1 /* 2 * Copyright 2017 Rockchip Electronics Co., Ltd 3 * Frank Wang <frank.wang@rock-chips.com> 4 * 5 * SPDX-License-Identifier: GPL-2.0+ 6 */ 7 8 #include <asm/io.h> 9 #include <android_avb/avb_ops_user.h> 10 #include <android_avb/rk_avb_ops_user.h> 11 #include <asm/arch/boot_mode.h> 12 #include <asm/arch/chip_info.h> 13 #include <asm/arch/rk_atags.h> 14 #include <write_keybox.h> 15 #include <linux/mtd/mtd.h> 16 #include <optee_include/OpteeClientInterface.h> 17 #include <dm.h> 18 #include <misc.h> 19 #include <mmc.h> 20 #include <scsi.h> 21 #include <stdlib.h> 22 #include <usbplug.h> 23 24 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION 25 #include <asm/arch/vendor.h> 26 #endif 27 #include <rockusb.h> 28 29 #define ROCKUSB_INTERFACE_CLASS 0xff 30 #define ROCKUSB_INTERFACE_SUB_CLASS 0x06 31 #define ROCKUSB_INTERFACE_PROTOCOL 0x05 32 33 #define ROCKCHIP_FLASH_BLOCK_SIZE 1024 34 #define ROCKCHIP_FLASH_PAGE_SIZE 4 35 36 static struct usb_interface_descriptor rkusb_intf_desc = { 37 .bLength = USB_DT_INTERFACE_SIZE, 38 .bDescriptorType = USB_DT_INTERFACE, 39 .bInterfaceNumber = 0x00, 40 .bAlternateSetting = 0x00, 41 .bNumEndpoints = 0x02, 42 .bInterfaceClass = ROCKUSB_INTERFACE_CLASS, 43 .bInterfaceSubClass = ROCKUSB_INTERFACE_SUB_CLASS, 44 .bInterfaceProtocol = ROCKUSB_INTERFACE_PROTOCOL, 45 }; 46 47 static struct usb_descriptor_header *rkusb_fs_function[] = { 48 (struct usb_descriptor_header *)&rkusb_intf_desc, 49 (struct usb_descriptor_header *)&fsg_fs_bulk_in_desc, 50 (struct usb_descriptor_header *)&fsg_fs_bulk_out_desc, 51 NULL, 52 }; 53 54 static struct usb_descriptor_header *rkusb_hs_function[] = { 55 (struct usb_descriptor_header *)&rkusb_intf_desc, 56 (struct usb_descriptor_header *)&fsg_hs_bulk_in_desc, 57 (struct usb_descriptor_header *)&fsg_hs_bulk_out_desc, 58 NULL, 59 }; 60 61 static struct usb_descriptor_header *rkusb_ss_function[] = { 62 (struct usb_descriptor_header *)&rkusb_intf_desc, 63 (struct usb_descriptor_header *)&fsg_ss_bulk_in_desc, 64 (struct usb_descriptor_header *)&fsg_ss_bulk_in_comp_desc, 65 (struct usb_descriptor_header *)&fsg_ss_bulk_out_desc, 66 (struct usb_descriptor_header *)&fsg_ss_bulk_out_comp_desc, 67 NULL, 68 }; 69 70 struct rk_flash_info { 71 u32 flash_size; 72 u16 block_size; 73 u8 page_size; 74 u8 ecc_bits; 75 u8 access_time; 76 u8 manufacturer; 77 u8 flash_mask; 78 } __packed; 79 80 static int rkusb_rst_code; /* The subcode in reset command (0xFF) */ 81 82 int g_dnl_bind_fixup(struct usb_device_descriptor *dev, const char *name) 83 { 84 if (IS_RKUSB_UMS_DNL(name)) { 85 /* Fix to Rockchip's VID and PID */ 86 dev->idVendor = __constant_cpu_to_le16(0x2207); 87 dev->idProduct = __constant_cpu_to_le16(CONFIG_ROCKUSB_G_DNL_PID); 88 89 /* Enumerate as a loader device */ 90 #if defined(CONFIG_SUPPORT_USBPLUG) 91 dev->bcdUSB = cpu_to_le16(0x0200); 92 #else 93 dev->bcdUSB = cpu_to_le16(0x0201); 94 #endif 95 } else if (!strncmp(name, "usb_dnl_fastboot", 16)) { 96 /* Fix to Google's VID and PID */ 97 dev->idVendor = __constant_cpu_to_le16(0x18d1); 98 dev->idProduct = __constant_cpu_to_le16(0xd00d); 99 } else if (!strncmp(name, "usb_dnl_dfu", 11)) { 100 /* Fix to Rockchip's VID and PID for DFU */ 101 dev->idVendor = cpu_to_le16(0x2207); 102 dev->idProduct = cpu_to_le16(0x0107); 103 } else if (!strncmp(name, "usb_dnl_ums", 11)) { 104 dev->idVendor = cpu_to_le16(0x2207); 105 dev->idProduct = cpu_to_le16(0x0010); 106 } 107 108 return 0; 109 } 110 111 __maybe_unused 112 static inline void dump_cbw(struct fsg_bulk_cb_wrap *cbw) 113 { 114 assert(!cbw); 115 116 debug("%s:\n", __func__); 117 debug("Signature %x\n", cbw->Signature); 118 debug("Tag %x\n", cbw->Tag); 119 debug("DataTransferLength %x\n", cbw->DataTransferLength); 120 debug("Flags %x\n", cbw->Flags); 121 debug("LUN %x\n", cbw->Lun); 122 debug("Length %x\n", cbw->Length); 123 debug("OptionCode %x\n", cbw->CDB[0]); 124 debug("SubCode %x\n", cbw->CDB[1]); 125 debug("SectorAddr %x\n", get_unaligned_be32(&cbw->CDB[2])); 126 debug("BlkSectors %x\n\n", get_unaligned_be16(&cbw->CDB[7])); 127 } 128 129 static int rkusb_check_lun(struct fsg_common *common) 130 { 131 struct fsg_lun *curlun; 132 133 /* Check the LUN */ 134 if (common->lun >= 0 && common->lun < common->nluns) { 135 curlun = &common->luns[common->lun]; 136 if (common->cmnd[0] != SC_REQUEST_SENSE) { 137 curlun->sense_data = SS_NO_SENSE; 138 curlun->info_valid = 0; 139 } 140 } else { 141 curlun = NULL; 142 common->bad_lun_okay = 0; 143 144 /* 145 * INQUIRY and REQUEST SENSE commands are explicitly allowed 146 * to use unsupported LUNs; all others may not. 147 */ 148 if (common->cmnd[0] != SC_INQUIRY && 149 common->cmnd[0] != SC_REQUEST_SENSE) { 150 debug("unsupported LUN %d\n", common->lun); 151 return -EINVAL; 152 } 153 } 154 155 return 0; 156 } 157 158 static void __do_reset(struct usb_ep *ep, struct usb_request *req) 159 { 160 u32 boot_flag = BOOT_NORMAL; 161 162 if (rkusb_rst_code == 0x03) 163 boot_flag = BOOT_BROM_DOWNLOAD; 164 165 rkusb_rst_code = 0; /* restore to default */ 166 writel(boot_flag, (void *)CONFIG_ROCKCHIP_BOOT_MODE_REG); 167 168 do_reset(NULL, 0, 0, NULL); 169 } 170 171 static int rkusb_do_reset(struct fsg_common *common, 172 struct fsg_buffhd *bh) 173 { 174 common->data_size_from_cmnd = common->cmnd[4]; 175 common->residue = 0; 176 bh->inreq->complete = __do_reset; 177 bh->state = BUF_STATE_EMPTY; 178 179 rkusb_rst_code = !common->cmnd[1] ? 0xff : common->cmnd[1]; 180 return 0; 181 } 182 183 __weak bool rkusb_usb3_capable(void) 184 { 185 return false; 186 } 187 188 static int rkusb_do_switch_to_usb3(struct fsg_common *common, 189 struct fsg_buffhd *bh) 190 { 191 g_dnl_set_serialnumber((char *)&common->cmnd[1]); 192 rkusb_switch_to_usb3_enable(true); 193 bh->state = BUF_STATE_EMPTY; 194 195 return 0; 196 } 197 198 static int rkusb_do_test_unit_ready(struct fsg_common *common, 199 struct fsg_buffhd *bh) 200 { 201 struct blk_desc *desc = &ums[common->lun].block_dev; 202 u32 usb_trb_size; 203 u16 residue; 204 205 if ((desc->if_type == IF_TYPE_MTD && desc->devnum == BLK_MTD_SPI_NOR) || 206 desc->if_type == IF_TYPE_SPINOR) 207 residue = 0x03; /* 128KB Max block xfer for SPI Nor */ 208 else if (common->cmnd[1] == 0xf7 && FSG_BUFLEN >= 0x400000) 209 residue = 0x0a; /* Max block xfer for USB DWC3 */ 210 else 211 residue = 0x06; /* Max block xfer support from host */ 212 213 usb_trb_size = (1 << residue) * 4096; 214 common->usb_trb_size = min(usb_trb_size, FSG_BUFLEN); 215 common->residue = residue << 24; 216 common->data_dir = DATA_DIR_NONE; 217 bh->state = BUF_STATE_EMPTY; 218 219 return 0; 220 } 221 222 static int rkusb_do_read_flash_id(struct fsg_common *common, 223 struct fsg_buffhd *bh) 224 { 225 u8 *buf = (u8 *)bh->buf; 226 u32 len = 5; 227 enum if_type type = ums[common->lun].block_dev.if_type; 228 u32 devnum = ums[common->lun].block_dev.devnum; 229 const char *str; 230 231 switch (type) { 232 case IF_TYPE_MMC: 233 str = "EMMC "; 234 break; 235 case IF_TYPE_RKNAND: 236 str = "NAND "; 237 break; 238 case IF_TYPE_MTD: 239 if (devnum == BLK_MTD_SPI_NAND) 240 str ="SNAND"; 241 else if (devnum == BLK_MTD_NAND) 242 str = "NAND "; 243 else 244 str = "NOR "; 245 break; 246 default: 247 str = "UNKN "; /* unknown */ 248 break; 249 } 250 251 memcpy((void *)&buf[0], str, len); 252 253 /* Set data xfer size */ 254 common->residue = common->data_size_from_cmnd = len; 255 common->data_size = len; 256 257 return len; 258 } 259 260 static int rkusb_do_test_bad_block(struct fsg_common *common, 261 struct fsg_buffhd *bh) 262 { 263 u8 *buf = (u8 *)bh->buf; 264 u32 len = 64; 265 266 memset((void *)&buf[0], 0, len); 267 268 /* Set data xfer size */ 269 common->residue = common->data_size_from_cmnd = len; 270 common->data_size = len; 271 272 