2 * Boot a Marvell SoC, with Xmodem over UART0.
3 * supports Kirkwood, Dove, Armada 370, Armada XP, Armada 375, Armada 38x and
6 * (c) 2012 Daniel Stodden <daniel.stodden@gmail.com>
7 * (c) 2021 Pali Rohár <pali@kernel.org>
8 * (c) 2021 Marek Behún <marek.behun@nic.cz>
10 * References: marvell.com, "88F6180, 88F6190, 88F6192, and 88F6281
11 * Integrated Controller: Functional Specifications" December 2,
12 * 2008. Chapter 24.2 "BootROM Firmware".
33 #include "termios_linux.h"
39 * Marvell BootROM UART Sensing
42 static unsigned char kwboot_msg_boot[] = {
43 0xBB, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
46 static unsigned char kwboot_msg_debug[] = {
47 0xDD, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
50 /* Defines known to work on Kirkwood */
51 #define KWBOOT_MSG_REQ_DELAY 10 /* ms */
52 #define KWBOOT_MSG_RSP_TIMEO 50 /* ms */
54 /* Defines known to work on Armada XP */
55 #define KWBOOT_MSG_REQ_DELAY_AXP 1000 /* ms */
56 #define KWBOOT_MSG_RSP_TIMEO_AXP 1000 /* ms */
62 #define SOH 1 /* sender start of block header */
63 #define EOT 4 /* sender end of block transfer */
64 #define ACK 6 /* target block ack */
65 #define NAK 21 /* target block negative ack */
66 #define CAN 24 /* target/sender transfer cancellation */
68 #define KWBOOT_XM_BLKSZ 128 /* xmodem block size */
74 uint8_t data[KWBOOT_XM_BLKSZ];
78 #define KWBOOT_BLK_RSP_TIMEO 2000 /* ms */
79 #define KWBOOT_HDR_RSP_TIMEO 10000 /* ms */
81 /* ARM code to change baudrate */
82 static unsigned char kwboot_baud_code[] = {
83 /* ; #define UART_BASE 0xd0012000 */
84 /* ; #define DLL 0x00 */
85 /* ; #define DLH 0x04 */
86 /* ; #define LCR 0x0c */
87 /* ; #define DLAB 0x80 */
88 /* ; #define LSR 0x14 */
89 /* ; #define TEMT 0x40 */
90 /* ; #define DIV_ROUND(a, b) ((a + b/2) / b) */
92 /* ; u32 set_baudrate(u32 old_b, u32 new_b) { */
94 /* ; (!(readl(UART_BASE + LSR) & TEMT)); */
95 /* ; u32 lcr = readl(UART_BASE + LCR); */
96 /* ; writel(UART_BASE + LCR, lcr | DLAB); */
97 /* ; u8 old_dll = readl(UART_BASE + DLL); */
98 /* ; u8 old_dlh = readl(UART_BASE + DLH); */
99 /* ; u16 old_dl = old_dll | (old_dlh << 8); */
100 /* ; u32 clk = old_b * old_dl; */
101 /* ; u16 new_dl = DIV_ROUND(clk, new_b); */
102 /* ; u8 new_dll = new_dl & 0xff; */
103 /* ; u8 new_dlh = (new_dl >> 8) & 0xff; */
104 /* ; writel(UART_BASE + DLL, new_dll); */
105 /* ; writel(UART_BASE + DLH, new_dlh); */
106 /* ; writel(UART_BASE + LCR, lcr & ~DLAB); */
111 /* ; r0 = UART_BASE */
112 0x0d, 0x02, 0xa0, 0xe3, /* mov r0, #0xd0000000 */
113 0x12, 0x0a, 0x80, 0xe3, /* orr r0, r0, #0x12000 */
115 /* ; Wait until Transmitter FIFO is Empty */
116 /* .Lloop_txempty: */
117 /* ; r1 = UART_BASE[LSR] & TEMT */
118 0x14, 0x10, 0x90, 0xe5, /* ldr r1, [r0, #0x14] */
119 0x40, 0x00, 0x11, 0xe3, /* tst r1, #0x40 */
120 0xfc, 0xff, 0xff, 0x0a, /* beq .Lloop_txempty */
122 /* ; Set Divisor Latch Access Bit */
123 /* ; UART_BASE[LCR] |= DLAB */
124 0x0c, 0x10, 0x90, 0xe5, /* ldr r1, [r0, #0x0c] */
125 0x80, 0x10, 0x81, 0xe3, /* orr r1, r1, #0x80 */
126 0x0c, 0x10, 0x80, 0xe5, /* str r1, [r0, #0x0c] */
128 /* ; Read current Divisor Latch */
129 /* ; r1 = UART_BASE[DLH]<<8 | UART_BASE[DLL] */
130 0x00, 0x10, 0x90, 0xe5, /* ldr r1, [r0, #0x00] */
131 0xff, 0x10, 0x01, 0xe2, /* and r1, r1, #0xff */
132 0x01, 0x20, 0xa0, 0xe1, /* mov r2, r1 */
133 0x04, 0x10, 0x90, 0xe5, /* ldr r1, [r0, #0x04] */
