1 /* 2 * ifdtool - Manage Intel Firmware Descriptor information 3 * 4 * Copyright 2014 Google, Inc 5 * 6 * SPDX-License-Identifier: GPL-2.0 7 * 8 * From Coreboot project, but it got a serious code clean-up 9 * and a few new features 10 */ 11 12 #include <assert.h> 13 #include <fcntl.h> 14 #include <getopt.h> 15 #include <stdlib.h> 16 #include <stdio.h> 17 #include <string.h> 18 #include <unistd.h> 19 #include <sys/types.h> 20 #include <sys/stat.h> 21 #include "ifdtool.h" 22 23 #undef DEBUG 24 25 #ifdef DEBUG 26 #define debug(fmt, args...) printf(fmt, ##args) 27 #else 28 #define debug(fmt, args...) 29 #endif 30 31 #define FD_SIGNATURE 0x0FF0A55A 32 #define FLREG_BASE(reg) ((reg & 0x00000fff) << 12); 33 #define FLREG_LIMIT(reg) (((reg & 0x0fff0000) >> 4) | 0xfff); 34 35 enum input_file_type_t { 36 IF_normal, 37 }; 38 39 struct input_file { 40 char *fname; 41 unsigned int addr; 42 enum input_file_type_t type; 43 }; 44 45 /** 46 * find_fd() - Find the flash description in the ROM image 47 * 48 * @image: Pointer to image 49 * @size: Size of image in bytes 50 * @return pointer to structure, or NULL if not found 51 */ 52 static struct fdbar_t *find_fd(char *image, int size) 53 { 54 uint32_t *ptr, *end; 55 56 /* Scan for FD signature */ 57 for (ptr = (uint32_t *)image, end = ptr + size / 4; ptr < end; ptr++) { 58 if (*ptr == FD_SIGNATURE) 59 break; 60 } 61 62 if (ptr == end) { 63 printf("No Flash Descriptor found in this image\n"); 64 return NULL; 65 } 66 67 debug("Found Flash Descriptor signature at 0x%08lx\n", 68 (char *)ptr - image); 69 70 return (struct fdbar_t *)ptr; 71 } 72 73 /** 74 * get_region() - Get information about the selected region 75 * 76 * @frba: Flash region list 77 * @region_type: Type of region (0..MAX_REGIONS-1) 78 * @region: Region information is written here 79 * @return 0 if OK, else -ve 80 */ 81 static int get_region(struct frba_t *frba, int region_type, 82 struct region_t *region) 83 { 84 if (region_type >= MAX_REGIONS) { 85 fprintf(stderr, "Invalid region type.\n"); 86 return -1; 87 } 88 89 region->base = FLREG_BASE(frba->flreg[region_type]); 90 region->limit = FLREG_LIMIT(frba->flreg[region_type]); 91 region->size = region->limit - region->base + 1; 92 93 return 0; 94 } 95 96 static const char *region_name(int region_type) 97 { 98 static const char *const regions[] = { 99 "Flash Descriptor", 100 "BIOS", 101 "Intel ME", 102 "GbE", 103 "Platform Data" 104 }; 105 106 assert(region_type < MAX_REGIONS); 107 108 return regions[region_type]; 109 } 110 111 static const char *region_filename(int region_type) 112 { 113 static const char *const region_filenames[] = { 114 "flashregion_0_flashdescriptor.bin", 115 "flashregion_1_bios.bin", 116 "flashregion_2_intel_me.bin", 117 "flashregion_3_gbe.bin", 118 "flashregion_4_platform_data.bin" 119 }; 120 121 assert(region_type < MAX_REGIONS); 122 123 return region_filenames[region_type]; 124 } 125 126 static int dump_region(int num, struct frba_t *frba) 127 { 128 struct region_t region; 129 int ret; 130 131 ret = get_region(frba, num, ®ion); 132 if (ret) 133 return ret; 134 135 printf(" Flash Region %d (%s): %08x - %08x %s\n", 136 num, region_name(num), region.base, region.limit, 137 region.size < 1 ? "(unused)" : ""); 138 139 return ret; 140 } 141 142 static void dump_frba(struct frba_t *frba) 143 { 144 int i; 145 146 printf("Found Region Section\n"); 147 for (i = 0; i < MAX_REGIONS; i++) { 148 printf("FLREG%d: 0x%08x\n", i, frba->flreg[i]); 149 dump_region(i, frba); 150 } 151 } 152 153 static void decode_spi_frequency(unsigned int freq) 154 { 155 switch (freq) { 156 case SPI_FREQUENCY_20MHZ: 157 printf("20MHz"); 158 break; 159 case