1 /*
2  * Boot a Marvell SoC, with Xmodem over UART0.
3  *  supports Kirkwood, Dove, Armada 370, Armada XP
4  *
5  * (c) 2012 Daniel Stodden <daniel.stodden@gmail.com>
6  *
7  * References: marvell.com, "88F6180, 88F6190, 88F6192, and 88F6281
8  *   Integrated Controller: Functional Specifications" December 2,
9  *   2008. Chapter 24.2 "BootROM Firmware".
10  */
11 
12 #include "kwbimage.h"
13 #include "mkimage.h"
14 
15 #include <stdlib.h>
16 #include <stdio.h>
17 #include <string.h>
18 #include <stdarg.h>
19 #include <image.h>
20 #include <libgen.h>
21 #include <fcntl.h>
22 #include <errno.h>
23 #include <unistd.h>
24 #include <stdint.h>
25 #include <termios.h>
26 #include <sys/mman.h>
27 #include <sys/stat.h>
28 
29 #ifdef __GNUC__
30 #define PACKED __attribute((packed))
31 #else
32 #define PACKED
33 #endif
34 
35 /*
36  * Marvell BootROM UART Sensing
37  */
38 
39 static unsigned char kwboot_msg_boot[] = {
40 	0xBB, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
41 };
42 
43 static unsigned char kwboot_msg_debug[] = {
44 	0xDD, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
45 };
46 
47 /* Defines known to work on Kirkwood */
48 #define KWBOOT_MSG_REQ_DELAY	10 /* ms */
49 #define KWBOOT_MSG_RSP_TIMEO	50 /* ms */
50 
51 /* Defines known to work on Armada XP */
52 #define KWBOOT_MSG_REQ_DELAY_AXP	1000 /* ms */
53 #define KWBOOT_MSG_RSP_TIMEO_AXP	1000 /* ms */
54 
55 /*
56  * Xmodem Transfers
57  */
58 
59 #define SOH	1	/* sender start of block header */
60 #define EOT	4	/* sender end of block transfer */
61 #define ACK	6	/* target block ack */
62 #define NAK	21	/* target block negative ack */
63 #define CAN	24	/* target/sender transfer cancellation */
64 
65 struct kwboot_block {
66 	uint8_t soh;
67 	uint8_t pnum;
68 	uint8_t _pnum;
69 	uint8_t data[128];
70 	uint8_t csum;
71 } PACKED;
72 
73 #define KWBOOT_BLK_RSP_TIMEO 1000 /* ms */
74 
75 static int kwboot_verbose;
76 
77 static int msg_req_delay = KWBOOT_MSG_REQ_DELAY;
78 static int msg_rsp_timeo = KWBOOT_MSG_RSP_TIMEO;
79 static int blk_rsp_timeo = KWBOOT_BLK_RSP_TIMEO;
80 
81 static void
kwboot_printv(const char * fmt,...)82 kwboot_printv(const char *fmt, ...)
83 {
84 	va_list ap;
85 
86 	if (kwboot_verbose) {
87 		va_start(ap, fmt);
88 		vprintf(fmt, ap);
89 		va_end(ap);
90 		fflush(stdout);
91 	}
92 }
93 
94 static void
__spinner(void)95 __spinner(void)
96 {
97 	const char seq[] = { '-', '\\', '|', '/' };
98 	const int div = 8;
99 	static int state, bs;
100 
101 	if (state % div == 0) {
102 		fputc(bs, stdout);
103 		fputc(seq[state / div % sizeof(seq)], stdout);
104 		fflush(stdout);
105 	}
106 
107 	bs = '\b';
108 	state++;
109 }
110 
111 static void
kwboot_spinner(void)112 kwboot_spinner(void)
113 {
114 	if (kwboot_verbose)
115 		__spinner();
116 }
117 
118 static void
__progress(int pct,char c)119 __progress(int pct, char c)
120 {
121 	const int width = 70;
122 	static const char *nl = "";
123 	static int pos;
124 
125 	if (pos % width == 0)
126 		printf("%s%3d %% [", nl, pct);