134 0xff, 0x10, 0x01, 0xe2, /* and r1, r1, #0xff */
135 0x41, 0x14, 0xa0, 0xe1, /* asr r1, r1, #8 */
136 0x02, 0x10, 0x81, 0xe1, /* orr r1, r1, r2 */
138 /* ; Read old baudrate value */
139 /* ; r2 = old_baudrate */
140 0x74, 0x20, 0x9f, 0xe5, /* ldr r2, old_baudrate */
142 /* ; Calculate base clock */
144 0x92, 0x01, 0x01, 0xe0, /* mul r1, r2, r1 */
146 /* ; Read new baudrate value */
147 /* ; r2 = new_baudrate */
148 0x70, 0x20, 0x9f, 0xe5, /* ldr r2, new_baudrate */
150 /* ; Calculate new Divisor Latch */
151 /* ; r1 = DIV_ROUND(r1, r2) = */
152 /* ; = (r1 + r2/2) / r2 */
153 0xa2, 0x10, 0x81, 0xe0, /* add r1, r1, r2, lsr #1 */
154 0x02, 0x40, 0xa0, 0xe1, /* mov r4, r2 */
155 0xa1, 0x00, 0x54, 0xe1, /* cmp r4, r1, lsr #1 */
157 0x84, 0x40, 0xa0, 0x91, /* movls r4, r4, lsl #1 */
158 0xa1, 0x00, 0x54, 0xe1, /* cmp r4, r1, lsr #1 */
159 0xfc, 0xff, 0xff, 0x9a, /* bls .Lloop_div1 */
160 0x00, 0x30, 0xa0, 0xe3, /* mov r3, #0 */
162 0x04, 0x00, 0x51, 0xe1, /* cmp r1, r4 */
163 0x04, 0x10, 0x41, 0x20, /* subhs r1, r1, r4 */
164 0x03, 0x30, 0xa3, 0xe0, /* adc r3, r3, r3 */
165 0xa4, 0x40, 0xa0, 0xe1, /* mov r4, r4, lsr #1 */
166 0x02, 0x00, 0x54, 0xe1, /* cmp r4, r2 */
167 0xf9, 0xff, 0xff, 0x2a, /* bhs .Lloop_div2 */
168 0x03, 0x10, 0xa0, 0xe1, /* mov r1, r3 */
170 /* ; Set new Divisor Latch Low */
171 /* ; UART_BASE[DLL] = r1 & 0xff */
172 0x01, 0x20, 0xa0, 0xe1, /* mov r2, r1 */
173 0xff, 0x20, 0x02, 0xe2, /* and r2, r2, #0xff */
174 0x00, 0x20, 0x80, 0xe5, /* str r2, [r0, #0x00] */
176 /* ; Set new Divisor Latch High */
177 /* ; UART_BASE[DLH] = r1>>8 & 0xff */
178 0x41, 0x24, 0xa0, 0xe1, /* asr r2, r1, #8 */
179 0xff, 0x20, 0x02, 0xe2, /* and r2, r2, #0xff */
180 0x04, 0x20, 0x80, 0xe5, /* str r2, [r0, #0x04] */
182 /* ; Clear Divisor Latch Access Bit */
183 /* ; UART_BASE[LCR] &= ~DLAB */
184 0x0c, 0x10, 0x90, 0xe5, /* ldr r1, [r0, #0x0c] */
185 0x80, 0x10, 0xc1, 0xe3, /* bic r1, r1, #0x80 */
186 0x0c, 0x10, 0x80, 0xe5, /* str r1, [r0, #0x0c] */
188 /* ; Loop 0x2dc000 (2998272) cycles */
189 /* ; which is about 5ms on 1200 MHz CPU */
190 /* ; r1 = 0x2dc000 */
191 0xb7, 0x19, 0xa0, 0xe3, /* mov r1, #0x2dc000 */
193 0x01, 0x10, 0x41, 0xe2, /* sub r1, r1, #1 */
194 0x00, 0x00, 0x51, 0xe3, /* cmp r1, #0 */
195 0xfc, 0xff, 0xff, 0x1a, /* bne .Lloop_sleep */
197 /* ; Jump to the end of execution */
198 0x01, 0x00, 0x00, 0xea, /* b end */
200 /* ; Placeholder for old baudrate value */
202 0x00, 0x00, 0x00, 0x00, /* .word 0 */
204 /* ; Placeholder for new baudrate value */
206 0x00, 0x00, 0x00, 0x00, /* .word 0 */
211 /* ARM code from binary header executed by BootROM before changing baudrate */
212 static unsigned char kwboot_baud_code_binhdr_pre[] = {
213 /* ; #define UART_BASE 0xd0012000 */
214 /* ; #define THR 0x00 */
215 /* ; #define LSR 0x14 */
216 /* ; #define THRE 0x20 */
218 /* ; void send_preamble(void) { */
219 /* ; const u8 *str = "$baudratechange"; */
223 /* ; ((readl(UART_BASE + LSR) & THRE)); */
225 /* ; writel(UART_BASE + THR, c); */
229 /* ; Preserve registers for BootROM */
230 0xfe, 0x5f, 0x2d, 0xe9, /* push { r1 - r12, lr } */
232 /* ; r0 = UART_BASE */
233 0x0d, 0x02, 0xa0, 0xe3, /* mov r0, #0xd0000000 */
234 0x12, 0x0a, 0x80, 0xe3, /* orr r0, r0, #0x12000 */
236 /* ; r2 = address of preamble string */
237 0x00, 0x20, 0x8f, 0xe2, /* adr r2, .Lstr_preamble */
239 /* ; Skip preamble data section */
