/*
* Boot a Marvell SoC, with Xmodem over UART0.
- * supports Kirkwood, Dove, Armada 370, Armada XP, Armada 375, Armada 38x and
- * Armada 39x
+ * supports Kirkwood, Dove, Avanta, Armada 370, Armada XP, Armada 375,
+ * Armada 38x and Armada 39x.
*
* (c) 2012 Daniel Stodden <daniel.stodden@gmail.com>
* (c) 2021 Pali Rohár <pali@kernel.org>
- * (c) 2021 Marek Behún <marek.behun@nic.cz>
+ * (c) 2021 Marek Behún <kabel@kernel.org>
*
- * References: marvell.com, "88F6180, 88F6190, 88F6192, and 88F6281
- * Integrated Controller: Functional Specifications" December 2,
- * 2008. Chapter 24.2 "BootROM Firmware".
+ * References:
+ * - "88F6180, 88F6190, 88F6192, and 88F6281: Integrated Controller: Functional
+ * Specifications" December 2, 2008. Chapter 24.2 "BootROM Firmware".
+ * https://web.archive.org/web/20130730091033/https://www.marvell.com/embedded-processors/kirkwood/assets/FS_88F6180_9x_6281_OpenSource.pdf
+ * - "88AP510: High-Performance SoC with Integrated CPU, 2D/3D Graphics
+ * Processor, and High-Definition Video Decoder: Functional Specifications"
+ * August 3, 2011. Chapter 5 "BootROM Firmware"
+ * https://web.archive.org/web/20120130172443/https://www.marvell.com/application-processors/armada-500/assets/Armada-510-Functional-Spec.pdf
+ * - "88F6665, 88F6660, 88F6658, 88F6655, 88F6655F, 88F6650, 88F6650F, 88F6610,
+ * and 88F6610F Avanta LP Family Integrated Single/Dual CPU Ecosystem for
+ * Gateway (GW), Home Gateway Unit (HGU), and Single Family Unit (SFU)
+ * Functional Specifications" Doc. No. MV-S108952-00, Rev. A. November 7, 2013.
+ * Chapter 7 "Boot Flow"
+ * CONFIDENTIAL, no public documentation available
+ * - "88F6710, 88F6707, and 88F6W11: ARMADA(R) 370 SoC: Functional Specifications"
+ * May 26, 2014. Chapter 6 "BootROM Firmware".
+ * https://web.archive.org/web/20140617183701/https://www.marvell.com/embedded-processors/armada-300/assets/ARMADA370-FunctionalSpec-datasheet.pdf
+ * - "MV78230, MV78260, and MV78460: ARMADA(R) XP Family of Highly Integrated
+ * Multi-Core ARMv7 Based SoC Processors: Functional Specifications"
+ * May 29, 2014. Chapter 6 "BootROM Firmware".
+ * https://web.archive.org/web/20180829171131/https://www.marvell.com/embedded-processors/armada-xp/assets/ARMADA-XP-Functional-SpecDatasheet.pdf
+ * - "BobCat2 Control and Management Subsystem Functional Specifications"
+ * Doc. No. MV-S109400-00, Rev. A. December 4, 2014.
+ * Chapter 1.6 BootROM Firmware
+ * CONFIDENTIAL, no public documentation available
+ * - "AlleyCat3 and PONCat3 Highly Integrated 1/10 Gigabit Ethernet Switch
+ * Control and Management Subsystem: Functional Specifications"
+ * Doc. No. MV-S109693-00, Rev. A. May 20, 2014.
+ * Chapter 1.6 BootROM Firmware
+ * CONFIDENTIAL, no public documentation available
+ * - "ARMADA(R) 375 Value-Performance Dual Core CPU System on Chip: Functional
+ * Specifications" Doc. No. MV-S109377-00, Rev. A. September 18, 2013.
+ * Chapter 7 "Boot Sequence"
+ * CONFIDENTIAL, no public documentation available
+ * - "88F6810, 88F6811, 88F6821, 88F6W21, 88F6820, and 88F6828: ARMADA(R) 38x
+ * Family High-Performance Single/Dual CPU System on Chip: Functional
+ * Specifications" Doc. No. MV-S109094-00, Rev. C. August 2, 2015.