127 
128 	fputc(c, stdout);
129 
130 	nl = "]\n";
131 	pos++;
132 
133 	if (pct == 100) {
134 		while (pos++ < width)
135 			fputc(' ', stdout);
136 		fputs(nl, stdout);
137 	}
138 
139 	fflush(stdout);
140 
141 }
142 
143 static void
kwboot_progress(int _pct,char c)144 kwboot_progress(int _pct, char c)
145 {
146 	static int pct;
147 
148 	if (_pct != -1)
149 		pct = _pct;
150 
151 	if (kwboot_verbose)
152 		__progress(pct, c);
153 }
154 
155 static int
kwboot_tty_recv(int fd,void * buf,size_t len,int timeo)156 kwboot_tty_recv(int fd, void *buf, size_t len, int timeo)
157 {
158 	int rc, nfds;
159 	fd_set rfds;
160 	struct timeval tv;
161 	ssize_t n;
162 
163 	rc = -1;
164 
165 	FD_ZERO(&rfds);
166 	FD_SET(fd, &rfds);
167 
168 	tv.tv_sec = 0;
169 	tv.tv_usec = timeo * 1000;
170 	if (tv.tv_usec > 1000000) {
171 		tv.tv_sec += tv.tv_usec / 1000000;
172 		tv.tv_usec %= 1000000;
173 	}
174 
175 	do {
176 		nfds = select(fd + 1, &rfds, NULL, NULL, &tv);
177 		if (nfds < 0)
178 			goto out;
179 		if (!nfds) {
180 			errno = ETIMEDOUT;
181 			goto out;
182 		}
183 
184 		n = read(fd, buf, len);
185 		if (n < 0)
186 			goto out;
187 
188 		buf = (char *)buf + n;
189 		len -= n;
190 	} while (len > 0);
191 
192 	rc = 0;
193 out:
194 	return rc;
195 }
196 
197 static int
kwboot_tty_send(int fd,const void * buf,size_t len)198 kwboot_tty_send(int fd, const void *buf, size_t len)
199 {
200 	int rc;
201 	ssize_t n;
202 
203 	if (!buf)
204 		return 0;
205 
206 	rc = -1;
207 
208 	do {
209 		n = write(fd, buf, len);
210 		if (n < 0)
211 			goto out;
212 
213 		buf = (char *)buf + n;
214 		len -= n;
215 	} while (len > 0);
216 
217 	rc = tcdrain(fd);
218 out:
219 	return rc;
220 }
221 
222 static int
kwboot_tty_send_char(int fd,unsigned char c)223 kwboot_tty_send_char(int fd, unsigned char c)
224 {
225 	return kwboot_tty_send(fd, &c, 1);
226 }
227 
228 static speed_t
kwboot_tty_speed(int baudrate)229 kwboot_tty_speed(int baudrate)
230 {
231 	switch (baudrate) {
232 	case 115200:
233 		return B115200;
234 	case 57600:
235 		return B57600;
236 	case 38400:
237 		return B38400;
238 	case 19200:
239 		return B19200;
240 	case 9600:
241 		return B9600;
242 	}
243 
244 	return -1;
245 }
246 
247 static int
kwboot_open_tty(const char * path,speed_t speed)248 kwboot_open_tty(const char *path, speed_t speed)
249 {
250 	int rc, fd;
251 	struct termios tio;
252 
253 	rc = -1;
254 
255 	fd = open(path, O_RDWR|O_NOCTTY|O_NDELAY);
256 	if (fd < 0)
257 		goto out;
258 
259 	memset(&tio, 0, sizeof(tio));
260 
261 	tio.c_iflag = 0;
262 	tio.c_cflag = CREAD|CLOCAL|CS8;
263 
264 	tio.c_cc[VMIN] = 1;
265 	tio.c_cc[VTIME] = 10;
266 
267 	cfsetospeed(&tio, speed);
268 	cfsetispeed(&tio, speed);
269 
270 	rc = tcsetattr(fd, TCSANOW, &tio);
271 	if (rc)
272 		goto out;
273 
274 	rc = fd;
275 out:
276 	if (rc < 0) {
277 		if (fd >= 0)
278 			close(fd);
279 	}
280 
281 	return rc;
282 }
283 
284 static int
kwboot_bootmsg(int tty,void * msg)285 kwboot_bootmsg(int tty, void *msg)
