1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Copyright (C) 2016 Marvell International Ltd. 4 * https://spdx.org/licenses 5 */ 6 7#include <config.h> 8#include <common.h> 9#include <command.h> 10#include <env.h> 11#include <image.h> 12#include <net.h> 13#include <vsprintf.h> 14#include <errno.h> 15#include <dm.h> 16#include <fuse.h> 17#include <mach/efuse.h> 18 19#include <spi_flash.h> 20#include <spi.h> 21#include <nand.h> 22#include <scsi.h> 23#include <usb.h> 24#include <fs.h> 25#include <mmc.h> 26#ifdef CONFIG_BLK 27#include <blk.h> 28#endif 29#include <u-boot/sha1.h> 30#include <u-boot/sha256.h> 31#include <u-boot/sha512.h> 32 33#if defined(CONFIG_ARMADA_8K) 34#define MAIN_HDR_MAGIC 0xB105B002 35 36struct mvebu_image_header { 37 u32 magic; /* 0-3 */ 38 u32 prolog_size; /* 4-7 */ 39 u32 prolog_checksum; /* 8-11 */ 40 u32 boot_image_size; /* 12-15 */ 41 u32 boot_image_checksum; /* 16-19 */ 42 u32 rsrvd0; /* 20-23 */ 43 u32 load_addr; /* 24-27 */ 44 u32 exec_addr; /* 28-31 */ 45 u8 uart_cfg; /* 32 */ 46 u8 baudrate; /* 33 */ 47 u8 ext_count; /* 34 */ 48 u8 aux_flags; /* 35 */ 49 u32 io_arg_0; /* 36-39 */ 50 u32 io_arg_1; /* 40-43 */ 51 u32 io_arg_2; /* 43-47 */ 52 u32 io_arg_3; /* 48-51 */ 53 u32 rsrvd1; /* 52-55 */ 54 u32 rsrvd2; /* 56-59 */ 55 u32 rsrvd3; /* 60-63 */ 56}; 57#elif defined(CONFIG_ARMADA_3700) /* A3700 */ 58#define HASH_SUM_LEN 16 59#define IMAGE_VERSION_3_6_0 0x030600 60#define IMAGE_VERSION_3_5_0 0x030500 61 62struct tim_boot_flash_sign { 63 unsigned int id; 64 const char *name; 65}; 66 67struct tim_boot_flash_sign tim_boot_flash_signs[] = { 68 { 0x454d4d08, "mmc" }, 69 { 0x454d4d0b, "mmc" }, 70 { 0x5350490a, "spi" }, 71 { 0x5350491a, "nand" }, 72 { 0x55415223, "uart" }, 73 { 0x53415432, "sata" }, 74 {}, 75}; 76 77struct common_tim_data { 78 u32 version; 79 u32 identifier; 80 u32 trusted; 81 u32 issue_date; 82 u32 oem_unique_id; 83 u32 reserved[5]; /* Reserve 20 bytes */ 84 u32 boot_flash_sign; 85 u32 num_images; 86 u32 num_keys; 87 u32 size_of_reserved; 88}; 89 90struct mvebu_image_info { 91 u32 image_id; 92 u32 next_image_id; 93 u32 flash_entry_addr; 94 u32 load_addr; 95 u32 image_size; 96 u32 image_size_to_hash; 97 u32 hash_algorithm_id; 98 u32 hash[HASH_SUM_LEN]; /* Reserve 512 bits for the hash */ 99 u32 partition_number; 100 u32 enc_algorithm_id; 101 u32 encrypt_start_offset; 102 u32 encrypt_size; 103}; 104#elif defined(CONFIG_ARMADA_32BIT) 105 106/* Structure of the main header, version 1 (Armada 370/XP/375/38x/39x) */ 107struct a38x_main_hdr_v1 { 108 u8 blockid; /* 0x0 */ 109 u8 flags; /* 0x1 */ 110 u16 nandpagesize; /* 0x2-0x3 */ 111 u32 blocksize; /* 0x4-0x7 */ 112 u8 version; /* 0x8 */ 113 u8 headersz_msb; /* 0x9 */ 114 u16 headersz_lsb; /* 0xA-0xB */ 115 u32 srcaddr; /* 0xC-0xF */ 116 u32 destaddr; /* 0x10-0x13 */ 117 u32 execaddr; /* 0x14-0x17 */ 118 u8 options; /* 0x18 */ 119 u8 nandblocksize; /* 0x19 */ 120 u8 nandbadblklocation; /* 0x1A */ 121 u8 reserved4; /* 0x1B */ 122 u16 reserved5; /* 0x1C-0x1D */ 123 u8 ext; /* 0x1E */ 124 u8 checksum; /* 0x1F */ 125}; 126 127/* 128 * Header for the optional headers, version 1 (Armada 370/XP/375/38x/39x) 129 */ 130struct a38x_opt_hdr_v1 { 131 u8 headertype; 132 u8 headersz_msb; 133 u16 headersz_lsb; 134 u8 data[0]; 135}; 136#define A38X_OPT_HDR_V1_SECURE_TYPE 0x1 137 138struct a38x_boot_mode { 139 unsigned int id; 140 const char *name; 141}; 142 143/* The blockid header field values used to indicate boot device of image */ 144struct a38x_boot_mode a38x_boot_modes[] = { 145 { 0x4D, "i2c" }, 146 { 0x5A, "spi" }, 147 { 0x69, "uart" }, 148 { 0x78, "sata" }, 149 { 0x8B, "nand" }, 150 { 0x9C, "pex" }, 151 { 0xAE, "mmc" }, 152 {}, 153}; 154 155#endif 156 157struct bubt_dev { 158 char name[8]; 159 size_t (*read)(const char *file_name); 160 int (*write)(size_t image_size); 161 int (*active)(void); 162}; 163 164static ulong get_load_addr(void) 165{ 166 const char *addr_str; 167 unsigned long addr; 168 169 addr_str = env_get("loadaddr"); 170 if (addr_str) 171 addr = hextoul(addr_str, NULL); 172 else 173 addr = CONFIG_SYS_LOAD_ADDR; 174 175 return