+ * Chapter 7 "Boot Flow"
+ * CONFIDENTIAL, no public documentation available
+ * - "88F6920, 88F6925 and 88F6928: ARMADA(R) 39x High-Performance Dual Core CPU
+ * System on Chip Functional Specifications" Doc. No. MV-S109896-00, Rev. B.
+ * December 22, 2015. Chapter 7 "Boot Flow"
+ * CONFIDENTIAL, no public documentation available
+ * - "Marvell boot image parser", Marvell U-Boot 2013.01, version 18.06. September 17, 2015.
+ * https://github.com/MarvellEmbeddedProcessors/u-boot-marvell/blob/u-boot-2013.01-armada-18.06/tools/marvell/doimage_mv/hdrparser.c
+ * - "Marvell doimage Tool", Marvell U-Boot 2013.01, version 18.06. August 30, 2015.
+ * https://github.com/MarvellEmbeddedProcessors/u-boot-marvell/blob/u-boot-2013.01-armada-18.06/tools/marvell/doimage_mv/doimage.c
+ *
+ * Storage location / offset of different image types:
+ * - IBR_HDR_SPI_ID (0x5A):
+ * SPI image can be stored at any 2 MB aligned offset in the first 16 MB of
+ * SPI-NOR or parallel-NOR. Despite the type name it really can be stored on
+ * parallel-NOR and cannot be stored on other SPI devices, like SPI-NAND.
+ * So it should have been named NOR image, not SPI image. This image type
+ * supports XIP - Execute In Place directly from NOR memory. Destination
+ * address of the XIP image is set to 0xFFFFFFFF and execute address to the
+ * absolute offset in bytes from the beginning of NOR memory.
+ *
+ * - IBR_HDR_NAND_ID (0x8B):
+ * NAND image can be stored either at any 2 MB aligned offset in the first
+ * 16 MB of SPI-NAND or at any blocksize aligned offset in the first 64 MB
+ * of parallel-NAND.
+ *
+ * - IBR_HDR_PEX_ID (0x9C):
+ * PEX image is used for booting from PCI Express device. Source address
+ * stored in image is ignored by BootROM. It is not the BootROM who parses
+ * or loads data part of the PEX image. BootROM just configures SoC to the
+ * PCIe endpoint mode and let the PCIe device on the other end of the PCIe
+ * link (which must be in Root Complex mode) to load kwbimage into SoC's
+ * memory and tell BootROM physical address.
+ *
+ * - IBR_HDR_UART_ID (0x69):
+ * UART image can be transfered via xmodem protocol over first UART.
+ * Unlike all other image types, header size stored in the image must be
+ * multiply of the 128 bytes (for all other image types it can be any size)
+ * and data part of the image does not have to contain 32-bit checksum
+ * (all other image types must have valid 32-bit checksum in its data part).
+ * And data size stored in the image is ignored. A38x BootROM determinates
+ * size of the data part implicitly by the end of the xmodem transfer.
+ * A38x BootROM has a bug which cause that BootROM loads data part of UART
+ * image into RAM target address increased by one byte when source address
+ * and header size stored in the image header are not same. So UART image
+ * should be constructed in a way that there is no gap between header and
+ * data part.
+ *
+ * - IBR_HDR_I2C_ID (0x4D):
+ * It is unknown for what kind of storage is used this image. It is not
+ * specified in any document from References section.
+ *
+ * - IBR_HDR_SATA_ID (0x78):
+ * SATA image can be stored at sector 1 (after the MBR table), sector 34
+ * (after the GPT table) or at any next sector which is aligned to 2 MB and
+ * is in the first 16 MB of SATA disk. Note that source address in SATA image
+ * is stored in sector unit and not in bytes like for any other images.
+ * Unfortunately sector size is disk specific, in most cases it is 512 bytes
+ * but there are also Native 4K SATA disks which have 4096 bytes long sectors.
+ *
+ * - IBR_HDR_SDIO_ID (0xAE):
+ * SDIO image can be stored on different medias:
+ * - SD(SC) card
+ * - SDHC/SDXC card
+ * - eMMC HW boot partition
+ * - eMMC user data partition / MMC card
+ * It cannot be stored on SDIO card despite the image name.
