1 // SPDX-License-Identifier: GPL-2.0+
3 * Copyright 2014 Broadcom Corporation.
11 #include <fastboot-internal.h>
13 #include <image-sparse.h>
17 #include <linux/compat.h>
18 #include <android_image.h>
20 #define FASTBOOT_MAX_BLK_WRITE 16384
22 #define BOOT_PARTITION_NAME "boot"
24 struct fb_mmc_sparse {
25 struct blk_desc *dev_desc;
28 static int part_get_info_by_name_or_alias(struct blk_desc *dev_desc,
29 const char *name, disk_partition_t *info)
33 ret = part_get_info_by_name(dev_desc, name, info);
35 /* strlen("fastboot_partition_alias_") + PART_NAME_LEN + 1 */
36 char env_alias_name[25 + PART_NAME_LEN + 1];
37 char *aliased_part_name;
40 strcpy(env_alias_name, "fastboot_partition_alias_");
41 strncat(env_alias_name, name, PART_NAME_LEN);
42 aliased_part_name = env_get(env_alias_name);
43 if (aliased_part_name != NULL)
44 ret = part_get_info_by_name(dev_desc,
45 aliased_part_name, info);
51 * fb_mmc_blk_write() - Write/erase MMC in chunks of FASTBOOT_MAX_BLK_WRITE
53 * @block_dev: Pointer to block device
54 * @start: First block to write/erase
55 * @blkcnt: Count of blocks
56 * @buffer: Pointer to data buffer for write or NULL for erase
58 static lbaint_t fb_mmc_blk_write(struct blk_desc *block_dev, lbaint_t start,
59 lbaint_t blkcnt, const void *buffer)
62 lbaint_t blks_written;
67 for (i = 0; i < blkcnt; i += FASTBOOT_MAX_BLK_WRITE) {
68 cur_blkcnt = min((int)blkcnt - i, FASTBOOT_MAX_BLK_WRITE);
70 if (fastboot_progress_callback)
71 fastboot_progress_callback("writing");
72 blks_written = blk_dwrite(block_dev, blk, cur_blkcnt,
73 buffer + (i * block_dev->blksz));
75 if (fastboot_progress_callback)
76 fastboot_progress_callback("erasing");
77 blks_written = blk_derase(block_dev, blk, cur_blkcnt);
85 static lbaint_t fb_mmc_sparse_write(struct sparse_storage *info,
86 lbaint_t blk, lbaint_t blkcnt, const void *buffer)
88 struct fb_mmc_sparse *sparse = info->priv;
89 struct blk_desc *dev_desc = sparse->dev_desc;
91 return fb_mmc_blk_write(dev_desc, blk, blkcnt, buffer);
94 static lbaint_t fb_mmc_sparse_reserve(struct sparse_storage *info,
95 lbaint_t blk, lbaint_t blkcnt)
100 static void write_raw_image(struct blk_desc *dev_desc, disk_partition_t *info,
101 const char *part_name, void *buffer,
102 u32 download_bytes, char *response)
107 /* determine number of blocks to write */
108 blkcnt = ((download_bytes + (info->blksz - 1)) & ~(info->blksz - 1));
109 blkcnt = lldiv(blkcnt, info->blksz);
111 if (blkcnt > info->size) {
112 pr_err("too large for partition: '%s'\n", part_name);
113 fastboot_fail("too large for partition", response);
117 puts("Flashing Raw Image\n");
119 blks = fb_mmc_blk_write(dev_desc, info->start, blkcnt, buffer);
121 if (blks != blkcnt) {
122 pr_err("failed writing to device %d\n", dev_desc->devnum);
123 fastboot_fail("failed writing to device", response);
127 printf("........ wrote " LBAFU " bytes to '%s'\n", blkcnt * info->blksz,
129 fastboot_okay(NULL, response);
132 #ifdef CONFIG_FASTBOOT_MMC_BOOT1_SUPPORT
133 static int fb_mmc_erase_mmc_hwpart(struct blk_desc *dev_desc)
137 debug("Start Erasing mmc hwpart[%u]...\n", dev_desc->hwpart);
139 blks = fb_mmc_blk_write(dev_desc, 0, dev_desc->lba, NULL);
141 if (blks != dev_desc->lba) {
142 pr_err("Failed to erase mmc hwpart[%u]\n", dev_desc->hwpart);
146 printf("........ erased %lu bytes from mmc hwpart[%u]\n",
147 dev_desc->lba * dev_desc->blksz, dev_desc->hwpart);
152 static void fb_mmc_boot1_ops(struct blk_desc *dev_desc, void *buffer,
153 u32 buff_sz, char *response)
159 // To operate on EMMC_BOOT1 (mmc0boot0), we first change the hwpart
160 if (blk_dselect_hwpart(dev_desc, 1)) {
161 pr_err("Failed to select hwpart\n");
162 fastboot_fail("Failed to select hwpart", response);
