1 /* 2 * Copyright 2017 Rockchip Electronics Co., Ltd 3 * Frank Wang <frank.wang@rock-chips.com> 4 * 5 * SPDX-License-Identifier: GPL-2.0+ 6 */ 7 8 #include <asm/io.h> 9 #include <android_avb/avb_ops_user.h> 10 #include <android_avb/rk_avb_ops_user.h> 11 #include <asm/arch/boot_mode.h> 12 #include <asm/arch/chip_info.h> 13 #include <asm/arch/rk_atags.h> 14 #include <write_keybox.h> 15 #include <linux/mtd/mtd.h> 16 #include <optee_include/OpteeClientInterface.h> 17 #include <dm.h> 18 #include <misc.h> 19 #include <mmc.h> 20 #include <stdlib.h> 21 #include <usbplug.h> 22 23 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION 24 #include <asm/arch/vendor.h> 25 #endif 26 #include <rockusb.h> 27 28 #define ROCKUSB_INTERFACE_CLASS 0xff 29 #define ROCKUSB_INTERFACE_SUB_CLASS 0x06 30 #define ROCKUSB_INTERFACE_PROTOCOL 0x05 31 32 #define ROCKCHIP_FLASH_BLOCK_SIZE 1024 33 #define ROCKCHIP_FLASH_PAGE_SIZE 4 34 35 static struct usb_interface_descriptor rkusb_intf_desc = { 36 .bLength = USB_DT_INTERFACE_SIZE, 37 .bDescriptorType = USB_DT_INTERFACE, 38 .bInterfaceNumber = 0x00, 39 .bAlternateSetting = 0x00, 40 .bNumEndpoints = 0x02, 41 .bInterfaceClass = ROCKUSB_INTERFACE_CLASS, 42 .bInterfaceSubClass = ROCKUSB_INTERFACE_SUB_CLASS, 43 .bInterfaceProtocol = ROCKUSB_INTERFACE_PROTOCOL, 44 }; 45 46 static struct usb_descriptor_header *rkusb_fs_function[] = { 47 (struct usb_descriptor_header *)&rkusb_intf_desc, 48 (struct usb_descriptor_header *)&fsg_fs_bulk_in_desc, 49 (struct usb_descriptor_header *)&fsg_fs_bulk_out_desc, 50 NULL, 51 }; 52 53 static struct usb_descriptor_header *rkusb_hs_function[] = { 54 (struct usb_descriptor_header *)&rkusb_intf_desc, 55 (struct usb_descriptor_header *)&fsg_hs_bulk_in_desc, 56 (struct usb_descriptor_header *)&fsg_hs_bulk_out_desc, 57 NULL, 58 }; 59 60 static struct usb_descriptor_header *rkusb_ss_function[] = { 61 (struct usb_descriptor_header *)&rkusb_intf_desc, 62 (struct usb_descriptor_header *)&fsg_ss_bulk_in_desc, 63 (struct usb_descriptor_header *)&fsg_ss_bulk_in_comp_desc, 64 (struct usb_descriptor_header *)&fsg_ss_bulk_out_desc, 65 (struct usb_descriptor_header *)&fsg_ss_bulk_out_comp_desc, 66 NULL, 67 }; 68 69 struct rk_flash_info { 70 u32 flash_size; 71 u16 block_size; 72 u8 page_size; 73 u8 ecc_bits; 74 u8 access_time; 75 u8 manufacturer; 76 u8 flash_mask; 77 } __packed; 78 79 static int rkusb_rst_code; /* The subcode in reset command (0xFF) */ 80 81 int g_dnl_bind_fixup(struct usb_device_descriptor *dev, const char *name) 82 { 83 if (IS_RKUSB_UMS_DNL(name)) { 84 /* Fix to Rockchip's VID and PID */ 85 dev->idVendor = __constant_cpu_to_le16(0x2207); 86 dev->idProduct = __constant_cpu_to_le16(CONFIG_ROCKUSB_G_DNL_PID); 87 88 /* Enumerate as a loader device */ 89 #if defined(CONFIG_SUPPORT_USBPLUG) 90 dev->bcdUSB = cpu_to_le16(0x0200); 91 #else 92 dev->bcdUSB = cpu_to_le16(0x0201); 93 #endif 94 } else if (!strncmp(name, "usb_dnl_fastboot", 16)) { 95 /* Fix to Google's VID and PID */ 96 dev->idVendor = __constant_cpu_to_le16(0x18d1); 97 dev->idProduct = __constant_cpu_to_le16(0xd00d); 98 } else if (!strncmp(name, "usb_dnl_dfu", 11)) { 99 /* Fix to Rockchip's VID and PID for DFU */ 100 dev->idVendor = cpu_to_le16(0x2207); 101 dev->idProduct = cpu_to_le16(0x0107); 102 } else if (!strncmp(name, "usb_dnl_ums", 11)) { 103 dev->idVendor = cpu_to_le16(0x2207); 104 dev->idProduct = cpu_to_le16(0x0010); 105 } 106 107 return 0; 108 } 109 110 __maybe_unused 111 static inline void dump_cbw(struct fsg_bulk_cb_wrap *cbw) 112 { 113 assert(!cbw); 114 115 debug("%s:\n", __func__); 116 debug("Signature %x\n", cbw->Signature); 117 debug("Tag %x\n", cbw->Tag); 118 debug("DataTransferLength %x\n", cbw->DataTransferLength); 119 debug("Flags %x\n", cbw->Flags); 120 debug("LUN %x\n", cbw->Lun); 121 debug("Length %x\n", cbw->Length); 122 