240 0x03, 0x00, 0x00, 0xea, /* b .Lloop_preamble */
242 /* ; Preamble string */
243 /* .Lstr_preamble: */
244 0x24, 0x62, 0x61, 0x75, /* .asciz "$baudratechange" */
245 0x64, 0x72, 0x61, 0x74,
246 0x65, 0x63, 0x68, 0x61,
247 0x6e, 0x67, 0x65, 0x00,
249 /* ; Send preamble string over UART */
250 /* .Lloop_preamble: */
252 /* ; Wait until Transmitter Holding is Empty */
254 /* ; r1 = UART_BASE[LSR] & THRE */
255 0x14, 0x10, 0x90, 0xe5, /* ldr r1, [r0, #0x14] */
256 0x20, 0x00, 0x11, 0xe3, /* tst r1, #0x20 */
257 0xfc, 0xff, 0xff, 0x0a, /* beq .Lloop_thre */
259 /* ; Put character into Transmitter FIFO */
261 0x01, 0x10, 0xd2, 0xe4, /* ldrb r1, [r2], #1 */
262 /* ; UART_BASE[THR] = r1 */
263 0x00, 0x10, 0x80, 0xe5, /* str r1, [r0, #0x0] */
265 /* ; Loop until end of preamble string */
266 0x00, 0x00, 0x51, 0xe3, /* cmp r1, #0 */
267 0xf8, 0xff, 0xff, 0x1a, /* bne .Lloop_preamble */
270 /* ARM code for returning from binary header back to BootROM */
271 static unsigned char kwboot_baud_code_binhdr_post[] = {
272 /* ; Return 0 - no error */
273 0x00, 0x00, 0xa0, 0xe3, /* mov r0, #0 */
274 0xfe, 0x9f, 0xbd, 0xe8, /* pop { r1 - r12, pc } */
277 /* ARM code for jumping to the original image exec_addr */
278 static unsigned char kwboot_baud_code_data_jump[] = {
279 0x04, 0xf0, 0x1f, 0xe5, /* ldr pc, exec_addr */
280 /* ; Placeholder for exec_addr */
282 0x00, 0x00, 0x00, 0x00, /* .word 0 */
285 static const char kwb_baud_magic[16] = "$baudratechange";
287 static int kwboot_verbose;
289 static int msg_req_delay = KWBOOT_MSG_REQ_DELAY;
290 static int msg_rsp_timeo = KWBOOT_MSG_RSP_TIMEO;
291 static int blk_rsp_timeo = KWBOOT_BLK_RSP_TIMEO;
294 kwboot_write(int fd, const char *buf, size_t len)
299 ssize_t wr = write(fd, buf + tot, len - tot);
311 kwboot_printv(const char *fmt, ...)
315 if (kwboot_verbose) {
326 const char seq[] = { '-', '\\', '|', '/' };
328 static int state, bs;
330 if (state % div == 0) {
332 fputc(seq[state / div % sizeof(seq)], stdout);
348 __progress(int pct, char c)
350 const int width = 70;
351 static const char *nl = "";
354 if (pos % width == 0)
355 printf("%s%3d %% [", nl, pct);
360 pos = (pos + 1) % width;
363 while (pos && pos++ < width)
375 kwboot_progress(int _pct, char c)
390 kwboot_tty_recv(int fd, void *buf, size_t len, int timeo)
403 tv.tv_usec = timeo * 1000;
404 if (tv.tv_usec > 1000000) {
405 tv.tv_sec += tv.tv_usec / 1000000;
406 tv.tv_usec %= 1000000;
410 nfds = select(fd + 1, &rfds, NULL, NULL, &tv);
418 n = read(fd, buf, len);
422 buf = (char *)buf + n;
432 kwboot_tty_send(int fd, const void *buf, size_t len, int nodrain)
437 if (kwboot_write(fd, buf, len) < 0)
447 kwboot_tty_send_char(int fd, unsigned char c)
449 return kwboot_tty_send(fd, &c, 1, 0);
453 kwboot_tty_baudrate_to_speed(int baudrate)
602 _is_within_tolerance(int value, int reference, int tolerance)
604 return 100 * value >= reference * (100 - tolerance) &&
605 100 * value <= reference * (100 + tolerance);
609 kwboot_tty_change_baudrate(int fd, int baudrate)
615 rc = tcgetattr(fd, &tio);
619 speed = kwboot_tty_baudrate_to_speed(baudrate);
627 tio.c_ospeed = tio.c_ispeed = baudrate;
630 rc = cfsetospeed(&tio, speed);
634 rc = cfsetispeed(&tio, speed);
638 rc = tcsetattr(fd, TCSANOW, &tio);
642 rc = tcgetattr(fd, &tio);
646 if (cfgetospeed(&tio) != speed || cfgetispeed(&tio) != speed)
651 * Check whether set baudrate is within 3% tolerance.