SPI_FREQUENCY_33MHZ: 160 printf("33MHz"); 161 break; 162 case SPI_FREQUENCY_50MHZ: 163 printf("50MHz"); 164 break; 165 default: 166 printf("unknown<%x>MHz", freq); 167 } 168 } 169 170 static void decode_component_density(unsigned int density) 171 { 172 switch (density) { 173 case COMPONENT_DENSITY_512KB: 174 printf("512KiB"); 175 break; 176 case COMPONENT_DENSITY_1MB: 177 printf("1MiB"); 178 break; 179 case COMPONENT_DENSITY_2MB: 180 printf("2MiB"); 181 break; 182 case COMPONENT_DENSITY_4MB: 183 printf("4MiB"); 184 break; 185 case COMPONENT_DENSITY_8MB: 186 printf("8MiB"); 187 break; 188 case COMPONENT_DENSITY_16MB: 189 printf("16MiB"); 190 break; 191 default: 192 printf("unknown<%x>MiB", density); 193 } 194 } 195 196 static void dump_fcba(struct fcba_t *fcba) 197 { 198 printf("\nFound Component Section\n"); 199 printf("FLCOMP 0x%08x\n", fcba->flcomp); 200 printf(" Dual Output Fast Read Support: %ssupported\n", 201 (fcba->flcomp & (1 << 30)) ? "" : "not "); 202 printf(" Read ID/Read Status Clock Frequency: "); 203 decode_spi_frequency((fcba->flcomp >> 27) & 7); 204 printf("\n Write/Erase Clock Frequency: "); 205 decode_spi_frequency((fcba->flcomp >> 24) & 7); 206 printf("\n Fast Read Clock Frequency: "); 207 decode_spi_frequency((fcba->flcomp >> 21) & 7); 208 printf("\n Fast Read Support: %ssupported", 209 (fcba->flcomp & (1 << 20)) ? "" : "not "); 210 printf("\n Read Clock Frequency: "); 211 decode_spi_frequency((fcba->flcomp >> 17) & 7); 212 printf("\n Component 2 Density: "); 213 decode_component_density((fcba->flcomp >> 3) & 7); 214 printf("\n Component 1 Density: "); 215 decode_component_density(fcba->flcomp & 7); 216 printf("\n"); 217 printf("FLILL 0x%08x\n", fcba->flill); 218 printf(" Invalid Instruction 3: 0x%02x\n", 219 (fcba->flill >> 24) & 0xff); 220 printf(" Invalid Instruction 2: 0x%02x\n", 221 (fcba->flill >> 16) & 0xff); 222 printf(" Invalid Instruction 1: 0x%02x\n", 223 (fcba->flill >> 8) & 0xff); 224 printf(" Invalid Instruction 0: 0x%02x\n", 225 fcba->flill & 0xff); 226 printf("FLPB 0x%08x\n", fcba->flpb); 227 printf(" Flash Partition Boundary Address: 0x%06x\n\n", 228 (fcba->flpb & 0xfff) << 12); 229 } 230 231 static void dump_fpsba(struct fpsba_t *fpsba) 232 { 233 int i; 234 235 printf("Found PCH Strap Section\n"); 236 for (i = 0; i < MAX_STRAPS; i++) 237 printf("PCHSTRP%-2d: 0x%08x\n", i, fpsba->pchstrp[i]); 238 } 239 240 static const char *get_enabled(int flag) 241 { 242 return flag ? "enabled" : "disabled"; 243 } 244 245 static void decode_flmstr(uint32_t flmstr) 246 { 247 printf(" Platform Data Region Write Access: %s\n", 248 get_enabled(flmstr & (1 << 28))); 249 printf(" GbE Region Write Access: %s\n", 250 get_enabled(flmstr & (1 << 27))); 251 printf(" Intel ME Region Write Access: %s\n", 252 get_enabled(flmstr & (1 << 26))); 253 printf(" Host CPU/BIOS Region Write Access: %s\n", 254 get_enabled(flmstr & (1 << 25))); 255 printf(" Flash Descriptor Write Access: %s\n", 256 get_enabled(flmstr & (1 << 24))); 257 258 printf(" Platform Data Region Read Access: %s\n", 259 get_enabled(flmstr & (1 << 20))); 260 printf(" GbE Region Read Access: %s\n", 261 get_enabled(flmstr & (1 << 19))); 262 printf(" Intel ME Region Read Access: %s\n", 263 get_enabled(flmstr & (1 << 18))); 264 printf(" Host CPU/BIOS Region Read Access: %s\n", 265 get_enabled(flmstr & (1 << 17))); 266 printf(" Flash Descriptor Read Access: %s\n", 267 get_enabled(flmstr & (1 << 16))); 268 269 printf(" Requester ID: 0x%04x\n\n", 270 flmstr & 0xffff); 271 } 272 273 static void dump_fmba(struct fmba_t *fmba) 274 { 275 printf("Found Master Section\n"); 276 printf("FLMSTR1: 0x%08x (Host CPU/BIOS)\n", fmba->flmstr1); 277 