1// SPDX-License-Identifier: GPL-2.0+ 2/* 3 * f_sdp.c -- USB HID Serial Download Protocol 4 * 5 * Copyright (C) 2017 Toradex 6 * Author: Stefan Agner <stefan.agner@toradex.com> 7 * 8 * This file implements the Serial Download Protocol (SDP) as specified in 9 * the i.MX 6 Reference Manual. The SDP is a USB HID based protocol and 10 * allows to download images directly to memory. The implementation 11 * works with the imx_loader (imx_usb) USB client software on host side. 12 * 13 * Not all commands are implemented, e.g. WRITE_REGISTER, DCD_WRITE and 14 * SKIP_DCD_HEADER are only stubs. 15 * 16 * Parts of the implementation are based on f_dfu and f_thor. 17 */ 18 19#include <errno.h> 20#include <common.h> 21#include <console.h> 22#include <env.h> 23#include <log.h> 24#include <malloc.h> 25#include <linux/printk.h> 26 27#include <linux/usb/ch9.h> 28#include <linux/usb/gadget.h> 29#include <linux/usb/composite.h> 30 31#include <asm/io.h> 32#include <g_dnl.h> 33#include <sdp.h> 34#include <spl.h> 35#include <image.h> 36#include <imximage.h> 37#include <imx_container.h> 38#include <watchdog.h> 39 40#define HID_REPORT_ID_MASK 0x000000ff 41 42/* 43 * HID class requests 44 */ 45#define HID_REQ_GET_REPORT 0x01 46#define HID_REQ_GET_IDLE 0x02 47#define HID_REQ_GET_PROTOCOL 0x03 48#define HID_REQ_SET_REPORT 0x09 49#define HID_REQ_SET_IDLE 0x0A 50#define HID_REQ_SET_PROTOCOL 0x0B 51 52#define HID_USAGE_PAGE_LEN 76 53 54struct hid_report { 55 u8 usage_page[HID_USAGE_PAGE_LEN]; 56} __packed; 57 58#define SDP_READ_REGISTER 0x0101 59#define SDP_WRITE_REGISTER 0x0202 60#define SDP_WRITE_FILE 0x0404 61#define SDP_ERROR_STATUS 0x0505 62#define SDP_DCD_WRITE 0x0a0a 63#define SDP_JUMP_ADDRESS 0x0b0b 64#define SDP_SKIP_DCD_HEADER 0x0c0c 65 66#define SDP_SECURITY_CLOSED 0x12343412 67#define SDP_SECURITY_OPEN 0x56787856 68 69#define SDP_WRITE_FILE_COMPLETE 0x88888888 70#define SDP_WRITE_REGISTER_COMPLETE 0x128A8A12 71#define SDP_SKIP_DCD_HEADER_COMPLETE 0x900DD009 72#define SDP_ERROR_IMXHEADER 0x000a0533 73 74#define SDP_COMMAND_LEN 16 75 76#define SDP_HID_PACKET_SIZE_EP1 1024 77 78#define SDP_EXIT 1 79 80struct sdp_command { 81 u16 cmd; 82 u32 addr; 83 u8 format; 84 u32 cnt; 85 u32 data; 86 u8 rsvd; 87} __packed; 88 89enum sdp_state { 90 SDP_STATE_IDLE, 91 SDP_STATE_RX_CMD, 92 SDP_STATE_RX_DCD_DATA, 93 SDP_STATE_RX_FILE_DATA, 94 SDP_STATE_RX_FILE_DATA_BUSY, 95 SDP_STATE_TX_SEC_CONF, 96 SDP_STATE_TX_SEC_CONF_BUSY, 97 SDP_STATE_TX_REGISTER, 98 SDP_STATE_TX_REGISTER_BUSY, 99 SDP_STATE_TX_STATUS, 100 SDP_STATE_TX_STATUS_BUSY, 101 SDP_STATE_JUMP, 102}; 103 104struct f_sdp { 105 struct usb_function usb_function; 106 107 struct usb_descriptor_header **function; 108 109 u8 altsetting; 110 enum sdp_state state; 111 enum sdp_state next_state; 112 u32 dnl_address; 113 u32 dnl_bytes; 114 u32 dnl_bytes_remaining; 115 u32 jmp_address; 116 bool always_send_status; 117 u32 error_status; 118 119 /* EP0 request */ 120 struct usb_request *req; 121 122 /* EP1 IN */ 123 struct usb_ep *in_ep; 124 struct usb_request *in_req; 125 /* EP1 OUT */ 126 struct usb_ep *out_ep; 127 struct usb_request *out_req; 128 129 bool configuration_done; 130 bool ep_int_enable; 131}; 132 133static struct f_sdp *sdp_func; 134 135static inline struct f_sdp *func_to_sdp(struct usb_function *f) 136{ 137 return container_of(f, struct f_sdp, usb_function); 138} 139 140static struct usb_interface_descriptor sdp_intf_runtime = { 141 .bLength = sizeof(sdp_intf_runtime), 142 .bDescriptorType = USB_DT_INTERFACE, 143 .bAlternateSetting = 0, 144 .bNumEndpoints = 2, 145 .bInterfaceClass = USB_CLASS_HID, 146 .bInterfaceSubClass = 0, 147 .bInterfaceProtocol = 0, 148 /* .iInterface = DYNAMIC */ 149}; 150 151/* HID configuration */ 152static struct usb_class_hid_descriptor sdp_hid_desc = { 153 .bLength = sizeof(sdp_hid_desc), 154 .bDescriptorType = USB_DT_CS_DEVICE, 155 156 .bcdCDC = __constant_cpu_to_le16(0x0110), 157 .bCountryCode = 0, 158 .bNumDescriptors = 1, 159 160 .bDescriptorType0 = USB_DT_HID_REPORT, 161 .wDescriptorLength0 = HID_USAGE_PAGE_LEN, 162}; 163 164static struct usb_endpoint_descriptor in_desc = { 165 .bLength = USB_DT_ENDPOINT_SIZE, 166 .bDescriptorType = USB_DT_ENDPOINT, /*USB_DT_CS_ENDPOINT*/ 167 168 .bEndpointAddress = 1 | USB_DIR_IN, 169 .bmAttributes = USB_ENDPOINT_XFER_INT, 170 .wMaxPacketSize = 64, 171 .bInterval = 1, 172}; 173 174static struct usb_endpoint_descriptor out_desc = { 175 .bLength = USB_DT_ENDPOINT_SIZE, 176 .bDescriptorType = USB_DT_ENDPOINT, /*USB_DT_CS_ENDPOINT*/ 177 178 .bEndpointAddress = 1 | USB_DIR_OUT, 179 .bmAttributes = USB_ENDPOINT_XFER_INT, 180 .wMaxPacketSize = 64, 181 .bInterval = 1, 182}; 183 184static struct usb_endpoint_descriptor in_hs_desc = { 185 .bLength = USB_DT_ENDPOINT_SIZE, 186 .bDescriptorType = USB_DT_ENDPOINT, /*USB_DT_CS_ENDPOINT*/ 187 188 .bEndpointAddress = 1 | USB_DIR_IN, 189 .bmAttributes = USB_ENDPOINT_XFER_INT, 190 .wMaxPacketSize = 512, 191 .bInterval = 3, 192}; 193 194static struct usb_endpoint_descriptor out_hs_desc = { 195 .bLength = USB_DT_ENDPOINT_SIZE, 196 .bDescriptorType = USB_DT_ENDPOINT, /*USB_DT_CS_ENDPOINT*/ 197 198 .bEndpointAddress = 1 | USB_DIR_OUT, 199 .bmAttributes = USB_ENDPOINT_XFER_INT, 200 .wMaxPacketSize = SDP_HID_PACKET_SIZE_EP1, 201 .bInterval = 3, 202}; 203 204static struct usb_descriptor_header *sdp_runtime_descs[] = { 205 (struct usb_descriptor_header *)&sdp_intf_runtime, 206 (struct usb_descriptor_header *)&sdp_hid_desc, 207 (struct usb_descriptor_header *)&in_desc, 208 (struct usb_descriptor_header *)&out_desc, 209 NULL, 210}; 211 212static struct usb_descriptor_header *sdp_runtime_hs_descs[] = { 213 (struct usb_descriptor_header *)&sdp_intf_runtime, 214 (struct usb_descriptor_header *)&sdp_hid_desc, 215 (struct usb_descriptor_header *)&in_hs_desc, 216 (struct usb_descriptor_header *)&out_hs_desc, 217 NULL, 218}; 219 220/* This is synchronized with what the SoC implementation reports */ 221static struct hid_report sdp_hid_report = { 222 .usage_page = { 223 0x06, 0x00, 0xff, /* Usage Page */ 224 0x09, 0x01, /* Usage (Pointer?) */ 225 0xa1, 0x01, /* Collection */ 226 227 0x85, 0x01, /* Report ID */ 228 0x19, 0x01, /* Usage Minimum */ 229 0x29, 0x01, /* Usage Maximum */ 230 0x15, 0x00, /* Local Minimum */ 231 0x26, 0xFF, 0x00, /* Local Maximum? */ 232 0x75, 0x08, /* Report Size */ 233 0x95, 0x10, /* Report Count */ 234 0x91, 0x02, /* Output Data */ 235 236 0x85, 0x02, /* Report ID */ 237 0x19, 0x01, /* Usage Minimum */ 238 0x29, 0x01, /* Usage Maximum */ 239 0x15, 0x00, /* Local Minimum */ 240 0x26, 0xFF, 0x00, /* Local Maximum? */ 241 0x75, 0x80, /* Report Size 128 */ 242 0x95, 0x40, /* Report Count */ 243 0x91, 0x02, /* Output Data */ 244 245 0x85, 0x03, /* Report ID */ 246 0x19, 0x01, /* Usage Minimum */ 247 0x29, 0x01, /* Usage Maximum */ 248 0x15, 0x00, /* Local Minimum */ 249 0x26, 0xFF, 0x00, /* Local Maximum? */ 250 0x75, 0x08, /* Report Size 8 */ 251 0x95, 0x04, /* Report Count */ 252 0x81, 0x02, /* Input Data */ 253 254 0x85, 0x04, /* Report ID */ 255 0x19, 0x01, /* Usage Minimum */ 256 0x29, 0x01, /* Usage Maximum */ 257 0x15, 0x00, /* Local Minimum */ 258 0x26, 0xFF, 0x00, /* Local Maximum? */ 259 0x75, 0x08, /* Report Size 8 */ 260 0x95, 0x40, /* Report Count */ 261 0x81, 0x02, /* Input Data */ 262 0xc0 263 }, 264}; 265 266static const char sdp_name[] = "Serial Downloader Protocol"; 267 268/* 269 * static strings, in UTF-8 270 */ 271static struct usb_string strings_sdp_generic[] = { 272 [0].s = sdp_name, 273 { } /* end of list */ 274}; 275 276static struct usb_gadget_strings stringtab_sdp_generic = { 277 .language = 0x0409, /* en-us */ 278 .strings = strings_sdp_generic, 279}; 280 281static struct usb_gadget_strings *sdp_generic_strings[] = { 282 &stringtab_sdp_generic, 283 NULL, 284}; 285 286static inline void *sdp_ptr(u32 val) 287{ 288 return (void *)(uintptr_t)val; 289} 290 291static void sdp_rx_command_complete(struct usb_ep *ep, struct usb_request *req) 292{ 293 struct f_sdp *sdp = req->context; 294 int status = req->status; 295 u8 *data = req->buf; 296 u8 report = data[0]; 297 298 if (status != 0) { 299 pr_err("Status: %d\n", status); 300 return; 301 } 302 303 if (report != 1) { 304 pr_err("Unexpected report %d\n", report); 305 return; 306 } 307 308 struct sdp_command *cmd = req->buf + 1; 309 310 debug("%s: command: %04x, addr: %08x, cnt: %u\n", 311 __func__, be16_to_cpu(cmd->cmd), 312 be32_to_cpu(cmd->addr), be32_to_cpu(cmd->cnt)); 313 314 switch (be16_to_cpu(cmd->cmd)) { 315 case SDP_READ_REGISTER: 316 sdp->always_send_status = false; 317 sdp->error_status = 0x0; 318 319 sdp->state = SDP_STATE_TX_SEC_CONF; 320 sdp->dnl_address = be32_to_cpu(cmd->addr); 321 sdp->dnl_bytes_remaining = be32_to_cpu(cmd->cnt); 322 sdp->next_state = SDP_STATE_TX_REGISTER; 323 printf("Reading %d registers at 0x%08x... ", 324 sdp->dnl_bytes_remaining, sdp->dnl_address); 325 break; 326 case SDP_WRITE_FILE: 327 sdp->always_send_status = true; 328 sdp->error_status = SDP_WRITE_FILE_COMPLETE; 329 330 sdp->state = SDP_STATE_RX_FILE_DATA; 331 sdp->dnl_address = cmd->addr ? be32_to_cpu(cmd->addr) : CONFIG_SDP_LOADADDR; 332 sdp->dnl_bytes_remaining = be32_to_cpu(cmd->cnt); 333 sdp->dnl_bytes = sdp->dnl_bytes_remaining; 334 sdp->next_state = SDP_STATE_IDLE; 335 336 printf("Downloading file of size %d to 0x%08x... ", 337 sdp->dnl_bytes_remaining, sdp->dnl_address); 338 339 break; 340 case SDP_ERROR_STATUS: 341 sdp->always_send_status = true; 342 sdp->error_status = 0; 343 344 sdp->state = SDP_STATE_TX_SEC_CONF; 345 sdp->next_state = SDP_STATE_IDLE; 346 break; 347 case SDP_DCD_WRITE: 348 sdp->always_send_status = true; 349 sdp->error_status = SDP_WRITE_REGISTER_COMPLETE; 350 351 sdp->state = SDP_STATE_RX_DCD_DATA; 352 sdp->dnl_bytes_remaining = be32_to_cpu(cmd->cnt); 353 sdp->next_state = SDP_STATE_IDLE; 354 break; 355 case SDP_JUMP_ADDRESS: 356 sdp->always_send_status = false; 357 sdp->error_status = 0; 358 359 sdp->jmp_address = cmd->addr ? be32_to_cpu(cmd->addr) : CONFIG_SDP_LOADADDR; 360 sdp->state = SDP_STATE_TX_SEC_CONF; 361 sdp->next_state = SDP_STATE_JUMP; 362 break; 363 case SDP_SKIP_DCD_HEADER: 364 sdp->always_send_status = true; 365 sdp->error_status = SDP_SKIP_DCD_HEADER_COMPLETE; 366 367 /* Ignore command, DCD not supported anyway */ 368 sdp->state = SDP_STATE_TX_SEC_CONF; 369 sdp->next_state = SDP_STATE_IDLE; 370 break; 371 default: 372 pr_err("Unknown command: %04x\n", be16_to_cpu(cmd->cmd)); 373 } 374} 375 376static void sdp_rx_data_complete(struct usb_ep *ep, struct usb_request *req) 377{ 378 struct f_sdp *sdp = req->context; 379 int status = req->status; 380 u8 *data = req->buf; 381 u8 report = data[0]; 382 int datalen = req->actual - 1; 383 384 if (status != 0) { 385 pr_err("Status: %d\n", status); 386 return; 387 } 388 389 if (report != 2) { 390 pr_err("Unexpected report %d\n", report); 391 return; 392 } 393 394 if (sdp->dnl_bytes_remaining < datalen) { 395 /* 396 * Some USB stacks require to send a complete buffer as 397 * specified in the HID descriptor. This leads to longer 398 * transfers than the file length, no problem for us. 399 */ 400 sdp->dnl_bytes_remaining = 0; 401 } else { 402 sdp->dnl_bytes_remaining -= datalen; 403 } 404 405 if (sdp->state == SDP_STATE_RX_FILE_DATA_BUSY) { 406 memcpy(sdp_ptr(sdp->dnl_address), req->buf + 1, datalen); 407 sdp->dnl_address += datalen; 408 } 409 410 if (sdp->dnl_bytes_remaining) { 411 sdp->state = SDP_STATE_RX_FILE_DATA; 412 return; 413 } 414 415#ifndef CONFIG_SPL_BUILD 416 env_set_hex("filesize", sdp->dnl_bytes); 417#endif 418 printf("done\n"); 419 420 switch (sdp->state) { 421 case SDP_STATE_RX_FILE_DATA_BUSY: 422 sdp->state = SDP_STATE_TX_SEC_CONF; 423 break; 424 case SDP_STATE_RX_DCD_DATA: 425 sdp->state = SDP_STATE_TX_SEC_CONF; 426 break; 427 default: 428 pr_err("Invalid state: %d\n", sdp->state); 429 } 430} 431 432static void sdp_tx_complete(struct usb_ep *ep, struct usb_request *req) 433{ 434 struct f_sdp *sdp = req->context; 435 int status = req->status; 436 437 if (status != 0) { 438 pr_err("Status: %d\n", status); 439 return; 440 } 441 442 switch (sdp->state) { 443 case SDP_STATE_TX_SEC_CONF_BUSY: 444 /* Not all commands require status report */ 445 if (sdp->always_send_status || sdp->error_status) 446 sdp->state = SDP_STATE_TX_STATUS; 447 else 448 sdp->state = sdp->next_state; 449 450 break; 451 case SDP_STATE_TX_STATUS_BUSY: 452 sdp->state = sdp->next_state; 453 break; 454 case SDP_STATE_TX_REGISTER_BUSY: 455 if (sdp->dnl_bytes_remaining) 456 sdp->state = SDP_STATE_TX_REGISTER; 457 else 458 sdp->state = SDP_STATE_IDLE; 459 break; 460 default: 461 pr_err("Wrong State: %d\n", sdp->state); 462 sdp->state = SDP_STATE_IDLE; 463 break; 464 } 465 debug("%s complete --> %d, %d/%d\n", ep->name, 466 status, req->actual, req->length); 467} 468 469static int sdp_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl) 470{ 471 struct usb_gadget *gadget = f->config->cdev->gadget; 472 struct usb_request *req = f->config->cdev->req; 473 struct f_sdp *sdp = f->config->cdev->req->context; 474 u16 len = le16_to_cpu(ctrl->wLength); 475 u16 w_value = le16_to_cpu(ctrl->wValue); 476 int value = 0; 477 u8 req_type = ctrl->bRequestType & USB_TYPE_MASK; 478 479 debug("w_value: 0x%04x len: 0x%04x\n", w_value, len); 480 debug("req_type: 0x%02x ctrl->bRequest: 0x%02x sdp->state: %d\n", 481 req_type, ctrl->bRequest, sdp->state); 482 483 if (req_type == USB_TYPE_STANDARD) { 484 if (ctrl->bRequest == USB_REQ_GET_DESCRIPTOR) { 485 /* Send HID report descriptor */ 486 value = min(len, (u16) sizeof(sdp_hid_report)); 487 memcpy(req->buf, &sdp_hid_report, value); 488 sdp->configuration_done = true; 489 } 490 } 491 492 if (req_type == USB_TYPE_CLASS) { 493 int report = w_value & HID_REPORT_ID_MASK; 494 495 /* HID (SDP) request */ 496 switch (ctrl->bRequest) { 497 case HID_REQ_SET_REPORT: 498 switch (report) { 499 case 1: 500 value = SDP_COMMAND_LEN + 1; 501 req->complete = sdp_rx_command_complete; 502 sdp_func->ep_int_enable = false; 503 break; 504 case 2: 505 value = len; 506 req->complete = sdp_rx_data_complete; 507 sdp_func->state = SDP_STATE_RX_FILE_DATA_BUSY; 508 break; 509 } 510 } 511 } 512 513 if (value >= 0) { 514 req->length = value; 515 req->zero = value < len; 516 value = usb_ep_queue(gadget->ep0, req, 0); 517 if (value < 0) { 518 debug("ep_queue --> %d\n", value); 519 req->status = 0; 520 } 521 } 522 523 return value; 524} 525 526static int sdp_bind(struct usb_configuration *c, struct usb_function *f) 527{ 528 struct usb_gadget *gadget = c->cdev->gadget; 529 struct usb_composite_dev *cdev = c->cdev; 530 struct f_sdp *sdp = func_to_sdp(f); 531 int rv = 0, id; 532 533 id = usb_interface_id(c, f); 534 if (id < 0) 535 return id; 536 sdp_intf_runtime.bInterfaceNumber = id; 537 538 struct usb_ep *ep_in, *ep_out; 539 540 /* allocate instance-specific endpoints */ 541 ep_in = usb_ep_autoconfig(gadget, &in_desc); 542 if (!ep_in) { 543 rv = -ENODEV; 544 goto error; 545 } 546 547 ep_out = usb_ep_autoconfig(gadget, &out_desc); 548 if (!ep_out) { 549 rv = -ENODEV; 550 goto error; 551 } 552 553 if (gadget_is_dualspeed(gadget)) { 554 /* Assume endpoint addresses are the same for both speeds */ 555 in_hs_desc.bEndpointAddress = in_desc.bEndpointAddress; 556 out_hs_desc.bEndpointAddress = out_desc.bEndpointAddress; 557 } 558 559 sdp->in_ep = ep_in; /* Store IN EP for enabling @ setup */ 560 sdp->out_ep = ep_out; 561 562 cdev->req->context = sdp; 563 564error: 565 return rv; 566} 567 568static void sdp_unbind(struct usb_configuration *c, struct usb_function *f) 569{ 570 free(sdp_func); 571 sdp_func = NULL; 572} 573 574static struct usb_request *alloc_ep_req(struct usb_ep *ep, unsigned length) 575{ 576 struct usb_request *req; 577 578 req = usb_ep_alloc_request(ep, 0); 579 if (!req) 580 return req; 581 582 req->length = length; 583 req->buf = memalign(CONFIG_SYS_CACHELINE_SIZE, length); 584 if (!req->buf) { 585 usb_ep_free_request(ep, req); 586 req = NULL; 587 } 588 589 return req; 590} 591 592 593static struct usb_request *sdp_start_ep(struct usb_ep *ep, bool in) 594{ 595 struct usb_request *req; 596 597 if (in) 598 req = alloc_ep_req(ep, 65); 599 else 600 req = alloc_ep_req(ep, 2048); 601/* 602 * OUT endpoint request length should be an integral multiple of 603 * maxpacket size 