2 * Boot a Marvell SoC, with Xmodem over UART0.
3 * supports Kirkwood, Dove, Armada 370, Armada XP
5 * (c) 2012 Daniel Stodden <daniel.stodden@gmail.com>
7 * References: marvell.com, "88F6180, 88F6190, 88F6192, and 88F6281
8 * Integrated Controller: Functional Specifications" December 2,
9 * 2008. Chapter 24.2 "BootROM Firmware".
30 #include "termios_linux.h"
36 * Marvell BootROM UART Sensing
39 static unsigned char kwboot_msg_boot[] = {
40 0xBB, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
43 static unsigned char kwboot_msg_debug[] = {
44 0xDD, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
47 /* Defines known to work on Kirkwood */
48 #define KWBOOT_MSG_REQ_DELAY 10 /* ms */
49 #define KWBOOT_MSG_RSP_TIMEO 50 /* ms */
51 /* Defines known to work on Armada XP */
52 #define KWBOOT_MSG_REQ_DELAY_AXP 1000 /* ms */
53 #define KWBOOT_MSG_RSP_TIMEO_AXP 1000 /* ms */
59 #define SOH 1 /* sender start of block header */
60 #define EOT 4 /* sender end of block transfer */
61 #define ACK 6 /* target block ack */
62 #define NAK 21 /* target block negative ack */
63 #define CAN 24 /* target/sender transfer cancellation */
65 #define KWBOOT_XM_BLKSZ 128 /* xmodem block size */
71 uint8_t data[KWBOOT_XM_BLKSZ];
75 #define KWBOOT_BLK_RSP_TIMEO 1000 /* ms */
76 #define KWBOOT_HDR_RSP_TIMEO 10000 /* ms */
78 /* ARM code making baudrate changing function return to original exec address */
79 static unsigned char kwboot_pre_baud_code[] = {
81 0x00, 0x00, 0x00, 0x00, /* .word 0 */
82 0x0c, 0xe0, 0x1f, 0xe5, /* ldr lr, exec_addr */
85 /* ARM code for binary header injection to change baudrate */
86 static unsigned char kwboot_baud_code[] = {
87 /* ; #define UART_BASE 0xd0012000 */
88 /* ; #define THR 0x00 */
89 /* ; #define DLL 0x00 */
90 /* ; #define DLH 0x04 */
91 /* ; #define LCR 0x0c */
92 /* ; #define DLAB 0x80 */
93 /* ; #define LSR 0x14 */
94 /* ; #define THRE 0x20 */
95 /* ; #define TEMT 0x40 */
96 /* ; #define DIV_ROUND(a, b) ((a + b/2) / b) */
98 /* ; u32 set_baudrate(u32 old_b, u32 new_b) { */
99 /* ; const u8 *str = "$baudratechange"; */
103 /* ; writel(UART_BASE + THR, c); */
106 /* ; (!(readl(UART_BASE + LSR) & TEMT)); */
107 /* ; u32 lcr = readl(UART_BASE + LCR); */
108 /* ; writel(UART_BASE + LCR, lcr | DLAB); */
109 /* ; u8 old_dll = readl(UART_BASE + DLL); */
110 /* ; u8 old_dlh = readl(UART_BASE + DLH); */
111 /* ; u16 old_dl = old_dll | (old_dlh << 8); */
112 /* ; u32 clk = old_b * old_dl; */
113 /* ; u16 new_dl = DIV_ROUND(clk, new_b); */
114 /* ; u8 new_dll = new_dl & 0xff; */
115 /* ; u8 new_dlh = (new_dl >> 8) & 0xff; */
116 /* ; writel(UART_BASE + DLL, new_dll); */
117 /* ; writel(UART_BASE + DLH, new_dlh); */
118 /* ; writel(UART_BASE + LCR, lcr & ~DLAB); */
123 0xfe, 0x5f, 0x2d, 0xe9, /* push { r1 - r12, lr } */
125 /* ; r0 = UART_BASE */
126 0x02, 0x0a, 0xa0, 0xe3, /* mov r0, #0x2000 */
127 0x01, 0x00, 0x4d, 0xe3, /* movt r0, #0xd001 */
129 /* ; r2 = address of preamble string */
130 0xd0, 0x20, 0x8f, 0xe2, /* adr r2, preamble */
132 /* ; Send preamble string over UART */
133 /* .Lloop_preamble: */