decode_flmstr(fmba->flmstr1); 278 printf("FLMSTR2: 0x%08x (Intel ME)\n", fmba->flmstr2); 279 decode_flmstr(fmba->flmstr2); 280 printf("FLMSTR3: 0x%08x (GbE)\n", fmba->flmstr3); 281 decode_flmstr(fmba->flmstr3); 282 } 283 284 static void dump_fmsba(struct fmsba_t *fmsba) 285 { 286 int i; 287 288 printf("Found Processor Strap Section\n"); 289 for (i = 0; i < 4; i++) 290 printf("????: 0x%08x\n", fmsba->data[0]); 291 } 292 293 static void dump_jid(uint32_t jid) 294 { 295 printf(" SPI Component Device ID 1: 0x%02x\n", 296 (jid >> 16) & 0xff); 297 printf(" SPI Component Device ID 0: 0x%02x\n", 298 (jid >> 8) & 0xff); 299 printf(" SPI Component Vendor ID: 0x%02x\n", 300 jid & 0xff); 301 } 302 303 static void dump_vscc(uint32_t vscc) 304 { 305 printf(" Lower Erase Opcode: 0x%02x\n", 306 vscc >> 24); 307 printf(" Lower Write Enable on Write Status: 0x%02x\n", 308 vscc & (1 << 20) ? 0x06 : 0x50); 309 printf(" Lower Write Status Required: %s\n", 310 vscc & (1 << 19) ? "Yes" : "No"); 311 printf(" Lower Write Granularity: %d bytes\n", 312 vscc & (1 << 18) ? 64 : 1); 313 printf(" Lower Block / Sector Erase Size: "); 314 switch ((vscc >> 16) & 0x3) { 315 case 0: 316 printf("256 Byte\n"); 317 break; 318 case 1: 319 printf("4KB\n"); 320 break; 321 case 2: 322 printf("8KB\n"); 323 break; 324 case 3: 325 printf("64KB\n"); 326 break; 327 } 328 329 printf(" Upper Erase Opcode: 0x%02x\n", 330 (vscc >> 8) & 0xff); 331 printf(" Upper Write Enable on Write Status: 0x%02x\n", 332 vscc & (1 << 4) ? 0x06 : 0x50); 333 printf(" Upper Write Status Required: %s\n", 334 vscc & (1 << 3) ? "Yes" : "No"); 335 printf(" Upper Write Granularity: %d bytes\n", 336 vscc & (1 << 2) ? 64 : 1); 337 printf(" Upper Block / Sector Erase Size: "); 338 switch (vscc & 0x3) { 339 case 0: 340 printf("256 Byte\n"); 341 break; 342 case 1: 343 printf("4KB\n"); 344 break; 345 case 2: 346 printf("8KB\n"); 347 break; 348 case 3: 349 printf("64KB\n"); 350 break; 351 } 352 } 353 354 static void dump_vtba(struct vtba_t *vtba, int vtl) 355 { 356 int i; 357 int num = (vtl >> 1) < 8 ? (vtl >> 1) : 8; 358 359 printf("ME VSCC table:\n"); 360 for (i = 0; i < num; i++) { 361 printf(" JID%d: 0x%08x\n", i, vtba->entry[i].jid); 362 dump_jid(vtba->entry[i].jid); 363 printf(" VSCC%d: 0x%08x\n", i, vtba->entry[i].vscc); 364 dump_vscc(vtba->entry[i].vscc); 365 } 366 printf("\n"); 367 } 368 369 static void dump_oem(uint8_t *oem) 370 { 371 int i, j; 372 printf("OEM Section:\n"); 373 for (i = 0; i < 4; i++) { 374 printf("%02x:", i << 4); 375 for (j = 0; j < 16; j++) 376 printf(" %02x", oem[(i<<4)+j]); 377 printf("\n"); 378 } 379 printf("\n"); 380 } 381 382 /** 383 * dump_fd() - Display a dump of the full flash description 384 * 385 * @image: Pointer to image 386 * @size: Size of image in bytes 387 * @return 0 if OK, -1 on error 388 */ 389 static int dump_fd(char *image, int size) 390 { 391 struct fdbar_t *fdb = find_fd(image, size); 392 393 if (!fdb) 394 return -1; 395 396 printf("FLMAP0: 0x%08x\n", fdb->flmap0); 397 printf(" NR: %d\n", (fdb->flmap0 >> 24) & 7); 398 printf(" FRBA: 0x%x\n", ((fdb->flmap0 >> 16) & 0xff) << 4); 399 printf(" NC: %d\n", ((fdb->flmap0 >> 8) & 3) + 1); 400 printf(" FCBA: 0x%x\n", ((fdb->flmap0) & 0xff) << 4); 401 402 printf("FLMAP1: 0x%08x\n", fdb->flmap1); 403 printf(" ISL: 0x%02x\n", (fdb->flmap1 >> 24) & 0xff); 404 printf(" FPSBA: 0x%x\n", ((fdb->flmap1 >> 16) & 0xff) << 4); 405 printf(" NM: %d\n", (fdb->flmap1 >> 8) & 3); 406 printf(" FMBA: 0x%x\n", ((fdb->flmap1) & 0xff) << 4); 407 408 printf("FLMAP2: 0x%08x\n", fdb->flmap2); 409 printf(" PSL: 0x%04x\n", (fdb->flmap2 >> 8) & 0xffff); 410 printf(" FMSBA: 0x%x\n", ((fdb->flmap2) & 0xff) << 4); 411 