1 /* 2 * Copyright 2017 Rockchip Electronics Co., Ltd 3 * Frank Wang <frank.wang@rock-chips.com> 4 * 5 * SPDX-License-Identifier: GPL-2.0+ 6 */ 7 8 #include <asm/io.h> 9 #include <android_avb/avb_ops_user.h> 10 #include <android_avb/rk_avb_ops_user.h> 11 #include <asm/arch/boot_mode.h> 12 #include <asm/arch/chip_info.h> 13 #include <asm/arch/rk_atags.h> 14 #include <write_keybox.h> 15 #include <linux/mtd/mtd.h> 16 #include <optee_include/OpteeClientInterface.h> 17 #include <mmc.h> 18 #include <stdlib.h> 19 20 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION 21 #include <asm/arch/vendor.h> 22 #endif 23 #include <rockusb.h> 24 25 #define ROCKUSB_INTERFACE_CLASS 0xff 26 #define ROCKUSB_INTERFACE_SUB_CLASS 0x06 27 #define ROCKUSB_INTERFACE_PROTOCOL 0x05 28 29 #define ROCKCHIP_FLASH_BLOCK_SIZE 1024 30 #define ROCKCHIP_FLASH_PAGE_SIZE 4 31 32 static struct usb_interface_descriptor rkusb_intf_desc = { 33 .bLength = USB_DT_INTERFACE_SIZE, 34 .bDescriptorType = USB_DT_INTERFACE, 35 .bInterfaceNumber = 0x00, 36 .bAlternateSetting = 0x00, 37 .bNumEndpoints = 0x02, 38 .bInterfaceClass = ROCKUSB_INTERFACE_CLASS, 39 .bInterfaceSubClass = ROCKUSB_INTERFACE_SUB_CLASS, 40 .bInterfaceProtocol = ROCKUSB_INTERFACE_PROTOCOL, 41 }; 42 43 static struct usb_descriptor_header *rkusb_fs_function[] = { 44 (struct usb_descriptor_header *)&rkusb_intf_desc, 45 (struct usb_descriptor_header *)&fsg_fs_bulk_in_desc, 46 (struct usb_descriptor_header *)&fsg_fs_bulk_out_desc, 47 NULL, 48 }; 49 50 static struct usb_descriptor_header *rkusb_hs_function[] = { 51 (struct usb_descriptor_header *)&rkusb_intf_desc, 52 (struct usb_descriptor_header *)&fsg_hs_bulk_in_desc, 53 (struct usb_descriptor_header *)&fsg_hs_bulk_out_desc, 54 NULL, 55 }; 56 57 static struct usb_descriptor_header *rkusb_ss_function[] = { 58 (struct usb_descriptor_header *)&rkusb_intf_desc, 59 (struct usb_descriptor_header *)&fsg_ss_bulk_in_desc, 60 (struct usb_descriptor_header *)&fsg_ss_bulk_in_comp_desc, 61 (struct usb_descriptor_header *)&fsg_ss_bulk_out_desc, 62 (struct usb_descriptor_header *)&fsg_ss_bulk_out_comp_desc, 63 NULL, 64 }; 65 66 struct rk_flash_info { 67 u32 flash_size; 68 u16 block_size; 69 u8 page_size; 70 u8 ecc_bits; 71 u8 access_time; 72 u8 manufacturer; 73 u8 flash_mask; 74 } __packed; 75 76 static int rkusb_rst_code; /* The subcode in reset command (0xFF) */ 77 78 int g_dnl_bind_fixup(struct usb_device_descriptor *dev, const char *name) 79 { 80 if (IS_RKUSB_UMS_DNL(name)) { 81 /* Fix to Rockchip's VID and PID */ 82 dev->idVendor = __constant_cpu_to_le16(0x2207); 83 dev->idProduct = __constant_cpu_to_le16(CONFIG_ROCKUSB_G_DNL_PID); 84 85 /* Enumerate as a loader device */ 86 #if defined(CONFIG_SUPPORT_USBPLUG) 87 dev->bcdUSB = cpu_to_le16(0x0200); 88 #else 89 dev->bcdUSB = cpu_to_le16(0x0201); 90 #endif 91 } else if (!strncmp(name, "usb_dnl_fastboot", 16)) { 92 /* Fix to Google's VID and PID */ 93 dev->idVendor = __constant_cpu_to_le16(0x18d1); 94 dev->idProduct = __constant_cpu_to_le16(0xd00d); 95 } else if (!strncmp(name, "usb_dnl_dfu", 11)) { 96 /* Fix to Rockchip's VID and PID for DFU */ 97 dev->idVendor = cpu_to_le16(0x2207); 98 dev->idProduct = cpu_to_le16(0x0107); 99 } else if (!strncmp(name, "usb_dnl_ums", 11)) { 100 dev->idVendor = cpu_to_le16(0x2207); 101 dev->idProduct = cpu_to_le16(0x0010); 102 } 103 104 return 0; 105 } 106 107 __maybe_unused 108 static inline void dump_cbw(struct