135 /* ; Wait until Transmitter Holding is Empty */
137 /* ; r1 = UART_BASE[LSR] & THRE */
138 0x14, 0x10, 0x90, 0xe5, /* ldr r1, [r0, #0x14] */
139 0x20, 0x00, 0x11, 0xe3, /* tst r1, #0x20 */
140 0xfc, 0xff, 0xff, 0x0a, /* beq .Lloop_thre */
142 /* ; Put character into Transmitter FIFO */
144 0x01, 0x10, 0xd2, 0xe4, /* ldrb r1, [r2], #1 */
145 /* ; UART_BASE[THR] = r1 */
146 0x00, 0x10, 0x80, 0xe5, /* str r1, [r0, #0x0] */
148 /* ; Loop until end of preamble string */
149 0x00, 0x00, 0x51, 0xe3, /* cmp r1, #0 */
150 0xf8, 0xff, 0xff, 0x1a, /* bne .Lloop_preamble */
152 /* ; Wait until Transmitter FIFO is Empty */
153 /* .Lloop_txempty: */
154 /* ; r1 = UART_BASE[LSR] & TEMT */
155 0x14, 0x10, 0x90, 0xe5, /* ldr r1, [r0, #0x14] */
156 0x40, 0x00, 0x11, 0xe3, /* tst r1, #0x40 */
157 0xfc, 0xff, 0xff, 0x0a, /* beq .Lloop_txempty */
159 /* ; Set Divisor Latch Access Bit */
160 /* ; UART_BASE[LCR] |= DLAB */
161 0x0c, 0x10, 0x90, 0xe5, /* ldr r1, [r0, #0x0c] */
162 0x80, 0x10, 0x81, 0xe3, /* orr r1, r1, #0x80 */
163 0x0c, 0x10, 0x80, 0xe5, /* str r1, [r0, #0x0c] */
165 /* ; Read current Divisor Latch */
166 /* ; r1 = UART_BASE[DLH]<<8 | UART_BASE[DLL] */
167 0x00, 0x10, 0x90, 0xe5, /* ldr r1, [r0, #0x00] */
168 0xff, 0x10, 0x01, 0xe2, /* and r1, r1, #0xff */
169 0x01, 0x20, 0xa0, 0xe1, /* mov r2, r1 */
170 0x04, 0x10, 0x90, 0xe5, /* ldr r1, [r0, #0x04] */
171 0xff, 0x10, 0x01, 0xe2, /* and r1, r1, #0xff */
172 0x41, 0x14, 0xa0, 0xe1, /* asr r1, r1, #8 */
173 0x02, 0x10, 0x81, 0xe1, /* orr r1, r1, r2 */
175 /* ; Read old baudrate value */
176 /* ; r2 = old_baudrate */
177 0x8c, 0x20, 0x9f, 0xe5, /* ldr r2, old_baudrate */
179 /* ; Calculate base clock */
181 0x92, 0x01, 0x01, 0xe0, /* mul r1, r2, r1 */
183 /* ; Read new baudrate value */
184 /* ; r2 = baudrate */
185 0x88, 0x20, 0x9f, 0xe5, /* ldr r2, baudrate */
187 /* ; Calculate new Divisor Latch */
188 /* ; r1 = DIV_ROUND(r1, r2) = */
189 /* ; = (r1 + r2/2) / r2 */
190 0xa2, 0x10, 0x81, 0xe0, /* add r1, r1, r2, lsr #1 */
191 0x02, 0x40, 0xa0, 0xe1, /* mov r4, r2 */
192 0xa1, 0x00, 0x54, 0xe1, /* cmp r4, r1, lsr #1 */
194 0x84, 0x40, 0xa0, 0x91, /* movls r4, r4, lsl #1 */
195 0xa1, 0x00, 0x54, 0xe1, /* cmp r4, r1, lsr #1 */
196 0xfc, 0xff, 0xff, 0x9a, /* bls .Lloop_div1 */
197 0x00, 0x30, 0xa0, 0xe3, /* mov r3, #0 */
199 0x04, 0x00, 0x51, 0xe1, /* cmp r1, r4 */
200 0x04, 0x10, 0x41, 0x20, /* subhs r1, r1, r4 */
201 0x03, 0x30, 0xa3, 0xe0, /* adc r3, r3, r3 */
202 0xa4, 0x40, 0xa0, 0xe1, /* mov r4, r4, lsr #1 */
203 0x02, 0x00, 0x54, 0xe1, /* cmp r4, r2 */
204 0xf9, 0xff, 0xff, 0x2a, /* bhs .Lloop_div2 */
205 0x03, 0x10, 0xa0, 0xe1, /* mov r1, r3 */
207 /* ; Set new Divisor Latch Low */
208 /* ; UART_BASE[DLL] = r1 & 0xff */
209 0x01, 0x20, 0xa0, 0xe1, /* mov r2, r1 */
210 0xff, 0x20, 0x02, 0xe2, /* and r2, r2, #0xff */
211 0x00, 0x20, 0x80, 0xe5, /* str r2, [r0, #0x00] */
213 /* ; Set new Divisor Latch High */
214 /* ; UART_BASE[DLH] = r1>>8 & 0xff */
215 0x41, 0x24, 0xa0, 0xe1, /* asr r2, r1, #8 */
216 0xff, 0x20, 0x02, 0xe2, /* and r2, r2, #0xff */
217 0x04, 0x20, 0x80, 0xe5, /* str r2, [r0, #0x04] */