412 printf("FLUMAP1: 0x%08x\n", fdb->flumap1); 413 printf(" Intel ME VSCC Table Length (VTL): %d\n", 414 (fdb->flumap1 >> 8) & 0xff); 415 printf(" Intel ME VSCC Table Base Address (VTBA): 0x%06x\n\n", 416 (fdb->flumap1 & 0xff) << 4); 417 dump_vtba((struct vtba_t *) 418 (image + ((fdb->flumap1 & 0xff) << 4)), 419 (fdb->flumap1 >> 8) & 0xff); 420 dump_oem((uint8_t *)image + 0xf00); 421 dump_frba((struct frba_t *)(image + (((fdb->flmap0 >> 16) & 0xff) 422 << 4))); 423 dump_fcba((struct fcba_t *)(image + (((fdb->flmap0) & 0xff) << 4))); 424 dump_fpsba((struct fpsba_t *) 425 (image + (((fdb->flmap1 >> 16) & 0xff) << 4))); 426 dump_fmba((struct fmba_t *)(image + (((fdb->flmap1) & 0xff) << 4))); 427 dump_fmsba((struct fmsba_t *)(image + (((fdb->flmap2) & 0xff) << 4))); 428 429 return 0; 430 } 431 432 /** 433 * write_regions() - Write each region from an image to its own file 434 * 435 * The filename to use in each case is fixed - see region_filename() 436 * 437 * @image: Pointer to image 438 * @size: Size of image in bytes 439 * @return 0 if OK, -ve on error 440 */ 441 static int write_regions(char *image, int size) 442 { 443 struct fdbar_t *fdb; 444 struct frba_t *frba; 445 int ret = 0; 446 int i; 447 448 fdb = find_fd(image, size); 449 if (!fdb) 450 return -1; 451 452 frba = (struct frba_t *)(image + (((fdb->flmap0 >> 16) & 0xff) << 4)); 453 454 for (i = 0; i < MAX_REGIONS; i++) { 455 struct region_t region; 456 int region_fd; 457 458 ret = get_region(frba, i, ®ion); 459 if (ret) 460 return ret; 461 dump_region(i, frba); 462 if (region.size == 0) 463 continue; 464 region_fd = open(region_filename(i), 465 O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | 466 S_IWUSR | S_IRGRP | S_IROTH); 467 if (write(region_fd, image + region.base, region.size) != 468 region.size) { 469 perror("Error while writing"); 470 ret = -1; 471 } 472 close(region_fd); 473 } 474 475 return ret; 476 } 477 478 static int perror_fname(const char *fmt, const char *fname) 479 { 480 char msg[strlen(fmt) + strlen(fname) + 1]; 481 482 sprintf(msg, fmt, fname); 483 perror(msg); 484 485 return -1; 486 } 487 488 /** 489 * write_image() - Write the image to a file 490 * 491 * @filename: Filename to use for the image 492 * @image: Pointer to image 493 * @size: Size of image in bytes 494 * @return 0 if OK, -ve on error 495 */ 496 static int write_image(char *filename, char *image, int size) 497 { 498 int new_fd; 499 500 debug("Writing new image to %s\n", filename); 501 502 new_fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | 503 S_IWUSR | S_IRGRP | S_IROTH); 504 if (new_fd < 0) 505 return perror_fname("Could not open file '%s'", filename); 506 if (write(new_fd, image, size) != size) 507 return perror_fname("Could not write file '%s'", filename); 508 close(new_fd); 509 510 return 0; 511 } 512 513 /** 514 * set_spi_frequency() - Set the SPI frequency to use when booting 515 * 516 * Several frequencies are supported, some of which work with fast devices. 517 * For SPI emulators, the slowest (SPI_FREQUENCY_20MHZ) is often used. The 518 * Intel boot system uses this information somehow on boot. 519 * 520 * The image is updated with the supplied value 521 * 522 * @image: Pointer to image 523 * @size: Size of image in bytes 524 * @freq: SPI frequency to use 525 */ 526 static void set_spi_frequency(char *image, int size, enum spi_frequency freq) 527 { 528 struct fdbar_t *fdb = find_fd(image, size); 529 struct fcba_t *fcba; 530 531 fcba = (struct fcba_t *)(image + (((fdb->flmap0) & 0xff) << 4)); 532 533 /* clear bits 21-29 */ 534 fcba->flcomp &= ~0x3fe00000; 535 /* Read ID and Read Status Clock Frequency */ 536 fcba->flcomp |= freq << 