fsg_bulk_cb_wrap *cbw) 109 { 110 assert(!cbw); 111 112 debug("%s:\n", __func__); 113 debug("Signature %x\n", cbw->Signature); 114 debug("Tag %x\n", cbw->Tag); 115 debug("DataTransferLength %x\n", cbw->DataTransferLength); 116 debug("Flags %x\n", cbw->Flags); 117 debug("LUN %x\n", cbw->Lun); 118 debug("Length %x\n", cbw->Length); 119 debug("OptionCode %x\n", cbw->CDB[0]); 120 debug("SubCode %x\n", cbw->CDB[1]); 121 debug("SectorAddr %x\n", get_unaligned_be32(&cbw->CDB[2])); 122 debug("BlkSectors %x\n\n", get_unaligned_be16(&cbw->CDB[7])); 123 } 124 125 static int rkusb_check_lun(struct fsg_common *common) 126 { 127 struct fsg_lun *curlun; 128 129 /* Check the LUN */ 130 if (common->lun >= 0 && common->lun < common->nluns) { 131 curlun = &common->luns[common->lun]; 132 if (common->cmnd[0] != SC_REQUEST_SENSE) { 133 curlun->sense_data = SS_NO_SENSE; 134 curlun->info_valid = 0; 135 } 136 } else { 137 curlun = NULL; 138 common->bad_lun_okay = 0; 139 140 /* 141 * INQUIRY and REQUEST SENSE commands are explicitly allowed 142 * to use unsupported LUNs; all others may not. 143 */ 144 if (common->cmnd[0] != SC_INQUIRY && 145 common->cmnd[0] != SC_REQUEST_SENSE) { 146 debug("unsupported LUN %d\n", common->lun); 147 return -EINVAL; 148 } 149 } 150 151 return 0; 152 } 153 154 static void __do_reset(struct usb_ep *ep, struct usb_request *req) 155 { 156 u32 boot_flag = BOOT_NORMAL; 157 158 if (rkusb_rst_code == 0x03) 159 boot_flag = BOOT_BROM_DOWNLOAD; 160 161 rkusb_rst_code = 0; /* restore to default */ 162 writel(boot_flag, (void *)CONFIG_ROCKCHIP_BOOT_MODE_REG); 163 164 do_reset(NULL, 0, 0, NULL); 165 } 166 167 static int rkusb_do_reset(struct fsg_common *common, 168 struct fsg_buffhd *bh) 169 { 170 common->data_size_from_cmnd = common->cmnd[4]; 171 common->residue = 0; 172 bh->inreq->complete = __do_reset; 173 bh->state = BUF_STATE_EMPTY; 174 175 rkusb_rst_code = !common->cmnd[1] ? 0xff : common->cmnd[1]; 176 return 0; 177 } 178 179 static int rkusb_do_test_unit_ready(struct fsg_common *common, 180 struct fsg_buffhd *bh) 181 { 182 struct blk_desc *desc = &ums[common->lun].block_dev; 183 184 if ((desc->if_type == IF_TYPE_MTD && desc->devnum == BLK_MTD_SPI_NOR) || 185 desc->if_type == IF_TYPE_SPINOR) 186 common->residue = 0x03 << 24; /* 128KB Max block xfer for SPI Nor */ 187 else 188 common->residue = 0x06 << 24; /* Max block xfer support from host */ 189 190 common->data_dir = DATA_DIR_NONE; 191 bh->state = BUF_STATE_EMPTY; 192 193 return 0; 194 } 195 196 static int rkusb_do_read_flash_id(struct fsg_common *common, 197 struct fsg_buffhd *bh) 198 { 199 u8 *buf = (u8 *)bh->buf; 200 u32 len = 5; 201 enum if_type type = ums[common->lun].block_dev.if_type; 202 u32 devnum = ums[common->lun].block_dev.devnum; 203 const char *str; 204 205 switch (type) { 206 case IF_TYPE_MMC: 207 str = "EMMC "; 208 break; 209 case IF_TYPE_RKNAND: 210 str = "NAND "; 211 break; 212 case IF_TYPE_MTD: 213 if (devnum == BLK_MTD_SPI_NAND) 214 str ="SNAND"; 215 else if (devnum == BLK_MTD_NAND) 216 str = "NAND "; 217 else 218 str = "NOR "; 219 break; 220 default: 221 str = "UNKN "; /* unknown */ 222 break; 223 } 224 225 memcpy((void *)&buf[0], str, len); 226 227 /* Set data xfer size */ 228 common->residue = common->data_size_from_cmnd = len; 229 common->data_size = len; 230 231 return len; 232 } 233 234 static int rkusb_do_test_bad_block(struct fsg_common *common, 235 struct fsg_buffhd *bh) 236 { 237 u8 *buf = (u8 *)bh->buf; 238 u32 len = 64; 239 240 memset((void *)&buf[0], 0, len); 241 242 /* Set data xfer size */ 243 common->residue = common->data_size_from_cmnd = len; 244 common->data_size = len; 245 246 return len; 247 } 248 249 static int rkusb_do_read_flash_info(struct fsg_common *common, 250 struct fsg_buffhd *bh) 251 { 252 struct blk_desc *desc = &ums[common->lun].block_dev; 253 u8 *buf = (u8 *)bh->buf; 254 u32 len = sizeof(struct rk_flash_info); 255 struct rk_flash_info finfo = { 256 .block_size = ROCKCHIP_FLASH_BLOCK_SIZE, 257 .ecc_bits = 0, 258 .page_size = ROCKCHIP_FLASH_PAGE_SIZE, 259 .access_time = 40, 260 .manufacturer = 0, 261 .flash_mask = 0 262 }; 263 264 finfo.flash_size = (u32)desc->lba; 265 266 if (desc->if_type == IF_TYPE_MTD && 267 (desc->devnum == BLK_MTD_NAND || 268 desc->devnum == BLK_MTD_SPI_NAND)) { 269 struct mtd_info *mtd = (struct mtd_info *)desc->bdev->priv; 270 271 if (mtd) { 272 finfo.block_size = mtd->erasesize >> 9; 273 finfo.page_size = mtd->writesize >> 9; 274 } 275 } 276 277 if (desc->if_type == IF_TYPE_MTD && desc->devnum == BLK_MTD_SPI_NOR) { 278 /* RV1126/RK3308 mtd spinor keep the former upgrade mode */ 279 #if !defined(CONFIG_ROCKCHIP_RV1126) && !defined(CONFIG_ROCKCHIP_RK3308) 280 finfo.block_size = 0x80; /* Aligned to 64KB */ 281 #else 282 finfo.block_size = ROCKCHIP_FLASH_BLOCK_SIZE; 283 #endif 284 } 285 286 debug("Flash info: block_size= %x page_size= %x\n", finfo.block_size, 287 finfo.page_size); 288 289 if (finfo.flash_size) 290 finfo.flash_mask = 1; 291 292 memset((void *)&buf[0], 0, len); 293 memcpy((void *)&buf[0], (void *)&finfo, len); 294 295 /* Set data xfer size */ 296 common->residue = common->data_size_from_cmnd = len; 297 /* legacy upgrade_tool does not set correct transfer size */ 298 common->data_size = len; 299 300 return len; 301 } 302 303 static int rkusb_do_get_chip_info(struct fsg_common *common, 304 struct fsg_buffhd *bh) 305 { 306 u8 *buf = (u8 *)bh->buf; 307 u32 len = common->data_size; 308 u32 chip_info[4]; 309 310 memset((void *)chip_info, 0, sizeof(chip_info)); 311 rockchip_rockusb_get_chip_info(chip_info); 312 313 memset((void *)&buf[0], 0, len); 314 memcpy((void *)&buf[0], (void *)chip_info, len); 315 316 /* Set data xfer size */ 317 common->residue = common->data_size_from_cmnd = len; 318 319 return len; 320 } 321 322 static int rkusb_do_lba_erase(struct fsg_common *common, 323 struct fsg_buffhd *bh) 324 { 325 struct fsg_lun *curlun = &common->luns[common->lun]; 326 u32 lba, amount; 327 loff_t file_offset; 328 int rc; 329 330 lba = get_unaligned_be32(&common->cmnd[2]); 331 if (lba >= curlun->num_sectors) { 332 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 333 rc = -EINVAL; 334 goto out; 335 } 336 337 file_offset = ((loff_t) lba) << 9; 338 amount = get_unaligned_be16(&common->cmnd[7]) << 9; 339 if (unlikely(amount == 0)) { 340 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 341 rc = -EIO; 342 goto out; 343 } 344 345 /* Perform the erase */ 346 rc = ums[common->lun].erase_sector(&ums[common->lun], 347 file_offset / SECTOR_SIZE, 348 amount / SECTOR_SIZE); 349 if (!rc) { 350 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 351 rc = -EIO; 352 } 353 354 out: 355 common->data_dir = DATA_DIR_NONE; 356 bh->state = BUF_STATE_EMPTY; 357 358 return rc; 359 } 360 361 static int rkusb_do_erase_force(struct fsg_common *common, 362 struct fsg_buffhd *bh) 363 { 364 struct blk_desc *desc = &ums[common->lun].block_dev; 365 struct fsg_lun *curlun = &common->luns[common->lun]; 366 u16 block_size = ROCKCHIP_FLASH_BLOCK_SIZE; 367 u32 lba, amount; 368 loff_t file_offset; 369 int rc; 370 371 lba = get_unaligned_be32(&common->cmnd[2]); 372 if (lba >= curlun->num_sectors) { 373 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 374 rc = -EINVAL; 375 goto out; 376 } 377 378 if (desc->if_type == IF_TYPE_MTD && 379 (desc->devnum == BLK_MTD_NAND || 380 desc->devnum == BLK_MTD_SPI_NAND)) { 381 struct mtd_info *mtd = (struct mtd_info *)desc->bdev->priv; 382 383 if (mtd) 384 block_size = mtd->erasesize >> 9; 385 } 386 387 file_offset = ((loff_t)lba) * block_size; 388 amount = get_unaligned_be16(&common->cmnd[7]) * block_size; 389 390 debug("%s lba= %x, nsec= %x\n", __func__, lba, 391 (u32)get_unaligned_be16(&common->cmnd[7])); 392 393 if (unlikely(amount == 0)) { 394 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 395 rc = -EIO; 396 goto out; 397 } 398 399 /* Perform the erase */ 400 rc = ums[common->lun].erase_sector(&ums[common->lun], 401 file_offset, 402 amount); 403 if (!rc) { 404 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 405 rc = -EIO; 406 } 407 408 out: 409 common->data_dir = DATA_DIR_NONE; 410 bh->state = BUF_STATE_EMPTY; 411 412 return rc; 413 } 414 415 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION 416 static int rkusb_do_vs_write(struct fsg_common *common) 417 { 418 struct fsg_lun *curlun = &common->luns[common->lun]; 419 u16 type = get_unaligned_be16(&common->cmnd[4]); 420 struct vendor_item *vhead; 421 struct fsg_buffhd *bh; 422 void *data; 423 int rc; 424 425 if (common->data_size >= (u32)65536) { 426 /* _MUST_ small than 64K */ 427 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 428 return -EINVAL; 429 } 430 431 common->residue = common->data_size; 432 common->usb_amount_left = common->data_size; 433 434 /* Carry out the file writes */ 435 if (unlikely(common->data_size == 0)) 436 return -EIO; /* No data to write */ 437 438 for (;;) { 439 if (common->usb_amount_left > 0) { 440 /* Wait for the next buffer to become available */ 441 bh = common->next_buffhd_to_fill; 442 if (bh->state != BUF_STATE_EMPTY) 443 goto wait; 444 445 /* Request the next buffer */ 446 common->usb_amount_left -= common->data_size; 447 bh->outreq->length = common->data_size; 448 bh->bulk_out_intended_length = common->data_size; 449 bh->outreq->short_not_ok = 1; 450 451 START_TRANSFER_OR(common, bulk_out, bh->outreq, 452 &bh->outreq_busy, &bh->state) 453 /* 454 * Don't know what to do if 455 * common->fsg is NULL 456 */ 457 return -EIO; 458 common->next_buffhd_to_fill = bh->next; 459 } else { 460 /* Then, wait for the data to become available */ 461 bh = common->next_buffhd_to_drain; 462 if (bh->state != BUF_STATE_FULL) 463 goto wait; 464 465 common->next_buffhd_to_drain = bh->next; 466 bh->state = BUF_STATE_EMPTY; 467 468 /* Did something go wrong with the transfer? */ 469 if (bh->outreq->status != 0) { 470 curlun->sense_data = SS_COMMUNICATION_FAILURE; 471 curlun->info_valid = 1; 472 break; 473 } 474 475 /* Perform the write */ 476 vhead = (struct vendor_item *)bh->buf; 477 data = bh->buf + sizeof(struct vendor_item); 478 479 if (!type) { 480 if (vhead->id == HDCP_14_HDMI_ID || 481 vhead->id == HDCP_14_HDMIRX_ID || 482 vhead->id == HDCP_14_DP_ID) { 483 rc = vendor_handle_hdcp(vhead); 484 if (rc < 0) { 485 curlun->sense_data = SS_WRITE_ERROR; 