1024, else we break on certain controllers like 604 * DWC3 that expect bulk OUT requests to be divisible by maxpacket size. 605 */ 606 debug("%s: ep:%p req:%p\n", __func__, ep, req); 607 608 if (!req) 609 return NULL; 610 611 memset(req->buf, 0, req->length); 612 if (in) 613 req->complete = sdp_tx_complete; 614 else 615 req->complete = sdp_rx_command_complete; 616 617 return req; 618} 619static int sdp_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 620{ 621 struct f_sdp *sdp = func_to_sdp(f); 622 struct usb_composite_dev *cdev = f->config->cdev; 623 struct usb_gadget *gadget = cdev->gadget; 624 int result; 625 626 debug("%s: intf: %d alt: %d\n", __func__, intf, alt); 627 628 if (gadget_is_dualspeed(gadget) && gadget->speed == USB_SPEED_HIGH) { 629 result = usb_ep_enable(sdp->in_ep, &in_hs_desc); 630 result |= usb_ep_enable(sdp->out_ep, &out_hs_desc); 631 } else { 632 result = usb_ep_enable(sdp->in_ep, &in_desc); 633 result |= usb_ep_enable(sdp->out_ep, &out_desc); 634 } 635 if (result) 636 return result; 637 638 sdp->in_req = sdp_start_ep(sdp->in_ep, true); 639 sdp->in_req->context = sdp; 640 sdp->out_req = sdp_start_ep(sdp->out_ep, false); 641 sdp->out_req->context = sdp; 642 643 sdp->in_ep->driver_data = cdev; /* claim */ 644 sdp->out_ep->driver_data = cdev; /* claim */ 645 646 sdp->altsetting = alt; 647 sdp->state = SDP_STATE_IDLE; 648 sdp->ep_int_enable = true; 649 650 return 0; 651} 652 653static int sdp_get_alt(struct usb_function *f, unsigned intf) 654{ 655 struct f_sdp *sdp = func_to_sdp(f); 656 657 return sdp->altsetting; 658} 659 660static void sdp_disable(struct usb_function *f) 661{ 662 struct f_sdp *sdp = func_to_sdp(f); 663 664 usb_ep_disable(sdp->in_ep); 665 usb_ep_disable(sdp->out_ep); 666 667 if (sdp->in_req) { 668 free(sdp->in_req->buf); 669 usb_ep_free_request(sdp->in_ep, sdp->in_req); 670 sdp->in_req = NULL; 671 } 672 if (sdp->out_req) { 673 free(sdp->out_req->buf); 674 usb_ep_free_request(sdp->out_ep, sdp->out_req); 675 sdp->out_req = NULL; 676 } 677} 678 679static int sdp_bind_config(struct usb_configuration *c) 680{ 681 int status; 682 683 if (!sdp_func) { 684 sdp_func = memalign(CONFIG_SYS_CACHELINE_SIZE, sizeof(*sdp_func)); 685 if (!sdp_func) 686 return -ENOMEM; 687 } 688 689 memset(sdp_func, 0, sizeof(*sdp_func)); 690 691 sdp_func->usb_function.name = "sdp"; 692 sdp_func->usb_function.hs_descriptors = sdp_runtime_hs_descs; 693 sdp_func->usb_function.descriptors = sdp_runtime_descs; 694 sdp_func->usb_function.bind = sdp_bind; 695 sdp_func->usb_function.unbind = sdp_unbind; 696 sdp_func->usb_function.set_alt = sdp_set_alt; 697 sdp_func->usb_function.get_alt = sdp_get_alt; 698 sdp_func->usb_function.disable = sdp_disable; 699 sdp_func->usb_function.strings = sdp_generic_strings; 700 sdp_func->usb_function.setup = sdp_setup; 701 702 status = usb_add_function(c, &sdp_func->usb_function); 703 704 return status; 705} 706 707int sdp_init(struct udevice *udc) 708{ 709 printf("SDP: initialize...\n"); 710 while (!sdp_func->configuration_done) { 711 if (ctrlc()) { 712 puts("\rCTRL+C - Operation aborted.