27; 537 /* Write and Erase Clock Frequency */ 538 fcba->flcomp |= freq << 24; 539 /* Fast Read Clock Frequency */ 540 fcba->flcomp |= freq << 21; 541 } 542 543 /** 544 * set_em100_mode() - Set a SPI frequency that will work with Dediprog EM100 545 * 546 * @image: Pointer to image 547 * @size: Size of image in bytes 548 */ 549 static void set_em100_mode(char *image, int size) 550 { 551 struct fdbar_t *fdb = find_fd(image, size); 552 struct fcba_t *fcba; 553 554 fcba = (struct fcba_t *)(image + (((fdb->flmap0) & 0xff) << 4)); 555 fcba->flcomp &= ~(1 << 30); 556 set_spi_frequency(image, size, SPI_FREQUENCY_20MHZ); 557 } 558 559 /** 560 * lock_descriptor() - Lock the NE descriptor so it cannot be updated 561 * 562 * @image: Pointer to image 563 * @size: Size of image in bytes 564 */ 565 static void lock_descriptor(char *image, int size) 566 { 567 struct fdbar_t *fdb = find_fd(image, size); 568 struct fmba_t *fmba; 569 570 /* 571 * TODO: Dynamically take Platform Data Region and GbE Region into 572 * account. 573 */ 574 fmba = (struct fmba_t *)(image + (((fdb->flmap1) & 0xff) << 4)); 575 fmba->flmstr1 = 0x0a0b0000; 576 fmba->flmstr2 = 0x0c0d0000; 577 fmba->flmstr3 = 0x08080118; 578 } 579 580 /** 581 * unlock_descriptor() - Lock the NE descriptor so it can be updated 582 * 583 * @image: Pointer to image 584 * @size: Size of image in bytes 585 */ 586 static void unlock_descriptor(char *image, int size) 587 { 588 struct fdbar_t *fdb = find_fd(image, size); 589 struct fmba_t *fmba; 590 591 fmba = (struct fmba_t *)(image + (((fdb->flmap1) & 0xff) << 4)); 592 fmba->flmstr1 = 0xffff0000; 593 fmba->flmstr2 = 0xffff0000; 594 fmba->flmstr3 = 0x08080118; 595 } 596 597 /** 598 * open_for_read() - Open a file for reading 599 * 600 * @fname: Filename to open 601 * @sizep: Returns file size in bytes 602 * @return 0 if OK, -1 on error 603 */ 604 int open_for_read(const char *fname, int *sizep) 605 { 606 int fd = open(fname, O_RDONLY); 607 struct stat buf; 608 609 if (fd == -1) 610 return perror_fname("Could not open file '%s'", fname); 611 if (fstat(fd, &buf) == -1) 612 return perror_fname("Could not stat file '%s'", fname); 613 *sizep = buf.st_size; 614 debug("File %s is %d bytes\n", fname, *sizep); 615 616 return fd; 617 } 618 619 /** 620 * inject_region() - Add a file to an image region 621 * 622 * This puts a file into a particular region of the flash. Several pre-defined 623 * regions are used. 624 * 625 * @image: Pointer to image 626 * @size: Size of image in bytes 627 * @region_type: Region where the file should be added 628 * @region_fname: Filename to add to the image 629 * @return 0 if OK, -ve on error 630 */ 631 int inject_region(char *image, int size, int region_type, char *region_fname) 632 { 633 struct fdbar_t *fdb = find_fd(image, size); 634 struct region_t region; 635 struct frba_t *frba; 636 int region_size; 637 int offset = 0; 638 int region_fd; 639 int ret; 640 641 if (!fdb) 642 exit(EXIT_FAILURE); 643 frba = (struct frba_t *)(image + (((fdb->flmap0 >> 16) & 0xff) << 4)); 644 645 ret = get_region(frba, region_type, ®ion); 646 if (ret) 647 return -1; 648 if (region.size <= 0xfff) { 649 fprintf(stderr, "Region %s is disabled in target. Not injecting.\n", 650 region_name(region_type)); 651 return -1; 652 } 653 654 region_fd = open_for_read(region_fname, ®ion_size); 655 if (region_fd < 0) 656 return region_fd; 657 658 if ((region_size > region.size) || 659 ((region_type != 1) && (region_size > region.size))) { 660 fprintf(stderr, "Region %s is %d(0x%x) bytes. File is %d(0x%x) bytes. Not injecting.