166 if (buffer) { /* flash */
168 /* determine number of blocks to write */
169 blksz = dev_desc->blksz;
170 blkcnt = ((buff_sz + (blksz - 1)) & ~(blksz - 1));
171 blkcnt = lldiv(blkcnt, blksz);
173 if (blkcnt > dev_desc->lba) {
174 pr_err("Image size too large\n");
175 fastboot_fail("Image size too large", response);
179 debug("Start Flashing Image to EMMC_BOOT1...\n");
181 blks = fb_mmc_blk_write(dev_desc, 0, blkcnt, buffer);
183 if (blks != blkcnt) {
184 pr_err("Failed to write EMMC_BOOT1\n");
185 fastboot_fail("Failed to write EMMC_BOOT1", response);
189 printf("........ wrote %lu bytes to EMMC_BOOT1\n",
192 if (fb_mmc_erase_mmc_hwpart(dev_desc)) {
193 fastboot_fail("Failed to erase EMMC_BOOT1", response);
198 fastboot_okay(NULL, response);
202 #ifdef CONFIG_ANDROID_BOOT_IMAGE
204 * Read Android boot image header from boot partition.
206 * @param[in] dev_desc MMC device descriptor
207 * @param[in] info Boot partition info
208 * @param[out] hdr Where to store read boot image header
210 * @return Boot image header sectors count or 0 on error
212 static lbaint_t fb_mmc_get_boot_header(struct blk_desc *dev_desc,
213 disk_partition_t *info,
214 struct andr_img_hdr *hdr,
217 ulong sector_size; /* boot partition sector size */
218 lbaint_t hdr_sectors; /* boot image header sectors count */
221 /* Calculate boot image sectors count */
222 sector_size = info->blksz;
223 hdr_sectors = DIV_ROUND_UP(sizeof(struct andr_img_hdr), sector_size);
224 if (hdr_sectors == 0) {
225 pr_err("invalid number of boot sectors: 0\n");
226 fastboot_fail("invalid number of boot sectors: 0", response);
230 /* Read the boot image header */
231 res = blk_dread(dev_desc, info->start, hdr_sectors, (void *)hdr);
232 if (res != hdr_sectors) {
233 pr_err("cannot read header from boot partition\n");
234 fastboot_fail("cannot read header from boot partition",
239 /* Check boot header magic string */
240 res = android_image_check_header(hdr);
242 pr_err("bad boot image magic\n");
243 fastboot_fail("boot partition not initialized", response);
251 * Write downloaded zImage to boot partition and repack it properly.
253 * @param dev_desc MMC device descriptor
254 * @param download_buffer Address to fastboot buffer with zImage in it
255 * @param download_bytes Size of fastboot buffer, in bytes
257 * @return 0 on success or -1 on error
259 static int fb_mmc_update_zimage(struct blk_desc *dev_desc,
260 void *download_buffer,
264 uintptr_t hdr_addr; /* boot image header address */
265 struct andr_img_hdr *hdr; /* boot image header */
266 lbaint_t hdr_sectors; /* boot image header sectors */
268 u32 ramdisk_sector_start;
270 u32 kernel_sector_start;
272 u32 sectors_per_page;
273 disk_partition_t info;
276 puts("Flashing zImage\n");
278 /* Get boot partition info */
279 res = part_get_info_by_name(dev_desc, BOOT_PARTITION_NAME, &info);
281 pr_err("cannot find boot partition\n");
282 fastboot_fail("cannot find boot partition", response);
286 /* Put boot image header in fastboot buffer after downloaded zImage */
287 hdr_addr = (uintptr_t)download_buffer + ALIGN(download_bytes, PAGE_SIZE);
288 hdr = (struct andr_img_hdr *)hdr_addr;
290 /* Read boot image header */
291 hdr_sectors = fb_mmc_get_boot_header(dev_desc, &info, hdr, response);
292 if (hdr_sectors == 0) {
293 pr_err("unable to read boot image header\n");
294 fastboot_fail("unable to read boot image header", response);
298 /* Check if boot image has second stage in it (we don't support it) */
299 if (hdr->second_size > 0) {
300 pr_err("moving second stage is not supported yet\n");
301 fastboot_fail("moving second stage is not supported yet",
306 /* Extract ramdisk location */
307 sectors_per_page = hdr->page_size / info.blksz;