return len; 273 } 274 275 static int rkusb_do_read_flash_info(struct fsg_common *common, 276 struct fsg_buffhd *bh) 277 { 278 struct blk_desc *desc = &ums[common->lun].block_dev; 279 u8 *buf = (u8 *)bh->buf; 280 u32 len = sizeof(struct rk_flash_info); 281 struct rk_flash_info finfo = { 282 .block_size = ROCKCHIP_FLASH_BLOCK_SIZE, 283 .ecc_bits = 0, 284 .page_size = ROCKCHIP_FLASH_PAGE_SIZE, 285 .access_time = 40, 286 .manufacturer = 0, 287 .flash_mask = 0 288 }; 289 290 finfo.flash_size = (u32)desc->lba; 291 292 if (desc->if_type == IF_TYPE_MTD && 293 (desc->devnum == BLK_MTD_NAND || 294 desc->devnum == BLK_MTD_SPI_NAND)) { 295 struct mtd_info *mtd = (struct mtd_info *)desc->bdev->priv; 296 297 if (mtd) { 298 finfo.block_size = mtd->erasesize >> 9; 299 finfo.page_size = mtd->writesize >> 9; 300 #ifdef CONFIG_SUPPORT_USBPLUG 301 /* Using 4KB pagesize as 2KB for idblock */ 302 if (finfo.page_size == 8 && desc->devnum == BLK_MTD_SPI_NAND) 303 finfo.page_size |= (4 << 4); 304 #endif 305 } 306 } 307 308 if (desc->if_type == IF_TYPE_MTD && desc->devnum == BLK_MTD_SPI_NOR) { 309 /* RV1126/RK3308 mtd spinor keep the former upgrade mode */ 310 #if !defined(CONFIG_ROCKCHIP_RV1126) && !defined(CONFIG_ROCKCHIP_RK3308) 311 finfo.block_size = 0x80; /* Aligned to 64KB */ 312 #else 313 finfo.block_size = ROCKCHIP_FLASH_BLOCK_SIZE; 314 #endif 315 } 316 317 debug("Flash info: block_size= %x page_size= %x\n", finfo.block_size, 318 finfo.page_size); 319 320 if (finfo.flash_size) 321 finfo.flash_mask = 1; 322 323 memset((void *)&buf[0], 0, len); 324 memcpy((void *)&buf[0], (void *)&finfo, len); 325 326 /* Set data xfer size */ 327 common->residue = common->data_size_from_cmnd = len; 328 /* legacy upgrade_tool does not set correct transfer size */ 329 common->data_size = len; 330 331 return len; 332 } 333 334 static int rkusb_do_get_chip_info(struct fsg_common *common, 335 struct fsg_buffhd *bh) 336 { 337 u8 *buf = (u8 *)bh->buf; 338 u32 len = common->data_size; 339 u32 chip_info[4]; 340 341 memset((void *)chip_info, 0, sizeof(chip_info)); 342 rockchip_rockusb_get_chip_info(chip_info); 343 344 memset((void *)&buf[0], 0, len); 345 memcpy((void *)&buf[0], (void *)chip_info, len); 346 347 /* Set data xfer size */ 348 common->residue = common->data_size_from_cmnd = len; 349 350 return len; 351 } 352 353 static int rkusb_do_lba_erase(struct fsg_common *common, 354 struct fsg_buffhd *bh) 355 { 356 struct fsg_lun *curlun = &common->luns[common->lun]; 357 u32 lba, amount; 358 loff_t file_offset; 359 int rc; 360 361 lba = get_unaligned_be32(&common->cmnd[2]); 362 if (lba >= curlun->num_sectors) { 363 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 364 rc = -EINVAL; 365 goto out; 366 } 367 368 file_offset = ((loff_t) lba) << 9; 369 amount = get_unaligned_be16(&common->cmnd[7]) << 9; 370 if (unlikely(amount == 0)) { 371 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 372 rc = -EIO; 373 goto out; 374 } 375 376 /* Perform the erase */ 377 rc = ums[common->lun].erase_sector(&ums[common->lun], 378 file_offset / SECTOR_SIZE, 379 amount / SECTOR_SIZE); 380 if (!rc) { 381 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 382 rc = -EIO; 383 } 384 385 out: 386 common->data_dir = DATA_DIR_NONE; 387 bh->state = BUF_STATE_EMPTY; 388 389 return rc; 390 } 391 392 static int rkusb_do_erase_force(struct fsg_common *common, 393 struct fsg_buffhd *bh) 394 { 395 struct blk_desc *desc = &ums[common->lun].block_dev; 396 struct fsg_lun *curlun = &common->luns[common->lun]; 397 u16 block_size = ROCKCHIP_FLASH_BLOCK_SIZE; 398 u32 lba, amount; 399 loff_t file_offset; 400 int rc; 401 402 lba = get_unaligned_be32(&common->cmnd[2]); 403 if (lba >= curlun->num_sectors) { 404 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 405 rc = -EINVAL; 406 goto out; 407 } 408 409 if (desc->if_type == IF_TYPE_MTD && 410 (desc->devnum == BLK_MTD_NAND || 411 desc->devnum == BLK_MTD_SPI_NAND)) { 412 struct mtd_info *mtd = (struct mtd_info *)desc->bdev->priv; 413 414 if (mtd) 415 block_size = mtd->erasesize >> 9; 416 } 417 418 file_offset = ((loff_t)lba) * block_size; 419 amount = get_unaligned_be16(&common->cmnd[7]) * block_size; 420 421 debug("%s lba= %x, nsec= %x\n", __func__, lba, 422 (u32)get_unaligned_be16(&common->cmnd[7])); 423 424 if (unlikely(amount == 0)) { 425 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 426 rc = -EIO; 427 goto out; 428 } 429 430 /* Perform the erase */ 431 rc = ums[common->lun].erase_sector(&ums[common->lun], 432 file_offset, 433 amount); 434 if (!rc) { 435 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 436 rc = -EIO; 437 } 438 439 out: 440 common->data_dir = DATA_DIR_NONE; 441 bh->state = BUF_STATE_EMPTY; 442 443 return rc; 444 } 445 446 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION 447 static int rkusb_do_vs_write(struct fsg_common *common) 448 { 449 struct fsg_lun *curlun = &common->luns[common->lun]; 450 u16 type = get_unaligned_be16(&common->cmnd[4]); 451 struct vendor_item *vhead; 452 struct fsg_buffhd *bh; 453 void *data; 454 int rc; 455 456 if (common->data_size >= (u32)65536) { 457 /* _MUST_ small than 64K */ 458 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 459 return -EINVAL; 460 } 461 462 common->residue = common->data_size; 463 common->usb_amount_left = common->data_size; 464 465 /* Carry out the file writes */ 466 if (unlikely(common->data_size == 0)) 467 return -EIO; /* No data to write */ 468 469 for (;;) { 470 if (common->usb_amount_left > 0) { 471 /* Wait for the next buffer to become available */ 472 bh = common->next_buffhd_to_fill; 473 if (bh->state != BUF_STATE_EMPTY) 474 goto wait; 475 476 /* Request the next buffer */ 477 common->usb_amount_left -= common->data_size; 478 bh->outreq->length = common->data_size; 479 bh->bulk_out_intended_length = common->data_size; 480 bh->outreq->short_not_ok = 1; 481 482 START_TRANSFER_OR(common, bulk_out, bh->outreq, 483 &bh->outreq_busy, &bh->state) 484 /* 485 * Don't know what to do if 486 * common->fsg is NULL 487 */ 488 return -EIO; 489 common->next_buffhd_to_fill = bh->next; 490 } else { 491 /* Then, wait for the data to become available */ 492 bh = common->next_buffhd_to_drain; 493 if (bh->state != BUF_STATE_FULL) 494 goto wait; 495 496 common->next_buffhd_to_drain = bh->next; 497 bh->state = BUF_STATE_EMPTY; 498 499 /* Did something go wrong with the transfer? */ 500 if (bh->outreq->status != 0) { 501 curlun->sense_data = SS_COMMUNICATION_FAILURE; 502 curlun->info_valid = 1; 503 break; 504 } 505 506 /* Perform the write */ 507 vhead = (struct vendor_item *)bh->buf; 508 data = bh->buf + sizeof(struct vendor_item); 509 510 if (!type) { 511 #ifndef CONFIG_SUPPORT_USBPLUG 512 if (vhead->id == HDCP_14_HDMI_ID || 513 vhead->id == HDCP_14_HDMIRX_ID || 514 vhead->id == HDCP_14_DP_ID) { 515 rc = vendor_handle_hdcp(vhead); 516 if (rc < 0) { 517 curlun->sense_data = SS_WRITE_ERROR; 518 return -EIO; 519 } 520 } 521 #endif 522 523 /* Vendor storage */ 524 rc = vendor_storage_write(vhead->id, 525 (char __user *)data, 526 vhead->size); 527 if (rc < 0) { 528 curlun->sense_data = SS_WRITE_ERROR; 529 return -EIO; 530 } 531 } else if (type == 1) { 532 /* RPMB */ 533 rc = 534 write_keybox_to_secure_storage((u8 *)data, 535 vhead->size); 536 if (rc < 0) { 537 curlun->sense_data = SS_WRITE_ERROR; 538 return -EIO; 539 } 540 } else if (type == 2) { 541 /* security storage */ 542 #ifdef CONFIG_RK_AVB_LIBAVB_USER 543 debug("%s call rk_avb_write_perm_attr %d, %d\n", 544 __func__, vhead->id, vhead->size); 545 rc = rk_avb_write_perm_attr(vhead->id, 546 (char __user *)data, 547 vhead->size); 548 if (rc < 0) { 549 curlun->sense_data = SS_WRITE_ERROR; 550 return -EIO; 551 } 552 #else 553 printf("Please enable CONFIG_RK_AVB_LIBAVB_USER\n"); 554 #endif 555 } else if (type == 3) { 556 /* efuse or otp*/ 557 #ifdef CONFIG_OPTEE_CLIENT 558 if (memcmp(data, "TAEK", 4) == 0) { 559 if (vhead->size - 8 != 32) { 560 printf("check ta encryption key size fail!