1 /*
2 * Copyright 2014 Intel Corporation
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <stdio.h>
18 #include <unistd.h>
19 #include <stdbool.h>
20 #include <sys/types.h>
21 #include <sys/stat.h>
22 #include <fcntl.h>
23 #include <cutils/properties.h>
24 #include <sys/mman.h>
25 #include "fw_version_check.h"
26 #include "edify/expr.h"
27
28 #define FORCE_RW_OPT "0"
29 #define BOOT_IFWI_SIZE 0x400000
30 #define BOOT_UMIP_SIZE 0x10000
31 #define BOOT_UMIP_SECTOR_SIZE 0x200
32 #define BOOT_UMIP_XOR_OFFSET 0x7
33 #define BOOT_UMIP_3GPP_OFFSET 0x76F
34 #define BOOT_IFWI_XOR_OFFSET 0x0112d8
35 #define BOOT_DNX_TIMEOUT_OFFSET 0x400
36 #define IFWI_OFFSET 0
37 #define TOKEN_UMIP_AREA_OFFSET 0x4000
38 #define TOKEN_UMIP_AREA_SIZE 0x2C00
39 #define FILE_PATH_SIZE 64
40 #define IFWI_TYPE_LSH 12
41
dump_fw_versions(struct firmware_versions * v)42 static void dump_fw_versions(struct firmware_versions *v)
43 {
44 fprintf(stderr, "Image FW versions:\n");
45 fprintf(stderr, " ifwi: %04X.%04X\n", v->ifwi.major, v->ifwi.minor);
46 fprintf(stderr, "---- components ----\n");
47 fprintf(stderr, " scu: %04X.%04X\n", v->scu.major, v->scu.minor);
48 fprintf(stderr, " hooks/oem: %04X.%04X\n", v->valhooks.major, v->valhooks.minor);
49 fprintf(stderr, " ia32: %04X.%04X\n", v->ia32.major, v->ia32.minor);
50 fprintf(stderr, " chaabi: %04X.%04X\n", v->chaabi.major, v->chaabi.minor);
51 fprintf(stderr, " mIA: %04X.%04X\n", v->mia.major, v->mia.minor);
52 }
53
force_rw(char * name)54 static int force_rw(char *name) {
55 int ret, fd;
56
57 fd = open(name, O_WRONLY);
58 if (fd < 0) {
59 fprintf(stderr, "force_ro(): failed to open %s\n", name);
60 return fd;
61 }
62
63 ret = write(fd, FORCE_RW_OPT, sizeof(FORCE_RW_OPT));
64 if (ret <= 0) {
65 fprintf(stderr, "force_ro(): failed to write %s\n", name);
66 close(fd);
67 return ret;
68 }
69
70 close(fd);
71 return 0;
72 }
73
check_ifwi_file_scu_emmc(void * data,size_t size)74 int check_ifwi_file_scu_emmc(void *data, size_t size)
75 {
76 struct firmware_versions dev_fw_rev, img_fw_rev;
77
78 if (get_image_fw_rev(data, size, &img_fw_rev)) {
79 fprintf(stderr, "Coudn't extract FW version data from image\n");
80 return -1;
81 }
82
83 dump_fw_versions(&img_fw_rev);
84 if (get_current_fw_rev(&dev_fw_rev)) {
85 fprintf(stderr, "Couldn't query existing IFWI version\n");
86 return -1;
87 }
88 fprintf(stderr,
89 "Attempting to flash ifwi image version %04X.%04X over ifwi current version %04X.%04X\n",
90 img_fw_rev.ifwi.major, img_fw_rev.ifwi.minor, dev_fw_rev.ifwi.major, dev_fw_rev.ifwi.minor);
91
92 if (img_fw_rev.ifwi.major != dev_fw_rev.ifwi.major) {
93 fprintf(stderr,
94 "IFWI FW Major version numbers (file=%04X current=%04X) don't match, Update abort.\n",
95 img_fw_rev.ifwi.major, dev_fw_rev.ifwi.major);
96 return -1;
97 }
98
99 return 1;
100 }
101
xor_compute(char * ptr,uint32_t size)102 static uint32_t xor_compute(char *ptr, uint32_t size)
103 {
104 uint32_t xor = 0;
105 uint32_t i;
106
107 for (i = 0; i < size; i+=4)
108 xor = xor ^ *(uint32_t *)(ptr + i);
109
110 return xor;
111 }
112
xor_factorize(uint32_t xor)113 static uint8_t xor_factorize(uint32_t xor)
114 {
115 return (uint8_t)((xor & 0xff) ^ ((xor >> 8) & 0xff) ^ ((xor >> 16) & 0xff) ^ ((xor >> 24) & 0xff));