debug("OptionCode %x\n", cbw->CDB[0]); 123 debug("SubCode %x\n", cbw->CDB[1]); 124 debug("SectorAddr %x\n", get_unaligned_be32(&cbw->CDB[2])); 125 debug("BlkSectors %x\n\n", get_unaligned_be16(&cbw->CDB[7])); 126 } 127 128 static int rkusb_check_lun(struct fsg_common *common) 129 { 130 struct fsg_lun *curlun; 131 132 /* Check the LUN */ 133 if (common->lun >= 0 && common->lun < common->nluns) { 134 curlun = &common->luns[common->lun]; 135 if (common->cmnd[0] != SC_REQUEST_SENSE) { 136 curlun->sense_data = SS_NO_SENSE; 137 curlun->info_valid = 0; 138 } 139 } else { 140 curlun = NULL; 141 common->bad_lun_okay = 0; 142 143 /* 144 * INQUIRY and REQUEST SENSE commands are explicitly allowed 145 * to use unsupported LUNs; all others may not. 146 */ 147 if (common->cmnd[0] != SC_INQUIRY && 148 common->cmnd[0] != SC_REQUEST_SENSE) { 149 debug("unsupported LUN %d\n", common->lun); 150 return -EINVAL; 151 } 152 } 153 154 return 0; 155 } 156 157 static void __do_reset(struct usb_ep *ep, struct usb_request *req) 158 { 159 u32 boot_flag = BOOT_NORMAL; 160 161 if (rkusb_rst_code == 0x03) 162 boot_flag = BOOT_BROM_DOWNLOAD; 163 164 rkusb_rst_code = 0; /* restore to default */ 165 writel(boot_flag, (void *)CONFIG_ROCKCHIP_BOOT_MODE_REG); 166 167 do_reset(NULL, 0, 0, NULL); 168 } 169 170 static int rkusb_do_reset(struct fsg_common *common, 171 struct fsg_buffhd *bh) 172 { 173 common->data_size_from_cmnd = common->cmnd[4]; 174 common->residue = 0; 175 bh->inreq->complete = __do_reset; 176 bh->state = BUF_STATE_EMPTY; 177 178 rkusb_rst_code = !common->cmnd[1] ? 0xff : common->cmnd[1]; 179 return 0; 180 } 181 182 __weak bool rkusb_usb3_capable(void) 183 { 184 return false; 185 } 186 187 static int rkusb_do_switch_to_usb3(struct fsg_common *common, 188 struct fsg_buffhd *bh) 189 { 190 g_dnl_set_serialnumber((char *)&common->cmnd[1]); 191 rkusb_switch_to_usb3_enable(true); 192 bh->state = BUF_STATE_EMPTY; 193 194 return 0; 195 } 196 197 static int rkusb_do_test_unit_ready(struct fsg_common *common, 198 struct fsg_buffhd *bh) 199 { 200 struct blk_desc *desc = &ums[common->lun].block_dev; 201 u32 usb_trb_size; 202 u16 residue; 203 204 if ((desc->if_type == IF_TYPE_MTD && desc->devnum == BLK_MTD_SPI_NOR) || 205 desc->if_type == IF_TYPE_SPINOR) 206 residue = 0x03; /* 128KB Max block xfer for SPI Nor */ 207 else if (common->cmnd[1] == 0xf7 && FSG_BUFLEN >= 0x400000) 208 residue = 0x0a; /* Max block xfer for USB DWC3 */ 209 else 210 residue = 0x06; /* Max block xfer support from host */ 211 212 usb_trb_size = (1 << residue) * 4096; 213 common->usb_trb_size = min(usb_trb_size, FSG_BUFLEN); 214 common->residue = residue << 24; 215 common->data_dir = DATA_DIR_NONE; 216 bh->state = BUF_STATE_EMPTY; 217 218 return 0; 219 } 220 221 static int rkusb_do_read_flash_id(struct fsg_common *common, 222 struct fsg_buffhd *bh) 223 { 224 u8 *buf = (u8 *)bh->buf; 225 u32 len = 5; 226 enum if_type type = ums[common->lun].block_dev.if_type; 227 u32 devnum = ums[common->lun].block_dev.devnum; 228 const char *str; 229 230 switch (type) { 231 case IF_TYPE_MMC: 232 str = "EMMC "; 233 break; 234 case IF_TYPE_RKNAND: 235 str = "NAND "; 236 break; 237 case IF_TYPE_MTD: 238 if (devnum == BLK_MTD_SPI_NAND) 239 str ="SNAND"; 240 else if (devnum == BLK_MTD_NAND) 241 str = "NAND "; 242 else 243 str = "NOR "; 244 break; 245 default: 246 str = "UNKN "; /* unknown */ 247 break; 248 } 249 250 memcpy((void *)&buf[0], str, len); 251 252 /* Set data xfer size */ 253 common->residue = common->data_size_from_cmnd = len; 254 common->data_size = len; 255 256 return len; 257 } 258 259 static int rkusb_do_test_bad_block(struct fsg_common *common, 260 struct fsg_buffhd *bh) 261 { 262 u8 *buf = (u8 *)bh->buf; 263 u32 len = 64; 264 265 memset((void *)&buf[0], 0, len); 266 267 /* Set data xfer size */ 268 common->residue = common->data_size_from_cmnd = len; 269 common->data_size = len; 270 271 return len; 272 } 273 274 static int rkusb_do_read_flash_info(struct fsg_common *common, 275 struct fsg_buffhd *bh) 276 { 277 struct blk_desc *desc = &ums[common->lun].block_dev; 278 u8 *buf = (u8 *)bh->buf; 279 u32 len = sizeof(struct rk_flash_info); 280 struct rk_flash_info finfo = { 281 .block_size = ROCKCHIP_FLASH_BLOCK_SIZE, 282 .ecc_bits = 0, 283 .page_size = ROCKCHIP_FLASH_PAGE_SIZE, 284 .access_time = 40, 285 .manufacturer = 0, 286 .flash_mask = 0 287 }; 288 289 finfo.flash_size = (u32)desc->lba; 290 291 if (desc->if_type == IF_TYPE_MTD && 292 (desc->devnum == BLK_MTD_NAND || 293 desc->devnum == BLK_MTD_SPI_NAND)) { 294 struct mtd_info *mtd = (struct mtd_info *)desc->bdev->priv; 295 296 if (mtd) { 297 finfo.block_size = mtd->erasesize >> 9; 298 finfo.page_size = mtd->writesize >> 9; 299 } 300 } 301 302 if (desc->if_type == IF_TYPE_MTD && desc->devnum == BLK_MTD_SPI_NOR) { 303 /* RV1126/RK3308 mtd spinor keep the former upgrade mode */ 304 #if !defined(CONFIG_ROCKCHIP_RV1126) && !defined(CONFIG_ROCKCHIP_RK3308) 305 finfo.block_size = 0x80; /* Aligned to 64KB */ 306 #else 307 finfo.block_size = ROCKCHIP_FLASH_BLOCK_SIZE; 308 #endif 309 } 310 311 debug("Flash info: block_size= %x page_size= %x\n", finfo.block_size, 312 finfo.page_size); 313 314 if (finfo.flash_size) 315 finfo.flash_mask = 1; 316 317 memset((void *)&buf[0], 0, len); 318 memcpy((void *)&buf[0], (void *)&finfo, len); 319 320 /* Set data xfer size */ 321 common->residue = common->data_size_from_cmnd = len; 322 /* legacy upgrade_tool does not set correct transfer size */ 323 common->data_size = len; 324 325 return len; 326 } 327 328 static int rkusb_do_get_chip_info(struct fsg_common *common, 329 struct fsg_buffhd *bh) 330 { 331 u8 *buf = (u8 *)bh->buf; 332 u32 len = common->data_size; 333 u32 chip_info[4]; 334 335 memset((void *)chip_info, 0, sizeof(chip_info)); 336 rockchip_rockusb_get_chip_info(chip_info); 337 338 memset((void *)&buf[0], 0, len); 339 memcpy((void *)&buf[0], (void *)chip_info, len); 340 341 /* Set data xfer size */ 342 common->residue = common->data_size_from_cmnd = len; 343 344 return len; 345 } 346 347 static int rkusb_do_lba_erase(struct fsg_common *common, 348 struct fsg_buffhd *bh) 349 { 350 struct fsg_lun *curlun = &common->luns[common->lun]; 351 u32 lba, amount; 352 loff_t file_offset; 353 int rc; 354 355 lba = get_unaligned_be32(&common->cmnd[2]); 356 if (lba >= curlun->num_sectors) { 357 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 358 rc = -EINVAL; 359 goto out; 360 } 361 362 file_offset = ((loff_t) lba) << 9; 363 amount = get_unaligned_be16(&common->cmnd[7]) << 9; 364 if (unlikely(amount == 0)) { 365 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 366 rc = -EIO; 367 goto out; 368 } 369 370 /* Perform the erase */ 371 rc = ums[common->lun].erase_sector(&ums[common->lun], 372 file_offset / SECTOR_SIZE, 373 amount / SECTOR_SIZE); 374 if (!rc) { 375 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 376 rc = -EIO; 377 } 378 379 out: 380 common->data_dir = DATA_DIR_NONE; 381 bh->state = BUF_STATE_EMPTY; 382 383 return rc; 384 } 385 386 static int rkusb_do_erase_force(struct fsg_common *common, 387 struct fsg_buffhd *bh) 388 { 389 struct blk_desc *desc = &ums[common->lun].block_dev; 390 struct fsg_lun *curlun = &common->luns[common->lun]; 391 u16 block_size = ROCKCHIP_FLASH_BLOCK_SIZE; 392 u32 lba, amount; 393 loff_t file_offset; 394 int rc; 395 396 lba = get_unaligned_be32(&common->cmnd[2]); 397 if (lba >= curlun->num_sectors) { 398 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 399 rc = -EINVAL; 400 goto out; 401 } 402 403 if (desc->if_type == IF_TYPE_MTD && 404 (desc->devnum == BLK_MTD_NAND || 405 desc->devnum == BLK_MTD_SPI_NAND)) { 406 struct mtd_info *mtd = (struct mtd_info *)desc->bdev->priv; 407 408 if (mtd) 409 block_size = mtd->erasesize >> 9; 410 } 411 412 file_offset = ((loff_t)lba) * block_size; 413 amount = get_unaligned_be16(&common->cmnd[7]) * block_size; 414 415 debug("%s lba= %x, nsec= %x\n", __func__, lba, 416 (u32)get_unaligned_be16(&common->cmnd[7])); 417 418 if (unlikely(amount == 0)) { 419 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 420 rc = -EIO; 421 goto out; 422 } 423 424 /* Perform the erase */ 425 rc = ums[common->lun].erase_sector(&ums[common->lun], 426 file_offset, 427 amount); 428 if (!rc) { 429 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 430 rc = -EIO; 431 } 432 433 out: 434 common->data_dir = DATA_DIR_NONE; 435 bh->state = BUF_STATE_EMPTY; 436 437 return rc; 438 } 439 440 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION 441 static int rkusb_do_vs_write(struct fsg_common *common) 442 { 443 struct fsg_lun *curlun = &common->luns[common->lun]; 444 u16 type = get_unaligned_be16(&common->cmnd[4]); 445 struct vendor_item *vhead; 446 struct fsg_buffhd *bh; 447 void *data; 448 int rc; 449 450 if (common->data_size >= (u32)65536) { 451 /* _MUST_ small than 64K */ 452 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 453 return -EINVAL; 454 } 455 456 common->residue = common->data_size; 457 common->usb_amount_left = common->data_size; 458 459 /* Carry out the file writes */ 460 if (unlikely(common->data_size == 0)) 461 return -EIO; /* No data to write */ 462 463 for (;;) { 464 if (common->usb_amount_left > 0) { 465 /* Wait for the next buffer to become available */ 466 bh = common->next_buffhd_to_fill; 467 if (bh->state != BUF_STATE_EMPTY) 468 goto wait; 469 470 /* Request the next buffer */ 471 common->usb_amount_left -= common->data_size; 472 bh->outreq->length = common->data_size; 473 bh->bulk_out_intended_length = common->data_size; 474 bh->outreq->short_not_ok = 1; 475 476 START_TRANSFER_OR(common, bulk_out, bh->outreq, 477 &bh->outreq_busy, &bh->state) 478 /* 479 * Don't know what to do if 480 * common->fsg is NULL 481 */ 482 return -EIO; 483 common->next_buffhd_to_fill = bh->next; 484 } else { 485 /* Then, wait for the data to become available */ 486 bh = common->next_buffhd_to_drain; 487 if (bh->state != BUF_STATE_FULL) 488 goto wait; 489 490 common->next_buffhd_to_drain = bh->next; 491 bh->state = BUF_STATE_EMPTY; 492 493 /* Did something go wrong with the transfer? */ 494 if (bh->outreq->status != 0) { 495 curlun->sense_data = SS_COMMUNICATION_FAILURE; 496 curlun->info_valid = 1; 497 break; 498 } 499 500 /* Perform the write */ 501 vhead = (struct vendor_item *)bh->buf; 502 data = bh->buf + sizeof(struct vendor_item); 503 504 if (!type) { 505 #ifndef CONFIG_SUPPORT_USBPLUG 506 if (vhead->id == HDCP_14_HDMI_ID || 507 vhead->id == HDCP_14_HDMIRX_ID || 508 vhead->id == HDCP_14_DP_ID) { 509 rc = vendor_handle_hdcp(vhead); 510 if (rc < 0) { 511 curlun->sense_data = SS_WRITE_ERROR; 512 return -EIO; 513 } 514 } 515 #endif 516 517 /* Vendor storage */ 518 rc = vendor_storage_write(vhead->id, 519 (char __user *)data, 520 vhead->size); 521 if (rc < 0) { 522 curlun->sense_data = SS_WRITE_ERROR; 523 return -EIO; 524 } 525 } else if (type == 1) { 526 /* RPMB */ 527 rc = 528 write_keybox_to_secure_storage((u8 *)data, 529 vhead->size); 530 if (rc < 0) { 531 curlun->sense_data = SS_WRITE_ERROR; 532 return -EIO; 533 } 534 } else if (type == 2) { 535 /* security storage */ 536 #ifdef CONFIG_RK_AVB_LIBAVB_USER 537 debug("%s call rk_avb_write_perm_attr %d, %d\n", 538 __func__, vhead->id, vhead->size); 539 rc = rk_avb_write_perm_attr(vhead->id, 540 (char __user *)data, 541 vhead->size); 542 if (rc < 0) { 543 curlun->sense_data = SS_WRITE_ERROR; 544 return -EIO; 545 } 546 #else 547 printf("Please enable CONFIG_RK_AVB_LIBAVB_USER\n"); 548 #endif 549 } else if (type == 3) { 550 /* efuse or otp*/ 551 #ifdef CONFIG_OPTEE_CLIENT 552 if (memcmp(data, "TAEK", 4) == 0) { 553 if (vhead->size - 8 != 32) { 554 printf("check ta encryption key size fail!