219 /* ; Clear Divisor Latch Access Bit */
220 /* ; UART_BASE[LCR] &= ~DLAB */
221 0x0c, 0x10, 0x90, 0xe5, /* ldr r1, [r0, #0x0c] */
222 0x80, 0x10, 0xc1, 0xe3, /* bic r1, r1, #0x80 */
223 0x0c, 0x10, 0x80, 0xe5, /* str r1, [r0, #0x0c] */
225 /* ; Sleep 1ms ~~ 600000 cycles at 1200 MHz */
227 0x9f, 0x1d, 0xa0, 0xe3, /* mov r1, #0x27c0 */
228 0x09, 0x10, 0x40, 0xe3, /* movt r1, #0x0009 */
230 0x01, 0x10, 0x41, 0xe2, /* sub r1, r1, #1 */
231 0x00, 0x00, 0x51, 0xe3, /* cmp r1, #0 */
232 0xfc, 0xff, 0xff, 0x1a, /* bne .Lloop_sleep */
234 /* ; Return 0 - no error */
235 0x00, 0x00, 0xa0, 0xe3, /* mov r0, #0 */
236 0xfe, 0x9f, 0xbd, 0xe8, /* pop { r1 - r12, pc } */
238 /* ; Preamble string */
240 0x24, 0x62, 0x61, 0x75, /* .asciz "$baudratechange" */
241 0x64, 0x72, 0x61, 0x74,
242 0x65, 0x63, 0x68, 0x61,
243 0x6e, 0x67, 0x65, 0x00,
245 /* ; Placeholder for old baudrate value */
247 0x00, 0x00, 0x00, 0x00, /* .word 0 */
249 /* ; Placeholder for new baudrate value */
251 0x00, 0x00, 0x00, 0x00, /* .word 0 */
254 #define KWBOOT_BAUDRATE_BIN_HEADER_SZ (sizeof(kwboot_baud_code) + \
255 sizeof(struct opt_hdr_v1) + 8)
257 static const char kwb_baud_magic[16] = "$baudratechange";
259 static int kwboot_verbose;
261 static int msg_req_delay = KWBOOT_MSG_REQ_DELAY;
262 static int msg_rsp_timeo = KWBOOT_MSG_RSP_TIMEO;
263 static int blk_rsp_timeo = KWBOOT_BLK_RSP_TIMEO;
266 kwboot_write(int fd, const char *buf, size_t len)
271 ssize_t wr = write(fd, buf + tot, len - tot);
283 kwboot_printv(const char *fmt, ...)
287 if (kwboot_verbose) {
298 const char seq[] = { '-', '\\', '|', '/' };
300 static int state, bs;
302 if (state % div == 0) {
304 fputc(seq[state / div % sizeof(seq)], stdout);
320 __progress(int pct, char c)
322 const int width = 70;
323 static const char *nl = "";
326 if (pos % width == 0)
327 printf("%s%3d %% [", nl, pct);
332 pos = (pos + 1) % width;
335 while (pos && pos++ < width)
347 kwboot_progress(int _pct, char c)
362 kwboot_tty_recv(int fd, void *buf, size_t len, int timeo)
375 tv.tv_usec = timeo * 1000;
376 if (tv.tv_usec > 1000000) {
377 tv.tv_sec += tv.tv_usec / 1000000;
378 tv.tv_usec %= 1000000;
382 nfds = select(fd + 1, &rfds, NULL, NULL, &tv);
390 n = read(fd, buf, len);
394 buf = (char *)buf + n;
404 kwboot_tty_send(int fd, const void *buf, size_t len)
409 if (kwboot_write(fd, buf, len) < 0)
416 kwboot_tty_send_char(int fd, unsigned char c)
418 return kwboot_tty_send(fd, &c, 1);
422 kwboot_tty_baudrate_to_speed(int baudrate)
571 _is_within_tolerance(int value, int reference, int tolerance)
573 return 100 * value >= reference * (100 - tolerance) &&
574 100 * value <= reference * (100 + tolerance);
578 kwboot_tty_change_baudrate(int fd, int baudrate)
584 rc = tcgetattr(fd, &tio);
588 speed = kwboot_tty_baudrate_to_speed(baudrate);
596 tio.c_ospeed = tio.c_ispeed = baudrate;
599 rc = cfsetospeed(&tio, speed);
603 rc = cfsetispeed(&tio, speed);
607 rc = tcsetattr(fd, TCSANOW, &tio);
611 rc = tcgetattr(fd, &tio);
615 if (cfgetospeed(&tio) != speed || cfgetispeed(&tio) != speed)
620 * Check whether set baudrate is within 3% tolerance.