308 ramdisk_sector_start = info.start + sectors_per_page;
309 ramdisk_sector_start += DIV_ROUND_UP(hdr->kernel_size, hdr->page_size) *
311 ramdisk_sectors = DIV_ROUND_UP(hdr->ramdisk_size, hdr->page_size) *
314 /* Read ramdisk and put it in fastboot buffer after boot image header */
315 ramdisk_buffer = (u8 *)hdr + (hdr_sectors * info.blksz);
316 res = blk_dread(dev_desc, ramdisk_sector_start, ramdisk_sectors,
318 if (res != ramdisk_sectors) {
319 pr_err("cannot read ramdisk from boot partition\n");
320 fastboot_fail("cannot read ramdisk from boot partition",
325 /* Write new kernel size to boot image header */
326 hdr->kernel_size = download_bytes;
327 res = blk_dwrite(dev_desc, info.start, hdr_sectors, (void *)hdr);
329 pr_err("cannot writeback boot image header\n");
330 fastboot_fail("cannot write back boot image header", response);
334 /* Write the new downloaded kernel */
335 kernel_sector_start = info.start + sectors_per_page;
336 kernel_sectors = DIV_ROUND_UP(hdr->kernel_size, hdr->page_size) *
338 res = blk_dwrite(dev_desc, kernel_sector_start, kernel_sectors,
341 pr_err("cannot write new kernel\n");
342 fastboot_fail("cannot write new kernel", response);
346 /* Write the saved ramdisk back */
347 ramdisk_sector_start = info.start + sectors_per_page;
348 ramdisk_sector_start += DIV_ROUND_UP(hdr->kernel_size, hdr->page_size) *
350 res = blk_dwrite(dev_desc, ramdisk_sector_start, ramdisk_sectors,
353 pr_err("cannot write back original ramdisk\n");
354 fastboot_fail("cannot write back original ramdisk", response);
358 puts("........ zImage was updated in boot partition\n");
359 fastboot_okay(NULL, response);
365 * fastboot_mmc_get_part_info() - Lookup eMMC partion by name
367 * @part_name: Named partition to lookup
368 * @dev_desc: Pointer to returned blk_desc pointer
369 * @part_info: Pointer to returned disk_partition_t
370 * @response: Pointer to fastboot response buffer
372 int fastboot_mmc_get_part_info(const char *part_name,
373 struct blk_desc **dev_desc,
374 disk_partition_t *part_info, char *response)
378 *dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV);
380 fastboot_fail("block device not found", response);
383 if (!part_name || !strcmp(part_name, "")) {
384 fastboot_fail("partition not given", response);
388 r = part_get_info_by_name_or_alias(*dev_desc, part_name, part_info);
390 fastboot_fail("partition not found", response);
398 * fastboot_mmc_flash_write() - Write image to eMMC for fastboot
400 * @cmd: Named partition to write image to
401 * @download_buffer: Pointer to image data
402 * @download_bytes: Size of image data
403 * @response: Pointer to fastboot response buffer
405 void fastboot_mmc_flash_write(const char *cmd, void *download_buffer,
406 u32 download_bytes, char *response)
408 struct blk_desc *dev_desc;
409 disk_partition_t info;
411 dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV);
412 if (!dev_desc || dev_desc->type == DEV_TYPE_UNKNOWN) {
413 pr_err("invalid mmc device\n");
414 fastboot_fail("invalid mmc device", response);
418 #ifdef CONFIG_FASTBOOT_MMC_BOOT1_SUPPORT
419 if (strcmp(cmd, CONFIG_FASTBOOT_MMC_BOOT1_NAME) == 0) {
420 fb_mmc_boot1_ops(dev_desc, download_buffer,
421 download_bytes, response);
426 #if CONFIG_IS_ENABLED(EFI_PARTITION)
427 #ifndef CONFIG_FASTBOOT_MMC_USER_NAME
428 if (strcmp(cmd, CONFIG_FASTBOOT_GPT_NAME) == 0) {
430 if (strcmp(cmd, CONFIG_FASTBOOT_GPT_NAME) == 0 ||
431 strcmp(cmd, CONFIG_FASTBOOT_MMC_USER_NAME) == 0) {
433 printf("%s: updating MBR, Primary and Backup GPT(s)\n",
435 if (is_valid_gpt_buf(dev_desc, download_buffer)) {
436 printf("%s: invalid GPT - refusing to write to flash\n",
438 fastboot_fail("invalid GPT partition", response);
441 if (write_mbr_and_gpt_partitions(dev_desc, download_buffer)) {
