1 // SPDX-License-Identifier: GPL-2.0+
3 * Generate MediaTek BootROM header for SPL/U-Boot images
5 * Copyright (C) 2018 MediaTek Inc.
6 * Author: Weijie Gao <weijie.gao@mediatek.com>
11 #include <u-boot/crc.h>
12 #include <u-boot/sha256.h>
13 #include "imagetool.h"
14 #include "mtk_image.h"
15 #include "mtk_nand_headers.h"
17 static const struct brom_img_type {
19 enum brlyt_img_type type;
23 .type = BRLYT_TYPE_NAND
26 .type = BRLYT_TYPE_EMMC
29 .type = BRLYT_TYPE_NOR
32 .type = BRLYT_TYPE_SDMMC
35 .type = BRLYT_TYPE_SNAND
39 /* Indicates whether we're generating or verifying */
41 static uint32_t img_size;
43 /* Image type selected by user */
44 static enum brlyt_img_type hdr_media;
45 static uint32_t hdr_offset;
46 static int use_lk_hdr;
47 static int use_mt7621_hdr;
48 static bool is_arm64_image;
51 static char lk_name[32] = "U-Boot";
53 /* CRC32 normal table required by MT7621 image */
54 static uint32_t crc32tbl[256];
56 /* NAND header selected by user */
57 static const union nand_boot_header *hdr_nand;
58 static uint32_t hdr_nand_size;
60 /* GFH header + 2 * 4KB pages of NAND */
61 static char hdr_tmp[sizeof(struct gfh_header) + 0x2000];
63 static uint32_t crc32_normal_cal(uint32_t crc, const void *data, size_t length,
64 const uint32_t *crc32c_table)
66 const uint8_t *p = data;
69 crc = crc32c_table[(uint8_t)((crc >> 24) ^ *p++)] ^ (crc << 8);
74 static void crc32_normal_init(uint32_t *crc32c_table, uint32_t poly)
78 for (i = 0; i < 256; i++) {
80 for (j = 0; j < 8; j++)
81 v = (v << 1) ^ ((v & (1 << 31)) ? poly : 0);
87 static int mtk_image_check_image_types(uint8_t type)
89 if (type == IH_TYPE_MTKIMAGE)
95 static int mtk_brom_parse_imagename(const char *imagename)
97 #define is_blank_char(c) \
98 ((c) == '\t' || (c) == '\n' || (c) == '\r' || (c) == ' ')
100 char *buf = strdup(imagename), *key, *val, *end, *next;
103 /* User passed arguments from image name */
104 static const char *media = "";
105 static const char *hdr_offs = "";
106 static const char *nandinfo = "";
107 static const char *lk = "";
108 static const char *mt7621 = "";
109 static const char *arm64_param = "";
113 next = strchr(key, ';');
117 val = strchr(key, '=');
122 while (is_blank_char(*key))
125 end = key + strlen(key) - 1;
126 while ((end >= key) && is_blank_char(*end))
130 if (is_blank_char(*end))
134 while (is_blank_char(*val))
137 end = val + strlen(val) - 1;
138 while ((end >= val) && is_blank_char(*end))
142 if (is_blank_char(*end))
145 /* record user passed arguments */
146 if (!strcmp(key, "media"))
149 if (!strcmp(key, "hdroffset"))
152 if (!strcmp(key, "nandinfo"))
155 if (!strcmp(key, "lk"))
158 if (!strcmp(key, "mt7621"))
161 if (!strcmp(key, "lkname"))
162 snprintf(lk_name, sizeof(lk_name), "%s", val);
164 if (!strcmp(key, "arm64"))
174 /* if user specified LK image header, skip following checks */
175 if (lk && lk[0] == '1') {
181 /* if user specified MT7621 image header, skip following checks */
182 if (mt7621 && mt7621[0] == '1') {
188 /* parse media type */
189 for (i = 0; i < ARRAY_SIZE(brom_images); i++) {
190 if (!strcmp(brom_images[i].name, media)) {
191 hdr_media = brom_images[i].type;
196 /* parse nand header type */
197 hdr_nand = mtk_nand_header_find(nandinfo);
199 /* parse device header offset */