621 * If BOTHER is defined, Linux always fills out c_ospeed / c_ispeed
624 if (!_is_within_tolerance(tio.c_ospeed, baudrate, 3))
627 if (!_is_within_tolerance(tio.c_ispeed, baudrate, 3))
634 fprintf(stderr, "Could not set baudrate to requested value\n");
640 kwboot_open_tty(const char *path, int baudrate)
647 fd = open(path, O_RDWR|O_NOCTTY|O_NDELAY);
651 memset(&tio, 0, sizeof(tio));
654 tio.c_cflag = CREAD|CLOCAL|CS8;
657 tio.c_cc[VTIME] = 10;
659 rc = tcsetattr(fd, TCSANOW, &tio);
663 rc = kwboot_tty_change_baudrate(fd, baudrate);
678 kwboot_bootmsg(int tty, void *msg)
685 kwboot_printv("Please reboot the target into UART boot mode...");
687 kwboot_printv("Sending boot message. Please reboot the target...");
690 rc = tcflush(tty, TCIOFLUSH);
694 for (count = 0; count < 128; count++) {
695 rc = kwboot_tty_send(tty, msg, 8);
697 usleep(msg_req_delay * 1000);
702 rc = kwboot_tty_recv(tty, &c, 1, msg_rsp_timeo);
706 } while (rc || c != NAK);
714 kwboot_debugmsg(int tty, void *msg)
718 kwboot_printv("Sending debug message. Please reboot the target...");
723 rc = tcflush(tty, TCIOFLUSH);
727 rc = kwboot_tty_send(tty, msg, 8);
729 usleep(msg_req_delay * 1000);
733 rc = kwboot_tty_recv(tty, buf, 16, msg_rsp_timeo);
745 kwboot_xm_makeblock(struct kwboot_block *block, const void *data,
746 size_t size, int pnum)
752 block->_pnum = ~block->pnum;
754 n = size < KWBOOT_XM_BLKSZ ? size : KWBOOT_XM_BLKSZ;
755 memcpy(&block->data[0], data, n);
756 memset(&block->data[n], 0, KWBOOT_XM_BLKSZ - n);
759 for (i = 0; i < n; i++)
760 block->csum += block->data[i];
770 if (clock_gettime(CLOCK_MONOTONIC, &ts)) {
771 static int err_print;
774 perror("clock_gettime() does not work");
778 /* this will just make the timeout not work */
782 return ts.tv_sec * 1000ULL + (ts.tv_nsec + 500000) / 1000000;
788 return c == ACK || c == NAK || c == CAN;
792 _xm_reply_to_error(int c)
815 kwboot_baud_magic_handle(int fd, char c, int baudrate)
817 static size_t rcv_len;
819 if (rcv_len < sizeof(kwb_baud_magic)) {
820 /* try to recognize whole magic word */
821 if (c == kwb_baud_magic[rcv_len]) {
824 printf("%.*s%c", (int)rcv_len, kwb_baud_magic, c);
830 if (rcv_len == sizeof(kwb_baud_magic)) {
831 /* magic word received */
832 kwboot_printv("\nChanging baudrate to %d Bd\n", baudrate);
834 return kwboot_tty_change_baudrate(fd, baudrate) ? : 1;
841 kwboot_xm_recv_reply(int fd, char *c, int allow_non_xm, int *non_xm_print,
842 int baudrate, int *baud_changed)
844 int timeout = allow_non_xm ? KWBOOT_HDR_RSP_TIMEO : blk_rsp_timeo;
845 uint64_t recv_until = _now() + timeout;
854 rc = kwboot_tty_recv(fd, c, 1, timeout);
856 if (errno != ETIMEDOUT)
858 else if (allow_non_xm && *non_xm_print)
864 /* If received xmodem reply, end. */
865 if (_is_xm_reply(*c))
869 * If receiving/printing non-xmodem text output is allowed and
870 * such a byte was received, we want to increase receiving time
872 * - print the byte, if it is not part of baudrate change magic
873 * sequence while baudrate change was requested (-B option)
875 * Otherwise decrease timeout by time elapsed.