addr; 176} 177 178/******************************************************************** 179 * eMMC services 180 ********************************************************************/ 181#if CONFIG_IS_ENABLED(DM_MMC) && CONFIG_IS_ENABLED(MMC_WRITE) 182static int mmc_burn_image(size_t image_size) 183{ 184 struct mmc *mmc; 185 lbaint_t start_lba; 186 lbaint_t blk_count; 187 ulong blk_written; 188 int err; 189 const u8 mmc_dev_num = CONFIG_SYS_MMC_ENV_DEV; 190#ifdef CONFIG_BLK 191 struct blk_desc *blk_desc; 192#endif 193#ifdef CONFIG_SUPPORT_EMMC_BOOT 194 u8 part; 195 u8 orig_part; 196#endif 197 198 mmc = find_mmc_device(mmc_dev_num); 199 if (!mmc) { 200 printf("No SD/MMC/eMMC card found\n"); 201 return -ENOMEDIUM; 202 } 203 204 err = mmc_init(mmc); 205 if (err) { 206 printf("%s(%d) init failed\n", IS_SD(mmc) ? "SD" : "MMC", 207 mmc_dev_num); 208 return err; 209 } 210 211#ifdef CONFIG_BLK 212 blk_desc = mmc_get_blk_desc(mmc); 213 if (!blk_desc) { 214 printf("Error - failed to obtain block descriptor\n"); 215 return -ENODEV; 216 } 217#endif 218 219#ifdef CONFIG_SUPPORT_EMMC_BOOT 220#ifdef CONFIG_BLK 221 orig_part = blk_desc->hwpart; 222#else 223 orig_part = mmc->block_dev.hwpart; 224#endif 225 226 part = EXT_CSD_EXTRACT_BOOT_PART(mmc->part_config); 227 if (part == 7) 228 part = 0; 229 230#ifdef CONFIG_BLK 231 err = blk_dselect_hwpart(blk_desc, part); 232#else 233 err = mmc_switch_part(mmc, part); 234#endif 235 236 if (err) { 237 printf("Error - MMC partition switch failed\n"); 238 return err; 239 } 240#endif 241 242 /* SD reserves LBA-0 for MBR and boots from LBA-1, 243 * MMC/eMMC boots from LBA-0 and LBA-4096 244 */ 245 if (IS_SD(mmc)) 246 start_lba = 1; 247#ifdef CONFIG_SUPPORT_EMMC_BOOT 248 else if (part) 249 start_lba = 0; 250#endif 251 else 252 start_lba = 4096; 253#ifdef CONFIG_BLK 254 blk_count = image_size / mmc->write_bl_len; 255 if (image_size % mmc->write_bl_len) 256 blk_count += 1; 257 258 blk_written = blk_dwrite(blk_desc, start_lba, blk_count, 259 (void *)get_load_addr()); 260#else 261 blk_count = image_size / mmc->block_dev.blksz; 262 if (image_size % mmc->block_dev.blksz) 263 blk_count += 1; 264 265 blk_written = mmc->block_dev.block_write(mmc_dev_num, 266 start_lba, blk_count, 267 (void *)get_load_addr()); 268#endif /* CONFIG_BLK */ 269 270#ifdef CONFIG_SUPPORT_EMMC_BOOT 271#ifdef CONFIG_BLK 272 err = blk_dselect_hwpart(blk_desc, orig_part); 273#else 274 err = mmc_switch_part(mmc, orig_part); 275#endif 276 if (err) 277 printf("Error - MMC failed to switch back to original partition\n"); 278#endif 279 280 if (blk_written != blk_count) { 281 printf("Error - written %#lx blocks\n", blk_written); 282 return -ENOSPC; 283 } 284 printf("Done!\n"); 285 286 return 0; 287} 288 289static size_t mmc_read_file(const char *file_name) 290{ 291 loff_t act_read = 0; 292 int rc; 293 struct mmc *mmc; 294 const u8 mmc_dev_num = CONFIG_SYS_MMC_ENV_DEV; 295 296 mmc = find_mmc_device(mmc_dev_num); 297 if (!mmc) { 298 printf("No SD/MMC/eMMC card found\n"); 299 return 0; 300 } 301 302 if (mmc_init(mmc)) { 303 printf("%s(%d) init failed\n", IS_SD(mmc) ? "SD" : "MMC", 304 mmc_dev_num); 305 return 0; 306 } 307 308 /* Load from data partition (0) */ 309 if (fs_set_blk_dev("mmc", "0", FS_TYPE_ANY)) { 310 printf("Error: MMC 0 not found\n"); 311 return 0; 312 } 313 314 /* Perfrom file read */ 315 rc = fs_read(file_name, get_load_addr(), 0, 0, &act_read); 316 if (rc) 317 return 0; 318 319 return act_read; 320} 321 322static int is_mmc_active(void) 323{ 324 return 1; 325} 326#else /* CONFIG_DM_MMC */ 327static int mmc_burn_image(size_t image_size) 328{ 329 return -ENODEV; 330} 331 332static size_t mmc_read_file(const char *file_name) 333{ 334 return 0; 335} 336 337static int is_mmc_active(void) 338{ 339 return 0; 340} 341#endif /* CONFIG_DM_MMC */ 342 343/******************************************************************** 344 * SATA services 345 ********************************************************************/ 346#if defined(CONFIG_SCSI) && defined(CONFIG_BLK) 347static int sata_burn_image(size_t image_size) 348{ 349#if defined(CONFIG_ARMADA_3700) || defined(CONFIG_ARMADA_32BIT) 350 lbaint_t start_lba; 351 lbaint_t blk_count; 352 ulong blk_written; 353 struct blk_desc *blk_desc; 354#ifdef CONFIG_ARMADA_3700 355 struct disk_partition info; 356 int part; 357#endif 358 359 scsi_scan(false); 360 361 blk_desc = blk_get_devnum_by_uclass_id(UCLASS_SCSI, 0); 362 if (!blk_desc) 363 return -ENODEV; 364 365#ifdef CONFIG_ARMADA_3700 366 /* 367 * 64-bit Armada 3700 BootROM loads SATA firmware from 368 * GPT 'Marvell Armada 3700 Boot partition' or from 369 * MBR 'M' (0x4d) partition. 