116 }
117
xor_update(char * ptr)118 static void xor_update(char *ptr)
119 {
120 uint16_t i;
121 uint32_t xor;
122
123 /* update UMIP xor of sector 2 to 127 */
124 for (i = 2; i < 128; i++) {
125 xor = xor_compute(ptr + i * BOOT_UMIP_SECTOR_SIZE, BOOT_UMIP_SECTOR_SIZE);
126 *(uint32_t *)(ptr + 4 * i) = xor;
127 }
128
129 /* update UMIP xor */
130 *(ptr + BOOT_UMIP_XOR_OFFSET) = 0;
131 xor = xor_compute(ptr, BOOT_UMIP_SIZE);
132 *(ptr + BOOT_UMIP_XOR_OFFSET) = xor_factorize(xor);
133
134 /* update IFWI xor */
135 *(uint32_t *)(ptr + BOOT_IFWI_XOR_OFFSET) = 0x0;
136 xor = xor_compute(ptr, BOOT_IFWI_SIZE);
137 *(uint32_t *)(ptr + BOOT_IFWI_XOR_OFFSET) = xor;
138 }
139
write_umip_emmc(uint32_t addr_offset,void * data,size_t size)140 static int write_umip_emmc(uint32_t addr_offset, void *data, size_t size)
141 {
142 int boot_fd = 0;
143 int boot_index;
144 char boot_partition[FILE_PATH_SIZE];
145 char boot_partition_force_ro[FILE_PATH_SIZE];
146 char *ptr;
147 char *token_data;
148
149 if (addr_offset == IFWI_OFFSET) {
150 token_data = malloc(TOKEN_UMIP_AREA_SIZE);
151 if (!token_data) {
152 fprintf(stderr, "write_umip_emmc: Malloc error\n");
153 return -1;
154 }
155
156 if (size > BOOT_IFWI_SIZE) {
157 fprintf(stderr, "write_umip_emmc: Truncating last %d bytes from the IFWI\n",
158 (size - BOOT_IFWI_SIZE));
159 /* Since the last 144 bytes are the FUP header which are not required,*/
160 /* we truncate it to fit into the boot partition. */
161 size = BOOT_IFWI_SIZE;
162 }
163 }
164
165 for (boot_index = 0; boot_index < 2; boot_index++) {
166 snprintf(boot_partition, FILE_PATH_SIZE, "/dev/block/mmcblk0boot%d", boot_index);
167 snprintf(boot_partition_force_ro, FILE_PATH_SIZE, "/sys/block/mmcblk0boot%d/force_ro", boot_index);
168
169 if (force_rw(boot_partition_force_ro)) {
170 fprintf(stderr, "write_umip_emmc: unable to force_ro %s\n", boot_partition);
171 goto err_boot1;
172 }
173 boot_fd = open(boot_partition, O_RDWR);
174 if (boot_fd < 0) {
175 fprintf(stderr, "write_umip_emmc: failed to open %s\n", boot_partition);
176 goto err_boot1;
177 }
178
179 ptr = (char *)mmap(NULL, BOOT_IFWI_SIZE, PROT_READ|PROT_WRITE, MAP_SHARED, boot_fd, 0);
180 if (ptr == MAP_FAILED) {
181 fprintf(stderr, "write_umip_emmc: mmap failed on boot%d with error : %s\n", boot_index, strerror(errno));
182 goto err_boot1;
183 }
184
185 if (addr_offset == IFWI_OFFSET)
186 memcpy(token_data, ptr + TOKEN_UMIP_AREA_OFFSET, TOKEN_UMIP_AREA_SIZE);
187
188 /* Write the data */
189 if (addr_offset + size <= BOOT_IFWI_SIZE)
190 if (data == NULL)
191 memset(ptr + addr_offset, 0, size);
192 else
193 memcpy(ptr + addr_offset, data, size);
194 else {
195 fprintf(stderr, "write_umip_emmc: write failed\n");
196 goto err_boot2;
197 }
198
199 if (addr_offset == IFWI_OFFSET)
200 memcpy(ptr + TOKEN_UMIP_AREA_OFFSET, token_data, TOKEN_UMIP_AREA_SIZE);
201
202 /* Compute and write xor */
203 xor_update(ptr);
204
205 munmap(ptr, BOOT_IFWI_SIZE);
206 close(boot_fd);
207 }
208
209 if (addr_offset == IFWI_OFFSET)
210 free(token_data);
211 return 0;
212
213 err_boot2:
214 munmap(ptr, BOOT_IFWI_SIZE);
215
216 err_boot1:
217 if (addr_offset == IFWI_OFFSET)
218 free(token_data);
219 close(boot_fd);
220 return -1;
221 }