200 if (hdr_offs && hdr_offs[0])
201 hdr_offset = strtoul(hdr_offs, NULL, 0);
203 if (arm64_param && arm64_param[0] == '1')
204 is_arm64_image = true;
208 if (hdr_media == BRLYT_TYPE_INVALID) {
209 fprintf(stderr, "Error: media type is invalid or missing.\n");
210 fprintf(stderr, " Please specify -n \"media=<type>\"\n");
214 if ((hdr_media == BRLYT_TYPE_NAND || hdr_media == BRLYT_TYPE_SNAND) &&
216 fprintf(stderr, "Error: nand info is invalid or missing.\n");
217 fprintf(stderr, " Please specify -n \"media=%s;"
218 "nandinfo=<info>\"\n", media);
222 if (hdr_media == BRLYT_TYPE_NAND || hdr_media == BRLYT_TYPE_SNAND)
223 hdr_nand_size = mtk_nand_header_size(hdr_nand);
228 static int mtk_image_check_params(struct image_tool_params *params)
231 fprintf(stderr, "Error: Load Address must be set.\n");
235 if (!params->imagename) {
236 fprintf(stderr, "Error: Image Name must be set.\n");
240 return mtk_brom_parse_imagename(params->imagename);
243 static int mtk_image_vrec_header(struct image_tool_params *params,
244 struct image_type_params *tparams)
247 tparams->header_size = sizeof(union lk_hdr);
248 tparams->hdr = &hdr_tmp;
249 memset(&hdr_tmp, 0xff, tparams->header_size);
253 if (use_mt7621_hdr) {
254 tparams->header_size = image_get_header_size();
255 tparams->hdr = &hdr_tmp;
256 memset(&hdr_tmp, 0, tparams->header_size);
260 if (hdr_media == BRLYT_TYPE_NAND || hdr_media == BRLYT_TYPE_SNAND)
261 tparams->header_size = hdr_nand_size;
263 tparams->header_size = sizeof(struct gen_device_header);
265 tparams->header_size += sizeof(struct gfh_header);
266 tparams->hdr = &hdr_tmp;
268 memset(&hdr_tmp, 0xff, tparams->header_size);
270 return SHA256_SUM_LEN;
273 static int mtk_image_verify_gfh(struct gfh_header *gfh, uint32_t type, int print)
275 if (strcmp(gfh->file_info.name, GFH_FILE_INFO_NAME))
278 if (le32_to_cpu(gfh->file_info.flash_type) != type)
282 printf("Load Address: %08x\n",
283 le32_to_cpu(gfh->file_info.load_addr) +
284 le32_to_cpu(gfh->file_info.jump_offset));
287 printf("Architecture: %s\n", is_arm64_image ? "ARM64" : "ARM");
292 static int mtk_image_verify_gen_header(const uint8_t *ptr, int print)
294 union gen_boot_header *gbh = (union gen_boot_header *)ptr;
295 uint32_t gfh_offset, total_size, devh_size;
296 struct brom_layout_header *bh;
297 struct gfh_header *gfh;
298 const char *bootmedia;
300 if (!strcmp(gbh->name, SF_BOOT_NAME))
301 bootmedia = "Serial NOR";
302 else if (!strcmp(gbh->name, EMMC_BOOT_NAME))
304 else if (!strcmp(gbh->name, SDMMC_BOOT_NAME))
305 bootmedia = "SD/MMC";
310 printf("Boot Media: %s\n", bootmedia);
312 if (le32_to_cpu(gbh->version) != 1 ||
313 le32_to_cpu(gbh->size) != sizeof(union gen_boot_header))
316 bh = (struct brom_layout_header *)(ptr + le32_to_cpu(gbh->size));
318 if (strcmp(bh->name, BRLYT_NAME))
321 if (le32_to_cpu(bh->magic) != BRLYT_MAGIC ||
322 (le32_to_cpu(bh->type) != BRLYT_TYPE_NOR &&
323 le32_to_cpu(bh->type) != BRLYT_TYPE_EMMC &&
324 le32_to_cpu(bh->type) != BRLYT_TYPE_SDMMC))
327 devh_size = sizeof(struct gen_device_header);
330 gfh_offset = devh_size;
332 gfh_offset = le32_to_cpu(bh->header_size);
334 if (gfh_offset + sizeof(struct gfh_header) > img_size) {
336 * This may happen if the hdr_offset used to generate
337 * this image is not zero.