370 */ 371 switch (blk_desc->part_type) { 372 case PART_TYPE_DOS: 373 for (part = 1; part <= 4; part++) { 374 info.sys_ind = 0; 375 if (part_get_info(blk_desc, part, &info)) 376 continue; 377 if (info.sys_ind == 'M') 378 break; 379 } 380 if (part > 4) { 381 printf("Error - cannot find MBR 'M' (0x4d) partition on SATA disk\n"); 382 return -ENODEV; 383 } 384 start_lba = info.start; 385 break; 386 case PART_TYPE_EFI: 387 for (part = 1; part <= 64; part++) { 388 info.type_guid[0] = 0; 389 if (part_get_info(blk_desc, part, &info)) 390 continue; 391 /* Check for GPT type GUID of 'Marvell Armada 3700 Boot partition' */ 392 if (strcmp(info.type_guid, "6828311A-BA55-42A4-BCDE-A89BB5EDECAE") == 0) 393 break; 394 } 395 if (part > 64) { 396 printf("Error - cannot find GPT 'Marvell Armada 3700 Boot partition' on SATA disk\n"); 397 return -ENODEV; 398 } 399 start_lba = info.start; 400 break; 401 default: 402 printf("Error - no partitions on SATA disk\n"); 403 return -ENODEV; 404 } 405#else 406 /* 32-bit Armada BootROM loads SATA firmware from the sector 1. */ 407 start_lba = 1; 408#endif 409 410 blk_count = image_size / blk_desc->blksz; 411 if (image_size % blk_desc->blksz) 412 blk_count += 1; 413 414 blk_written = blk_dwrite(blk_desc, start_lba, blk_count, 415 (void *)get_load_addr()); 416 417 if (blk_written != blk_count) { 418 printf("Error - written %#lx blocks\n", blk_written); 419 return -ENOSPC; 420 } 421 422 printf("Done!\n"); 423 return 0; 424#else 425 return -ENODEV; 426#endif 427} 428 429static size_t sata_read_file(const char *file_name) 430{ 431 loff_t act_read = 0; 432 struct udevice *dev; 433 int rc; 434 435 /* try to recognize storage devices immediately */ 436 scsi_scan(false); 437 438 /* Try to recognize storage devices immediately */ 439 blk_first_device(UCLASS_SCSI, &dev); 440 if (!dev) { 441 printf("Error: SATA device not found\n"); 442 return 0; 443 } 444 445 /* Always load from scsi 0 */ 446 if (fs_set_blk_dev("scsi", "0", FS_TYPE_ANY)) { 447 printf("Error: SATA 0 not found\n"); 448 return 0; 449 } 450 451 /* Perfrom file read */ 452 rc = fs_read(file_name, get_load_addr(), 0, 0, &act_read); 453 if (rc) 454 return 0; 455 456 return act_read; 457} 458 459static int is_sata_active(void) 460{ 461 return 1; 462} 463#else /* CONFIG_SCSI */ 464static int sata_burn_image(size_t image_size) 465{ 466 return -ENODEV; 467} 468 469static size_t sata_read_file(const char *file_name) 470{ 471 return 0; 472} 473 474static int is_sata_active(void) 475{ 476 return 0; 477} 478#endif /* CONFIG_SCSI */ 479 480/******************************************************************** 481 * SPI services 482 ********************************************************************/ 483#ifdef CONFIG_SPI_FLASH 484static int spi_burn_image(size_t image_size) 485{ 486 int ret; 487 struct spi_flash *flash; 488 u32 erase_bytes; 489 490 /* Probe the SPI bus to get the flash device */ 491 flash = spi_flash_probe(CONFIG_SF_DEFAULT_BUS, 492 CONFIG_SF_DEFAULT_CS, 493 CONFIG_SF_DEFAULT_SPEED, 494 CONFIG_SF_DEFAULT_MODE); 495 if (!flash) { 496 printf("Failed to probe SPI Flash\n"); 497 return -ENOMEDIUM; 498 } 499 500 erase_bytes = image_size + 501 (flash->erase_size - image_size % flash->erase_size); 502 printf("Erasing %d bytes (%d blocks) at offset 0 ...", 503 erase_bytes, erase_bytes / flash->erase_size); 504 ret = spi_flash_erase(flash, 0, erase_bytes); 505 if (ret) 506 printf("Error!\n"); 507 else 508 printf("Done!