+ *
+ * For SD(SC)/SDHC/SDXC cards, image can be stored at the same locations as
+ * the SATA image (sector 1, sector 34 or any 2 MB aligned sector) but within
+ * the first 64 MB. SDHC and SDXC cards have fixed 512 bytes long sector size.
+ * Old SD(SC) cards unfortunately can have also different sector sizes, mostly
+ * 1024 bytes long sector sizes and also can be changed at runtime.
+ *
+ * For MMC-compatible devices, image can be stored at offset 0 or at offset
+ * 2 MB. If MMC device supports HW boot partitions then image must be stored
+ * on the HW partition as is configured in the EXT_CSC register (it can be
+ * either boot or user data).
+ *
+ * Note that source address for SDIO image is stored in byte unit, like for
+ * any other images (except SATA). Marvell Functional Specifications for
+ * A38x and A39x SoCs say that source address is in sector units, but this
+ * is purely incorrect information. A385 BootROM really expects source address
+ * for SDIO images in bytes and also Marvell tools generate SDIO image with
+ * source address in byte units.
*/
#include "kwbimage.h"
#include <stdint.h>
#include <time.h>
#include <sys/stat.h>
+#include <pthread.h>
#ifdef __linux__
#include "termios_linux.h"
#endif
/*
+ * These functions are in <term.h> header file, but this header file conflicts
+ * with "termios_linux.h" header file. So declare these functions manually.
+ */
+extern int setupterm(const char *, int, int *);
+extern char *tigetstr(const char *);
+
+/*
* Marvell BootROM UART Sensing
*/
};
/* Defines known to work on Kirkwood */
-#define KWBOOT_MSG_REQ_DELAY 10 /* ms */
#define KWBOOT_MSG_RSP_TIMEO 50 /* ms */
/* Defines known to work on Armada XP */
-#define KWBOOT_MSG_REQ_DELAY_AXP 1000 /* ms */
-#define KWBOOT_MSG_RSP_TIMEO_AXP 1000 /* ms */
+#define KWBOOT_MSG_RSP_TIMEO_AXP 10 /* ms */
/*
* Xmodem Transfers
static int kwboot_verbose;
-static int msg_req_delay = KWBOOT_MSG_REQ_DELAY;
static int msg_rsp_timeo = KWBOOT_MSG_RSP_TIMEO;
static int blk_rsp_timeo = KWBOOT_BLK_RSP_TIMEO;
static ssize_t
kwboot_write(int fd, const char *buf, size_t len)
{
- size_t tot = 0;
+ ssize_t tot = 0;
while (tot < len) {
ssize_t wr = write(fd, buf + tot, len - tot);
- if (wr < 0)
- return -1;
+ if (wr < 0 && errno == EINTR)
+ continue;
+ else if (wr < 0)
+ return wr;
tot += wr;
}
do {
nfds = select(fd + 1, &rfds, NULL, NULL, &tv);
- if (nfds < 0)
+ if (nfds < 0 && errno == EINTR)
+ continue;
+ else if (nfds < 0)
goto out;
- if (!nfds) {
+ else if (!nfds) {
errno = ETIMEDOUT;
goto out;
}
n = read(fd, buf, len);
- if (n <= 0)
+ if (n < 0 && errno == EINTR)
+ continue;
+ else if (n <= 0)
goto out;
buf = (char *)buf + n;
return rc;
}
+static void *
+kwboot_msg_write_handler(void *arg)
+{
+ int tty = *(int *)((void **)arg)[0];
+ const void *msg = ((void **)arg)[1];
+ int rsp_timeo = msg_rsp_timeo;
+ int i, dummy_oldtype;
+
+ /* allow to cancel this thread at any time */
+ pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, &dummy_oldtype);
+
+ while (1) {
+ /* write 128 samples of message pattern into the output queue without waiting */
+ for (i = 0; i < 128; i++) {
+ if (kwboot_tty_send(tty, msg, 8, 1) < 0) {
+ perror("\nFailed to send message pattern");
+ exit(1);
+ }
+ }
+ /* wait until output queue is transmitted and then make pause */
+ if (tcdrain(tty) < 0) {
+ perror("\nFailed to send message pattern");
+ exit(1);
+ }
