 { 929 struct usb_request *req = bh->outreq; 930 struct fsg_bulk_cb_wrap *cbw = req->buf; 931 int rc; 932 933 dump_cbw(cbw); 934 935 if (rkusb_check_lun(common)) { 936 *reply = -EINVAL; 937 return RKUSB_RC_ERROR; 938 } 939 940 switch (common->cmnd[0]) { 941 case RKUSB_TEST_UNIT_READY: 942 *reply = rkusb_do_test_unit_ready(common, bh); 943 rc = RKUSB_RC_FINISHED; 944 break; 945 946 case RKUSB_READ_FLASH_ID: 947 *reply = rkusb_do_read_flash_id(common, bh); 948 rc = RKUSB_RC_FINISHED; 949 break; 950 951 case RKUSB_TEST_BAD_BLOCK: 952 *reply = rkusb_do_test_bad_block(common, bh); 953 rc = RKUSB_RC_FINISHED; 954 break; 955 956 case RKUSB_ERASE_10_FORCE: 957 *reply = rkusb_do_erase_force(common, bh); 958 rc = RKUSB_RC_FINISHED; 959 break; 960 961 case RKUSB_LBA_READ_10: 962 rkusb_fixup_cbwcb(common, bh); 963 common->cmnd[0] = SC_READ_10; 964 common->cmnd[1] = 0; /* Not support */ 965 rc = RKUSB_RC_CONTINUE; 966 break; 967 968 case RKUSB_LBA_WRITE_10: 969 rkusb_fixup_cbwcb(common, bh); 970 common->cmnd[0] = SC_WRITE_10; 971 common->cmnd[1] = 0; /* Not support */ 972 rc = RKUSB_RC_CONTINUE; 973 break; 974 975 case RKUSB_READ_FLASH_INFO: 976 *reply = rkusb_do_read_flash_info(common, bh); 977 rc = RKUSB_RC_FINISHED; 978 break; 979 980 case RKUSB_GET_CHIP_VER: 981 *reply = rkusb_do_get_chip_info(common, bh); 982 rc = RKUSB_RC_FINISHED; 983 break; 984 985 case RKUSB_LBA_ERASE: 986 *reply = rkusb_do_lba_erase(common, bh); 987 rc = RKUSB_RC_FINISHED; 988 break; 989 990 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION 991 case RKUSB_VS_WRITE: 992 *reply = rkusb_do_vs_write(common); 993 rc = RKUSB_RC_FINISHED; 994 break; 995 996 case RKUSB_VS_READ: 997 *reply = rkusb_do_vs_read(common); 998 rc = RKUSB_RC_FINISHED; 999 break; 1000 #endif 1001 case RKUSB_SWITCH_STORAGE: 1002 *reply = rkusb_do_switch_storage(common); 1003 rc = RKUSB_RC_FINISHED; 1004 break; 1005 case RKUSB_GET_STORAGE_MEDIA: 1006 *reply = rkusb_do_get_storage_info(common, bh); 1007 rc = RKUSB_RC_FINISHED; 1008 break; 1009 1010 case RKUSB_READ_CAPACITY: 1011 *reply = rkusb_do_read_capacity(common, bh); 1012 rc = RKUSB_RC_FINISHED; 1013 break; 1014 1015 case RKUSB_SWITCH_USB3: 1016 *reply = rkusb_do_switch_to_usb3(common, bh); 1017 rc = RKUSB_RC_FINISHED; 1018 break; 1019 1020 case RKUSB_RESET: 1021 *reply = rkusb_do_reset(common, bh); 1022 rc = RKUSB_RC_FINISHED; 1023 break; 1024 1025 case RKUSB_READ_10: 1026 case RKUSB_WRITE_10: 1027 printf("CMD Not support, pls use new version Tool\n"); 1028 case RKUSB_SET_DEVICE_ID: 1029 case RKUSB_ERASE_10: 1030 case RKUSB_WRITE_SPARE: 1031 case RKUSB_READ_SPARE: 1032 case RKUSB_GET_VERSION: 1033 case RKUSB_ERASE_SYS_DISK: 1034 case RKUSB_SDRAM_READ_10: 1035 case RKUSB_SDRAM_WRITE_10: 1036 case RKUSB_SDRAM_EXECUTE: 1037 case RKUSB_LOW_FORMAT: 1038 case RKUSB_SET_RESET_FLAG: 1039 case RKUSB_SPI_READ_10: 1040 case RKUSB_SPI_WRITE_10: 1041 case RKUSB_SESSION: 1042 /* Fall through */ 1043 default: 1044 rc = RKUSB_RC_UNKNOWN_CMND; 1045 break; 1046 } 1047 1048 return rc; 1049 } 1050 1051 int rkusb_do_check_parity(struct fsg_common *common) 1052 { 1053 int ret = 0, rc; 1054 u32 parity, i, usb_parity, lba, len; 1055 static u32 usb_check_buffer[1024 * 256]; 1056 1057 usb_parity = common->cmnd[9] | (common->cmnd[10] << 8) | 1058 (common->cmnd[11] << 16) | (common->cmnd[12] << 24); 1059 1060 if (common->cmnd[0] == SC_WRITE_10 && (usb_parity)) { 1061 lba = get_unaligned_be32(&common->cmnd[2]); 1062 len = common->data_size_from_cmnd >> 9; 1063 rc = blk_dread(&ums[common->lun].block_dev, lba, len, usb_check_buffer); 1064 parity = 0x000055aa; 1065 for (i = 0; i < len * 128; i++) 1066 parity += usb_check_buffer[i]; 1067 if (!rc || parity != usb_parity) 1068 common->phase_error = 1; 1069 } 1070 1071 return ret; 1072 } 1073 1074 DECLARE_GADGET_BIND_CALLBACK(rkusb_ums_dnl, fsg_add); 1075