\n"); 509 510 printf("Writing %d bytes from 0x%lx to offset 0 ...", 511 (int)image_size, get_load_addr()); 512 ret = spi_flash_write(flash, 0, image_size, (void *)get_load_addr()); 513 if (ret) 514 printf("Error!\n"); 515 else 516 printf("Done!\n"); 517 518 return ret; 519} 520 521static int is_spi_active(void) 522{ 523 return 1; 524} 525 526#else /* CONFIG_SPI_FLASH */ 527static int spi_burn_image(size_t image_size) 528{ 529 return -ENODEV; 530} 531 532static int is_spi_active(void) 533{ 534 return 0; 535} 536#endif /* CONFIG_SPI_FLASH */ 537 538/******************************************************************** 539 * NAND services 540 ********************************************************************/ 541#ifdef CONFIG_CMD_NAND 542static int nand_burn_image(size_t image_size) 543{ 544 int ret; 545 uint32_t block_size; 546 struct mtd_info *mtd; 547 548 mtd = get_nand_dev_by_index(nand_curr_device); 549 if (!mtd) { 550 puts("\nno devices available\n"); 551 return -ENOMEDIUM; 552 } 553 block_size = mtd->erasesize; 554 555 /* Align U-Boot size to currently used blocksize */ 556 image_size = ((image_size + (block_size - 1)) & (~(block_size - 1))); 557 558 /* Erase the U-Boot image space */ 559 printf("Erasing 0x%x - 0x%x:...", 0, (int)image_size); 560 ret = nand_erase(mtd, 0, image_size); 561 if (ret) { 562 printf("Error!\n"); 563 goto error; 564 } 565 printf("Done!\n"); 566 567 /* Write the image to flash */ 568 printf("Writing %d bytes from 0x%lx to offset 0 ... ", 569 (int)image_size, get_load_addr()); 570 ret = nand_write(mtd, 0, &image_size, (void *)get_load_addr()); 571 if (ret) 572 printf("Error!\n"); 573 else 574 printf("Done!\n"); 575 576error: 577 return ret; 578} 579 580static int is_nand_active(void) 581{ 582 return 1; 583} 584 585#else /* CONFIG_CMD_NAND */ 586static int nand_burn_image(size_t image_size) 587{ 588 return -ENODEV; 589} 590 591static int is_nand_active(void) 592{ 593 return 0; 594} 595#endif /* CONFIG_CMD_NAND */ 596 597/******************************************************************** 598 * USB services 599 ********************************************************************/ 600#if defined(CONFIG_USB_STORAGE) && defined(CONFIG_BLK) 601static size_t usb_read_file(const char *file_name) 602{ 603 loff_t act_read = 0; 604 struct udevice *dev; 605 int rc; 606 607 usb_stop(); 608 609 if (usb_init() < 0) { 610 printf("Error: usb_init failed\n"); 611 return 0; 612 } 613 614 /* Try to recognize storage devices immediately */ 615 blk_first_device(UCLASS_USB, &dev); 616 if (!dev) { 617 printf("Error: USB storage device not found\n"); 618 return 0; 619 } 620 621 /* Always load from usb 0 */ 622 if (fs_set_blk_dev("usb", "0", FS_TYPE_ANY)) { 623 printf("Error: USB 0 not found\n"); 624 return 0; 625 } 626 627 /* Perfrom file read */ 628 rc = fs_read(file_name, get_load_addr(), 0, 0, &act_read); 629 if (rc) 630 return 0; 631 632 return act_read; 633} 634 635static int is_usb_active(void) 636{ 637 return 1; 638} 639 640#else /* defined(CONFIG_USB_STORAGE) && defined (CONFIG_BLK) */ 641static size_t usb_read_file(const char *file_name) 642{ 643 return 0; 644} 645 646static int is_usb_active(void) 647{ 648 return 0; 649} 650#endif /* defined(CONFIG_USB_STORAGE) && defined (CONFIG_BLK) */ 651 652/******************************************************************** 653 * Network services 654 ********************************************************************/ 655#ifdef CONFIG_CMD_NET 656static size_t tftp_read_file(const char *file_name) 657{ 658 int ret; 659 660 /* 661 * update global variable image_load_addr before tftp file from network 662 */ 663 image_load_addr = get_load_addr(); 664 ret = net_loop(TFTPGET); 665 return ret > 0 ? ret : 0; 666} 667 668static int is_tftp_active(void) 669{ 670 return 1; 671} 672 673#else 674static size_t tftp_read_file(const char *file_name) 675{ 676 return 0; 677} 678 679static int is_tftp_active(void) 680{ 681 return 0; 682} 683#endif /* CONFIG_CMD_NET */ 684 685enum bubt_devices { 686 BUBT_DEV_NET = 0, 687 BUBT_DEV_USB, 688 BUBT_DEV_MMC, 689 BUBT_DEV_SATA, 690 BUBT_DEV_SPI, 691 BUBT_DEV_NAND, 692 693 BUBT_MAX_DEV 694}; 695 696static struct bubt_dev bubt_devs[BUBT_MAX_DEV] = { 