652 * If BOTHER is defined, Linux always fills out c_ospeed / c_ispeed
655 if (!_is_within_tolerance(tio.c_ospeed, baudrate, 3))
658 if (!_is_within_tolerance(tio.c_ispeed, baudrate, 3))
665 fprintf(stderr, "Could not set baudrate to requested value\n");
671 kwboot_open_tty(const char *path, int baudrate)
678 fd = open(path, O_RDWR | O_NOCTTY | O_NDELAY);
682 rc = tcgetattr(fd, &tio);
687 tio.c_cflag |= CREAD | CLOCAL;
688 tio.c_cflag &= ~(CSTOPB | HUPCL | CRTSCTS);
692 rc = tcsetattr(fd, TCSANOW, &tio);
696 flags = fcntl(fd, F_GETFL);
700 rc = fcntl(fd, F_SETFL, flags & ~O_NDELAY);
704 rc = kwboot_tty_change_baudrate(fd, baudrate);
719 kwboot_bootmsg(int tty, void *msg)
726 kwboot_printv("Please reboot the target into UART boot mode...");
728 kwboot_printv("Sending boot message. Please reboot the target...");
731 rc = tcflush(tty, TCIOFLUSH);
735 for (count = 0; count < 128; count++) {
736 rc = kwboot_tty_send(tty, msg, 8, 0);
738 usleep(msg_req_delay * 1000);
743 rc = kwboot_tty_recv(tty, &c, 1, msg_rsp_timeo);
747 } while (rc || c != NAK);
755 kwboot_debugmsg(int tty, void *msg)
759 kwboot_printv("Sending debug message. Please reboot the target...");
764 rc = tcflush(tty, TCIOFLUSH);
768 rc = kwboot_tty_send(tty, msg, 8, 0);
770 usleep(msg_req_delay * 1000);
774 rc = kwboot_tty_recv(tty, buf, 16, msg_rsp_timeo);
786 kwboot_xm_makeblock(struct kwboot_block *block, const void *data,
787 size_t size, int pnum)
793 block->_pnum = ~block->pnum;
795 n = size < KWBOOT_XM_BLKSZ ? size : KWBOOT_XM_BLKSZ;
796 memcpy(&block->data[0], data, n);
797 memset(&block->data[n], 0, KWBOOT_XM_BLKSZ - n);
800 for (i = 0; i < n; i++)
801 block->csum += block->data[i];
811 if (clock_gettime(CLOCK_MONOTONIC, &ts)) {
812 static int err_print;
815 perror("clock_gettime() does not work");
819 /* this will just make the timeout not work */
823 return ts.tv_sec * 1000ULL + (ts.tv_nsec + 500000) / 1000000;
829 return c == ACK || c == NAK || c == CAN;
833 _xm_reply_to_error(int c)
856 kwboot_baud_magic_handle(int fd, char c, int baudrate)
858 static size_t rcv_len;
860 if (rcv_len < sizeof(kwb_baud_magic)) {
861 /* try to recognize whole magic word */
862 if (c == kwb_baud_magic[rcv_len]) {
865 printf("%.*s%c", (int)rcv_len, kwb_baud_magic, c);
871 if (rcv_len == sizeof(kwb_baud_magic)) {
872 /* magic word received */
873 kwboot_printv("\nChanging baudrate to %d Bd\n", baudrate);
875 return kwboot_tty_change_baudrate(fd, baudrate) ? : 1;
882 kwboot_xm_recv_reply(int fd, char *c, int nak_on_non_xm,
883 int ignore_nak_reply,
884 int allow_non_xm, int *non_xm_print,
885 int baudrate, int *baud_changed)
887 int timeout = allow_non_xm ? KWBOOT_HDR_RSP_TIMEO : blk_rsp_timeo;
888 uint64_t recv_until = _now() + timeout;
892 rc = kwboot_tty_recv(fd, c, 1, timeout);
894 if (errno != ETIMEDOUT)
896 else if (allow_non_xm && *non_xm_print)
902 /* If received xmodem reply, end. */
903 if (_is_xm_reply(*c)) {
904 if (*c == NAK && ignore_nak_reply) {
905 timeout = recv_until - _now();
913 * If receiving/printing non-xmodem text output is allowed and
914 * such a byte was received, we want to increase receiving time
916 * - print the byte, if it is not part of baudrate change magic
917 * sequence while baudrate change was requested (-B option)
919 * Otherwise decrease timeout by time elapsed.