338 * Since device header size is not fixed, we can't
339 * cover all possible cases.
340 * Assuming the image is valid only if the real
341 * device header size equals to devh_size.
343 total_size = le32_to_cpu(bh->total_size);
345 if (total_size - gfh_offset > img_size - devh_size)
348 gfh_offset = devh_size;
352 gfh = (struct gfh_header *)(ptr + gfh_offset);
354 return mtk_image_verify_gfh(gfh, GFH_FLASH_TYPE_GEN, print);
357 static int mtk_image_verify_nand_header(const uint8_t *ptr, int print)
359 struct brom_layout_header *bh;
360 struct nand_header_info info;
361 struct gfh_header *gfh;
362 const char *bootmedia;
365 ret = mtk_nand_header_info(ptr, &info);
369 bh = (struct brom_layout_header *)(ptr + info.page_size);
371 if (strcmp(bh->name, BRLYT_NAME))
374 if (le32_to_cpu(bh->magic) != BRLYT_MAGIC) {
377 if (le32_to_cpu(bh->type) == BRLYT_TYPE_NAND)
378 bootmedia = "Parallel NAND";
379 else if (le32_to_cpu(bh->type) == BRLYT_TYPE_SNAND)
380 bootmedia = "Serial NAND (SNFI/AP)";
386 printf("Boot Media: %s\n", bootmedia);
388 if (info.page_size >= 1024)
389 printf("Page Size: %dKB\n", info.page_size >> 10);
391 printf("Page Size: %dB\n", info.page_size);
393 printf("Spare Size: %dB\n", info.spare_size);
396 gfh = (struct gfh_header *)(ptr + info.gfh_offset);
398 return mtk_image_verify_gfh(gfh, GFH_FLASH_TYPE_NAND, print);
401 static uint32_t crc32be_cal(const void *data, size_t length)
406 if (crc32tbl[1] != MT7621_IH_CRC_POLYNOMIAL)
407 crc32_normal_init(crc32tbl, MT7621_IH_CRC_POLYNOMIAL);
409 crc = crc32_normal_cal(crc, data, length, crc32tbl);
411 for (; length; length >>= 8) {
413 crc = crc32_normal_cal(crc, &c, 1, crc32tbl);
419 static int mtk_image_verify_mt7621_header(const uint8_t *ptr, int print)
421 const image_header_t *hdr = (const image_header_t *)ptr;
422 struct mt7621_nand_header *nhdr;
423 uint32_t spl_size, crcval;
424 image_header_t header;
427 spl_size = image_get_size(hdr);
429 if (spl_size > img_size) {
431 printf("Incomplete SPL image\n");
435 ret = image_check_hcrc(hdr);
438 printf("Bad header CRC\n");
442 ret = image_check_dcrc(hdr);
445 printf("Bad data CRC\n");
449 /* Copy header so we can blank CRC field for re-calculation */
450 memmove(&header, hdr, image_get_header_size());
451 image_set_hcrc(&header, 0);
453 nhdr = (struct mt7621_nand_header *)header.ih_name;
454 crcval = be32_to_cpu(nhdr->crc);
457 if (crcval != crc32be_cal(&header, image_get_header_size())) {
459 printf("Bad NAND header CRC\n");
464 printf("Load Address: %08x\n", image_get_load(hdr));
466 printf("Image Name: %.*s\n", MT7621_IH_NMLEN,
467 image_get_name(hdr));
469 if (IMAGE_ENABLE_TIMESTAMP) {
471 genimg_print_time((time_t)image_get_time(hdr));
474 printf("Data Size: ");
475 genimg_print_size(image_get_data_size(hdr));