\n"); 555 curlun->sense_data = SS_WRITE_ERROR; 556 return -EIO; 557 } 558 if (trusty_write_ta_encryption_key((uint32_t *)(data + 8), 8) != 0) { 559 printf("trusty_write_ta_encryption_key error!"); 560 curlun->sense_data = SS_WRITE_ERROR; 561 return -EIO; 562 } 563 } else if (memcmp(data, "EHUK", 4) == 0) { 564 if (vhead->size - 8 != 32) { 565 printf("check oem huk size fail!\n"); 566 curlun->sense_data = SS_WRITE_ERROR; 567 return -EIO; 568 } 569 if (trusty_write_oem_huk((uint32_t *)(data + 8), 8) != 0) { 570 printf("trusty_write_oem_huk error!"); 571 curlun->sense_data = SS_WRITE_ERROR; 572 return -EIO; 573 } 574 } else if (memcmp(data, "ENDA", 4) == 0) { 575 if (vhead->size - 8 != 16) { 576 printf("check oem encrypt data size fail!\n"); 577 curlun->sense_data = SS_WRITE_ERROR; 578 return -EIO; 579 } 580 if (trusty_write_oem_encrypt_data((uint32_t *)(data + 8), 4) != 0) { 581 printf("trusty_write_oem_encrypt_data error!"); 582 curlun->sense_data = SS_WRITE_ERROR; 583 return -EIO; 584 } 585 } else if (memcmp(data, "OTPK", 4) == 0) { 586 uint32_t key_len = vhead->size - 9; 587 uint8_t key_id = *((uint8_t *)data + 8); 588 if (key_len != 16 && key_len != 24 && key_len != 32) { 589 printf("check oem otp key size fail!\n"); 590 curlun->sense_data = SS_WRITE_ERROR; 591 return -EIO; 592 } 593 if (trusty_write_oem_otp_key(key_id, (uint8_t *)(data + 9), key_len) != 0) { 594 printf("trusty_write_oem_huk error!"); 595 curlun->sense_data = SS_WRITE_ERROR; 596 return -EIO; 597 } 598 } else { 599 printf("Unknown tag\n"); 600 curlun->sense_data = SS_WRITE_ERROR; 601 return -EIO; 602 } 603 #else 604 printf("Please enable CONFIG_OPTEE_CLIENT\n"); 605 #endif 606 } else { 607 return -EINVAL; 608 } 609 610 common->residue -= common->data_size; 611 612 /* Did the host decide to stop early? */ 613 if (bh->outreq->actual != bh->outreq->length) 614 common->short_packet_received = 1; 615 break; /* Command done */ 616 } 617 wait: 618 /* Wait for something to happen */ 619 rc = sleep_thread(common); 620 if (rc) 621 return rc; 622 } 623 624 return -EIO; /* No default reply */ 625 } 626 627 static int rkusb_do_vs_read(struct fsg_common *common) 628 { 629 struct fsg_lun *curlun = &common->luns[common->lun]; 630 u16 type = get_unaligned_be16(&common->cmnd[4]); 631 struct vendor_item *vhead; 632 struct fsg_buffhd *bh; 633 void *data; 634 int rc; 635 636 if (common->data_size >= (u32)65536) { 637 /* _MUST_ small than 64K */ 638 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 639 return -EINVAL; 640 } 641 642 common->residue = common->data_size; 643 common->usb_amount_left = common->data_size; 644 645 /* Carry out the file reads */ 646 if (unlikely(common->data_size == 0)) 647 return -EIO; /* No default reply */ 648 649 for (;;) { 650 /* Wait for the next buffer to become available */ 651 bh = common->next_buffhd_to_fill; 652 while (bh->state != BUF_STATE_EMPTY) { 653 rc = sleep_thread(common); 654 if (rc) 655 return rc; 656 } 657 658 memset(bh->buf, 0, FSG_BUFLEN); 659 vhead = (struct vendor_item *)bh->buf; 660 data = bh->buf + sizeof(struct vendor_item); 661 vhead->id = get_unaligned_be16(&common->cmnd[2]); 662 663 if (!type) { 664 /* Vendor storage */ 665 rc = vendor_storage_read(vhead->id, 666 (char __user *)data, 667 common->data_size); 668 if (!rc) { 669 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 670 return -EIO; 671 } 672 vhead->size = rc; 673 } else if (type == 1) { 674 /* RPMB */ 675 rc = 676 read_raw_data_from_secure_storage((u8 *)data, 677 common->data_size); 678 if (!rc) { 679 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 680 return -EIO; 681 } 682 vhead->size = rc; 683 } else if (type == 2) { 684 /* security storage */ 685 #ifdef CONFIG_RK_AVB_LIBAVB_USER 686 rc = rk_avb_read_perm_attr(vhead->id, 687 (char __user *)data, 688 vhead->size); 689 if (rc < 0) 690 return -EIO; 691 vhead->size = rc; 692 #else 693 printf("Please enable CONFIG_RK_AVB_LIBAVB_USER!