922 recv_until = _now() + timeout;
924 if (baudrate && !*baud_changed) {
925 rc = kwboot_baud_magic_handle(fd, *c, baudrate);
932 } else if (!baudrate || !*baud_changed) {
942 timeout = recv_until - _now();
954 kwboot_xm_sendblock(int fd, struct kwboot_block *block, int allow_non_xm,
955 int *done_print, int baudrate)
957 int non_xm_print, baud_changed;
958 int rc, err, retries;
967 rc = kwboot_tty_send(fd, block, sizeof(*block), 1);
971 if (allow_non_xm && !*done_print) {
972 kwboot_progress(100, '.');
973 kwboot_printv("Done\n");
977 rc = kwboot_xm_recv_reply(fd, &c, retries < 3,
979 allow_non_xm, &non_xm_print,
980 baudrate, &baud_changed);
984 if (!allow_non_xm && c != ACK)
985 kwboot_progress(-1, '+');
986 } while (c == NAK && retries++ < 16);
991 if (allow_non_xm && baudrate && !baud_changed) {
992 fprintf(stderr, "Baudrate was not changed\n");
998 return _xm_reply_to_error(c);
1001 kwboot_tty_send_char(fd, CAN);
1002 kwboot_printv("\n");
1008 kwboot_xm_finish(int fd)
1013 kwboot_printv("Finishing transfer\n");
1017 rc = kwboot_tty_send_char(fd, EOT);
1021 rc = kwboot_xm_recv_reply(fd, &c, retries < 3,
1026 } while (c == NAK && retries++ < 16);
1028 return _xm_reply_to_error(c);
1032 kwboot_xmodem_one(int tty, int *pnum, int header, const uint8_t *data,
1033 size_t size, int baudrate)
1039 kwboot_printv("Sending boot image %s (%zu bytes)...\n",
1040 header ? "header" : "data", size);
1045 while (sent < size) {
1046 struct kwboot_block block;
1050 blksz = kwboot_xm_makeblock(&block, data, left, (*pnum)++);
1053 last_block = (left <= blksz);
1055 rc = kwboot_xm_sendblock(tty, &block, header && last_block,
1056 &done_print, baudrate);
1064 kwboot_progress(sent * 100 / size, '.');
1068 kwboot_printv("Done\n");
1072 kwboot_printv("\n");
1077 kwboot_xmodem(int tty, const void *_img, size_t size, int baudrate)
1079 const uint8_t *img = _img;
1083 hdrsz = kwbheader_size(img);
1086 * If header size is not aligned to xmodem block size (which applies
1087 * for all images in kwbimage v0 format) then we have to ensure that
1088 * the last xmodem block of header contains beginning of the data
1089 * followed by the header. So align header size to xmodem block size.
1091 hdrsz += (KWBOOT_XM_BLKSZ - hdrsz % KWBOOT_XM_BLKSZ) % KWBOOT_XM_BLKSZ;
1093 kwboot_printv("Waiting %d ms and flushing tty\n", blk_rsp_timeo);
1094 usleep(blk_rsp_timeo * 1000);
1095 tcflush(tty, TCIOFLUSH);
1099 rc = kwboot_xmodem_one(tty, &pnum, 1, img, hdrsz, baudrate);
1104 * If we have already sent image data as a part of the last
1105 * xmodem header block then we have nothing more to send.
1110 rc = kwboot_xmodem_one(tty, &pnum, 0, img, size, 0);
1115 rc = kwboot_xm_finish(tty);
1120 kwboot_printv("\nChanging baudrate back to 115200 Bd\n\n");
1121 rc = kwboot_tty_change_baudrate(tty, 115200);
1130 kwboot_term_pipe(int in, int out, const char *quit, int *s)
1133 char _buf[128], *buf = _buf;
1135 nin = read(in, buf, sizeof(_buf));
1142 for (i = 0; i < nin; i++) {
1143 if (*buf == quit[*s]) {
1150 if (kwboot_write(out, quit, *s) < 0)
1157 if (kwboot_write(out, buf, nin) < 0)
1164 kwboot_terminal(int tty)
1167 const char *quit = "\34c";
1168 struct termios otio, tio;
1174 rc = tcgetattr(in, &otio);
1178 rc = tcsetattr(in, TCSANOW, &tio);
1181 perror("tcsetattr");
1185 kwboot_printv("[Type Ctrl-%c + %c to quit]\r\n",
1186 quit[0] | 0100, quit[1]);
1199 nfds = nfds < tty ? tty : nfds;
1203 nfds = nfds < in ? in : nfds;