\n", 661 region_name(region_type), region.size, 662 region.size, region_size, region_size); 663 return -1; 664 } 665 666 if ((region_type == 1) && (region_size < region.size)) { 667 fprintf(stderr, "Region %s is %d(0x%x) bytes. File is %d(0x%x) bytes. Padding before injecting.\n", 668 region_name(region_type), region.size, 669 region.size, region_size, region_size); 670 offset = region.size - region_size; 671 memset(image + region.base, 0xff, offset); 672 } 673 674 if (size < region.base + offset + region_size) { 675 fprintf(stderr, "Output file is too small. (%d < %d)\n", 676 size, region.base + offset + region_size); 677 return -1; 678 } 679 680 if (read(region_fd, image + region.base + offset, region_size) 681 != region_size) { 682 perror("Could not read file"); 683 return -1; 684 } 685 686 close(region_fd); 687 688 debug("Adding %s as the %s section\n", region_fname, 689 region_name(region_type)); 690 691 return 0; 692 } 693 694 /** 695 * write_data() - Write some raw data into a region 696 * 697 * This puts a file into a particular place in the flash, ignoring the 698 * regions. Be careful not to overwrite something important. 699 * 700 * @image: Pointer to image 701 * @size: Size of image in bytes 702 * @addr: x86 ROM address to put file. The ROM ends at 703 * 0xffffffff so use an address relative to that. For an 704 * 8MB ROM the start address is 0xfff80000. 705 * @write_fname: Filename to add to the image 706 * @return 0 if OK, -ve on error 707 */ 708 static int write_data(char *image, int size, unsigned int addr, 709 const char *write_fname) 710 { 711 int write_fd, write_size; 712 int offset; 713 714 write_fd = open_for_read(write_fname, &write_size); 715 if (write_fd < 0) 716 return write_fd; 717 718 offset = addr + size; 719 debug("Writing %s to offset %#x\n", write_fname, offset); 720 721 if (offset < 0 || offset + write_size > size) { 722 fprintf(stderr, "Output file is too small. (%d < %d)\n", 723 size, offset + write_size); 724 return -1; 725 } 726 727 if (read(write_fd, image + offset, write_size) != write_size) { 728 perror("Could not read file"); 729 return -1; 730 } 731 732 close(write_fd); 733 734 return 0; 735 } 736 737 static void print_version(void) 738 { 739 printf("ifdtool v%s -- ", IFDTOOL_VERSION); 740 printf("Copyright (C) 2014 Google Inc.\n\n"); 741 printf("SPDX-License-Identifier: GPL-2.0+\n"); 742 } 743 744 static void print_usage(const char *name) 745 { 746 printf("usage: %s [-vhdix?] <filename> [<outfile>]\n", name); 747 printf("\n" 748 " -d | --dump: dump intel firmware descriptor\n" 749 " -x | --extract: extract intel fd modules\n" 750 " -i | --inject <region>:<module> inject file <module> into region <region>\n" 751 " -w | --write <addr>:<file> write file to appear at memory address <addr>\n" 752 " multiple files can be written simultaneously\n" 753 " -s | --spifreq <20|33|50> set the SPI frequency\n" 754 " -e | --em100 set SPI frequency to 20MHz and disable\n" 755 " Dual Output Fast Read Support\n" 756 " -l | --lock Lock firmware descriptor and ME region\n" 757 " -u | --unlock Unlock firmware descriptor and ME region\n" 758 " -r | --romsize Specify ROM size\n" 759 " -D | --write-descriptor <file> Write descriptor at base\n" 760 " -c | --create Create a new empty image\n" 761 " -v | --version: print the version\n" 762 " -h | --help: print this help\n\n" 763 "<region> is one of Descriptor, BIOS, ME, GbE, Platform\n" 764 "\n"); 765 } 766 767 /** 768 * get_two_words() - Convert a string into two words separated by : 769 * 770 * The supplied string is split at ':', two substrings are allocated and 771 * returned. 