\n"); 694 #endif 695 } else if (type == 3) { 696 /* efuse or otp*/ 697 #ifdef CONFIG_OPTEE_CLIENT 698 if (vhead->id == 120) { 699 u8 value; 700 char *written_str = "key is written!"; 701 char *not_written_str = "key is not written!"; 702 if (trusty_ta_encryption_key_is_written(&value) != 0) { 703 printf("trusty_ta_encryption_key_is_written error!"); 704 return -EIO; 705 } 706 if (value) { 707 memcpy(data, written_str, strlen(written_str)); 708 vhead->size = strlen(written_str); 709 } else { 710 memcpy(data, not_written_str, strlen(not_written_str)); 711 vhead->size = strlen(not_written_str); 712 } 713 } else { 714 printf("Unknown tag\n"); 715 return -EIO; 716 } 717 #else 718 printf("Please enable CONFIG_OPTEE_CLIENT\n"); 719 #endif 720 } else { 721 return -EINVAL; 722 } 723 724 common->residue -= common->data_size; 725 bh->inreq->length = common->data_size; 726 bh->state = BUF_STATE_FULL; 727 728 break; /* No more left to read */ 729 } 730 731 return -EIO; /* No default reply */ 732 } 733 #endif 734 735 static int rkusb_do_switch_storage(struct fsg_common *common) 736 { 737 enum if_type type, cur_type = ums[common->lun].block_dev.if_type; 738 int devnum, cur_devnum = ums[common->lun].block_dev.devnum; 739 struct blk_desc *block_dev; 740 u32 media = BOOT_TYPE_UNKNOWN; 741 742 media = 1 << common->cmnd[1]; 743 744 switch (media) { 745 #ifdef CONFIG_MMC 746 case BOOT_TYPE_EMMC: 747 type = IF_TYPE_MMC; 748 devnum = 0; 749 mmc_initialize(gd->bd); 750 break; 751 #endif 752 case BOOT_TYPE_MTD_BLK_NAND: 753 type = IF_TYPE_MTD; 754 devnum = 0; 755 break; 756 case BOOT_TYPE_MTD_BLK_SPI_NAND: 757 type = IF_TYPE_MTD; 758 devnum = 1; 759 break; 760 case BOOT_TYPE_MTD_BLK_SPI_NOR: 761 type = IF_TYPE_MTD; 762 devnum = 2; 763 break; 764 default: 765 printf("Bootdev 0x%x is not support\n", media); 766 return -ENODEV; 767 } 768 769 if (cur_type == type && cur_devnum == devnum) 770 return 0; 771 772 #if CONFIG_IS_ENABLED(SUPPORT_USBPLUG) 773 block_dev = usbplug_blk_get_devnum_by_type(type, devnum); 774 #else 775 block_dev = blk_get_devnum_by_type(type, devnum); 776 #endif 777 if (!block_dev) { 778 printf("Bootdev if_type=%d num=%d toggle fail\n", type, devnum); 779 return -ENODEV; 780 } 781 782 ums[common->lun].num_sectors = block_dev->lba; 783 ums[common->lun].block_dev = *block_dev; 784 785 printf("RKUSB: LUN %d, dev %d, hwpart %d, sector %#x, count %#x\n", 786 0, 787 ums[common->lun].block_dev.devnum, 788 ums[common->lun].block_dev.hwpart, 789 ums[common->lun].start_sector, 790 ums[common->lun].num_sectors); 791 792 return 0; 793 } 794 795 static int rkusb_do_get_storage_info(struct fsg_common *common, 796 struct fsg_buffhd *bh) 797 { 798 enum if_type type = ums[common->lun].block_dev.if_type; 799 int devnum = ums[common->lun].block_dev.devnum; 800 u32 media = BOOT_TYPE_UNKNOWN; 801 u32 len = common->data_size; 802 u8 *buf = (u8 *)bh->buf; 803 804 if (len > 4) 805 len = 4; 806 807 switch (type) { 808 case IF_TYPE_MMC: 809 media = BOOT_TYPE_EMMC; 810 break; 811 812 case IF_TYPE_SD: 813 media = BOOT_TYPE_SD0; 814 break; 815 816 case IF_TYPE_MTD: 817 if (devnum == BLK_MTD_SPI_NAND) 818 media = BOOT_TYPE_MTD_BLK_SPI_NAND; 819 else if (devnum == BLK_MTD_NAND) 820 media = BOOT_TYPE_NAND; 821 else 822 media = BOOT_TYPE_MTD_BLK_SPI_NOR; 823 break; 824 825 case IF_TYPE_SCSI: 826 media = BOOT_TYPE_SATA; 827 break; 828 829 case IF_TYPE_RKNAND: 830 media = BOOT_TYPE_NAND; 831 break; 832 833 case IF_TYPE_NVME: 834 media = BOOT_TYPE_PCIE; 835 break; 836 837 default: 838 