+ /* BootROM requires pause on UART after it detects message pattern */
+ usleep(rsp_timeo * 1000);
+ }
+}
+
static int
-kwboot_bootmsg(int tty, void *msg)
+kwboot_msg_start_thread(pthread_t *thread, int *tty, void *msg)
{
- struct kwboot_block block;
+ void *arg[2];
int rc;
- char c;
- int count;
- if (msg == NULL)
- kwboot_printv("Please reboot the target into UART boot mode...");
- else
- kwboot_printv("Sending boot message. Please reboot the target...");
+ arg[0] = tty;
+ arg[1] = msg;
+ rc = pthread_create(thread, NULL, kwboot_msg_write_handler, arg);
+ if (rc) {
+ errno = rc;
+ return -1;
+ }
- do {
- rc = tcflush(tty, TCIOFLUSH);
- if (rc)
- break;
+ return 0;
+}
- for (count = 0; count < 128; count++) {
- rc = kwboot_tty_send(tty, msg, 8, 0);
- if (rc) {
- usleep(msg_req_delay * 1000);
- continue;
- }
- }
+static int
+kwboot_msg_stop_thread(pthread_t thread)
+{
+ int rc;
- rc = kwboot_tty_recv(tty, &c, 1, msg_rsp_timeo);
+ rc = pthread_cancel(thread);
+ if (rc) {
+ errno = rc;
+ return -1;
+ }
+
+ rc = pthread_join(thread, NULL);
+ if (rc) {
+ errno = rc;
+ return -1;
+ }
+
+ return 0;
+}
+
+static int
+kwboot_bootmsg(int tty)
+{
+ struct kwboot_block block;
+ pthread_t write_thread;
+ int rc, err;
+ char c;
+
+ /* flush input and output queue */
+ tcflush(tty, TCIOFLUSH);
+
+ rc = kwboot_msg_start_thread(&write_thread, &tty, kwboot_msg_boot);
+ if (rc) {
+ perror("Failed to start write thread");
+ return rc;
+ }
+
+ kwboot_printv("Sending boot message. Please reboot the target...");
+ err = 0;
+ while (1) {
kwboot_spinner();
- } while (rc || c != NAK);
+ rc = kwboot_tty_recv(tty, &c, 1, msg_rsp_timeo);
+ if (rc && errno == ETIMEDOUT) {
+ continue;
+ } else if (rc) {
+ err = errno;
+ break;
+ }
+
+ if (c == NAK)
+ break;
+ }
kwboot_printv("\n");
- if (rc)
+ rc = kwboot_msg_stop_thread(write_thread);
+ if (rc) {
+ perror("Failed to stop write thread");
return rc;
+ }
+
+ if (err) {
+ errno = err;
+ perror("Failed to read response for boot message pattern");
+ return -1;
+ }
/*
* At this stage we have sent more boot message patterns and BootROM
*/
/* flush output queue with remaining boot message patterns */
- tcflush(tty, TCOFLUSH);
+ rc = tcflush(tty, TCOFLUSH);
+ if (rc) {
+ perror("Failed to flush output queue");
+ return rc;
+ }
/* send one xmodem packet with 0xff bytes to force BootROM to re-sync */
memset(&block, 0xff, sizeof(block));
- kwboot_tty_send(tty, &block, sizeof(block), 0);
+ rc = kwboot_tty_send(tty, &block, sizeof(block), 0);
+ if (rc) {
+ perror("Failed to send sync sequence");
+ return rc;
+ }
/*
* Sending 132 bytes via 115200B/8-N-1 takes 11.45 ms, reading 132 bytes
usleep(30 * 1000);
/* flush remaining NAK replies from input queue */
- tcflush(tty, TCIFLUSH);
+ rc = tcflush(tty, TCIFLUSH);
+ if (rc) {
+ perror("Failed to flush input queue");
+ return rc;
+ }
return 0;
}
static int
-kwboot_debugmsg(int tty, void *msg)
+kwboot_debugmsg(int tty)
{
- int rc;
+ unsigned char buf[8192];
+ pthread_t write_thread;
+ int rc, err, i, pos;
+ size_t off;
- kwboot_printv("Sending debug message. Please reboot the target...");
+ /* flush input and output queue */
+ tcflush(tty, TCIOFLUSH);
- do {
- char buf[16];
+ rc = kwboot_msg_start_thread(&write_thread, &tty, kwboot_msg_debug);
+ if (rc) {
+ perror("Failed to start write thread");
+ return rc;
+ }
- rc = tcflush(tty, TCIOFLUSH);
- if (rc)
- break;
+ kwboot_printv("Sending debug message. Please reboot the target...");