697 {"tftp", tftp_read_file, NULL, is_tftp_active}, 698 {"usb", usb_read_file, NULL, is_usb_active}, 699 {"mmc", mmc_read_file, mmc_burn_image, is_mmc_active}, 700 {"sata", sata_read_file, sata_burn_image, is_sata_active}, 701 {"spi", NULL, spi_burn_image, is_spi_active}, 702 {"nand", NULL, nand_burn_image, is_nand_active}, 703}; 704 705static int bubt_write_file(struct bubt_dev *dst, size_t image_size) 706{ 707 if (!dst->write) { 708 printf("Error: Write not supported on device %s\n", dst->name); 709 return -ENOTSUPP; 710 } 711 712 return dst->write(image_size); 713} 714 715#if defined(CONFIG_ARMADA_8K) 716static u32 do_checksum32(u32 *start, int32_t len) 717{ 718 u32 sum = 0; 719 u32 *startp = start; 720 721 do { 722 sum += *startp; 723 startp++; 724 len -= 4; 725 } while (len > 0); 726 727 return sum; 728} 729 730static int check_image_header(void) 731{ 732 struct mvebu_image_header *hdr = 733 (struct mvebu_image_header *)get_load_addr(); 734 u32 checksum; 735 u32 checksum_ref; 736 737 /* 738 * For now compare checksum, and magic. Later we can 739 * verify more stuff on the header like interface type, etc 740 */ 741 if (hdr->magic != MAIN_HDR_MAGIC) { 742 printf("ERROR: Bad MAGIC 0x%08x != 0x%08x\n", 743 hdr->magic, MAIN_HDR_MAGIC); 744 return -ENOEXEC; 745 } 746 747 checksum_ref = hdr->prolog_checksum; 748 checksum = do_checksum32((u32 *)hdr, hdr->prolog_size); 749 checksum -= hdr->prolog_checksum; 750 if (checksum != checksum_ref) { 751 printf("Error: Bad Prolog checksum. 0x%x != 0x%x\n", 752 checksum, checksum_ref); 753 return -ENOEXEC; 754 } 755 756 checksum_ref = hdr->boot_image_checksum; 757 checksum = do_checksum32((u32 *)((u8 *)hdr + hdr->prolog_size), hdr->boot_image_size); 758 if (checksum != checksum_ref) { 759 printf("Error: Bad Image checksum. 0x%x != 0x%x\n", 760 checksum, checksum_ref); 761 return -ENOEXEC; 762 } 763 764 printf("Image checksum...OK!\n"); 765 766 return 0; 767} 768#elif defined(CONFIG_ARMADA_3700) /* Armada 3700 */ 769static int check_image_header(void) 770{ 771 struct common_tim_data *hdr = (struct common_tim_data *)get_load_addr(); 772 int image_num; 773 u8 hash_160_output[SHA1_SUM_LEN]; 774 u8 hash_256_output[SHA256_SUM_LEN]; 775 u8 hash_512_output[SHA512_SUM_LEN]; 776 sha1_context hash1_text; 777 sha256_context hash256_text; 778 sha512_context hash512_text; 779 u8 *hash_output; 780 u32 hash_algorithm_id; 781 u32 image_size_to_hash; 782 u32 flash_entry_addr; 783 u32 *hash_value; 784 u32 internal_hash[HASH_SUM_LEN]; 785 const u8 *buff; 786 u32 num_of_image = hdr->num_images; 787 u32 version = hdr->version; 788 u32 trusted = hdr->trusted; 789 790 /* bubt checksum validation only supports nontrusted images */ 791 if (trusted == 1) { 792 printf("bypass image validation, "); 793 printf("only untrusted image is supported now\n"); 794 return 0; 795 } 796 /* only supports image version 3.5 and 3.6 */ 797 if (version != IMAGE_VERSION_3_5_0 && version != IMAGE_VERSION_3_6_0) { 798 printf("Error: Unsupported Image version = 0x%08x\n", version); 799 return -ENOEXEC; 800 } 801 /* validate images hash value */ 802 for (image_num = 0; image_num < num_of_image; image_num++) { 803 struct mvebu_image_info *info = 804 (struct mvebu_image_info *)(get_load_addr() + 805 sizeof(struct common_tim_data) + 806 image_num * sizeof(struct mvebu_image_info)); 807 hash_algorithm_id = info->hash_algorithm_id; 808 image_size_to_hash = info->image_size_to_hash; 809 flash_entry_addr = info->flash_entry_addr; 810 hash_value = info->hash; 811 buff = (const u8 *)(get_load_addr() + flash_entry_addr); 812 813 if (image_num == 0) { 814 /* 815 * The first image includes hash values in its content. 816 * For hash calculation, we need to save the original 817 * hash values to a local variable that will be 818 * copied back for comparsion and set all zeros to 819 * the orignal hash values for calculating new value. 