286 {
287 	int rc;
288 	char c;
289 
290 	if (msg == NULL)
291 		kwboot_printv("Please reboot the target into UART boot mode...");
292 	else
293 		kwboot_printv("Sending boot message. Please reboot the target...");
294 
295 	do {
296 		rc = tcflush(tty, TCIOFLUSH);
297 		if (rc)
298 			break;
299 
300 		rc = kwboot_tty_send(tty, msg, 8);
301 		if (rc) {
302 			usleep(msg_req_delay * 1000);
303 			continue;
304 		}
305 
306 		rc = kwboot_tty_recv(tty, &c, 1, msg_rsp_timeo);
307 
308 		kwboot_spinner();
309 
310 	} while (rc || c != NAK);
311 
312 	kwboot_printv("\n");
313 
314 	return rc;
315 }
316 
317 static int
kwboot_debugmsg(int tty,void * msg)318 kwboot_debugmsg(int tty, void *msg)
319 {
320 	int rc;
321 
322 	kwboot_printv("Sending debug message. Please reboot the target...");
323 
324 	do {
325 		char buf[16];
326 
327 		rc = tcflush(tty, TCIOFLUSH);
328 		if (rc)
329 			break;
330 
331 		rc = kwboot_tty_send(tty, msg, 8);
332 		if (rc) {
333 			usleep(msg_req_delay * 1000);
334 			continue;
335 		}
336 
337 		rc = kwboot_tty_recv(tty, buf, 16, msg_rsp_timeo);
338 
339 		kwboot_spinner();
340 
341 	} while (rc);
342 
343 	kwboot_printv("\n");
344 
345 	return rc;
346 }
347 
348 static int
kwboot_xm_makeblock(struct kwboot_block * block,const void * data,size_t size,int pnum)349 kwboot_xm_makeblock(struct kwboot_block *block, const void *data,
350 		    size_t size, int pnum)
351 {
352 	const size_t blksz = sizeof(block->data);
353 	size_t n;
354 	int i;
355 
356 	block->soh = SOH;
357 	block->pnum = pnum;
358 	block->_pnum = ~block->pnum;
359 
360 	n = size < blksz ? size : blksz;
361 	memcpy(&block->data[0], data, n);
362 	memset(&block->data[n], 0, blksz - n);
363 
364 	block->csum = 0;
365 	for (i = 0; i < n; i++)
366 		block->csum += block->data[i];
367 
368 	return n;
369 }
370 
371 static int
kwboot_xm_sendblock(int fd,struct kwboot_block * block)372 kwboot_xm_sendblock(int fd, struct kwboot_block *block)
373 {
374 	int rc, retries;
375 	char c;
376 
377 	retries = 16;
378 	do {
379 		rc = kwboot_tty_send(fd, block, sizeof(*block));
380 		if (rc)
381 			break;
382 
383 		do {
384 			rc = kwboot_tty_recv(fd, &c, 1, blk_rsp_timeo);
385 			if (rc)
386 				break;
387 
388 			if (c != ACK && c != NAK && c != CAN)
389 				printf("%c", c);
390 
391 		} while (c != ACK && c != NAK && c != CAN);
392 
393 		if (c != ACK)
394 			kwboot_progress(-1, '+');
395 
396 	} while (c == NAK && retries-- > 0);
397 
398 	rc = -1;
399 
400 	switch (c) {
401 	case ACK:
402 		rc = 0;
403 		break;
404 	case NAK:
405 		errno = EBADMSG;
406 		break;
407 	case CAN:
408 		errno = ECANCELED;
409 		break;
410 	default:
411 		errno = EPROTO;
412 		break;
413 	}
414 
415 	return rc;
416 }
417 
418 static int
kwboot_xmodem(int tty,const void * _data,size_t size)419 kwboot_xmodem(int tty, const void *_data, size_t size)
420 {
421 	const uint8_t *data = _data;
422 	int rc, pnum, N, err;
423 
424 	pnum = 1;
425 	N = 0;
426 
427 	kwboot_printv("Sending boot image...\n");