481 static int mtk_image_verify_header(unsigned char *ptr, int image_size,
482 struct image_tool_params *params)
484 image_header_t *hdr = (image_header_t *)ptr;
485 union lk_hdr *lk = (union lk_hdr *)ptr;
487 /* nothing to verify for LK image header */
488 if (le32_to_cpu(lk->magic) == LK_PART_MAGIC)
491 img_size = image_size;
493 if (image_get_magic(hdr) == IH_MAGIC)
494 return mtk_image_verify_mt7621_header(ptr, 0);
496 if (is_mtk_nand_header(ptr))
497 return mtk_image_verify_nand_header(ptr, 0);
499 return mtk_image_verify_gen_header(ptr, 0);
504 static void mtk_image_print_header(const void *ptr)
506 image_header_t *hdr = (image_header_t *)ptr;
507 union lk_hdr *lk = (union lk_hdr *)ptr;
509 if (le32_to_cpu(lk->magic) == LK_PART_MAGIC) {
510 printf("Image Type: MediaTek LK Image\n");
511 printf("Load Address: %08x\n", le32_to_cpu(lk->loadaddr));
515 printf("Image Type: MediaTek BootROM Loadable Image\n");
517 if (image_get_magic(hdr) == IH_MAGIC) {
518 mtk_image_verify_mt7621_header(ptr, 1);
522 if (is_mtk_nand_header(ptr))
523 mtk_image_verify_nand_header(ptr, 1);
525 mtk_image_verify_gen_header(ptr, 1);
528 static void put_brom_layout_header(struct brom_layout_header *hdr, int type)
530 strncpy(hdr->name, BRLYT_NAME, sizeof(hdr->name));
531 hdr->version = cpu_to_le32(1);
532 hdr->magic = cpu_to_le32(BRLYT_MAGIC);
533 hdr->type = cpu_to_le32(type);
536 static void put_ghf_common_header(struct gfh_common_header *gfh, int size,
539 memcpy(gfh->magic, GFH_HEADER_MAGIC, sizeof(gfh->magic));
541 gfh->size = cpu_to_le16(size);
542 gfh->type = cpu_to_le16(type);
545 static void put_ghf_header(struct gfh_header *gfh, int file_size,
546 int dev_hdr_size, int load_addr, int flash_type)
550 memset(gfh, 0, sizeof(struct gfh_header));
552 /* GFH_FILE_INFO header */
553 put_ghf_common_header(&gfh->file_info.gfh, sizeof(gfh->file_info),
554 GFH_TYPE_FILE_INFO, 1);
555 strncpy(gfh->file_info.name, GFH_FILE_INFO_NAME,
556 sizeof(gfh->file_info.name));
557 gfh->file_info.unused = cpu_to_le32(1);
558 gfh->file_info.file_type = cpu_to_le16(1);
559 gfh->file_info.flash_type = flash_type;
560 gfh->file_info.sig_type = GFH_SIG_TYPE_SHA256;
561 gfh->file_info.load_addr = cpu_to_le32(load_addr - sizeof(*gfh));
562 gfh->file_info.total_size = cpu_to_le32(file_size - dev_hdr_size);
563 gfh->file_info.max_size = cpu_to_le32(file_size);
564 gfh->file_info.hdr_size = sizeof(*gfh);
565 gfh->file_info.sig_size = SHA256_SUM_LEN;
566 gfh->file_info.jump_offset = sizeof(*gfh);
567 gfh->file_info.processed = cpu_to_le32(1);
569 /* GFH_BL_INFO header */
570 put_ghf_common_header(&gfh->bl_info.gfh, sizeof(gfh->bl_info),
571 GFH_TYPE_BL_INFO, 1);
572 gfh->bl_info.attr = cpu_to_le32(1);
574 /* GFH_BROM_CFG header */
575 put_ghf_common_header(&gfh->brom_cfg.gfh, sizeof(gfh->brom_cfg),