878 recv_until = _now() + timeout;
880 if (baudrate && !*baud_changed) {
881 rc = kwboot_baud_magic_handle(fd, *c, baudrate);
888 } else if (!baudrate || !*baud_changed) {
894 timeout = recv_until - _now();
906 kwboot_xm_sendblock(int fd, struct kwboot_block *block, int allow_non_xm,
907 int *done_print, int baudrate)
909 int non_xm_print, baud_changed;
910 int rc, err, retries;
917 rc = kwboot_tty_send(fd, block, sizeof(*block));
921 if (allow_non_xm && !*done_print) {
922 kwboot_progress(100, '.');
923 kwboot_printv("Done\n");
927 rc = kwboot_xm_recv_reply(fd, &c, allow_non_xm, &non_xm_print,
928 baudrate, &baud_changed);
932 if (!allow_non_xm && c != ACK)
933 kwboot_progress(-1, '+');
934 } while (c == NAK && retries-- > 0);
939 if (allow_non_xm && baudrate && !baud_changed) {
940 fprintf(stderr, "Baudrate was not changed\n");
946 return _xm_reply_to_error(c);
949 kwboot_tty_send_char(fd, CAN);
956 kwboot_xm_finish(int fd)
961 kwboot_printv("Finishing transfer\n");
965 rc = kwboot_tty_send_char(fd, EOT);
969 rc = kwboot_xm_recv_reply(fd, &c, 0, NULL, 0, NULL);
972 } while (c == NAK && retries-- > 0);
974 return _xm_reply_to_error(c);
978 kwboot_xmodem_one(int tty, int *pnum, int header, const uint8_t *data,
979 size_t size, int baudrate)
985 kwboot_printv("Sending boot image %s (%zu bytes)...\n",
986 header ? "header" : "data", size);
991 while (sent < size) {
992 struct kwboot_block block;
996 blksz = kwboot_xm_makeblock(&block, data, left, (*pnum)++);
999 last_block = (left <= blksz);
1001 rc = kwboot_xm_sendblock(tty, &block, header && last_block,
1002 &done_print, baudrate);
1010 kwboot_progress(sent * 100 / size, '.');
1014 kwboot_printv("Done\n");
1018 kwboot_printv("\n");
1023 kwboot_xmodem(int tty, const void *_img, size_t size, int baudrate)
1025 const uint8_t *img = _img;
1029 hdrsz = kwbheader_size(img);
1031 kwboot_printv("Waiting 2s and flushing tty\n");
1032 sleep(2); /* flush isn't effective without it */
1033 tcflush(tty, TCIOFLUSH);
1037 rc = kwboot_xmodem_one(tty, &pnum, 1, img, hdrsz, baudrate);
1044 rc = kwboot_xmodem_one(tty, &pnum, 0, img, size, 0);
1048 rc = kwboot_xm_finish(tty);
1053 char buf[sizeof(kwb_baud_magic)];
1055 /* Wait 1s for baudrate change magic */
1056 rc = kwboot_tty_recv(tty, buf, sizeof(buf), 1000);
1060 if (memcmp(buf, kwb_baud_magic, sizeof(buf))) {
1065 kwboot_printv("\nChanging baudrate back to 115200 Bd\n\n");
1066 rc = kwboot_tty_change_baudrate(tty, 115200);
1075 kwboot_term_pipe(int in, int out, const char *quit, int *s)
1078 char _buf[128], *buf = _buf;
1080 nin = read(in, buf, sizeof(_buf));
1087 for (i = 0; i < nin; i++) {
1088 if (*buf == quit[*s]) {
1095 if (kwboot_write(out, quit, *s) < 0)
1102 if (kwboot_write(out, buf, nin) < 0)
1109 kwboot_terminal(int tty)
1112 const char *quit = "\34c";
1113 struct termios otio, tio;
1119 rc = tcgetattr(in, &otio);
1123 rc = tcsetattr(in, TCSANOW, &tio);
1126 perror("tcsetattr");
1130 kwboot_printv("[Type Ctrl-%c + %c to quit]\r\n",
1131 quit[0]|0100, quit[1]);
1143 nfds = nfds < tty ? tty : nfds;
1147 nfds = nfds < in ? in : nfds;