820 * First image original format : 821 * x...x (datum1) x...x(orig. hash values) x...x(datum2) 822 * Replaced first image format : 823 * x...x (datum1) 0...0(hash values) x...x(datum2) 824 */ 825 memcpy(internal_hash, hash_value, 826 sizeof(internal_hash)); 827 memset(hash_value, 0, sizeof(internal_hash)); 828 } 829 if (image_size_to_hash == 0) { 830 printf("Warning: Image_%d hash checksum is disabled, ", 831 image_num); 832 printf("skip the image validation.\n"); 833 continue; 834 } 835 switch (hash_algorithm_id) { 836 case SHA1_SUM_LEN: 837 sha1_starts(&hash1_text); 838 sha1_update(&hash1_text, buff, image_size_to_hash); 839 sha1_finish(&hash1_text, hash_160_output); 840 hash_output = hash_160_output; 841 break; 842 case SHA256_SUM_LEN: 843 sha256_starts(&hash256_text); 844 sha256_update(&hash256_text, buff, image_size_to_hash); 845 sha256_finish(&hash256_text, hash_256_output); 846 hash_output = hash_256_output; 847 break; 848 case SHA512_SUM_LEN: 849 sha512_starts(&hash512_text); 850 sha512_update(&hash512_text, buff, image_size_to_hash); 851 sha512_finish(&hash512_text, hash_512_output); 852 hash_output = hash_512_output; 853 break; 854 default: 855 printf("Error: Unsupported hash_algorithm_id = %d\n", 856 hash_algorithm_id); 857 return -ENOEXEC; 858 } 859 if (image_num == 0) 860 memcpy(hash_value, internal_hash, 861 sizeof(internal_hash)); 862 if (memcmp(hash_value, hash_output, hash_algorithm_id) != 0) { 863 printf("Error: Image_%d checksum is not correct\n", 864 image_num); 865 return -ENOEXEC; 866 } 867 } 868 printf("Image checksum...OK!\n"); 869 870 return 0; 871} 872#elif defined(CONFIG_ARMADA_32BIT) 873static size_t a38x_header_size(const struct a38x_main_hdr_v1 *h) 874{ 875 if (h->version == 1) 876 return (h->headersz_msb << 16) | le16_to_cpu(h->headersz_lsb); 877 878 printf("Error: Invalid A38x image (header version 0x%x unknown)!\n", 879 h->version); 880 return 0; 881} 882 883static uint8_t image_checksum8(const void *start, size_t len) 884{ 885 u8 csum = 0; 886 const u8 *p = start; 887 888 while (len) { 889 csum += *p; 890 ++p; 891 --len; 892 } 893 894 return csum; 895} 896 897static uint32_t image_checksum32(const void *start, size_t len) 898{ 899 u32 csum = 0; 900 const u32 *p = start; 901 902 while (len) { 903 csum += *p; 904 ++p; 905 len -= sizeof(u32); 906 } 907 908 return csum; 909} 910 911static int check_image_header(void) 912{ 913 u8 checksum; 914 u32 checksum32, exp_checksum32; 915 u32 offset, size; 916 const struct a38x_main_hdr_v1 *hdr = 917 (struct a38x_main_hdr_v1 *)get_load_addr(); 918 const size_t hdr_size = a38x_header_size(hdr); 919 920 if (!hdr_size) 921 return -ENOEXEC; 922 923 checksum = image_checksum8(hdr, hdr_size); 924 checksum -= hdr->checksum; 925 if (checksum != hdr->checksum) { 926 printf("Error: Bad A38x image header checksum. 0x%x != 0x%x\n", 927 checksum, hdr->checksum); 928 return -ENOEXEC; 929 } 930 931 offset = le32_to_cpu(hdr->srcaddr); 932 size = le32_to_cpu(hdr->blocksize); 933 934 if (hdr->blockid == 0x78) { /* SATA id */ 935 struct blk_desc *blk_dev = IS_ENABLED(BLK) ? blk_get_devnum_by_uclass_id(UCLASS_SCSI, 0) : NULL; 936 unsigned long blksz = blk_dev ? blk_dev->blksz : 512; 937 offset *= blksz; 938 } 939 940 if (offset % 4 != 0 || size < 4 || size % 4 != 0) { 941 printf("Error: Bad A38x image blocksize.\n"); 942 return -ENOEXEC; 943 } 944 945 checksum32 = image_checksum32((u8 *)hdr + offset, size - 4); 946 exp_checksum32 = *(u32 *)((u8 *)hdr + offset + size - 4); 947 if (checksum32 != exp_checksum32) { 948 printf("Error: Bad A38x image data checksum. 0x%08x != 0x%08x\n", 949 checksum32, exp_checksum32); 950 return -ENOEXEC; 951 } 952 953 printf("Image checksum...OK!\n"); 954 return 0; 955} 956 957#if defined(CONFIG_ARMADA_38X) 958static int a38x_image_is_secure(const struct a38x_main_hdr_v1 *hdr) 959{ 960 const size_t hdr_size = a38x_header_size(hdr); 961 struct a38x_opt_hdr_v1 *ohdr; 962 u32 ohdr_size; 963 964 if (hdr->version != 1) 965 return 0; 966 967 if (!hdr->ext) 968 return 0; 969 970 ohdr = (struct a38x_opt_hdr_v1 *)(hdr + 1); 971 do { 972 if (ohdr->headertype == A38X_OPT_HDR_V1_SECURE_TYPE) 973 return 1; 974 975 ohdr_size = (ohdr->headersz_msb << 16) | le16_to_cpu(ohdr->headersz_lsb); 976 977 if (!