break; 839 } 840 841 memcpy((void *)&buf[0], (void *)&media, len); 842 common->residue = len; 843 common->data_size_from_cmnd = len; 844 845 return len; 846 } 847 848 static int rkusb_do_read_capacity(struct fsg_common *common, 849 struct fsg_buffhd *bh) 850 { 851 u8 *buf = (u8 *)bh->buf; 852 u32 len = common->data_size; 853 enum if_type type = ums[common->lun].block_dev.if_type; 854 int devnum = ums[common->lun].block_dev.devnum; 855 856 /* 857 * bit[0]: Direct LBA, 0: Disabled; 858 * bit[1]: Vendor Storage API, 0: Disabed (default); 859 * bit[2]: First 4M Access, 0: Disabled; 860 * bit[3]: Read LBA On, 0: Disabed (default); 861 * bit[4]: New Vendor Storage API, 0: Disabed; 862 * bit[5]: Read uart data from ram 863 * bit[6]: Read IDB config 864 * bit[7]: Read SecureMode 865 * bit[8]: New IDB feature 866 * bit[9]: Get storage media info 867 * bit[10]: LBAwrite Parity 868 * bit[11]: Read Otp Data 869 * bit[12]: usb3 download 870 * bit[13]: Write OTP proof 871 * bit[14]: Write Cipher Key 872 * bit[15:63}: Reserved. 873 */ 874 memset((void *)&buf[0], 0, len); 875 if (type == IF_TYPE_MMC || type == IF_TYPE_SD || type == IF_TYPE_NVME) 876 buf[0] = BIT(0) | BIT(2) | BIT(4); 877 else 878 buf[0] = BIT(0) | BIT(4); 879 880 if (type == IF_TYPE_MTD && 881 (devnum == BLK_MTD_NAND || 882 devnum == BLK_MTD_SPI_NAND)) 883 buf[0] |= (1 << 6); 884 885 #if !defined(CONFIG_ROCKCHIP_RV1126) && !defined(CONFIG_ROCKCHIP_RK3308) 886 if (type == IF_TYPE_MTD && devnum == BLK_MTD_SPI_NOR) 887 buf[0] |= (1 << 6); 888 #endif 889 890 #if defined(CONFIG_ROCKCHIP_NEW_IDB) 891 buf[1] = BIT(0); 892 #endif 893 buf[1] |= BIT(1); /* Switch Storage */ 894 buf[1] |= BIT(2); /* LBAwrite Parity */ 895 896 if (rkusb_usb3_capable() && !rkusb_force_usb2_enabled()) 897 buf[1] |= BIT(4); 898 else 899 buf[1] &= ~BIT(4); 900 901 #ifdef CONFIG_ROCKCHIP_OTP 902 buf[1] |= BIT(3); /* Read Otp Data */ 903 buf[1] |= BIT(5); /* Write OTP proof */ 904 buf[1] |= BIT(6); /* Write Cipher Key */ 905 #endif 906 907 /* Set data xfer size */ 908 common->residue = len; 909 common->data_size_from_cmnd = len; 910 911 return len; 912 } 913 914 #ifdef CONFIG_ROCKCHIP_OTP 915 static int rkusb_do_read_otp(struct fsg_common *common, 916 struct fsg_buffhd *bh) 917 { 918 u32 len = common->data_size; 919 u32 type = common->cmnd[1]; 920 u8 *buf = (u8 *)bh->buf; 921 struct udevice *dev; 922 923 buf[0] = 0; 924 if (type == 0) { /* soc uuid */ 925 if (!uclass_get_device_by_driver(UCLASS_MISC, DM_GET_DRIVER(rockchip_otp), &dev)) { 926 if (!misc_read(dev, CFG_CPUID_OFFSET, (void *)&buf[1], len)) 927 buf[0] = len; 928 } 929 } 930 931 common->residue = len; 932 common->data_size_from_cmnd = len; 933 934 return len; 935 } 936 #endif 937 938 static void rkusb_fixup_cbwcb(struct fsg_common *common, 939 struct fsg_buffhd *bh) 940 { 941 struct usb_request *req = bh->outreq; 942 struct fsg_bulk_cb_wrap *cbw = req->buf; 943 944 /* FIXME cbw.DataTransferLength was not set by Upgrade Tool */ 945 common->data_size = le32_to_cpu(cbw->DataTransferLength); 946 if (common->data_size == 0) { 947 common->data_size = 948 get_unaligned_be16(&common->cmnd[7]) << 9; 949 printf("Trasfer Length NOT set, please use new version tool\n"); 950 debug("%s %d, cmnd1 %x\n", __func__, 951 get_unaligned_be16(&common->cmnd[7]), 952 get_unaligned_be16(&common->cmnd[1])); 953 } 954 if (cbw->Flags & USB_BULK_IN_FLAG) 955 common->data_dir = DATA_DIR_TO_HOST; 956 else 957 common->data_dir = DATA_DIR_FROM_HOST; 958 959 /* Not support */ 960 common->cmnd[1] = 0; 961 } 962 963 static int rkusb_cmd_process(struct fsg_common *common, 964 struct fsg_buffhd *bh, int *reply) 965 { 966 struct usb_request *req = bh->outreq; 967 struct fsg_bulk_cb_wrap *cbw = req->buf; 968 int rc; 969 970 dump_cbw(cbw); 971 972 if (rkusb_check_lun(common)) { 973 *reply = -EINVAL; 974 return