\n"); 713 return 1; 714 } 715 716 schedule(); 717 dm_usb_gadget_handle_interrupts(udc); 718 } 719 720 return 0; 721} 722 723static u32 sdp_jump_imxheader(void *address) 724{ 725 flash_header_v2_t *headerv2 = address; 726 ulong (*entry)(void); 727 728 if (headerv2->header.tag != IVT_HEADER_TAG) { 729 printf("Header Tag is not an IMX image\n"); 730 return SDP_ERROR_IMXHEADER; 731 } 732 733 printf("Jumping to 0x%08x\n", headerv2->entry); 734 entry = sdp_ptr(headerv2->entry); 735 entry(); 736 737 /* The image probably never returns hence we won't reach that point */ 738 return 0; 739} 740 741#ifdef CONFIG_SPL_BUILD 742static ulong sdp_load_read(struct spl_load_info *load, ulong sector, 743 ulong count, void *buf) 744{ 745 debug("%s: sector %lx, count %lx, buf %lx\n", 746 __func__, sector, count, (ulong)buf); 747 memcpy(buf, (void *)(load->priv + sector), count); 748 return count; 749} 750 751static ulong search_fit_header(ulong p, int size) 752{ 753 int i; 754 755 for (i = 0; i < size; i += 4) { 756 if (genimg_get_format((const void *)(p + i)) == IMAGE_FORMAT_FIT) 757 return p + i; 758 } 759 760 return 0; 761} 762 763static ulong search_container_header(ulong p, int size) 764{ 765 int i; 766 u8 *hdr; 767 768 for (i = 0; i < size; i += 4) { 769 hdr = (u8 *)(p + i); 770 if (*(hdr + 3) == 0x87 && *hdr == 0) 771 if (*(hdr + 1) != 0 || *(hdr + 2) != 0) 772 return p + i; 773 } 774 return 0; 775} 776#endif 777 778static int sdp_handle_in_ep(struct spl_image_info *spl_image, 779 struct spl_boot_device *bootdev) 780{ 781 u8 *data = sdp_func->in_req->buf; 782 u32 status; 783 int datalen; 784 785 switch (sdp_func->state) { 786 case SDP_STATE_TX_SEC_CONF: 787 debug("Report 3: HAB security\n"); 788 data[0] = 3; 789 790 status = SDP_SECURITY_OPEN; 791 memcpy(&data[1], &status, 4); 792 sdp_func->in_req->length = 5; 793 usb_ep_queue(sdp_func->in_ep, sdp_func->in_req, 0); 794 sdp_func->state = SDP_STATE_TX_SEC_CONF_BUSY; 795 break; 796 797 case SDP_STATE_TX_STATUS: 798 debug("Report 4: Status\n"); 799 data[0] = 4; 800 801 memcpy(&data[1], &sdp_func->error_status, 4); 802 sdp_func->in_req->length = 65; 803 usb_ep_queue(sdp_func->in_ep, sdp_func->in_req, 0); 804 sdp_func->state = SDP_STATE_TX_STATUS_BUSY; 805 break; 806 case SDP_STATE_TX_REGISTER: 807 debug("Report 4: Register Values\n"); 808 data[0] = 4; 809 810 datalen = sdp_func->dnl_bytes_remaining; 811 812 if (datalen > 64) 813 datalen = 64; 814 815 memcpy(&data[1], sdp_ptr(sdp_func->dnl_address), datalen); 816 sdp_func->in_req->length = 65; 817 818 sdp_func->dnl_bytes_remaining -= datalen; 819 sdp_func->dnl_address += datalen; 820 821 usb_ep_queue(sdp_func->in_ep, sdp_func->in_req, 0); 822 sdp_func->state = SDP_STATE_TX_REGISTER_BUSY; 823 break; 824 case SDP_STATE_JUMP: 825 printf("Jumping to header at 0x%08x\n", sdp_func->jmp_address); 826 status = sdp_jump_imxheader(sdp_ptr(sdp_func->jmp_address)); 827 828 /* If imx header fails, try some U-Boot specific headers */ 829 if (status) { 830#ifdef CONFIG_SPL_BUILD 831 if (IS_ENABLED(CONFIG_SPL_LOAD_IMX_CONTAINER)) 832 sdp_func->jmp_address = (u32)search_container_header((ulong)sdp_func->jmp_address, sdp_func->dnl_bytes); 833 else if (IS_ENABLED(CONFIG_SPL_LOAD_FIT)) 834 sdp_func->jmp_address = (u32)search_fit_header((ulong)sdp_func->jmp_address, sdp_func->dnl_bytes); 835 if (sdp_func->jmp_address == 0) 836 panic("Error in search header, failed to jump\n"); 837 838 