1150 nfds = select(nfds + 1, &rfds, NULL, NULL, NULL);
1154 if (FD_ISSET(tty, &rfds)) {
1155 rc = kwboot_term_pipe(tty, STDOUT_FILENO, NULL, NULL);
1160 if (in >= 0 && FD_ISSET(in, &rfds)) {
1161 rc = kwboot_term_pipe(in, tty, quit, &s);
1165 } while (quit[s] != 0);
1168 tcsetattr(in, TCSANOW, &otio);
1175 kwboot_read_image(const char *path, size_t *size, size_t reserve)
1185 fd = open(path, O_RDONLY);
1189 rc = fstat(fd, &st);
1193 img = malloc(st.st_size + reserve);
1198 while (tot < st.st_size) {
1199 ssize_t rd = read(fd, img + tot, st.st_size - tot);
1206 if (!rd && tot < st.st_size) {
1226 kwboot_hdr_csum8(const void *hdr)
1228 const uint8_t *data = hdr;
1232 size = kwbheader_size_for_csum(hdr);
1234 for (csum = 0; size-- > 0; data++)
1241 kwboot_img_is_secure(void *img)
1243 struct opt_hdr_v1 *ohdr;
1245 for_each_opt_hdr_v1 (ohdr, img)
1246 if (ohdr->headertype == OPT_HDR_V1_SECURE_TYPE)
1253 kwboot_img_grow_data_left(void *img, size_t *size, size_t grow)
1255 uint32_t hdrsz, datasz, srcaddr;
1256 struct main_hdr_v1 *hdr = img;
1259 srcaddr = le32_to_cpu(hdr->srcaddr);
1261 hdrsz = kwbheader_size(hdr);
1262 data = (uint8_t *)img + srcaddr;
1263 datasz = *size - srcaddr;
1265 /* only move data if there is not enough space */
1266 if (hdrsz + grow > srcaddr) {
1267 size_t need = hdrsz + grow - srcaddr;
1269 /* move data by enough bytes */
1270 memmove(data + need, data, datasz);
1276 hdr->srcaddr = cpu_to_le32(srcaddr);
1277 hdr->destaddr = cpu_to_le32(le32_to_cpu(hdr->destaddr) - grow);
1278 hdr->blocksize = cpu_to_le32(le32_to_cpu(hdr->blocksize) + grow);
1280 return (uint8_t *)img + srcaddr;
1284 kwboot_img_grow_hdr(void *img, size_t *size, size_t grow)
1286 uint32_t hdrsz, datasz, srcaddr;
1287 struct main_hdr_v1 *hdr = img;
1290 srcaddr = le32_to_cpu(hdr->srcaddr);
1292 hdrsz = kwbheader_size(img);
1293 data = (uint8_t *)img + srcaddr;
1294 datasz = *size - srcaddr;
1296 /* only move data if there is not enough space */
1297 if (hdrsz + grow > srcaddr) {
1298 size_t need = hdrsz + grow - srcaddr;
1300 /* move data by enough bytes */
1301 memmove(data + need, data, datasz);
1303 hdr->srcaddr = cpu_to_le32(srcaddr + need);
1307 if (kwbimage_version(img) == 1) {
1309 hdr->headersz_msb = hdrsz >> 16;
1310 hdr->headersz_lsb = cpu_to_le16(hdrsz & 0xffff);
1315 kwboot_add_bin_ohdr_v1(void *img, size_t *size, uint32_t binsz)
1317 struct main_hdr_v1 *hdr = img;
1318 struct opt_hdr_v1 *ohdr;
1321 ohdrsz = binsz + 8 + sizeof(*ohdr);
1322 kwboot_img_grow_hdr(img, size, ohdrsz);
1324 if (hdr->ext & 0x1) {
1325 for_each_opt_hdr_v1 (ohdr, img)
1326 if (opt_hdr_v1_next(ohdr) == NULL)
1329 *opt_hdr_v1_ext(ohdr) |= 1;
1330 ohdr = opt_hdr_v1_next(ohdr);
1333 ohdr = (void *)(hdr + 1);
1336 ohdr->headertype = OPT_HDR_V1_BINARY_TYPE;
1337 ohdr->headersz_msb = ohdrsz >> 16;
1338 ohdr->headersz_lsb = cpu_to_le16(ohdrsz & 0xffff);
1340 memset(&ohdr->data[0], 0, ohdrsz - sizeof(*ohdr));
1342 return &ohdr->data[4];
1346 _copy_baudrate_change_code(struct main_hdr_v1 *hdr, void *dst, int pre,
1347 int old_baud, int new_baud)