\n"); 561 curlun->sense_data = SS_WRITE_ERROR; 562 return -EIO; 563 } 564 if (trusty_write_ta_encryption_key((uint32_t *)(data + 8), 8) != 0) { 565 printf("trusty_write_ta_encryption_key error!"); 566 curlun->sense_data = SS_WRITE_ERROR; 567 return -EIO; 568 } 569 } else if (memcmp(data, "EHUK", 4) == 0) { 570 if (vhead->size - 8 != 32) { 571 printf("check oem huk size fail!\n"); 572 curlun->sense_data = SS_WRITE_ERROR; 573 return -EIO; 574 } 575 if (trusty_write_oem_huk((uint32_t *)(data + 8), 8) != 0) { 576 printf("trusty_write_oem_huk error!"); 577 curlun->sense_data = SS_WRITE_ERROR; 578 return -EIO; 579 } 580 } else if (memcmp(data, "ENDA", 4) == 0) { 581 if (vhead->size - 8 != 16) { 582 printf("check oem encrypt data size fail!\n"); 583 curlun->sense_data = SS_WRITE_ERROR; 584 return -EIO; 585 } 586 if (trusty_write_oem_encrypt_data((uint32_t *)(data + 8), 4) != 0) { 587 printf("trusty_write_oem_encrypt_data error!"); 588 curlun->sense_data = SS_WRITE_ERROR; 589 return -EIO; 590 } 591 } else if (memcmp(data, "OTPK", 4) == 0) { 592 uint32_t key_len = vhead->size - 9; 593 uint8_t key_id = *((uint8_t *)data + 8); 594 if (key_len != 16 && key_len != 24 && key_len != 32) { 595 printf("check oem otp key size fail!\n"); 596 curlun->sense_data = SS_WRITE_ERROR; 597 return -EIO; 598 } 599 if (trusty_write_oem_otp_key(key_id, (uint8_t *)(data + 9), key_len) != 0) { 600 printf("trusty_write_oem_huk error!"); 601 curlun->sense_data = SS_WRITE_ERROR; 602 return -EIO; 603 } 604 } else { 605 printf("Unknown tag\n"); 606 curlun->sense_data = SS_WRITE_ERROR; 607 return -EIO; 608 } 609 #else 610 printf("Please enable CONFIG_OPTEE_CLIENT\n"); 611 #endif 612 } else { 613 return -EINVAL; 614 } 615 616 common->residue -= common->data_size; 617 618 /* Did the host decide to stop early? */ 619 if (bh->outreq->actual != bh->outreq->length) 620 common->short_packet_received = 1; 621 break; /* Command done */ 622 } 623 wait: 624 /* Wait for something to happen */ 625 rc = sleep_thread(common); 626 if (rc) 627 return rc; 628 } 629 630 return -EIO; /* No default reply */ 631 } 632 633 static int rkusb_do_vs_read(struct fsg_common *common) 634 { 635 struct fsg_lun *curlun = &common->luns[common->lun]; 636 u16 type = get_unaligned_be16(&common->cmnd[4]); 637 struct vendor_item *vhead; 638 struct fsg_buffhd *bh; 639 void *data; 640 int rc; 641 642 if (common->data_size >= (u32)65536) { 643 /* _MUST_ small than 64K */ 644 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 645 return -EINVAL; 646 } 647 648 common->residue = common->data_size; 649 common->usb_amount_left = common->data_size; 650 651 /* Carry out the file reads */ 652 if (unlikely(common->data_size == 0)) 653 return -EIO; /* No default reply */ 654 655 for (;;) { 656 /* Wait for the next buffer to become available */ 657 bh = common->next_buffhd_to_fill; 658 while (bh->state != BUF_STATE_EMPTY) { 659 rc = sleep_thread(common); 660 if (rc) 661 return rc; 662 } 663 664 memset(bh->buf, 0, FSG_BUFLEN); 665 vhead = (struct vendor_item *)bh->buf; 666 data = bh->buf + sizeof(struct vendor_item); 667 vhead->id = get_unaligned_be16(&common->cmnd[2]); 668 669 if (!type) { 670 /* Vendor storage */ 671 rc = vendor_storage_read(vhead->id, 672 (char __user *)data, 673 common->data_size); 674 if (!rc) { 675 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 676 return -EIO; 677 } 678 vhead->size = rc; 679 } else if (type == 1) { 680 /* RPMB */ 681 rc = 682 read_raw_data_from_secure_storage((u8 *)data, 683 common->data_size); 684 if (!rc) { 685 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 686 return -EIO; 687 } 688 vhead->size = rc; 689 } else if (type == 2) { 690 /* security storage */ 691 #ifdef CONFIG_RK_AVB_LIBAVB_USER 692 rc = rk_avb_read_perm_attr(vhead->id, 693 (char __user *)data, 694 vhead->size); 695 if (rc < 0) 696 return -EIO; 697 vhead->size = rc; 698 #else 699 printf("Please enable CONFIG_RK_AVB_LIBAVB_USER!