486 return -EIO; 487 } 488 } 489 490 /* Vendor storage */ 491 rc = vendor_storage_write(vhead->id, 492 (char __user *)data, 493 vhead->size); 494 if (rc < 0) { 495 curlun->sense_data = SS_WRITE_ERROR; 496 return -EIO; 497 } 498 } else if (type == 1) { 499 /* RPMB */ 500 rc = 501 write_keybox_to_secure_storage((u8 *)data, 502 vhead->size); 503 if (rc < 0) { 504 curlun->sense_data = SS_WRITE_ERROR; 505 return -EIO; 506 } 507 } else if (type == 2) { 508 /* security storage */ 509 #ifdef CONFIG_RK_AVB_LIBAVB_USER 510 debug("%s call rk_avb_write_perm_attr %d, %d\n", 511 __func__, vhead->id, vhead->size); 512 rc = rk_avb_write_perm_attr(vhead->id, 513 (char __user *)data, 514 vhead->size); 515 if (rc < 0) { 516 curlun->sense_data = SS_WRITE_ERROR; 517 return -EIO; 518 } 519 #else 520 printf("Please enable CONFIG_RK_AVB_LIBAVB_USER\n"); 521 #endif 522 } else if (type == 3) { 523 /* efuse or otp*/ 524 #ifdef CONFIG_OPTEE_CLIENT 525 if (memcmp(data, "TAEK", 4) == 0) { 526 if (vhead->size - 8 != 32) { 527 printf("check ta encryption key size fail!\n"); 528 curlun->sense_data = SS_WRITE_ERROR; 529 return -EIO; 530 } 531 if (trusty_write_ta_encryption_key((uint32_t *)(data + 8), 8) != 0) { 532 printf("trusty_write_ta_encryption_key error!"); 533 curlun->sense_data = SS_WRITE_ERROR; 534 return -EIO; 535 } 536 } else if (memcmp(data, "EHUK", 4) == 0) { 537 if (vhead->size - 8 != 32) { 538 printf("check oem huk size fail!\n"); 539 curlun->sense_data = SS_WRITE_ERROR; 540 return -EIO; 541 } 542 if (trusty_write_oem_huk((uint32_t *)(data + 8), 8) != 0) { 543 printf("trusty_write_oem_huk error!"); 544 curlun->sense_data = SS_WRITE_ERROR; 545 return -EIO; 546 } 547 } else { 548 printf("Unknown tag\n"); 549 curlun->sense_data = SS_WRITE_ERROR; 550 return -EIO; 551 } 552 #else 553 printf("Please enable CONFIG_OPTEE_CLIENT\n"); 554 #endif 555 } else { 556 return -EINVAL; 557 } 558 559 common->residue -= common->data_size; 560 561 /* Did the host decide to stop early? */ 562 if (bh->outreq->actual != bh->outreq->length) 563 common->short_packet_received = 1; 564 break; /* Command done */ 565 } 566 wait: 567 /* Wait for something to happen */ 568 rc = sleep_thread(common); 569 if (rc) 570 return rc; 571 } 572 573 return -EIO; /* No default reply */ 574 } 575 576 static int rkusb_do_vs_read(struct fsg_common *common) 577 { 578 struct fsg_lun *curlun = &common->luns[common->lun]; 579 u16 type = get_unaligned_be16(&common->cmnd[4]); 580 struct vendor_item *vhead; 581 struct fsg_buffhd *bh; 582 void *data; 583 int rc; 584 585 if (common->data_size >= (u32)65536) { 586 /* _MUST_ small than 64K */ 587 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 588 return -EINVAL; 589 } 590 591 common->residue = common->data_size; 592 common->usb_amount_left = common->data_size; 593 594 /* Carry out the file reads */ 595 if (unlikely(common->data_size == 0)) 596 return -EIO; /* No default reply */ 597 598 for (;;) { 599 /* Wait for the next buffer to become available */ 600 bh = common->next_buffhd_to_fill; 601 while (bh->state != BUF_STATE_EMPTY) { 602 rc = sleep_thread(common); 603 if (rc) 604 return rc; 605 } 606 607 memset(bh->buf, 0, FSG_BUFLEN); 608 vhead = (struct vendor_item *)bh->buf; 609 data = bh->buf + sizeof(struct vendor_item); 610 vhead->id = get_unaligned_be16(&common->cmnd[2]); 611 612 if (!type) { 613 /* Vendor storage */ 614 rc = vendor_storage_read(vhead->id, 615 (char __user *)data, 616 common->data_size); 617 if (!rc) { 618 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 619 return -EIO; 620 } 621 vhead->size = rc; 622 } else if (type == 1) { 623 /* RPMB */ 624 rc = 625 read_raw_data_from_secure_storage((u8 *)data, 626 common->data_size); 627 if (!rc) { 628 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 629 return -EIO; 630 } 631 vhead->size = rc; 632 } else if (type == 2) { 633 /* security storage */ 634 #ifdef CONFIG_RK_AVB_LIBAVB_USER 635 rc = rk_avb_read_perm_attr(vhead->id, 636 (char __user *)data, 637 vhead->size); 638 if (rc < 0) 639 return -EIO; 640 vhead->size = rc; 641 #else 642 printf("Please enable CONFIG_RK_AVB_LIBAVB_USER!\n"); 643 #endif 644 } else if (type == 3) { 645 /* efuse or otp*/ 646 #ifdef CONFIG_OPTEE_CLIENT 647 if (vhead->id == 120) { 648 u8 value; 649 char *written_str = "key is written!"; 650 char *not_written_str = "key is not written!"; 651 if (trusty_ta_encryption_key_is_written(&value) != 0) { 652 printf("trusty_ta_encryption_key_is_written error!"); 653 return -EIO; 654 } 655 if (value) { 656 memcpy(data, written_str, strlen(written_str)); 657 vhead->size = strlen(written_str); 658 } else { 659 memcpy(data, not_written_str, strlen(not_written_str)); 660 vhead->size = strlen(not_written_str); 661 } 662 } else { 663 printf("Unknown tag\n"); 664 return -EIO; 665 } 666 #else 667 printf("Please enable CONFIG_OPTEE_CLIENT\n"); 668 #endif 669 } else { 670 return -EINVAL; 671 } 672 673 common->residue -= common->data_size; 674 bh->inreq->length = common->data_size; 675 bh->state = BUF_STATE_FULL; 676 677 break; /* No more left to read */ 678 } 679 680 return -EIO; /* No default reply */ 681 } 682 #endif 683 684 static int rkusb_do_switch_storage(struct fsg_common *common) 685 { 686 enum if_type type, cur_type = ums[common->lun].block_dev.if_type; 687 int devnum, cur_devnum = ums[common->lun].block_dev.devnum; 688 struct blk_desc *block_dev; 689 u32 media = BOOT_TYPE_UNKNOWN; 690 691 media = 1 << common->cmnd[1]; 692 693 switch (media) { 694 case BOOT_TYPE_EMMC: 695 type = IF_TYPE_MMC; 696 devnum = 0; 697 mmc_initialize(gd->bd); 698 break; 699 case BOOT_TYPE_MTD_BLK_NAND: 700 type = IF_TYPE_MTD; 701 devnum = 0; 702 break; 703 case BOOT_TYPE_MTD_BLK_SPI_NAND: 704 type = IF_TYPE_MTD; 705 devnum = 1; 706 break; 707 case BOOT_TYPE_MTD_BLK_SPI_NOR: 708 type = IF_TYPE_MTD; 709 devnum = 2; 710 break; 711 default: 712 printf("Bootdev 0x%x is not support\n", media); 713 return -ENODEV; 714 } 715 716 if (cur_type == type && cur_devnum == devnum) 717 return 0; 718 719 block_dev = blk_get_devnum_by_type(type, devnum); 720 if (!block_dev) { 721 printf("Bootdev if_type=%d num=%d toggle fail\n", type, devnum); 722 return -ENODEV; 723 } 724 725 ums[common->lun].num_sectors = block_dev->lba; 726 ums[common->lun].block_dev = *block_dev; 727 728 printf("RKUSB: LUN %d, dev %d, hwpart %d, sector %#x, count %#x\n", 729 0, 730 ums[common->lun].block_dev.devnum, 731 ums[common->lun].block_dev.hwpart, 732 ums[common->lun].start_sector, 733 ums[common->lun].num_sectors); 734 735 return 0; 736 } 737 738 static int rkusb_do_get_storage_info(struct fsg_common *common, 739 struct fsg_buffhd *bh) 740 { 741 enum if_type type = ums[common->lun].block_dev.if_type; 742 int devnum = ums[common->lun].block_dev.devnum; 743 u32 media = BOOT_TYPE_UNKNOWN; 744 u32 len = common->data_size; 745 u8 *buf = (u8 *)bh->buf; 746 747 if (len > 4) 748 len = 4; 749 750 switch (type) { 751 case IF_TYPE_MMC: 752 media = BOOT_TYPE_EMMC; 753 break; 754 755 case IF_TYPE_SD: 756 media = BOOT_TYPE_SD0; 757 break; 758 759 case IF_TYPE_MTD: 760 if (devnum == BLK_MTD_SPI_NAND) 761 media = BOOT_TYPE_MTD_BLK_SPI_NAND; 762 else if (devnum == BLK_MTD_NAND) 763 media = BOOT_TYPE_NAND; 764 else 765 media = BOOT_TYPE_MTD_BLK_SPI_NOR; 766 break; 767 768 case IF_TYPE_SCSI: 769 media = BOOT_TYPE_SATA; 770 break; 771 772 case IF_TYPE_RKNAND: 773 media = BOOT_TYPE_NAND; 774 break; 775 776 case IF_TYPE_NVME: 777 media = BOOT_TYPE_PCIE; 778 break; 779 780 default: 781 break; 782 } 783 784 memcpy((void *)&buf[0], (void *)&media, len); 785 common->residue = len; 786 common->data_size_from_cmnd = len; 787 788 return len; 789 } 790 791 static int rkusb_do_read_capacity(struct fsg_common *common, 792 struct fsg_buffhd *bh) 793 { 794 u8 *buf = (u8 *)bh->buf; 795 u32 len = common->data_size; 796 enum if_type type = ums[common->lun].block_dev.if_type; 797 int devnum = ums[common->lun].block_dev.devnum; 798 799 /* 800 * bit[0]: Direct LBA, 0: Disabled; 801 * bit[1]: Vendor Storage API, 0: Disabed (default); 802 * bit[2]: First 4M Access, 0: Disabled; 803 * bit[3]: Read LBA On, 0: Disabed (default); 804 * bit[4]: New Vendor Storage API, 0: Disabed; 805 * bit[5]: Read uart data from ram 806 * bit[6]: Read IDB config 807 * bit[7]: Read SecureMode 808 * bit[8]: New IDB feature 809 * bit[9]: Get storage media info 810 * bit[10:63}: Reserved. 811 */ 812 memset((void *)&buf[0], 0, len); 813 if (type == IF_TYPE_MMC || type == IF_TYPE_SD || type == IF_TYPE_NVME) 814 buf[0] = BIT(0) | BIT(2) | BIT(4); 815 else 816 buf[0] = BIT(0) | BIT(4); 817 818 if (type == IF_TYPE_MTD && 819 (devnum == BLK_MTD_NAND || 820 devnum == BLK_MTD_SPI_NAND)) 821 buf[0] |= (1 << 6); 822 823 #if !defined(CONFIG_ROCKCHIP_RV1126) && !defined(CONFIG_ROCKCHIP_RK3308) 824 if (type == IF_TYPE_MTD && devnum == BLK_MTD_SPI_NOR) 825 buf[0] |= (1 << 6); 826 #endif 827 828 #if defined(CONFIG_ROCKCHIP_NEW_IDB) 829 buf[1] = BIT(0); 830 #endif 831 buf[1] |= BIT(1); /* Switch Storage */ 832 buf[1] |= BIT(2); /* LBAwrite Parity */ 833 834 /* Set data xfer size */ 835 common->residue = len; 836 common->data_size_from_cmnd = len; 837 838 return len; 839 } 840 841 static void rkusb_fixup_cbwcb(struct fsg_common *common, 842 struct fsg_buffhd *bh) 843 { 844 struct usb_request *req = bh->outreq; 845 struct fsg_bulk_cb_wrap *cbw = req->buf; 846 847 /* FIXME cbw.DataTransferLength was not set by Upgrade Tool */ 848 common->data_size = le32_to_cpu(cbw->DataTransferLength); 849 if (common->data_size == 0) { 850 common->data_size = 851 get_unaligned_be16(&common->cmnd[7]) << 9; 852 printf("Trasfer Length NOT set, please use new version tool\n"); 853 debug("%s %d, cmnd1 %x\n", __func__, 854 get_unaligned_be16(&common->cmnd[7]), 855 get_unaligned_be16(&common->cmnd[1])); 856 } 857 if (cbw->Flags & USB_BULK_IN_FLAG) 858 common->data_dir = DATA_DIR_TO_HOST; 859 else 860 common->data_dir = DATA_DIR_FROM_HOST; 861 862 /* Not support */ 863 common->cmnd[1] = 0; 864 } 865 866 static int rkusb_cmd_process(struct fsg_common *common, 867 struct fsg_buffhd *bh, int *reply) 868 { 869 struct usb_request *req = bh->outreq; 870 struct fsg_bulk_cb_wrap *cbw = req->buf; 871 int rc; 872 873 dump_cbw(cbw); 874 875 if (rkusb_check_lun(common)) { 876 *reply = -EINVAL; 877 return RKUSB_RC_ERROR; 878 } 879 