printf("Found header at 0x%08x\n", sdp_func->jmp_address); 839 840 struct legacy_img_hdr *header = 841 sdp_ptr(sdp_func->jmp_address); 842#ifdef CONFIG_SPL_LOAD_FIT 843 if (image_get_magic(header) == FDT_MAGIC) { 844 struct spl_load_info load; 845 846 debug("Found FIT\n"); 847 load.priv = header; 848 spl_set_bl_len(&load, 1); 849 load.read = sdp_load_read; 850 spl_load_simple_fit(spl_image, &load, 0, 851 header); 852 853 return SDP_EXIT; 854 } 855#endif 856 if (IS_ENABLED(CONFIG_SPL_LOAD_IMX_CONTAINER) && 857 valid_container_hdr((void *)header)) { 858 struct spl_load_info load; 859 860 load.priv = header; 861 spl_set_bl_len(&load, 1); 862 load.read = sdp_load_read; 863 spl_load_imx_container(spl_image, &load, 0); 864 return SDP_EXIT; 865 } 866 867 /* In SPL, allow jumps to U-Boot images */ 868 struct spl_image_info spl_image = {}; 869 struct spl_boot_device bootdev = {}; 870 spl_parse_image_header(&spl_image, &bootdev, header); 871 spl_board_prepare_for_boot(); 872 jump_to_image_no_args(&spl_image); 873#else 874 /* In U-Boot, allow jumps to scripts */ 875 cmd_source_script(sdp_func->jmp_address, NULL, NULL); 876#endif 877 } 878 879 sdp_func->next_state = SDP_STATE_IDLE; 880 sdp_func->error_status = status; 881 882 /* Only send Report 4 if there was an error */ 883 if (status) 884 sdp_func->state = SDP_STATE_TX_STATUS; 885 else 886 sdp_func->state = SDP_STATE_IDLE; 887 break; 888 default: 889 break; 890 }; 891 892 return 0; 893} 894 895static void sdp_handle_out_ep(void) 896{ 897 int rc; 898 899 if (sdp_func->state == SDP_STATE_IDLE) { 900 sdp_func->out_req->complete = sdp_rx_command_complete; 901 rc = usb_ep_queue(sdp_func->out_ep, sdp_func->out_req, 0); 902 if (rc) 903 printf("error in submission: %s\n", 904 sdp_func->out_ep->name); 905 sdp_func->state = SDP_STATE_RX_CMD; 906 } else if (sdp_func->state == SDP_STATE_RX_FILE_DATA) { 907 sdp_func->out_req->complete = sdp_rx_data_complete; 908 rc = usb_ep_queue(sdp_func->out_ep, sdp_func->out_req, 0); 909 if (rc) 910 printf("error in submission: %s\n", 911 sdp_func->out_ep->name); 912 sdp_func->state = SDP_STATE_RX_FILE_DATA_BUSY; 913 } 914} 915 916#ifndef CONFIG_SPL_BUILD 917int sdp_handle(struct udevice *udc) 918#else 919int spl_sdp_handle(struct udevice *udc, struct spl_image_info *spl_image, 920 struct spl_boot_device *bootdev) 921#endif 922{ 923 int flag = 0; 924 printf("SDP: handle requests...\n"); 925 while (1) { 926 if (ctrlc()) { 927 puts("\rCTRL+C - Operation aborted.\n"); 928 return -EINVAL; 929 } 930 931 if (flag == SDP_EXIT) 932 return 0; 933 934 schedule(); 935 dm_usb_gadget_handle_interrupts(udc); 936 937#ifdef CONFIG_SPL_BUILD 938 flag = sdp_handle_in_ep(spl_image, bootdev); 939#else 940 flag = sdp_handle_in_ep(NULL, NULL); 941#endif 942 if (sdp_func->ep_int_enable) 943 sdp_handle_out_ep(); 944 } 945} 946 947int sdp_add(struct usb_configuration *c) 948{ 949 int id; 950 951 id = usb_string_id(c->cdev); 952 if (id < 0) 953 return id; 954 strings_sdp_generic[0].id = id; 955 sdp_intf_runtime.iInterface = id; 956 957 debug("%s: cdev: %p gadget: %p gadget->ep0: %p\n", __func__, 958 c->cdev, c->cdev->gadget, c->cdev->gadget->ep0); 959 960 return sdp_bind_config(c); 961} 962 963DECLARE_GADGET_BIND_CALLBACK(usb_dnl_sdp, sdp_add); 964