1349 size_t codesz = sizeof(kwboot_baud_code);
1350 uint8_t *code = dst;
1353 size_t presz = sizeof(kwboot_pre_baud_code);
1356 * We need to prepend code that loads lr register with original
1357 * value of hdr->execaddr. We do this by putting the original
1358 * exec address before the code that loads it relatively from
1360 * Afterwards we change the exec address to this code (which is
1361 * at offset 4, because the first 4 bytes contain the original
1364 memcpy(code, kwboot_pre_baud_code, presz);
1365 *(uint32_t *)code = hdr->execaddr;
1367 hdr->execaddr = cpu_to_le32(le32_to_cpu(hdr->destaddr) + 4);
1372 memcpy(code, kwboot_baud_code, codesz - 8);
1373 *(uint32_t *)(code + codesz - 8) = cpu_to_le32(old_baud);
1374 *(uint32_t *)(code + codesz - 4) = cpu_to_le32(new_baud);
1378 kwboot_img_patch(void *img, size_t *size, int baudrate)
1381 struct main_hdr_v1 *hdr;
1391 if (*size < sizeof(struct main_hdr_v1)) {
1396 image_ver = kwbimage_version(img);
1397 if (image_ver != 0 && image_ver != 1) {
1398 fprintf(stderr, "Invalid image header version\n");
1403 hdrsz = kwbheader_size(hdr);
1405 if (*size < hdrsz) {
1410 csum = kwboot_hdr_csum8(hdr) - hdr->checksum;
1411 if (csum != hdr->checksum) {
1416 if (image_ver == 0) {
1417 struct main_hdr_v0 *hdr_v0 = img;
1419 hdr_v0->nandeccmode = IBR_HDR_ECC_DISABLED;
1420 hdr_v0->nandpagesize = 0;
1423 srcaddr = le32_to_cpu(hdr->srcaddr);
1425 switch (hdr->blockid) {
1426 case IBR_HDR_SATA_ID:
1431 hdr->srcaddr = cpu_to_le32((srcaddr - 1) * 512);
1434 case IBR_HDR_SDIO_ID:
1435 hdr->srcaddr = cpu_to_le32(srcaddr * 512);
1438 case IBR_HDR_PEX_ID:
1439 if (srcaddr == 0xFFFFFFFF)
1440 hdr->srcaddr = cpu_to_le32(hdrsz);
1443 case IBR_HDR_SPI_ID:
1444 if (hdr->destaddr == cpu_to_le32(0xFFFFFFFF)) {
1445 kwboot_printv("Patching destination and execution addresses from SPI/NOR XIP area to DDR area 0x00800000\n");
1446 hdr->destaddr = cpu_to_le32(0x00800000);
1447 hdr->execaddr = cpu_to_le32(0x00800000);
1452 if (hdrsz > le32_to_cpu(hdr->srcaddr) ||
1453 *size < le32_to_cpu(hdr->srcaddr) + le32_to_cpu(hdr->blocksize)) {
1458 is_secure = kwboot_img_is_secure(img);
1460 if (hdr->blockid != IBR_HDR_UART_ID) {
1463 "Image has secure header with signature for non-UART booting\n");
1468 kwboot_printv("Patching image boot signature to UART\n");
1469 hdr->blockid = IBR_HDR_UART_ID;
1473 uint32_t codesz = sizeof(kwboot_baud_code);
1476 if (image_ver == 0) {
1478 "Cannot inject code for changing baudrate into v0 image header\n");
1485 "Cannot inject code for changing baudrate into image with secure header\n");
1491 * First inject code that changes the baudrate from the default
1492 * value of 115200 Bd to requested value. This code is inserted
1493 * as a new opt hdr, so it is executed by BootROM after the
1494 * header part is received.
1496 kwboot_printv("Injecting binary header code for changing baudrate to %d Bd\n",
1499 code = kwboot_add_bin_ohdr_v1(img, size, codesz);
1500 _copy_baudrate_change_code(hdr, code, 0, 115200, baudrate);
1503 * Now inject code that changes the baudrate back to 115200 Bd.