772 * 773 * @str: String to split 774 * @firstp: Returns first string 775 * @secondp: Returns second string 776 * @return 0 if OK, -ve if @str does not have a : 777 */ 778 static int get_two_words(const char *str, char **firstp, char **secondp) 779 { 780 const char *p; 781 782 p = strchr(str, ':'); 783 if (!p) 784 return -1; 785 *firstp = strdup(str); 786 (*firstp)[p - str] = '\0'; 787 *secondp = strdup(p + 1); 788 789 return 0; 790 } 791 792 int main(int argc, char *argv[]) 793 { 794 int opt, option_index = 0; 795 int mode_dump = 0, mode_extract = 0, mode_inject = 0; 796 int mode_spifreq = 0, mode_em100 = 0, mode_locked = 0; 797 int mode_unlocked = 0, mode_write = 0, mode_write_descriptor = 0; 798 int create = 0; 799 char *region_type_string = NULL, *inject_fname = NULL; 800 char *desc_fname = NULL, *addr_str = NULL; 801 int region_type = -1, inputfreq = 0; 802 enum spi_frequency spifreq = SPI_FREQUENCY_20MHZ; 803 struct input_file input_file[WRITE_MAX], *ifile; 804 unsigned char wr_idx, wr_num = 0; 805 int rom_size = -1; 806 bool write_it; 807 char *filename; 808 char *outfile = NULL; 809 struct stat buf; 810 int size = 0; 811 int bios_fd; 812 char *image; 813 int ret; 814 static struct option long_options[] = { 815 {"create", 0, NULL, 'c'}, 816 {"dump", 0, NULL, 'd'}, 817 {"descriptor", 1, NULL, 'D'}, 818 {"em100", 0, NULL, 'e'}, 819 {"extract", 0, NULL, 'x'}, 820 {"inject", 1, NULL, 'i'}, 821 {"lock", 0, NULL, 'l'}, 822 {"romsize", 1, NULL, 'r'}, 823 {"spifreq", 1, NULL, 's'}, 824 {"unlock", 0, NULL, 'u'}, 825 {"write", 1, NULL, 'w'}, 826 {"version", 0, NULL, 'v'}, 827 {"help", 0, NULL, 'h'}, 828 {0, 0, 0, 0} 829 }; 830 831 while ((opt = getopt_long(argc, argv, "cdD:ehi:lr:s:uvw:x?", 832 long_options, &option_index)) != EOF) { 833 switch (opt) { 834 case 'c': 835 create = 1; 836 break; 837 case 'd': 838 mode_dump = 1; 839 break; 840 case 'D': 841 mode_write_descriptor = 1; 842 desc_fname = optarg; 843 break; 844 case 'e': 845 mode_em100 = 1; 846 break; 847 case 'i': 848 if (get_two_words(optarg, ®ion_type_string, 849 &inject_fname)) { 850 print_usage(argv[0]); 851 exit(EXIT_FAILURE); 852 } 853 if (!strcasecmp("Descriptor", region_type_string)) 854 region_type = 0; 855 else if (!strcasecmp("BIOS", region_type_string)) 856 region_type = 1; 857 else if (!strcasecmp("ME", region_type_string)) 858 region_type = 2; 859 else if (!strcasecmp("GbE", region_type_string)) 860 region_type = 3; 861 else if (!strcasecmp("Platform", region_type_string)) 862 region_type = 4; 863 if (region_type == -1) { 864 fprintf(stderr, "No such region type: '%s'\n\n", 865 region_type_string); 866 print_usage(argv[0]); 867 exit(EXIT_FAILURE); 868 } 869 mode_inject = 1; 870 break; 871 case 'l': 872 mode_locked = 1; 873 break; 874 case 'r': 875 rom_size = strtol(optarg, NULL, 0); 876 debug("ROM size %d\n", rom_size); 877 break; 878 case 's': 879 /* Parse the requested SPI frequency */ 880 inputfreq = strtol(optarg, NULL, 0); 881 switch (inputfreq) { 882 case 20: 883 spifreq = SPI_FREQUENCY_20MHZ; 884 break; 885 case 33: 886 spifreq = SPI_FREQUENCY_33MHZ; 887 break; 888 case 50: 889 spifreq = SPI_FREQUENCY_50MHZ; 890 break; 891 default: 892 fprintf(stderr, "Invalid SPI Frequency: %d\n", 893 inputfreq); 894 print_usage(argv[0]); 895 exit(EXIT_FAILURE); 896 } 897 mode_spifreq = 1; 898 break; 899 case 'u': 900 mode_unlocked = 1; 901 break; 902 case 'v': 903 print_version(); 904 exit(EXIT_SUCCESS); 905 break; 906 case 'w': 907 ifile = &input_file[wr_num]; 908 mode_write = 1; 909 if (wr_num < WRITE_MAX) { 910 if (get_two_words(optarg, &addr_str, 911 &ifile->fname)) { 912 print_usage(argv[0]); 913 exit(EXIT_FAILURE); 914 } 915 ifile->addr = strtol(optarg, NULL, 0); 916 ifile->type = IF_normal; 917 wr_num++; 918 } else { 919 fprintf(stderr, 920 "The number of files to write simultaneously