1206 nfds = select(nfds + 1, &rfds, NULL, NULL, NULL);
1210 if (FD_ISSET(tty, &rfds)) {
1211 rc = kwboot_term_pipe(tty, STDOUT_FILENO, NULL, NULL);
1216 if (in >= 0 && FD_ISSET(in, &rfds)) {
1217 rc = kwboot_term_pipe(in, tty, quit, &s);
1221 } while (quit[s] != 0);
1224 tcsetattr(in, TCSANOW, &otio);
1231 kwboot_read_image(const char *path, size_t *size, size_t reserve)
1241 fd = open(path, O_RDONLY);
1245 rc = fstat(fd, &st);
1249 img = malloc(st.st_size + reserve);
1254 while (tot < st.st_size) {
1255 ssize_t rd = read(fd, img + tot, st.st_size - tot);
1262 if (!rd && tot < st.st_size) {
1282 kwboot_hdr_csum8(const void *hdr)
1284 const uint8_t *data = hdr;
1288 size = kwbheader_size_for_csum(hdr);
1290 for (csum = 0; size-- > 0; data++)
1297 kwboot_img_csum32_ptr(void *img)
1299 struct main_hdr_v1 *hdr = img;
1302 datasz = le32_to_cpu(hdr->blocksize) - sizeof(uint32_t);
1304 return img + le32_to_cpu(hdr->srcaddr) + datasz;
1308 kwboot_img_csum32(const void *img)
1310 const struct main_hdr_v1 *hdr = img;
1311 uint32_t datasz, csum = 0;
1312 const uint32_t *data;
1314 datasz = le32_to_cpu(hdr->blocksize) - sizeof(csum);
1315 if (datasz % sizeof(uint32_t))
1318 data = img + le32_to_cpu(hdr->srcaddr);
1319 while (datasz > 0) {
1320 csum += le32_to_cpu(*data++);
1324 return cpu_to_le32(csum);
1328 kwboot_img_is_secure(void *img)
1330 struct opt_hdr_v1 *ohdr;
1332 for_each_opt_hdr_v1 (ohdr, img)
1333 if (ohdr->headertype == OPT_HDR_V1_SECURE_TYPE)
1340 kwboot_img_grow_data_right(void *img, size_t *size, size_t grow)
1342 struct main_hdr_v1 *hdr = img;
1346 * 32-bit checksum comes after end of image code, so we will be putting
1347 * new code there. So we get this pointer and then increase data size
1348 * (since increasing data size changes kwboot_img_csum32_ptr() return
1351 result = kwboot_img_csum32_ptr(img);
1352 hdr->blocksize = cpu_to_le32(le32_to_cpu(hdr->blocksize) + grow);
1359 kwboot_img_grow_hdr(void *img, size_t *size, size_t grow)
1361 uint32_t hdrsz, datasz, srcaddr;
1362 struct main_hdr_v1 *hdr = img;
1363 struct opt_hdr_v1 *ohdr;
1366 srcaddr = le32_to_cpu(hdr->srcaddr);
1368 /* calculate real used space in kwbimage header */
1369 if (kwbimage_version(img) == 0) {
1370 hdrsz = kwbheader_size(img);
1372 hdrsz = sizeof(*hdr);
1373 for_each_opt_hdr_v1 (ohdr, hdr)
1374 hdrsz += opt_hdr_v1_size(ohdr);
1377 data = (uint8_t *)img + srcaddr;
1378 datasz = *size - srcaddr;
1380 /* only move data if there is not enough space */
1381 if (hdrsz + grow > srcaddr) {
1382 size_t need = hdrsz + grow - srcaddr;
1384 /* move data by enough bytes */
1385 memmove(data + need, data, datasz);
1387 hdr->srcaddr = cpu_to_le32(srcaddr + need);
1391 if (kwbimage_version(img) == 1) {
1393 if (hdrsz > kwbheader_size(img)) {
1394 hdr->headersz_msb = hdrsz >> 16;
1395 hdr->headersz_lsb = cpu_to_le16(hdrsz & 0xffff);
1401 kwboot_add_bin_ohdr_v1(void *img, size_t *size, uint32_t binsz)
1403 struct main_hdr_v1 *hdr = img;
1404 struct opt_hdr_v1 *ohdr;
1411 for_each_opt_hdr_v1 (ohdr, img)
1412 if (opt_hdr_v1_next(ohdr) == NULL)
1415 prev_ext = opt_hdr_v1_ext(ohdr);
1416 ohdr = _opt_hdr_v1_next(ohdr);
1418 ohdr = (void *)(hdr + 1);
1419 prev_ext = &hdr->ext;
1423 * ARM executable code inside the BIN header on some mvebu platforms
1424 * (e.g. A370, AXP) must always be aligned with the 128-bit boundary.
1425 * This requirement can be met by inserting dummy arguments into
1426 * BIN header, if needed.