\n"); 700 #endif 701 } else if (type == 3) { 702 /* efuse or otp*/ 703 #ifdef CONFIG_OPTEE_CLIENT 704 if (vhead->id == 120) { 705 u8 value; 706 char *written_str = "key is written!"; 707 char *not_written_str = "key is not written!"; 708 if (trusty_ta_encryption_key_is_written(&value) != 0) { 709 printf("trusty_ta_encryption_key_is_written error!"); 710 return -EIO; 711 } 712 if (value) { 713 memcpy(data, written_str, strlen(written_str)); 714 vhead->size = strlen(written_str); 715 } else { 716 memcpy(data, not_written_str, strlen(not_written_str)); 717 vhead->size = strlen(not_written_str); 718 } 719 } else { 720 printf("Unknown tag\n"); 721 return -EIO; 722 } 723 #else 724 printf("Please enable CONFIG_OPTEE_CLIENT\n"); 725 #endif 726 } else { 727 return -EINVAL; 728 } 729 730 common->residue -= common->data_size; 731 bh->inreq->length = common->data_size; 732 bh->state = BUF_STATE_FULL; 733 734 break; /* No more left to read */ 735 } 736 737 return -EIO; /* No default reply */ 738 } 739 #endif 740 741 static int rkusb_do_switch_storage(struct fsg_common *common) 742 { 743 enum if_type type, cur_type = ums[common->lun].block_dev.if_type; 744 int devnum, cur_devnum = ums[common->lun].block_dev.devnum; 745 struct blk_desc *block_dev; 746 u32 media = BOOT_TYPE_UNKNOWN; 747 748 media = 1 << common->cmnd[1]; 749 750 switch (media) { 751 #ifdef CONFIG_MMC 752 case BOOT_TYPE_EMMC: 753 type = IF_TYPE_MMC; 754 devnum = 0; 755 mmc_initialize(gd->bd); 756 break; 757 #endif 758 case BOOT_TYPE_MTD_BLK_NAND: 759 type = IF_TYPE_MTD; 760 devnum = 0; 761 break; 762 case BOOT_TYPE_MTD_BLK_SPI_NAND: 763 type = IF_TYPE_MTD; 764 devnum = 1; 765 break; 766 case BOOT_TYPE_MTD_BLK_SPI_NOR: 767 type = IF_TYPE_MTD; 768 devnum = 2; 769 break; 770 #if defined(CONFIG_SCSI) && defined(CONFIG_CMD_SCSI) && (defined(CONFIG_AHCI) || defined(CONFIG_UFS)) 771 case BOOT_TYPE_SATA: 772 type = IF_TYPE_SCSI; 773 devnum = 0; 774 break; 775 #endif 776 default: 777 printf("Bootdev 0x%x is not support\n", media); 778 return -ENODEV; 779 } 780 781 if (cur_type == type && cur_devnum == devnum) 782 return 0; 783 784 #if CONFIG_IS_ENABLED(SUPPORT_USBPLUG) 785 block_dev = usbplug_blk_get_devnum_by_type(type, devnum); 786 #else 787 block_dev = blk_get_devnum_by_type(type, devnum); 788 #endif 789 if (!block_dev) { 790 printf("Bootdev if_type=%d num=%d toggle fail\n", type, devnum); 791 return -ENODEV; 792 } 793 794 ums[common->lun].num_sectors = block_dev->lba; 795 ums[common->lun].block_dev = *block_dev; 796 797 printf("RKUSB: LUN %d, dev %d, hwpart %d, sector %#x, count %#x\n", 798 0, 799 ums[common->lun].block_dev.devnum, 800 ums[common->lun].block_dev.hwpart, 801 ums[common->lun].start_sector, 802 ums[common->lun].num_sectors); 803 804 return 0; 805 } 806 807 static int rkusb_do_get_storage_info(struct fsg_common *common, 808 struct fsg_buffhd *bh) 809 { 810 enum if_type type = ums[common->lun].block_dev.if_type; 811 int devnum = ums[common->lun].block_dev.devnum; 812 u32 media = BOOT_TYPE_UNKNOWN; 813 u32 len = common->data_size; 814 u8 *buf = (u8 *)bh->buf; 815 816 if (len > 4) 817 len = 4; 818 819 switch (type) { 820 case IF_TYPE_MMC: 821 media = BOOT_TYPE_EMMC; 822 break; 823 824 case IF_TYPE_SD: 825 media = BOOT_TYPE_SD0; 826 break; 827 828 case IF_TYPE_MTD: 829 if (devnum == BLK_MTD_SPI_NAND) 830 media = BOOT_TYPE_MTD_BLK_SPI_NAND; 831 else if (devnum == BLK_MTD_NAND) 832 media = BOOT_TYPE_NAND; 833 else 834 media = BOOT_TYPE_MTD_BLK_SPI_NOR; 835 break; 836 837 case IF_TYPE_SCSI: 838 media = BOOT_TYPE_SATA; 839 break; 840 841 case IF_TYPE_RKNAND: 842 media = BOOT_TYPE_NAND; 