1504 * This code is prepended to the data part of the image, so it
1505 * is executed before U-Boot proper.
1507 kwboot_printv("Injecting code for changing baudrate back\n");
1509 codesz += sizeof(kwboot_pre_baud_code);
1510 code = kwboot_img_grow_data_left(img, size, codesz);
1511 _copy_baudrate_change_code(hdr, code, 1, baudrate, 115200);
1513 /* recompute header size */
1514 hdrsz = kwbheader_size(hdr);
1517 if (hdrsz % KWBOOT_XM_BLKSZ) {
1518 size_t offset = (KWBOOT_XM_BLKSZ - hdrsz % KWBOOT_XM_BLKSZ) %
1522 fprintf(stderr, "Cannot align image with secure header\n");
1527 kwboot_printv("Aligning image header to Xmodem block size\n");
1528 kwboot_img_grow_hdr(img, size, offset);
1531 hdr->checksum = kwboot_hdr_csum8(hdr) - csum;
1533 *size = le32_to_cpu(hdr->srcaddr) + le32_to_cpu(hdr->blocksize);
1540 kwboot_usage(FILE *stream, char *progname)
1542 fprintf(stream, "kwboot version %s\n", PLAIN_VERSION);
1544 "Usage: %s [OPTIONS] [-b <image> | -D <image> ] [-B <baud> ] <TTY>\n",
1546 fprintf(stream, "\n");
1548 " -b <image>: boot <image> with preamble (Kirkwood, Armada 370/XP)\n");
1550 " -D <image>: boot <image> without preamble (Dove)\n");
1551 fprintf(stream, " -d: enter debug mode\n");
1552 fprintf(stream, " -a: use timings for Armada XP\n");
1553 fprintf(stream, " -q <req-delay>: use specific request-delay\n");
1554 fprintf(stream, " -s <resp-timeo>: use specific response-timeout\n");
1556 " -o <block-timeo>: use specific xmodem block timeout\n");
1557 fprintf(stream, "\n");
1558 fprintf(stream, " -t: mini terminal\n");
1559 fprintf(stream, "\n");
1560 fprintf(stream, " -B <baud>: set baud rate\n");
1561 fprintf(stream, "\n");
1565 main(int argc, char **argv)
1567 const char *ttypath, *imgpath;
1568 int rv, rc, tty, term;
1573 size_t after_img_rsv;
1584 after_img_rsv = KWBOOT_XM_BLKSZ;
1587 kwboot_verbose = isatty(STDOUT_FILENO);
1590 int c = getopt(argc, argv, "hb:ptaB:dD:q:s:o:");
1596 bootmsg = kwboot_msg_boot;
1606 debugmsg = kwboot_msg_debug;
1610 /* nop, for backward compatibility */
1618 msg_req_delay = KWBOOT_MSG_REQ_DELAY_AXP;
1619 msg_rsp_timeo = KWBOOT_MSG_RSP_TIMEO_AXP;
1623 msg_req_delay = atoi(optarg);
1627 msg_rsp_timeo = atoi(optarg);
1631 blk_rsp_timeo = atoi(optarg);
1635 baudrate = atoi(optarg);
1645 if (!bootmsg && !term && !debugmsg)
1648 if (argc - optind < 1)
1651 ttypath = argv[optind++];
1653 tty = kwboot_open_tty(ttypath, imgpath ? 115200 : baudrate);
1659 if (baudrate == 115200)
1660 /* do not change baudrate during Xmodem to the same value */
1663 /* ensure we have enough space for baudrate change code */
1664 after_img_rsv += KWBOOT_BAUDRATE_BIN_HEADER_SZ +
1665 sizeof(kwboot_pre_baud_code) +
1666 sizeof(kwboot_baud_code);
1669 img = kwboot_read_image(imgpath, &size, after_img_rsv);
1675 rc = kwboot_img_patch(img, &size, baudrate);
1677 fprintf(stderr, "%s: Invalid image.\n", imgpath);
1683 rc = kwboot_debugmsg(tty, debugmsg);
1688 } else if (bootmsg) {
1689 rc = kwboot_bootmsg(tty, bootmsg);
1697 rc = kwboot_xmodem(tty, img, size, baudrate);
1705 rc = kwboot_terminal(tty);
1706 if (rc && !(errno == EINTR)) {
1723 kwboot_usage(rv ? stderr : stdout, basename(argv[0]));
projects / platform / kernel / u-boot.git / blob