428 
429 	do {
430 		struct kwboot_block block;
431 		int n;
432 
433 		n = kwboot_xm_makeblock(&block,
434 					data + N, size - N,
435 					pnum++);
436 		if (n < 0)
437 			goto can;
438 
439 		if (!n)
440 			break;
441 
442 		rc = kwboot_xm_sendblock(tty, &block);
443 		if (rc)
444 			goto out;
445 
446 		N += n;
447 		kwboot_progress(N * 100 / size, '.');
448 	} while (1);
449 
450 	rc = kwboot_tty_send_char(tty, EOT);
451 
452 out:
453 	return rc;
454 
455 can:
456 	err = errno;
457 	kwboot_tty_send_char(tty, CAN);
458 	errno = err;
459 	goto out;
460 }
461 
462 static int
kwboot_term_pipe(int in,int out,char * quit,int * s)463 kwboot_term_pipe(int in, int out, char *quit, int *s)
464 {
465 	ssize_t nin, nout;
466 	char _buf[128], *buf = _buf;
467 
468 	nin = read(in, buf, sizeof(buf));
469 	if (nin < 0)
470 		return -1;
471 
472 	if (quit) {
473 		int i;
474 
475 		for (i = 0; i < nin; i++) {
476 			if (*buf == quit[*s]) {
477 				(*s)++;
478 				if (!quit[*s])
479 					return 0;
480 				buf++;
481 				nin--;
482 			} else
483 				while (*s > 0) {
484 					nout = write(out, quit, *s);
485 					if (nout <= 0)
486 						return -1;
487 					(*s) -= nout;
488 				}
489 		}
490 	}
491 
492 	while (nin > 0) {
493 		nout = write(out, buf, nin);
494 		if (nout <= 0)
495 			return -1;
496 		nin -= nout;
497 	}
498 
499 	return 0;
500 }
501 
502 static int
kwboot_terminal(int tty)503 kwboot_terminal(int tty)
504 {
505 	int rc, in, s;
506 	char *quit = "\34c";
507 	struct termios otio, tio;
508 
509 	rc = -1;
510 
511 	in = STDIN_FILENO;
512 	if (isatty(in)) {
513 		rc = tcgetattr(in, &otio);
514 		if (!rc) {
515 			tio = otio;
516 			cfmakeraw(&tio);
517 			rc = tcsetattr(in, TCSANOW, &tio);
518 		}
519 		if (rc) {
520 			perror("tcsetattr");
521 			goto out;
522 		}
523 
524 		kwboot_printv("[Type Ctrl-%c + %c to quit]\r\n",
525 			      quit[0]|0100, quit[1]);
526 	} else
527 		in = -1;
528 
529 	rc = 0;
530 	s = 0;
531 
532 	do {
533 		fd_set rfds;
534 		int nfds = 0;
535 
536 		FD_SET(tty, &rfds);
537 		nfds = nfds < tty ? tty : nfds;
538 
539 		if (in >= 0) {
540 			FD_SET(in, &rfds);
541 			nfds = nfds < in ? in : nfds;
542 		}
543 
544 		nfds = select(nfds + 1, &rfds, NULL, NULL, NULL);
545 		if (nfds < 0)
546 			break;
547 
548 		if (FD_ISSET(tty, &rfds)) {
549 			rc = kwboot_term_pipe(tty, STDOUT_FILENO, NULL, NULL);
550 			if (rc)
551 				break;
552 		}
553 
554 		if (FD_ISSET(in, &rfds)) {
555 			rc = kwboot_term_pipe(in, tty, quit, &s);
556 			if (rc)
557 				break;
558 		}
559 	} while (quit[s] != 0);
560 
561 	tcsetattr(in, TCSANOW, &otio);
562 out:
563 	return rc;
564 }
565 
566 static void *
kwboot_mmap_image(const char * path,size_t * size,int prot)567 kwboot_mmap_image(const char *path, size_t *size, int prot)
568 {
569 	int rc, fd, flags;
570 	struct stat st;
571 	void *img;
572 
573 	rc = -1;
574 	img = NULL;
575 
576 	fd = open(path, O_RDONLY);
577 	if (fd < 0)
578 		goto out;
579 
580 	rc = fstat(fd, &st);