843 break; 844 845 case IF_TYPE_NVME: 846 media = BOOT_TYPE_PCIE; 847 break; 848 849 default: 850 break; 851 } 852 853 memcpy((void *)&buf[0], (void *)&media, len); 854 common->residue = len; 855 common->data_size_from_cmnd = len; 856 857 return len; 858 } 859 860 static int rkusb_do_read_capacity(struct fsg_common *common, 861 struct fsg_buffhd *bh) 862 { 863 u8 *buf = (u8 *)bh->buf; 864 u32 len = common->data_size; 865 enum if_type type = ums[common->lun].block_dev.if_type; 866 int devnum = ums[common->lun].block_dev.devnum; 867 868 /* 869 * bit[0]: Direct LBA, 0: Disabled; 870 * bit[1]: Vendor Storage API, 0: Disabed (default); 871 * bit[2]: First 4M Access, 0: Disabled; 872 * bit[3]: Read LBA On, 0: Disabed (default); 873 * bit[4]: New Vendor Storage API, 0: Disabed; 874 * bit[5]: Read uart data from ram 875 * bit[6]: Read IDB config 876 * bit[7]: Read SecureMode 877 * bit[8]: New IDB feature 878 * bit[9]: Get storage media info 879 * bit[10]: LBAwrite Parity 880 * bit[11]: Read Otp Data 881 * bit[12]: usb3 download 882 * bit[13]: Write OTP proof 883 * bit[14]: Write Cipher Key 884 * bit[15:63}: Reserved. 885 */ 886 memset((void *)&buf[0], 0, len); 887 if (type == IF_TYPE_MMC || type == IF_TYPE_SD || type == IF_TYPE_NVME) 888 buf[0] = BIT(0) | BIT(2) | BIT(4); 889 else 890 buf[0] = BIT(0) | BIT(4); 891 892 if (type == IF_TYPE_MTD && 893 (devnum == BLK_MTD_NAND || 894 devnum == BLK_MTD_SPI_NAND)) 895 buf[0] |= (1 << 6); 896 897 #if !defined(CONFIG_ROCKCHIP_RV1126) && !defined(CONFIG_ROCKCHIP_RK3308) 898 if (type == IF_TYPE_MTD && devnum == BLK_MTD_SPI_NOR) 899 buf[0] |= (1 << 6); 900 #endif 901 902 #if defined(CONFIG_ROCKCHIP_NEW_IDB) 903 buf[1] = BIT(0); 904 #endif 905 buf[1] |= BIT(1); /* Switch Storage */ 906 buf[1] |= BIT(2); /* LBAwrite Parity */ 907 908 if (rkusb_usb3_capable() && !rkusb_force_usb2_enabled()) 909 buf[1] |= BIT(4); 910 else 911 buf[1] &= ~BIT(4); 912 913 #ifdef CONFIG_ROCKCHIP_OTP 914 buf[1] |= BIT(3); /* Read Otp Data */ 915 buf[1] |= BIT(5); /* Write OTP proof */ 916 buf[1] |= BIT(6); /* Write Cipher Key */ 917 #endif 918 919 /* Set data xfer size */ 920 common->residue = len; 921 common->data_size_from_cmnd = len; 922 923 return len; 924 } 925 926 #ifdef CONFIG_ROCKCHIP_OTP 927 static int rkusb_do_read_otp(struct fsg_common *common, 928 struct fsg_buffhd *bh) 929 { 930 u32 len = common->data_size; 931 u32 type = common->cmnd[1]; 932 u8 *buf = (u8 *)bh->buf; 933 struct udevice *dev; 934 935 buf[0] = 0; 936 if (type == 0) { /* soc uuid */ 937 if (!uclass_get_device_by_driver(UCLASS_MISC, DM_GET_DRIVER(rockchip_otp), &dev)) { 938 if (!misc_read(dev, CFG_CPUID_OFFSET, (void *)&buf[1], len)) 939 buf[0] = len; 940 } 941 } 942 943 common->residue = len; 944 common->data_size_from_cmnd = len; 945 946 return len; 947 } 948 #endif 949 950 static void rkusb_fixup_cbwcb(struct fsg_common *common, 951 struct fsg_buffhd *bh) 952 { 953 struct usb_request *req = bh->outreq; 954 struct fsg_bulk_cb_wrap *cbw = req->buf; 955 956 /* FIXME cbw.DataTransferLength was not set by Upgrade Tool */ 957 common->data_size = le32_to_cpu(cbw->DataTransferLength); 958 if (common->data_size == 0) { 959 common->data_size = 960 get_unaligned_be16(&common->cmnd[7]) << 9; 961 printf("Trasfer Length NOT set, please use new version tool\n"); 962 debug("%s %d, cmnd1 %x\n", __func__, 963 get_unaligned_be16(&common->cmnd[7]), 964 get_unaligned_be16(&common->cmnd[1])); 965 } 966 if (cbw->Flags & USB_BULK_IN_FLAG) 967 common->data_dir = DATA_DIR_TO_HOST; 968 else 969 common->data_dir = DATA_DIR_FROM_HOST; 970 971 /* Not support */ 972 common->cmnd[1] = 0; 973 } 974 975 static int rkusb_cmd_process(struct fsg_common *common, 976 struct fsg_buffhd *bh, int *reply) 977 { 978 struct usb_request *req = bh->outreq; 979 struct fsg_bulk_cb_wrap *cbw = req->buf; 980 int rc; 981 982 dump_cbw(cbw); 983 984 if (rkusb_check_lun(common)) { 985 *reply = -EINVAL; 986 return RKUSB_RC_ERROR; 987 } 988 989 switch (common->cmnd[0]) { 990 case RKUSB_TEST_UNIT_READY: 991 *reply = rkusb_do_test_unit_ready(common, bh); 992 rc = RKUSB_RC_FINISHED; 993 break; 994 995 case RKUSB_READ_FLASH_ID: 996 *reply = rkusb_do_read_flash_id(common, bh); 997 rc = RKUSB_RC_FINISHED; 998 break; 999 1000 case RKUSB_TEST_BAD_BLOCK: 1001 *reply = rkusb_do_test_bad_block(common, bh); 1002 rc = RKUSB_RC_FINISHED; 1003 break; 1004 1005 case RKUSB_ERASE_10_FORCE: 1006 *reply = rkusb_do_erase_force(common, bh); 1007 rc = RKUSB_RC_FINISHED; 1008 break; 1009 1010 case RKUSB_LBA_READ_10: 1011 rkusb_fixup_cbwcb(common, bh); 1012 common->cmnd[0] = SC_READ_10; 1013 common->cmnd[1] = 0; /* Not support */ 1014 rc = RKUSB_RC_CONTINUE; 1015 break; 1016 1017 case RKUSB_LBA_WRITE_10: 1018 rkusb_fixup_cbwcb(common, bh); 1019 common->cmnd[0] = SC_WRITE_10; 1020 common->cmnd[1] = 0; /* Not support */ 1021 rc = RKUSB_RC_CONTINUE; 1022 break; 1023 1024 case RKUSB_READ_FLASH_INFO: 1025 *reply = rkusb_do_read_flash_info(common, bh); 1026 rc = RKUSB_RC_FINISHED; 1027 break; 1028 1029 case RKUSB_GET_CHIP_VER: 1030 *reply = rkusb_do_get_chip_info(common, bh); 1031 rc = RKUSB_RC_FINISHED; 1032 break; 1033 1034 case RKUSB_LBA_ERASE: 1035 *reply = rkusb_do_lba_erase(common, bh); 1036 rc = RKUSB_RC_FINISHED; 1037 break; 1038 1039 #ifdef CONFIG_ROCKCHIP_VENDOR_PARTITION 1040 case RKUSB_VS_WRITE: 1041 *reply = rkusb_do_vs_write(common); 1042 rc = RKUSB_RC_FINISHED; 1043 break; 1044 1045 case RKUSB_VS_READ: 1046 *reply = rkusb_do_vs_read(common); 1047 rc = RKUSB_RC_FINISHED; 1048 break; 1049 #endif 1050 case RKUSB_SWITCH_STORAGE: 1051 *reply = rkusb_do_switch_storage(common); 1052 rc = RKUSB_RC_FINISHED; 1053 break; 1054 case RKUSB_GET_STORAGE_MEDIA: 1055 *reply = rkusb_do_get_storage_info(common, bh); 1056 rc = RKUSB_RC_FINISHED; 1057 break; 1058 1059 case RKUSB_READ_CAPACITY: 1060 *reply = rkusb_do_read_capacity(common, bh); 1061 rc = RKUSB_RC_FINISHED; 1062 break; 1063 1064 case RKUSB_SWITCH_USB3: 1065 *reply = rkusb_do_switch_to_usb3(common, bh); 1066 rc = RKUSB_RC_FINISHED; 1067 break; 1068 1069 case RKUSB_RESET: 1070 *reply = rkusb_do_reset(common, bh); 1071 rc = RKUSB_RC_FINISHED; 1072 break; 1073 1074 #ifdef CONFIG_ROCKCHIP_OTP 1075 case RKUSB_READ_OTP_DATA: 1076 *reply = rkusb_do_read_otp(common, bh); 1077 rc = RKUSB_RC_FINISHED; 1078 break; 1079 #endif 1080 1081 case RKUSB_READ_10: 1082 case RKUSB_WRITE_10: 1083 printf("CMD Not support, pls use new version Tool\n"); 1084 case RKUSB_SET_DEVICE_ID: 1085 case RKUSB_ERASE_10: 1086 case RKUSB_WRITE_SPARE: 1087 case RKUSB_READ_SPARE: 1088 case RKUSB_GET_VERSION: 1089 case RKUSB_ERASE_SYS_DISK: 1090 case RKUSB_SDRAM_READ_10: 1091 case RKUSB_SDRAM_WRITE_10: 1092 case RKUSB_SDRAM_EXECUTE: 1093 case RKUSB_LOW_FORMAT: 1094 case RKUSB_SET_RESET_FLAG: 1095 case RKUSB_SPI_READ_10: 1096 case RKUSB_SPI_WRITE_10: 1097 /* Fall through */ 1098 default: 1099 rc = RKUSB_RC_UNKNOWN_CMND; 1100 break; 1101 } 1102 1103 return rc; 1104 } 1105 1106 int rkusb_do_check_parity(struct fsg_common *common) 1107 { 1108 int ret = 0, rc; 1109 u32 parity, i, usb_parity, lba, len; 1110 static u32 usb_check_buffer[1024 * 256]; 1111 1112 usb_parity = common->cmnd[9] | (common->cmnd[10] << 8) | 1113 (common->cmnd[11] << 16) | (common->cmnd[12] << 24); 1114 1115 if (common->cmnd[0] == SC_WRITE_10 && (usb_parity)) { 1116 lba = get_unaligned_be32(&common->cmnd[2]); 1117 len = common->data_size_from_cmnd >> 9; 1118 rc = blk_dread(&ums[common->lun].block_dev, lba, len, usb_check_buffer); 1119 parity = 0x000055aa; 1120 for (i = 0; i < len * 128; i++) 1121 parity += usb_check_buffer[i]; 1122 if (!rc || parity != usb_parity) 1123 common->phase_error = 1; 1124 } 1125 1126 return ret; 1127 } 1128 1129 DECLARE_GADGET_BIND_CALLBACK(rkusb_ums_dnl, fsg_add); 1130