442 printf("%s: writing GPT partitions failed\n", __func__);
443 fastboot_fail("writing GPT partitions failed",
447 printf("........ success\n");
448 fastboot_okay(NULL, response);
453 #if CONFIG_IS_ENABLED(DOS_PARTITION)
454 if (strcmp(cmd, CONFIG_FASTBOOT_MBR_NAME) == 0) {
455 printf("%s: updating MBR\n", __func__);
456 if (is_valid_dos_buf(download_buffer)) {
457 printf("%s: invalid MBR - refusing to write to flash\n",
459 fastboot_fail("invalid MBR partition", response);
462 if (write_mbr_partition(dev_desc, download_buffer)) {
463 printf("%s: writing MBR partition failed\n", __func__);
464 fastboot_fail("writing MBR partition failed",
468 printf("........ success\n");
469 fastboot_okay(NULL, response);
474 #ifdef CONFIG_ANDROID_BOOT_IMAGE
475 if (strncasecmp(cmd, "zimage", 6) == 0) {
476 fb_mmc_update_zimage(dev_desc, download_buffer,
477 download_bytes, response);
482 if (part_get_info_by_name_or_alias(dev_desc, cmd, &info) < 0) {
483 pr_err("cannot find partition: '%s'\n", cmd);
484 fastboot_fail("cannot find partition", response);
488 if (is_sparse_image(download_buffer)) {
489 struct fb_mmc_sparse sparse_priv;
490 struct sparse_storage sparse;
493 sparse_priv.dev_desc = dev_desc;
495 sparse.blksz = info.blksz;
496 sparse.start = info.start;
497 sparse.size = info.size;
498 sparse.write = fb_mmc_sparse_write;
499 sparse.reserve = fb_mmc_sparse_reserve;
500 sparse.mssg = fastboot_fail;
502 printf("Flashing sparse image at offset " LBAFU "\n",
505 sparse.priv = &sparse_priv;
506 err = write_sparse_image(&sparse, cmd, download_buffer,
509 fastboot_okay(NULL, response);
511 write_raw_image(dev_desc, &info, cmd, download_buffer,
512 download_bytes, response);
517 * fastboot_mmc_flash_erase() - Erase eMMC for fastboot
519 * @cmd: Named partition to erase
520 * @response: Pointer to fastboot response buffer
522 void fastboot_mmc_erase(const char *cmd, char *response)
525 struct blk_desc *dev_desc;
526 disk_partition_t info;
527 lbaint_t blks, blks_start, blks_size, grp_size;
528 struct mmc *mmc = find_mmc_device(CONFIG_FASTBOOT_FLASH_MMC_DEV);
531 pr_err("invalid mmc device\n");
532 fastboot_fail("invalid mmc device", response);
536 dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV);
537 if (!dev_desc || dev_desc->type == DEV_TYPE_UNKNOWN) {
538 pr_err("invalid mmc device\n");
539 fastboot_fail("invalid mmc device", response);
543 #ifdef CONFIG_FASTBOOT_MMC_BOOT1_SUPPORT
544 if (strcmp(cmd, CONFIG_FASTBOOT_MMC_BOOT1_NAME) == 0) {
545 /* erase EMMC boot1 */
546 fb_mmc_boot1_ops(dev_desc, NULL, 0, response);
551 #ifdef CONFIG_FASTBOOT_MMC_USER_NAME
552 if (strcmp(cmd, CONFIG_FASTBOOT_MMC_USER_NAME) == 0) {
553 /* erase EMMC userdata */
554 if (fb_mmc_erase_mmc_hwpart(dev_desc))
555 fastboot_fail("Failed to erase EMMC_USER", response);
557 fastboot_okay(NULL, response);
562 ret = part_get_info_by_name_or_alias(dev_desc, cmd, &info);
564 pr_err("cannot find partition: '%s'\n", cmd);
565 fastboot_fail("cannot find partition", response);
569 /* Align blocks to erase group size to avoid erasing other partitions */
570 grp_size = mmc->erase_grp_size;
571 blks_start = (info.start + grp_size - 1) & ~(grp_size - 1);
572 if (info.size >= grp_size)
573 blks_size = (info.size - (blks_start - info.start)) &
578 printf("Erasing blocks " LBAFU " to " LBAFU " due to alignment\n",
579 blks_start, blks_start + blks_size);
581 blks = fb_mmc_blk_write(dev_desc, blks_start, blks_size, NULL);
583 if (blks != blks_size) {
584 pr_err("failed erasing from device %d\n", dev_desc->devnum);
585 fastboot_fail("failed erasing from device", response);
589 printf("........ erased " LBAFU " bytes from '%s'\n",
590 blks_size * info.blksz, cmd);
591 fastboot_okay(NULL, response);