1428 offset = &ohdr->data[4] - (char *)img;
1429 num_args = ((16 - offset % 16) % 16) / sizeof(uint32_t);
1431 ohdrsz = sizeof(*ohdr) + 4 + 4 * num_args + binsz + 4;
1432 kwboot_img_grow_hdr(hdr, size, ohdrsz);
1436 ohdr->headertype = OPT_HDR_V1_BINARY_TYPE;
1437 ohdr->headersz_msb = ohdrsz >> 16;
1438 ohdr->headersz_lsb = cpu_to_le16(ohdrsz & 0xffff);
1440 memset(&ohdr->data[0], 0, ohdrsz - sizeof(*ohdr));
1441 *(uint32_t *)&ohdr->data[0] = cpu_to_le32(num_args);
1443 return &ohdr->data[4 + 4 * num_args];
1447 _inject_baudrate_change_code(void *img, size_t *size, int for_data,
1448 int old_baud, int new_baud)
1450 struct main_hdr_v1 *hdr = img;
1451 uint32_t orig_datasz;
1456 orig_datasz = le32_to_cpu(hdr->blocksize) - sizeof(uint32_t);
1458 codesz = sizeof(kwboot_baud_code) +
1459 sizeof(kwboot_baud_code_data_jump);
1460 code = kwboot_img_grow_data_right(img, size, codesz);
1462 codesz = sizeof(kwboot_baud_code_binhdr_pre) +
1463 sizeof(kwboot_baud_code) +
1464 sizeof(kwboot_baud_code_binhdr_post);
1465 code = kwboot_add_bin_ohdr_v1(img, size, codesz);
1467 codesz = sizeof(kwboot_baud_code_binhdr_pre);
1468 memcpy(code, kwboot_baud_code_binhdr_pre, codesz);
1472 codesz = sizeof(kwboot_baud_code) - 2 * sizeof(uint32_t);
1473 memcpy(code, kwboot_baud_code, codesz);
1475 *(uint32_t *)code = cpu_to_le32(old_baud);
1476 code += sizeof(uint32_t);
1477 *(uint32_t *)code = cpu_to_le32(new_baud);
1478 code += sizeof(uint32_t);
1481 codesz = sizeof(kwboot_baud_code_data_jump) - sizeof(uint32_t);
1482 memcpy(code, kwboot_baud_code_data_jump, codesz);
1484 *(uint32_t *)code = hdr->execaddr;
1485 code += sizeof(uint32_t);
1486 hdr->execaddr = cpu_to_le32(le32_to_cpu(hdr->destaddr) + orig_datasz);
1488 codesz = sizeof(kwboot_baud_code_binhdr_post);
1489 memcpy(code, kwboot_baud_code_binhdr_post, codesz);
1495 kwboot_img_patch(void *img, size_t *size, int baudrate)
1497 struct main_hdr_v1 *hdr;
1506 if (*size < sizeof(struct main_hdr_v1))
1509 image_ver = kwbimage_version(img);
1510 if (image_ver != 0 && image_ver != 1) {
1511 fprintf(stderr, "Invalid image header version\n");
1515 hdrsz = kwbheader_size(hdr);
1520 csum = kwboot_hdr_csum8(hdr) - hdr->checksum;
1521 if (csum != hdr->checksum)
1524 srcaddr = le32_to_cpu(hdr->srcaddr);
1526 switch (hdr->blockid) {
1527 case IBR_HDR_SATA_ID:
1531 hdr->srcaddr = cpu_to_le32((srcaddr - 1) * 512);
1534 case IBR_HDR_SDIO_ID:
1535 hdr->srcaddr = cpu_to_le32(srcaddr * 512);
1538 case IBR_HDR_PEX_ID:
1539 if (srcaddr == 0xFFFFFFFF)
1540 hdr->srcaddr = cpu_to_le32(hdrsz);
1543 case IBR_HDR_SPI_ID:
1544 if (hdr->destaddr == cpu_to_le32(0xFFFFFFFF)) {
1545 kwboot_printv("Patching destination and execution addresses from SPI/NOR XIP area to DDR area 0x00800000\n");
1546 hdr->destaddr = cpu_to_le32(0x00800000);
1547 hdr->execaddr = cpu_to_le32(0x00800000);
1552 if (hdrsz > le32_to_cpu(hdr->srcaddr) ||
1553 *size < le32_to_cpu(hdr->srcaddr) + le32_to_cpu(hdr->blocksize))
1556 if (kwboot_img_csum32(img) != *kwboot_img_csum32_ptr(img))
1559 is_secure = kwboot_img_is_secure(img);
1561 if (hdr->blockid != IBR_HDR_UART_ID) {
1564 "Image has secure header with signature for non-UART booting\n");
1568 kwboot_printv("Patching image boot signature to UART\n");
1569 hdr->blockid = IBR_HDR_UART_ID;
1573 if (image_ver == 1) {
1575 * Tell BootROM to send BootROM messages to UART port
1576 * number 0 (used also for UART booting) with default
1577 * baudrate (which should be 115200) and do not touch
1578 * UART MPP configuration.
1580 hdr->options &= ~0x1F;
1581 hdr->options |= MAIN_HDR_V1_OPT_BAUD_DEFAULT;
1582 hdr->options |= 0 << 3;
1585 ((struct main_hdr_v0 *)img)->nandeccmode = IBR_HDR_ECC_DISABLED;
1586 hdr->nandpagesize = 0;
1590 if (image_ver == 0) {
1592 "Cannot inject code for changing baudrate into v0 image header\n");
1598 "Cannot inject code for changing baudrate into image with secure header\n");
1603 * First inject code that changes the baudrate from the default
1604 * value of 115200 Bd to requested value. This code is inserted
1605 * as a new opt hdr, so it is executed by BootROM after the
1606 * header part is received.