+ kwboot_spinner();
- rc = kwboot_tty_send(tty, msg, 8, 0);
- if (rc) {
- usleep(msg_req_delay * 1000);
+ err = 0;
+ off = 0;
+ while (1) {
+ /* Read immediately all bytes in queue without waiting */
+ rc = read(tty, buf + off, sizeof(buf) - off);
+ if ((rc < 0 && errno == EINTR) || rc == 0) {
continue;
+ } else if (rc < 0) {
+ err = errno;
+ break;
}
-
- rc = kwboot_tty_recv(tty, buf, 16, msg_rsp_timeo);
+ off += rc - 1;
kwboot_spinner();
- } while (rc);
+ /*
+ * Check if we received at least 4 debug message patterns
+ * (console echo from BootROM) in cyclic buffer
+ */
+
+ for (pos = 0; pos < sizeof(kwboot_msg_debug); pos++)
+ if (buf[off] == kwboot_msg_debug[(pos + off) % sizeof(kwboot_msg_debug)])
+ break;
+
+ for (i = off; i >= 0; i--)
+ if (buf[i] != kwboot_msg_debug[(pos + i) % sizeof(kwboot_msg_debug)])
+ break;
+
+ off -= i;
+
+ if (off >= 4 * sizeof(kwboot_msg_debug))
+ break;
+
+ /* If not move valid suffix from end of the buffer to the beginning of buffer */
+ memmove(buf, buf + i + 1, off);
+ }
kwboot_printv("\n");
- return rc;
+ rc = kwboot_msg_stop_thread(write_thread);
+ if (rc) {
+ perror("Failed to stop write thread");
+ return rc;
+ }
+
+ if (err) {
+ errno = err;
+ perror("Failed to read response for debug message pattern");
+ return -1;
+ }
+
+ /* flush output queue with remaining debug message patterns */
+ rc = tcflush(tty, TCOFLUSH);
+ if (rc) {
+ perror("Failed to flush output queue");
+ return rc;
+ }
+
+ kwboot_printv("Clearing input buffer...\n");
+
+ /*
+ * Wait until BootROM transmit all remaining echo characters.
+ * Experimentally it was measured that for Armada 385 BootROM
+ * it is required to wait at least 0.415s. So wait 0.5s.
+ */
+ usleep(500 * 1000);
+
+ /*
+ * In off variable is stored number of characters received after the
+ * successful detection of echo reply. So these characters are console
+ * echo for other following debug message patterns. BootROM may have in
+ * its output queue other echo characters which were being transmitting
+ * before above sleep call. So read remaining number of echo characters
+ * sent by the BootROM now.
+ */
+ while ((rc = kwboot_tty_recv(tty, &buf[0], 1, 0)) == 0)
+ off++;
+ if (errno != ETIMEDOUT) {
+ perror("Failed to read response");
+ return rc;
+ }
+
+ /*
+ * Clear every echo character set by the BootROM by backspace byte.
+ * This is required prior writing any command to the BootROM debug
+ * because BootROM command line buffer has limited size. If length
+ * of the command is larger than buffer size then it looks like
+ * that Armada 385 BootROM crashes after sending ENTER. So erase it.
+ * Experimentally it was measured that for Armada 385 BootROM it is
+ * required to send at least 3 backspace bytes for one echo character.
+ * This is unknown why. But lets do it.
+ */
+ off *= 3;
+ memset(buf, '\x08', sizeof(buf));
+ while (off > sizeof(buf)) {
+ rc = kwboot_tty_send(tty, buf, sizeof(buf), 1);
+ if (rc) {
+ perror("Failed to send clear sequence");
+ return rc;
+ }
+ off -= sizeof(buf);
+ }
+ rc = kwboot_tty_send(tty, buf, off, 0);
+ if (rc) {
+ perror("Failed to send clear sequence");
+ return rc;
+ }
+
+ usleep(msg_rsp_timeo * 1000);
+ rc = tcflush(tty, TCIFLUSH);
+ if (rc) {
+ perror("Failed to flush input queue");
+ return rc;
+ }
+
+ return 0;
}
static size_t
* followed by the header. So align header size to xmodem block size.