581 	if (rc)
582 		goto out;
583 
584 	flags = (prot & PROT_WRITE) ? MAP_PRIVATE : MAP_SHARED;
585 
586 	img = mmap(NULL, st.st_size, prot, flags, fd, 0);
587 	if (img == MAP_FAILED) {
588 		img = NULL;
589 		goto out;
590 	}
591 
592 	rc = 0;
593 	*size = st.st_size;
594 out:
595 	if (rc && img) {
596 		munmap(img, st.st_size);
597 		img = NULL;
598 	}
599 	if (fd >= 0)
600 		close(fd);
601 
602 	return img;
603 }
604 
605 static uint8_t
kwboot_img_csum8(void * _data,size_t size)606 kwboot_img_csum8(void *_data, size_t size)
607 {
608 	uint8_t *data = _data, csum;
609 
610 	for (csum = 0; size-- > 0; data++)
611 		csum += *data;
612 
613 	return csum;
614 }
615 
616 static int
kwboot_img_patch_hdr(void * img,size_t size)617 kwboot_img_patch_hdr(void *img, size_t size)
618 {
619 	int rc;
620 	struct main_hdr_v1 *hdr;
621 	uint8_t csum;
622 	size_t hdrsz = sizeof(*hdr);
623 	int image_ver;
624 
625 	rc = -1;
626 	hdr = img;
627 
628 	if (size < hdrsz) {
629 		errno = EINVAL;
630 		goto out;
631 	}
632 
633 	image_ver = image_version(img);
634 	if (image_ver < 0) {
635 		fprintf(stderr, "Invalid image header version\n");
636 		errno = EINVAL;
637 		goto out;
638 	}
639 
640 	if (image_ver == 0)
641 		hdrsz = sizeof(*hdr);
642 	else
643 		hdrsz = KWBHEADER_V1_SIZE(hdr);
644 
645 	csum = kwboot_img_csum8(hdr, hdrsz) - hdr->checksum;
646 	if (csum != hdr->checksum) {
647 		errno = EINVAL;
648 		goto out;
649 	}
650 
651 	if (hdr->blockid == IBR_HDR_UART_ID) {
652 		rc = 0;
653 		goto out;
654 	}
655 
656 	hdr->blockid = IBR_HDR_UART_ID;
657 
658 	if (image_ver == 0) {
659 		struct main_hdr_v0 *hdr_v0 = img;
660 
661 		hdr_v0->nandeccmode = IBR_HDR_ECC_DISABLED;
662 		hdr_v0->nandpagesize = 0;
663 
664 		hdr_v0->srcaddr = hdr_v0->ext
665 			? sizeof(struct kwb_header)
666 			: sizeof(*hdr_v0);
667 	}
668 
669 	hdr->checksum = kwboot_img_csum8(hdr, hdrsz) - csum;
670 
671 	rc = 0;
672 out:
673 	return rc;
674 }
675 
676 static void
kwboot_usage(FILE * stream,char * progname)677 kwboot_usage(FILE *stream, char *progname)
678 {
679 	fprintf(stream,
680 		"Usage: %s [OPTIONS] [-b <image> | -D <image> ] [-B <baud> ] <TTY>\n",
681 		progname);
682 	fprintf(stream, "\n");
683 	fprintf(stream,
684 		"  -b <image>: boot <image> with preamble (Kirkwood, Armada 370/XP)\n");
685 	fprintf(stream, "  -p: patch <image> to type 0x69 (uart boot)\n");
686 	fprintf(stream,
687 		"  -D <image>: boot <image> without preamble (Dove)\n");
688 	fprintf(stream, "  -d: enter debug mode\n");
689 	fprintf(stream, "  -a: use timings for Armada XP\n");
690 	fprintf(stream, "  -q <req-delay>:  use specific request-delay\n");
691 	fprintf(stream, "  -s <resp-timeo>: use specific response-timeout\n");
692 	fprintf(stream,
693 		"  -o <block-timeo>: use specific xmodem block timeout\n");
694 	fprintf(stream, "\n");
695 	fprintf(stream, "  -t: mini terminal\n");
696 	fprintf(stream, "\n");
697 	fprintf(stream, "  -B <baud>: set baud rate\n");
698 	fprintf(stream, "\n");
699 }
700 
701 int