1608 kwboot_printv("Injecting binary header code for changing baudrate to %d Bd\n",
1610 _inject_baudrate_change_code(img, size, 0, 115200, baudrate);
1613 * Now inject code that changes the baudrate back to 115200 Bd.
1614 * This code is appended after the data part of the image, and
1615 * execaddr is changed so that it is executed before U-Boot
1618 kwboot_printv("Injecting code for changing baudrate back\n");
1619 _inject_baudrate_change_code(img, size, 1, baudrate, 115200);
1621 /* Update the 32-bit data checksum */
1622 *kwboot_img_csum32_ptr(img) = kwboot_img_csum32(img);
1624 /* recompute header size */
1625 hdrsz = kwbheader_size(hdr);
1628 if (hdrsz % KWBOOT_XM_BLKSZ) {
1629 size_t grow = KWBOOT_XM_BLKSZ - hdrsz % KWBOOT_XM_BLKSZ;
1632 fprintf(stderr, "Cannot align image with secure header\n");
1636 kwboot_printv("Aligning image header to Xmodem block size\n");
1637 kwboot_img_grow_hdr(img, size, grow);
1640 hdr->checksum = kwboot_hdr_csum8(hdr) - csum;
1642 *size = le32_to_cpu(hdr->srcaddr) + le32_to_cpu(hdr->blocksize);
1650 kwboot_usage(FILE *stream, char *progname)
1653 "Usage: %s [OPTIONS] [-b <image> | -D <image> ] [-B <baud> ] <TTY>\n",
1655 fprintf(stream, "\n");
1657 " -b <image>: boot <image> with preamble (Kirkwood, Armada 370/XP)\n");
1659 " -D <image>: boot <image> without preamble (Dove)\n");
1660 fprintf(stream, " -d: enter debug mode\n");
1661 fprintf(stream, " -a: use timings for Armada XP\n");
1662 fprintf(stream, " -q <req-delay>: use specific request-delay\n");
1663 fprintf(stream, " -s <resp-timeo>: use specific response-timeout\n");
1665 " -o <block-timeo>: use specific xmodem block timeout\n");
1666 fprintf(stream, "\n");
1667 fprintf(stream, " -t: mini terminal\n");
1668 fprintf(stream, "\n");
1669 fprintf(stream, " -B <baud>: set baud rate\n");
1670 fprintf(stream, "\n");
1674 main(int argc, char **argv)
1676 const char *ttypath, *imgpath;
1677 int rv, rc, tty, term;
1682 size_t after_img_rsv;
1693 after_img_rsv = KWBOOT_XM_BLKSZ;
1696 printf("kwboot version %s\n", PLAIN_VERSION);
1698 kwboot_verbose = isatty(STDOUT_FILENO);
1701 int c = getopt(argc, argv, "hb:ptaB:dD:q:s:o:");
1707 bootmsg = kwboot_msg_boot;
1717 debugmsg = kwboot_msg_debug;
1721 /* nop, for backward compatibility */
1729 msg_req_delay = KWBOOT_MSG_REQ_DELAY_AXP;
1730 msg_rsp_timeo = KWBOOT_MSG_RSP_TIMEO_AXP;
1734 msg_req_delay = atoi(optarg);
1738 msg_rsp_timeo = atoi(optarg);
1742 blk_rsp_timeo = atoi(optarg);
1746 baudrate = atoi(optarg);
1756 if (!bootmsg && !term && !debugmsg)
1759 if (argc - optind < 1)
1762 ttypath = argv[optind++];
1764 tty = kwboot_open_tty(ttypath, imgpath ? 115200 : baudrate);
1770 if (baudrate == 115200)
1771 /* do not change baudrate during Xmodem to the same value */
1774 /* ensure we have enough space for baudrate change code */
1775 after_img_rsv += sizeof(struct opt_hdr_v1) + 8 + 16 +
1776 sizeof(kwboot_baud_code_binhdr_pre) +
1777 sizeof(kwboot_baud_code) +
1778 sizeof(kwboot_baud_code_binhdr_post) +
1780 sizeof(kwboot_baud_code) +
1781 sizeof(kwboot_baud_code_data_jump) +
1785 img = kwboot_read_image(imgpath, &size, after_img_rsv);
1791 rc = kwboot_img_patch(img, &size, baudrate);
1793 fprintf(stderr, "%s: Invalid image.\n", imgpath);
1799 rc = kwboot_debugmsg(tty, debugmsg);
1804 } else if (bootmsg) {
1805 rc = kwboot_bootmsg(tty, bootmsg);
1813 rc = kwboot_xmodem(tty, img, size, baudrate);
1821 rc = kwboot_terminal(tty);
1822 if (rc && !(errno == EINTR)) {
1839 kwboot_usage(rv ? stderr : stdout, basename(argv[0]));
projects / platform / kernel / u-boot.git / blob