*/
hdrsz += (KWBOOT_XM_BLKSZ - hdrsz % KWBOOT_XM_BLKSZ) % KWBOOT_XM_BLKSZ;
+ if (hdrsz > size)
+ hdrsz = size;
pnum = 1;
}
static int
-kwboot_term_pipe(int in, int out, const char *quit, int *s)
+kwboot_term_pipe(int in, int out, const char *quit, int *s, const char *kbs, int *k)
{
- ssize_t nin;
- char _buf[128], *buf = _buf;
+ char buf[128];
+ ssize_t nin, noff;
- nin = read(in, buf, sizeof(_buf));
+ nin = read(in, buf, sizeof(buf));
if (nin <= 0)
return -1;
- if (quit) {
+ noff = 0;
+
+ if (quit || kbs) {
int i;
for (i = 0; i < nin; i++) {
- if (*buf == quit[*s]) {
- (*s)++;
- if (!quit[*s])
- return 0;
- buf++;
- nin--;
- } else {
- if (kwboot_write(out, quit, *s) < 0)
+ if ((quit || kbs) &&
+ (!quit || buf[i] != quit[*s]) &&
+ (!kbs || buf[i] != kbs[*k])) {
+ const char *prefix;
+ int plen;
+
+ if (quit && kbs) {
+ prefix = (*s >= *k) ? quit : kbs;
+ plen = (*s >= *k) ? *s : *k;
+ } else if (quit) {
+ prefix = quit;
+ plen = *s;
+ } else {
+ prefix = kbs;
+ plen = *k;
+ }
+
+ if (plen > i && kwboot_write(out, prefix, plen - i) < 0)
return -1;
+ }
+
+ if (quit && buf[i] == quit[*s]) {
+ (*s)++;
+ if (!quit[*s]) {
+ nin = (i > *s) ? (i - *s) : 0;
+ break;
+ }
+ } else if (quit) {
*s = 0;
}
+
+ if (kbs && buf[i] == kbs[*k]) {
+ (*k)++;
+ if (!kbs[*k]) {
+ if (i > *k + noff &&
+ kwboot_write(out, buf + noff, i - *k - noff) < 0)
+ return -1;
+ /*
+ * Replace backspace key by '\b' (0x08)
+ * byte which is the only recognized
+ * backspace byte by Marvell BootROM.
+ */
+ if (write(out, "\x08", 1) < 0)
+ return -1;
+ noff = i + 1;
+ *k = 0;
+ }
+ } else if (kbs) {
+ *k = 0;
+ }
+ }
+
+ if (i == nin) {
+ i = 0;
+ if (quit && i < *s)
+ i = *s;
+ if (kbs && i < *k)
+ i = *k;
+ nin -= (nin > i) ? i : nin;
}
}
- if (kwboot_write(out, buf, nin) < 0)
+ if (nin > noff && kwboot_write(out, buf + noff, nin - noff) < 0)
return -1;
return 0;
static int
kwboot_terminal(int tty)
{
- int rc, in, s;
+ int rc, in, s, k;
+ const char *kbs = NULL;
const char *quit = "\34c";
struct termios otio, tio;
goto out;
}
+ /*
+ * Get sequence for backspace key used by the current
+ * terminal. Every occurrence of this sequence will be
+ * replaced by '\b' byte which is the only recognized
+ * backspace byte by Marvell BootROM.
+ *
+ * Note that we cannot read this sequence from termios
+ * c_cc[VERASE] as VERASE is valid only when ICANON is
+ * set in termios c_lflag, which is not case for us.
+ *
+ * Also most terminals do not set termios c_cc[VERASE]
+ * as c_cc[VERASE] can specify only one-byte sequence
+ * and instead let applications to read (possible
+ * multi-byte) sequence for backspace key from "kbs"
+ * terminfo database based on $TERM env variable.
+ *
+ * So read "kbs" from terminfo database via tigetstr()
+ * call after successful setupterm(). Most terminals
+ * use byte 0x7F for backspace key, so replacement with
+ * '\b' is required.