exceeds the limitation (%d)\n", 921 WRITE_MAX); 922 } 923 break; 924 case 'x': 925 mode_extract = 1; 926 break; 927 case 'h': 928 case '?': 929 default: 930 print_usage(argv[0]); 931 exit(EXIT_SUCCESS); 932 break; 933 } 934 } 935 936 if (mode_locked == 1 && mode_unlocked == 1) { 937 fprintf(stderr, "Locking/Unlocking FD and ME are mutually exclusive\n"); 938 exit(EXIT_FAILURE); 939 } 940 941 if (mode_inject == 1 && mode_write == 1) { 942 fprintf(stderr, "Inject/Write are mutually exclusive\n"); 943 exit(EXIT_FAILURE); 944 } 945 946 if ((mode_dump + mode_extract + mode_inject + 947 (mode_spifreq | mode_em100 | mode_unlocked | 948 mode_locked)) > 1) { 949 fprintf(stderr, "You may not specify more than one mode.\n\n"); 950 print_usage(argv[0]); 951 exit(EXIT_FAILURE); 952 } 953 954 if ((mode_dump + mode_extract + mode_inject + mode_spifreq + 955 mode_em100 + mode_locked + mode_unlocked + mode_write + 956 mode_write_descriptor) == 0 && !create) { 957 fprintf(stderr, "You need to specify a mode.\n\n"); 958 print_usage(argv[0]); 959 exit(EXIT_FAILURE); 960 } 961 962 if (create && rom_size == -1) { 963 fprintf(stderr, "You need to specify a rom size when creating.\n\n"); 964 exit(EXIT_FAILURE); 965 } 966 967 if (optind + 1 != argc) { 968 fprintf(stderr, "You need to specify a file.\n\n"); 969 print_usage(argv[0]); 970 exit(EXIT_FAILURE); 971 } 972 973 filename = argv[optind]; 974 if (optind + 2 != argc) 975 outfile = argv[optind + 1]; 976 977 if (create) 978 bios_fd = open(filename, O_WRONLY | O_CREAT, 0666); 979 else 980 bios_fd = open(filename, outfile ? O_RDONLY : O_RDWR); 981 982 if (bios_fd == -1) { 983 perror("Could not open file"); 984 exit(EXIT_FAILURE); 985 } 986 987 if (!create) { 988 if (fstat(bios_fd, &buf) == -1) { 989 perror("Could not stat file"); 990 exit(EXIT_FAILURE); 991 } 992 size = buf.st_size; 993 } 994 995 debug("File %s is %d bytes\n", filename, size); 996 997 if (rom_size == -1) 998 rom_size = size; 999 1000 image = malloc(rom_size); 1001 if (!image) { 1002 printf("Out of memory.\n"); 1003 exit(EXIT_FAILURE); 1004 } 1005 1006 memset(image, '\xff', rom_size); 1007 if (!create && read(bios_fd, image, size) != size) { 1008 perror("Could not read file"); 1009 exit(EXIT_FAILURE); 1010 } 1011 if (size != rom_size) { 1012 debug("ROM size changed to %d bytes\n", rom_size); 1013 size = rom_size; 1014 } 1015 1016 write_it = true; 1017 ret = 0; 1018 if (mode_dump) { 1019 ret = dump_fd(image, size); 1020 write_it = false; 1021 } 1022 1023 if (mode_extract) { 1024 ret = write_regions(image, size); 1025 write_it = false; 1026 } 1027 1028 if (mode_write_descriptor) 1029 ret = write_data(image, size, -size, desc_fname); 1030 1031 if (mode_inject) 1032 ret = inject_region(image, size, region_type, inject_fname); 1033 1034 if (mode_write) { 1035 for (wr_idx = 0; wr_idx < wr_num; wr_idx++) { 1036 ifile = &input_file[wr_idx]; 1037 ret = write_data(image, size, ifile->addr, 1038 ifile->fname); 1039 if (ret) 1040 break; 1041 } 1042 } 1043 1044 if (mode_spifreq) 1045 set_spi_frequency(image, size, spifreq); 1046 1047 if (mode_em100) 1048 set_em100_mode(image, size); 1049 1050 if (mode_locked) 1051 lock_descriptor(image, size); 1052 1053 if (mode_unlocked) 1054 unlock_descriptor(image, size); 1055 1056 if (write_it) { 1057 if (outfile) { 1058 ret = write_image(outfile, image, size); 1059 } else { 1060 if (lseek(bios_fd, 0, SEEK_SET)) { 1061 perror("Error while seeking"); 1062 ret = -1; 1063 } 1064 if (write(bios_fd, image, size) != size) { 1065 perror("Error while writing"); 1066 ret = -1; 1067 } 1068 } 1069 } 1070 1071 free(image); 1072 close(bios_fd); 1073 1074 return ret ? 1 : 0; 1075 } 1076