RKUSB_RC_ERROR; 975 } 976 977 switch (common->cmnd[0]) { 978 case RKUSB_TEST_UNIT_READY: 979 *reply = rkusb_do_test_unit_ready(common, bh); 980 rc = RKUSB_RC_FINISHED; 981 break; 982 983 case RKUSB_READ_FLASH_ID: 984 *reply = rkusb_do_read_flash_id(common, bh); 985 rc = RKUSB_RC_FINISHED; 986 break; 987 988 case RKUSB_TEST_BAD_BLOCK: 989 *reply = rkusb_do_test_bad_block(common, bh); 990 rc = RKUSB_RC_FINISHED; 991 break; 992 993 case RKUSB_ERASE_10_FORCE: 994 *reply = rkusb_do_erase_force(common, bh); 995 rc = RKUSB_RC_FINISHED; 996 break; 997 998 case RKUSB_LBA_READ_10: 999 rkusb_fixup_cbwcb(common, bh); 1000 common->cmnd[0] = SC_READ_10; 1001 common->cmnd[1] = 0; /* Not support */ 1002 rc = RKUSB_RC_CONTINUE; 1003 break; 1004 1005 case RKUSB_LBA_WRITE_10: 1006 rkusb_fixup_cbwcb(common, bh); 1007 common->cmnd[0] = SC_WRITE_10; 1008 common->cmnd[1] = 0; /* Not support */ 1009 rc = RKUSB_RC_CONTINUE; 1010 break; 1011 1012 case RKUSB_READ_FLASH_INFO: 1013 *reply = rkusb_do_read_flash_info(common, bh); 1014 rc = RKUSB_RC_FINISHED; 1015 break; 1016 1017 case RKUSB_GET_CHIP_VER: 1018 *reply = rkusb_do_get_chip_info(common, bh); 1019 rc = RKUSB_RC_FINISHED; 1020 break; 1021 1022 case RKUSB_LBA_ERASE: 1023 *reply = rkusb_do_lba_erase(common, bh); 1024 rc = RKUSB_RC_FINISHED; 1025 break; 1026 1027 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION 1028 case RKUSB_VS_WRITE: 1029 *reply = rkusb_do_vs_write(common); 1030 rc = RKUSB_RC_FINISHED; 1031 break; 1032 1033 case RKUSB_VS_READ: 1034 *reply = rkusb_do_vs_read(common); 1035 rc = RKUSB_RC_FINISHED; 1036 break; 1037 #endif 1038 case RKUSB_SWITCH_STORAGE: 1039 *reply = rkusb_do_switch_storage(common); 1040 rc = RKUSB_RC_FINISHED; 1041 break; 1042 case RKUSB_GET_STORAGE_MEDIA: 1043 *reply = rkusb_do_get_storage_info(common, bh); 1044 rc = RKUSB_RC_FINISHED; 1045 break; 1046 1047 case RKUSB_READ_CAPACITY: 1048 *reply = rkusb_do_read_capacity(common, bh); 1049 rc = RKUSB_RC_FINISHED; 1050 break; 1051 1052 case RKUSB_SWITCH_USB3: 1053 *reply = rkusb_do_switch_to_usb3(common, bh); 1054 rc = RKUSB_RC_FINISHED; 1055 break; 1056 1057 case RKUSB_RESET: 1058 *reply = rkusb_do_reset(common, bh); 1059 rc = RKUSB_RC_FINISHED; 1060 break; 1061 1062 #ifdef CONFIG_ROCKCHIP_OTP 1063 case RKUSB_READ_OTP_DATA: 1064 *reply = rkusb_do_read_otp(common, bh); 1065 rc = RKUSB_RC_FINISHED; 1066 break; 1067 #endif 1068 1069 case RKUSB_READ_10: 1070 case RKUSB_WRITE_10: 1071 printf("CMD Not support, pls use new version Tool\n"); 1072 case RKUSB_SET_DEVICE_ID: 1073 case RKUSB_ERASE_10: 1074 case RKUSB_WRITE_SPARE: 1075 case RKUSB_READ_SPARE: 1076 case RKUSB_GET_VERSION: 1077 case RKUSB_ERASE_SYS_DISK: 1078 case RKUSB_SDRAM_READ_10: 1079 case RKUSB_SDRAM_WRITE_10: 1080 case RKUSB_SDRAM_EXECUTE: 1081 case RKUSB_LOW_FORMAT: 1082 case RKUSB_SET_RESET_FLAG: 1083 case RKUSB_SPI_READ_10: 1084 case RKUSB_SPI_WRITE_10: 1085 /* Fall through */ 1086 default: 1087 rc = RKUSB_RC_UNKNOWN_CMND; 1088 break; 1089 } 1090 1091 return rc; 1092 } 1093 1094 int rkusb_do_check_parity(struct fsg_common *common) 1095 { 1096 int ret = 0, rc; 1097 u32 parity, i, usb_parity, lba, len; 1098 static u32 usb_check_buffer[1024 * 256]; 1099 1100 usb_parity = common->cmnd[9] | (common->cmnd[10] << 8) | 1101 (common->cmnd[11] << 16) | (common->cmnd[12] << 24); 1102 1103 if (common->cmnd[0] == SC_WRITE_10 && (usb_parity)) { 1104 lba = get_unaligned_be32(&common->cmnd[2]); 1105 len = common->data_size_from_cmnd >> 9; 1106 rc = blk_dread(&ums[common->lun].block_dev, lba, len, usb_check_buffer); 1107 parity = 0x000055aa; 1108 for (i = 0; i < len * 128; i++) 1109 parity += usb_check_buffer[i]; 1110 if (!rc || parity != usb_parity) 1111 common->phase_error = 1; 1112 } 1113 1114 return ret; 1115 } 1116 1117 DECLARE_GADGET_BIND_CALLBACK(rkusb_ums_dnl, fsg_add); 1118