222
readbyte_umip_emmc(uint32_t addr_offset)223 static int readbyte_umip_emmc(uint32_t addr_offset)
224 {
225 int boot_fd = 0;
226 char *ptr;
227 int value = 0;
228
229 if (force_rw("/sys/block/mmcblk0boot0/force_ro")) {
230 fprintf(stderr, "read_umip_emmc: unable to force_ro\n");
231 goto err_boot1;
232 }
233 boot_fd = open("/dev/block/mmcblk0boot0", O_RDWR);
234 if (boot_fd < 0) {
235 fprintf(stderr, "read_umip_emmc: failed to open /dev/block/mmcblk0boot0\n");
236 goto err_boot1;
237 }
238
239 ptr = (char *)mmap(NULL, BOOT_UMIP_SIZE, PROT_READ|PROT_WRITE, MAP_SHARED, boot_fd, 0);
240 if (ptr == MAP_FAILED) {
241 fprintf(stderr, "read_umip_emmc: mmap failed on boot0 with error : %s\n", strerror(errno));
242 goto err_boot1;
243 }
244
245 /* Read the data */
246 if (addr_offset < BOOT_UMIP_SIZE)
247 value = (int)*(ptr + addr_offset);
248 else {
249 fprintf(stderr, "read_umip_emmc: read failed\n");
250 goto err_boot2;
251 }
252
253 munmap(ptr, BOOT_UMIP_SIZE);
254 close(boot_fd);
255
256 return value;
257
258 err_boot2:
259 munmap(ptr, BOOT_UMIP_SIZE);
260
261 err_boot1:
262 close(boot_fd);
263 return -1;
264 }
265
update_ifwi_file_scu_emmc(void * data,size_t size)266 int update_ifwi_file_scu_emmc(void *data, size_t size)
267 {
268 return write_umip_emmc(IFWI_OFFSET, data, size);
269 }
270
flash_ifwi_scu_emmc(void * data,unsigned size)271 int flash_ifwi_scu_emmc(void *data, unsigned size)
272 {
273 int ret;
274
275 ret = check_ifwi_file_scu_emmc(data, size);
276 if (ret > 0)
277 return update_ifwi_file_scu_emmc(data, size);
278
279 return ret;
280 }
281
FlashIfwiFuguFn(const char * name,State * state,int argc,Expr * argv[])282 Value* FlashIfwiFuguFn(const char *name, State * state, int argc, Expr * argv[]) {
283 Value *ret = NULL;
284 char *filename = NULL;
285 unsigned char *buffer = NULL;
286 int ifwi_size;
287 FILE *f = NULL;
288
289 if (argc != 1) {
290 ErrorAbort(state, "%s() expected 1 arg, got %d", name, argc);
291 return NULL;
292 }
293 if (ReadArgs(state, argv, 1, &filename) < 0) {
294 ErrorAbort(state, "%s() invalid args ", name);
295 return NULL;
296 }
297
298 if (filename == NULL || strlen(filename) == 0) {
299 ErrorAbort(state, "filename argument to %s can't be empty", name);
300 goto done;
301 }
302
303 if ((f = fopen(filename,"rb")) == NULL) {
304 ErrorAbort(state, "Unable to open file %s: %s ", filename, strerror(errno));
305 goto done;
306 }
307
308 fseek(f, 0, SEEK_END);
309 ifwi_size = ftell(f);
310 if (ifwi_size < 0) {
311 ErrorAbort(state, "Unable to get ifwi_size ");
312 goto done;
313 };
314 fseek(f, 0, SEEK_SET);
315
316 if ((buffer = malloc(ifwi_size)) == NULL) {
317 ErrorAbort(state, "Unable to alloc ifwi flash buffer of size %d", ifwi_size);
318 goto done;
319 }
320 fread(buffer, ifwi_size, 1, f);
321 fclose(f);
322
323 if(flash_ifwi_scu_emmc(buffer, ifwi_size) !=0) {
324 ErrorAbort(state, "Unable to flash ifwi in emmc");
325 free(buffer);
326 goto done;
327 };
328
329 free(buffer);
330 ret = StringValue(strdup(""));
331
332 done:
333 if (filename)
334 free(filename);
335
336 return ret;
337 }
338
Register_librecovery_updater_fugu()339 void Register_librecovery_updater_fugu() {
340 RegisterFunction("fugu.flash_ifwi", FlashIfwiFuguFn);
341 }
342