*((u8 *)ohdr + ohdr_size - 4)) 978 break; 979 980 ohdr = (struct a38x_opt_hdr_v1 *)((u8 *)ohdr + ohdr_size); 981 if ((u8 *)ohdr >= (u8 *)hdr + hdr_size) 982 break; 983 } while (1); 984 985 return 0; 986} 987#endif 988#else /* Not ARMADA? */ 989static int check_image_header(void) 990{ 991 printf("bubt cmd does not support this SoC device or family!\n"); 992 return -ENOEXEC; 993} 994#endif 995 996#if defined(CONFIG_ARMADA_3700) || defined(CONFIG_ARMADA_38X) 997static u64 fuse_read_u64(u32 bank) 998{ 999 u32 val[2]; 1000 int ret; 1001 1002 ret = fuse_read(bank, 0, &val[0]); 1003 if (ret < 0) 1004 return -1; 1005 1006 ret = fuse_read(bank, 1, &val[1]); 1007 if (ret < 0) 1008 return -1; 1009 1010 return ((u64)val[1] << 32) | val[0]; 1011} 1012#endif 1013 1014#if defined(CONFIG_ARMADA_3700) 1015static inline u8 maj3(u8 val) 1016{ 1017 /* return majority vote of 3 bits */ 1018 return ((val & 0x7) == 3 || (val & 0x7) > 4) ? 1 : 0; 1019} 1020#endif 1021 1022static int bubt_check_boot_mode(const struct bubt_dev *dst) 1023{ 1024#if defined(CONFIG_ARMADA_3700) || defined(CONFIG_ARMADA_32BIT) 1025 int mode; 1026#if defined(CONFIG_ARMADA_3700) || defined(CONFIG_ARMADA_38X) 1027 int secure_mode; 1028#endif 1029#if defined(CONFIG_ARMADA_3700) 1030 const struct tim_boot_flash_sign *boot_modes = tim_boot_flash_signs; 1031 const struct common_tim_data *hdr = 1032 (struct common_tim_data *)get_load_addr(); 1033 u32 id = hdr->boot_flash_sign; 1034 int is_secure = hdr->trusted != 0; 1035 u64 otp_secure_bits = fuse_read_u64(1); 1036 int otp_secure_boot = ((maj3(otp_secure_bits >> 0) << 0) | 1037 (maj3(otp_secure_bits >> 4) << 1)) == 2; 1038 unsigned int otp_boot_device = (maj3(otp_secure_bits >> 48) << 0) | 1039 (maj3(otp_secure_bits >> 52) << 1) | 1040 (maj3(otp_secure_bits >> 56) << 2) | 1041 (maj3(otp_secure_bits >> 60) << 3); 1042#elif defined(CONFIG_ARMADA_32BIT) 1043 const struct a38x_boot_mode *boot_modes = a38x_boot_modes; 1044 const struct a38x_main_hdr_v1 *hdr = 1045 (struct a38x_main_hdr_v1 *)get_load_addr(); 1046 u32 id = hdr->blockid; 1047#if defined(CONFIG_ARMADA_38X) 1048 int is_secure = a38x_image_is_secure(hdr); 1049 u64 otp_secure_bits = fuse_read_u64(EFUSE_LINE_SECURE_BOOT); 1050 int otp_secure_boot = otp_secure_bits & 0x1; 1051 unsigned int otp_boot_device = (otp_secure_bits >> 8) & 0x7; 1052#endif 1053#endif 1054 1055 for (mode = 0; boot_modes[mode].name; mode++) { 1056 if (boot_modes[mode].id == id) 1057 break; 1058 } 1059 1060 if (!boot_modes[mode].name) { 1061 printf("Error: unknown boot device in image header: 0x%x\n", id); 1062 return -ENOEXEC; 1063 } 1064 1065 if (strcmp(boot_modes[mode].name, dst->name) != 0) { 1066 printf("Error: image meant to be booted from \"%s\", not \"%s\"!\n", 1067 boot_modes[mode].name, dst->name); 1068 return -ENOEXEC; 1069 } 1070 1071#if defined(CONFIG_ARMADA_38X) || defined(CONFIG_ARMADA_3700) 1072 if (otp_secure_bits == (u64)-1) { 1073 printf("Error: cannot read OTP secure bits\n"); 1074 return -ENOEXEC; 1075 } else { 1076 if (otp_secure_boot && !is_secure) { 1077 printf("Error: secure boot is enabled in OTP but image does not have secure boot header!\n"); 1078 return -ENOEXEC; 1079 } else if (!otp_secure_boot && is_secure) { 1080#if defined(CONFIG_ARMADA_3700) 1081 /* 1082 * Armada 3700 BootROM rejects trusted image when secure boot is not enabled. 1083 * Armada 385 BootROM accepts image with secure boot header also when secure boot is not enabled. 1084 */ 1085 printf("Error: secure boot is disabled in OTP but image has secure boot header!\n"); 1086 return -ENOEXEC; 1087#endif 1088 } else if (otp_boot_device && otp_boot_device != id) { 1089 for (secure_mode = 0; boot_modes[secure_mode].name; secure_mode++) { 1090 if (boot_modes[secure_mode].id == otp_boot_device) 1091 break; 1092 } 1093 printf("Error: boot source is set to \"%s\" in OTP but image is for \"%s\"!