576 GFH_TYPE_BROM_CFG, 3);
577 cfg_bits = GFH_BROM_CFG_USBDL_AUTO_DETECT_DIS |
578 GFH_BROM_CFG_USBDL_BY_KCOL0_TIMEOUT_EN |
579 GFH_BROM_CFG_USBDL_BY_FLAG_TIMEOUT_EN;
580 gfh->brom_cfg.usbdl_by_kcol0_timeout_ms = cpu_to_le32(5000);
581 if (is_arm64_image) {
582 gfh->brom_cfg.jump_bl_arm64 = GFH_BROM_CFG_JUMP_BL_ARM64;
583 cfg_bits |= GFH_BROM_CFG_JUMP_BL_ARM64_EN;
585 gfh->brom_cfg.cfg_bits = cpu_to_le32(cfg_bits);
587 /* GFH_BL_SEC_KEY header */
588 put_ghf_common_header(&gfh->bl_sec_key.gfh, sizeof(gfh->bl_sec_key),
589 GFH_TYPE_BL_SEC_KEY, 1);
591 /* GFH_ANTI_CLONE header */
592 put_ghf_common_header(&gfh->anti_clone.gfh, sizeof(gfh->anti_clone),
593 GFH_TYPE_ANTI_CLONE, 1);
594 gfh->anti_clone.ac_offset = cpu_to_le32(0x10);
595 gfh->anti_clone.ac_len = cpu_to_le32(0x80);
597 /* GFH_BROM_SEC_CFG header */
598 put_ghf_common_header(&gfh->brom_sec_cfg.gfh,
599 sizeof(gfh->brom_sec_cfg),
600 GFH_TYPE_BROM_SEC_CFG, 1);
601 gfh->brom_sec_cfg.cfg_bits =
602 cpu_to_le32(BROM_SEC_CFG_JTAG_EN | BROM_SEC_CFG_UART_EN);
605 static void put_hash(uint8_t *buff, int size)
610 sha256_update(&ctx, buff, size);
611 sha256_finish(&ctx, buff + size);
614 static void mtk_image_set_gen_header(void *ptr, off_t filesize,
617 struct gen_device_header *hdr = (struct gen_device_header *)ptr;
618 struct gfh_header *gfh;
619 const char *bootname = NULL;
621 if (hdr_media == BRLYT_TYPE_NOR)
622 bootname = SF_BOOT_NAME;
623 else if (hdr_media == BRLYT_TYPE_EMMC)
624 bootname = EMMC_BOOT_NAME;
625 else if (hdr_media == BRLYT_TYPE_SDMMC)
626 bootname = SDMMC_BOOT_NAME;
628 /* Generic device header */
629 snprintf(hdr->boot.name, sizeof(hdr->boot.name), "%s", bootname);
630 hdr->boot.version = cpu_to_le32(1);
631 hdr->boot.size = cpu_to_le32(sizeof(hdr->boot));
634 put_brom_layout_header(&hdr->brlyt, hdr_media);
635 hdr->brlyt.header_size = cpu_to_le32(hdr_offset + sizeof(*hdr));
636 hdr->brlyt.total_size = cpu_to_le32(hdr_offset + filesize);
637 hdr->brlyt.header_size_2 = hdr->brlyt.header_size;
638 hdr->brlyt.total_size_2 = hdr->brlyt.total_size;
641 gfh = (struct gfh_header *)(ptr + sizeof(struct gen_device_header));
642 put_ghf_header(gfh, filesize, sizeof(struct gen_device_header),
643 loadaddr, GFH_FLASH_TYPE_GEN);
645 /* Generate SHA256 hash */
646 put_hash((uint8_t *)gfh,
647 filesize - sizeof(struct gen_device_header) - SHA256_SUM_LEN);
650 static void mtk_image_set_nand_header(void *ptr, off_t filesize,
653 struct brom_layout_header *brlyt;
654 struct gfh_header *gfh;
655 uint32_t payload_pages, nand_page_size;
658 nand_page_size = mtk_nand_header_put(hdr_nand, ptr);
660 if (nand_page_size) {
662 payload_pages = (filesize + nand_page_size - 1) /
664 brlyt = (struct brom_layout_header *)(ptr + nand_page_size);