main(int argc,char ** argv)702 main(int argc, char **argv)
703 {
704 	const char *ttypath, *imgpath;
705 	int rv, rc, tty, term, prot, patch;
706 	void *bootmsg;
707 	void *debugmsg;
708 	void *img;
709 	size_t size;
710 	speed_t speed;
711 
712 	rv = 1;
713 	tty = -1;
714 	bootmsg = NULL;
715 	debugmsg = NULL;
716 	imgpath = NULL;
717 	img = NULL;
718 	term = 0;
719 	patch = 0;
720 	size = 0;
721 	speed = B115200;
722 
723 	kwboot_verbose = isatty(STDOUT_FILENO);
724 
725 	do {
726 		int c = getopt(argc, argv, "hb:ptaB:dD:q:s:o:");
727 		if (c < 0)
728 			break;
729 
730 		switch (c) {
731 		case 'b':
732 			bootmsg = kwboot_msg_boot;
733 			imgpath = optarg;
734 			break;
735 
736 		case 'D':
737 			bootmsg = NULL;
738 			imgpath = optarg;
739 			break;
740 
741 		case 'd':
742 			debugmsg = kwboot_msg_debug;
743 			break;
744 
745 		case 'p':
746 			patch = 1;
747 			break;
748 
749 		case 't':
750 			term = 1;
751 			break;
752 
753 		case 'a':
754 			msg_req_delay = KWBOOT_MSG_REQ_DELAY_AXP;
755 			msg_rsp_timeo = KWBOOT_MSG_RSP_TIMEO_AXP;
756 			break;
757 
758 		case 'q':
759 			msg_req_delay = atoi(optarg);
760 			break;
761 
762 		case 's':
763 			msg_rsp_timeo = atoi(optarg);
764 			break;
765 
766 		case 'o':
767 			blk_rsp_timeo = atoi(optarg);
768 			break;
769 
770 		case 'B':
771 			speed = kwboot_tty_speed(atoi(optarg));
772 			if (speed == -1)
773 				goto usage;
774 			break;
775 
776 		case 'h':
777 			rv = 0;
778 		default:
779 			goto usage;
780 		}
781 	} while (1);
782 
783 	if (!bootmsg && !term && !debugmsg)
784 		goto usage;
785 
786 	if (patch && !imgpath)
787 		goto usage;
788 
789 	if (argc - optind < 1)
790 		goto usage;
791 
792 	ttypath = argv[optind++];
793 
794 	tty = kwboot_open_tty(ttypath, speed);
795 	if (tty < 0) {
796 		perror(ttypath);
797 		goto out;
798 	}
799 
800 	if (imgpath) {
801 		prot = PROT_READ | (patch ? PROT_WRITE : 0);
802 
803 		img = kwboot_mmap_image(imgpath, &size, prot);
804 		if (!img) {
805 			perror(imgpath);
806 			goto out;
807 		}
808 	}
809 
810 	if (patch) {
811 		rc = kwboot_img_patch_hdr(img, size);
812 		if (rc) {
813 			fprintf(stderr, "%s: Invalid image.\n", imgpath);
814 			goto out;
815 		}
816 	}
817 
818 	if (debugmsg) {
819 		rc = kwboot_debugmsg(tty, debugmsg);
820 		if (rc) {
821 			perror("debugmsg");
822 			goto out;
823 		}
824 	} else {
825 		rc = kwboot_bootmsg(tty, bootmsg);
826 		if (rc) {
827 			perror("bootmsg");
828 			goto out;
829 		}
830 	}
831 
832 	if (img) {
833 		rc = kwboot_xmodem(tty, img, size);
834 		if (rc) {
835 			perror("xmodem");
836 			goto out;
837 		}
838 	}
839 
840 	if (term) {
841 		rc = kwboot_terminal(tty);
842 		if (rc && !(errno == EINTR)) {
843 			perror("terminal");
844 			goto out;
845 		}
846 	}
847 
848 	rv = 0;
849 out:
850 	if (tty >= 0)
851 		close(tty);
852 
853 	if (img)
854 		munmap(img, size);
855 
856 	return rv;
857 
858 usage:
859 	kwboot_usage(rv ? stderr : stdout, basename(argv[0]));
860 	goto out;
861 }
862