\n", 1094 boot_modes[secure_mode].name ?: "unknown", dst->name); 1095 return -ENOEXEC; 1096 } 1097 } 1098#endif 1099#endif 1100 return 0; 1101} 1102 1103static int bubt_verify(const struct bubt_dev *dst) 1104{ 1105 int err; 1106 1107 /* Check a correct image header exists */ 1108 err = check_image_header(); 1109 if (err) { 1110 printf("Error: Image header verification failed\n"); 1111 return err; 1112 } 1113 1114 err = bubt_check_boot_mode(dst); 1115 if (err) { 1116 printf("Error: Image boot mode verification failed\n"); 1117 return err; 1118 } 1119 1120 return 0; 1121} 1122 1123static int bubt_read_file(struct bubt_dev *src) 1124{ 1125 size_t image_size; 1126 1127 if (!src->read) { 1128 printf("Error: Read not supported on device \"%s\"\n", 1129 src->name); 1130 return 0; 1131 } 1132 1133 image_size = src->read(net_boot_file_name); 1134 if (image_size <= 0) { 1135 printf("Error: Failed to read file %s from %s\n", 1136 net_boot_file_name, src->name); 1137 return 0; 1138 } 1139 1140 return image_size; 1141} 1142 1143static int bubt_is_dev_active(struct bubt_dev *dev) 1144{ 1145 if (!dev->active) { 1146 printf("Device \"%s\" not supported by U-Boot image\n", 1147 dev->name); 1148 return 0; 1149 } 1150 1151 if (!dev->active()) { 1152 printf("Device \"%s\" is inactive\n", dev->name); 1153 return 0; 1154 } 1155 1156 return 1; 1157} 1158 1159static struct bubt_dev *find_bubt_dev(char *dev_name) 1160{ 1161 int dev; 1162 1163 for (dev = 0; dev < BUBT_MAX_DEV; dev++) { 1164 if (strcmp(bubt_devs[dev].name, dev_name) == 0) 1165 return &bubt_devs[dev]; 1166 } 1167 1168 return 0; 1169} 1170 1171#define DEFAULT_BUBT_SRC "tftp" 1172 1173#ifndef DEFAULT_BUBT_DST 1174#ifdef CONFIG_MVEBU_SPI_BOOT 1175#define DEFAULT_BUBT_DST "spi" 1176#elif defined(CONFIG_MVEBU_NAND_BOOT) 1177#define DEFAULT_BUBT_DST "nand" 1178#elif defined(CONFIG_MVEBU_MMC_BOOT) 1179#define DEFAULT_BUBT_DST "mmc" 1180#elif defined(CONFIG_MVEBU_SATA_BOOT) 1181#define DEFAULT_BUBT_DST "sata" 1182#else 1183#define DEFAULT_BUBT_DST "error" 1184#endif 1185#endif /* DEFAULT_BUBT_DST */ 1186 1187static int do_bubt_cmd(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) 1188{ 1189 struct bubt_dev *src, *dst; 1190 size_t image_size; 1191 char src_dev_name[8]; 1192 char dst_dev_name[8]; 1193 char *name; 1194 int err; 1195 1196 if (argc < 2) 1197 copy_filename(net_boot_file_name, 1198 CONFIG_MVEBU_UBOOT_DFLT_NAME, 1199 sizeof(net_boot_file_name)); 1200 else 1201 copy_filename(net_boot_file_name, argv[1], 1202 sizeof(net_boot_file_name)); 1203 1204 if (argc >= 3) { 1205 strncpy(dst_dev_name, argv[2], 8); 1206 } else { 1207 name = DEFAULT_BUBT_DST; 1208 strncpy(dst_dev_name, name, 8); 1209 } 1210 1211 if (argc >= 4) 1212 strncpy(src_dev_name, argv[3], 8); 1213 else 1214 strncpy(src_dev_name, DEFAULT_BUBT_SRC, 8); 1215 1216 /* Figure out the destination device */ 1217 dst = find_bubt_dev(dst_dev_name); 1218 if (!dst) { 1219 printf("Error: Unknown destination \"%s\"\n", dst_dev_name); 1220 return 1; 1221 } 1222 1223 if (!bubt_is_dev_active(dst)) 1224 return 1; 1225 1226 /* Figure out the source device */ 1227 src = find_bubt_dev(src_dev_name); 1228 if (!src) { 1229 printf("Error: Unknown source \"%s\"\n", src_dev_name); 1230 return 1; 1231 } 1232 1233 if (!bubt_is_dev_active(src)) 1234 return -ENODEV; 1235 1236 printf("Burning U-Boot image \"%s\" from \"%s\" to \"%s\"\n", 1237 net_boot_file_name, src->name, dst->name); 1238 1239 image_size = bubt_read_file(src); 1240 if (!image_size) 1241 return 1; 1242 1243 err = bubt_verify(dst); 1244 if (err) 1245 return 1; 1246 1247 err = bubt_write_file(dst, image_size); 1248 if (err) 1249 return 1; 1250 1251 return 0; 1252} 1253 1254U_BOOT_CMD( 1255 bubt, 4, 0, do_bubt_cmd, 1256 "Burn a u-boot image to flash", 1257 "[file-name] [destination [source]]\n" 1258 "\t-file-name The image file name to burn. Default = " CONFIG_MVEBU_UBOOT_DFLT_NAME "\n" 1259 "\t-destination Flash to burn to [spi, nand, mmc, sata]. Default = " DEFAULT_BUBT_DST "\n" 1260 "\t-source The source to load image from [tftp, usb, mmc, sata]. Default = " DEFAULT_BUBT_SRC "\n" 1261 "Examples:\n" 1262 "\tbubt - Burn flash-image.bin from tftp to active boot device\n" 1263 "\tbubt flash-image-new.bin nand - Burn flash-image-new.bin from tftp to NAND flash\n" 1264 "\tbubt backup-flash-image.bin mmc usb - Burn backup-flash-image.bin from usb to MMC\n" 1265 1266); 1267