880 switch (common->cmnd[0]) { 881 case RKUSB_TEST_UNIT_READY: 882 *reply = rkusb_do_test_unit_ready(common, bh); 883 rc = RKUSB_RC_FINISHED; 884 break; 885 886 case RKUSB_READ_FLASH_ID: 887 *reply = rkusb_do_read_flash_id(common, bh); 888 rc = RKUSB_RC_FINISHED; 889 break; 890 891 case RKUSB_TEST_BAD_BLOCK: 892 *reply = rkusb_do_test_bad_block(common, bh); 893 rc = RKUSB_RC_FINISHED; 894 break; 895 896 case RKUSB_ERASE_10_FORCE: 897 *reply = rkusb_do_erase_force(common, bh); 898 rc = RKUSB_RC_FINISHED; 899 break; 900 901 case RKUSB_LBA_READ_10: 902 rkusb_fixup_cbwcb(common, bh); 903 common->cmnd[0] = SC_READ_10; 904 common->cmnd[1] = 0; /* Not support */ 905 rc = RKUSB_RC_CONTINUE; 906 break; 907 908 case RKUSB_LBA_WRITE_10: 909 rkusb_fixup_cbwcb(common, bh); 910 common->cmnd[0] = SC_WRITE_10; 911 common->cmnd[1] = 0; /* Not support */ 912 rc = RKUSB_RC_CONTINUE; 913 break; 914 915 case RKUSB_READ_FLASH_INFO: 916 *reply = rkusb_do_read_flash_info(common, bh); 917 rc = RKUSB_RC_FINISHED; 918 break; 919 920 case RKUSB_GET_CHIP_VER: 921 *reply = rkusb_do_get_chip_info(common, bh); 922 rc = RKUSB_RC_FINISHED; 923 break; 924 925 case RKUSB_LBA_ERASE: 926 *reply = rkusb_do_lba_erase(common, bh); 927 rc = RKUSB_RC_FINISHED; 928 break; 929 930 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION 931 case RKUSB_VS_WRITE: 932 *reply = rkusb_do_vs_write(common); 933 rc = RKUSB_RC_FINISHED; 934 break; 935 936 case RKUSB_VS_READ: 937 *reply = rkusb_do_vs_read(common); 938 rc = RKUSB_RC_FINISHED; 939 break; 940 #endif 941 case RKUSB_SWITCH_STORAGE: 942 *reply = rkusb_do_switch_storage(common); 943 rc = RKUSB_RC_FINISHED; 944 break; 945 case RKUSB_GET_STORAGE_MEDIA: 946 *reply = rkusb_do_get_storage_info(common, bh); 947 rc = RKUSB_RC_FINISHED; 948 break; 949 950 case RKUSB_READ_CAPACITY: 951 *reply = rkusb_do_read_capacity(common, bh); 952 rc = RKUSB_RC_FINISHED; 953 break; 954 955 case RKUSB_RESET: 956 *reply = rkusb_do_reset(common, bh); 957 rc = RKUSB_RC_FINISHED; 958 break; 959 960 case RKUSB_READ_10: 961 case RKUSB_WRITE_10: 962 printf("CMD Not support, pls use new version Tool\n"); 963 case RKUSB_SET_DEVICE_ID: 964 case RKUSB_ERASE_10: 965 case RKUSB_WRITE_SPARE: 966 case RKUSB_READ_SPARE: 967 case RKUSB_GET_VERSION: 968 case RKUSB_ERASE_SYS_DISK: 969 case RKUSB_SDRAM_READ_10: 970 case RKUSB_SDRAM_WRITE_10: 971 case RKUSB_SDRAM_EXECUTE: 972 case RKUSB_LOW_FORMAT: 973 case RKUSB_SET_RESET_FLAG: 974 case RKUSB_SPI_READ_10: 975 case RKUSB_SPI_WRITE_10: 976 case RKUSB_SESSION: 977 /* Fall through */ 978 default: 979 rc = RKUSB_RC_UNKNOWN_CMND; 980 break; 981 } 982 983 return rc; 984 } 985 986 int rkusb_do_check_parity(struct fsg_common *common) 987 { 988 int ret = 0, rc; 989 u32 parity, i, usb_parity, lba, len; 990 static u32 usb_check_buffer[1024 * 256]; 991 992 usb_parity = common->cmnd[9] | (common->cmnd[10] << 8) | 993 (common->cmnd[11] << 16) | (common->cmnd[12] << 24); 994 995 if (common->cmnd[0] == SC_WRITE_10 && (usb_parity)) { 996 lba = get_unaligned_be32(&common->cmnd[2]); 997 len = common->data_size_from_cmnd >> 9; 998 rc = blk_dread(&ums[common->lun].block_dev, lba, len, usb_check_buffer); 999 parity = 0x000055aa; 1000 for (i = 0; i < len * 128; i++) 1001 parity += usb_check_buffer[i]; 1002 if (!rc || parity != usb_parity) 1003 common->phase_error = 1; 1004 } 1005 1006 return ret; 1007 } 1008 1009 DECLARE_GADGET_BIND_CALLBACK(rkusb_ums_dnl, fsg_add); 1010