665 put_brom_layout_header(brlyt, hdr_media);
666 brlyt->header_size = cpu_to_le32(2);
667 brlyt->total_size = cpu_to_le32(payload_pages);
668 brlyt->header_size_2 = brlyt->header_size;
669 brlyt->total_size_2 = brlyt->total_size;
670 brlyt->unused = cpu_to_le32(1);
674 gfh = (struct gfh_header *)(ptr + hdr_nand_size);
675 put_ghf_header(gfh, filesize, hdr_nand_size, loadaddr,
676 GFH_FLASH_TYPE_NAND);
678 /* Generate SHA256 hash */
679 put_hash((uint8_t *)gfh, filesize - hdr_nand_size - SHA256_SUM_LEN);
682 static void mtk_image_set_mt7621_header(void *ptr, off_t filesize,
685 image_header_t *hdr = (image_header_t *)ptr;
686 struct mt7621_stage1_header *shdr;
687 struct mt7621_nand_header *nhdr;
688 uint32_t datasize, crcval;
690 datasize = filesize - image_get_header_size();
691 nhdr = (struct mt7621_nand_header *)hdr->ih_name;
692 shdr = (struct mt7621_stage1_header *)(ptr + image_get_header_size());
694 shdr->ep = cpu_to_be32(loadaddr);
695 shdr->stage_size = cpu_to_be32(datasize);
697 image_set_magic(hdr, IH_MAGIC);
698 image_set_time(hdr, time(NULL));
699 image_set_size(hdr, datasize);
700 image_set_load(hdr, loadaddr);
701 image_set_ep(hdr, loadaddr);
702 image_set_os(hdr, IH_OS_U_BOOT);
703 image_set_arch(hdr, IH_ARCH_MIPS);
704 image_set_type(hdr, IH_TYPE_STANDALONE);
705 image_set_comp(hdr, IH_COMP_NONE);
707 crcval = crc32(0, (uint8_t *)shdr, datasize);
708 image_set_dcrc(hdr, crcval);
710 strncpy(nhdr->ih_name, "MT7621 NAND", MT7621_IH_NMLEN);
712 nhdr->ih_stage_offset = cpu_to_be32(image_get_header_size());
714 crcval = crc32be_cal(hdr, image_get_header_size());
715 nhdr->crc = cpu_to_be32(crcval);
717 crcval = crc32(0, (uint8_t *)hdr, image_get_header_size());
718 image_set_hcrc(hdr, crcval);
721 static void mtk_image_set_header(void *ptr, struct stat *sbuf, int ifd,
722 struct image_tool_params *params)
724 union lk_hdr *lk = (union lk_hdr *)ptr;
727 lk->magic = cpu_to_le32(LK_PART_MAGIC);
728 lk->size = cpu_to_le32(sbuf->st_size - sizeof(union lk_hdr));
729 lk->loadaddr = cpu_to_le32(params->addr);
730 lk->mode = 0xffffffff; /* must be non-zero */
731 memset(lk->name, 0, sizeof(lk->name));
732 strncpy(lk->name, lk_name, sizeof(lk->name));
737 img_size = sbuf->st_size;
739 if (use_mt7621_hdr) {
740 mtk_image_set_mt7621_header(ptr, sbuf->st_size, params->addr);
744 if (hdr_media == BRLYT_TYPE_NAND || hdr_media == BRLYT_TYPE_SNAND)
745 mtk_image_set_nand_header(ptr, sbuf->st_size, params->addr);
747 mtk_image_set_gen_header(ptr, sbuf->st_size, params->addr);
752 "MediaTek BootROM Loadable Image support",
755 mtk_image_check_params,
756 mtk_image_verify_header,
757 mtk_image_print_header,
758 mtk_image_set_header,
760 mtk_image_check_image_types,
762 mtk_image_vrec_header
projects / platform / kernel / u-boot.git / blob