+ */
+ if (setupterm(NULL, STDOUT_FILENO, &rc) == 0) {
+ kbs = tigetstr("kbs");
+ if (kbs == (char *)-1)
+ kbs = NULL;
+ }
+
kwboot_printv("[Type Ctrl-%c + %c to quit]\r\n",
quit[0] | 0100, quit[1]);
} else
rc = 0;
s = 0;
+ k = 0;
do {
fd_set rfds;
break;
if (FD_ISSET(tty, &rfds)) {
- rc = kwboot_term_pipe(tty, STDOUT_FILENO, NULL, NULL);
+ rc = kwboot_term_pipe(tty, STDOUT_FILENO, NULL, NULL, NULL, NULL);
if (rc)
break;
}
if (in >= 0 && FD_ISSET(in, &rfds)) {
- rc = kwboot_term_pipe(in, tty, quit, &s);
+ rc = kwboot_term_pipe(in, tty, quit, &s, kbs, &k);
if (rc)
break;
}
kwboot_read_image(const char *path, size_t *size, size_t reserve)
{
int rc, fd;
- struct stat st;
void *img;
+ off_t len;
off_t tot;
rc = -1;
if (fd < 0)
goto out;
- rc = fstat(fd, &st);
- if (rc)
+ len = lseek(fd, 0, SEEK_END);
+ if (len == (off_t)-1)
+ goto out;
+
+ if (lseek(fd, 0, SEEK_SET) == (off_t)-1)
goto out;
- img = malloc(st.st_size + reserve);
+ img = malloc(len + reserve);
if (!img)
goto out;
tot = 0;
- while (tot < st.st_size) {
- ssize_t rd = read(fd, img + tot, st.st_size - tot);
+ while (tot < len) {
+ ssize_t rd = read(fd, img + tot, len - tot);
if (rd < 0)
goto out;
tot += rd;
- if (!rd && tot < st.st_size) {
+ if (!rd && tot < len) {
errno = EIO;
goto out;
}
}
rc = 0;
- *size = st.st_size;
+ *size = len;
out:
if (rc && img) {
free(img);
return 0;
}
+static int
+kwboot_img_has_ddr_init(void *img)
+{
+ const struct register_set_hdr_v1 *rhdr;
+ const struct main_hdr_v0 *hdr0;
+ struct opt_hdr_v1 *ohdr;
+ u32 ohdrsz;
+ int last;
+
+ /*
+ * kwbimage v0 image headers contain DDR init code either in
+ * extension header or in binary code header.
+ */
+ if (kwbimage_version(img) == 0) {
+ hdr0 = img;
+ return hdr0->ext || hdr0->bin;
+ }
+
+ /*
+ * kwbimage v1 image headers contain DDR init code either in binary
+ * code header or in a register set list header with SDRAM_SETUP.
+ */
+ for_each_opt_hdr_v1 (ohdr, img) {
+ if (ohdr->headertype == OPT_HDR_V1_BINARY_TYPE)
+ return 1;
+ if (ohdr->headertype == OPT_HDR_V1_REGISTER_TYPE) {
+ rhdr = (const struct register_set_hdr_v1 *)ohdr;
+ ohdrsz = opt_hdr_v1_size(ohdr);
+ if (ohdrsz >= sizeof(*ohdr) + sizeof(rhdr->data[0].last_entry)) {
+ ohdrsz -= sizeof(*ohdr) + sizeof(rhdr->data[0].last_entry);
+ last = ohdrsz / sizeof(rhdr->data[0].entry);
+ if (rhdr->data[last].last_entry.delay ==
+ REGISTER_SET_HDR_OPT_DELAY_SDRAM_SETUP)
+ return 1;
+ }
+ }
+ }
+
+ return 0;
+}
+
static void *
kwboot_img_grow_data_right(void *img, size_t *size, size_t grow)
{
}
static int
+kwboot_img_guess_sata_blksz(void *img, uint32_t blkoff, uint32_t data_size, size_t total_size)
+{
+ uint32_t sum, *ptr, *end;
+ int blksz;
+
+ /*
+ * Try all possible sector sizes which are power of two,
+ * at least 512 bytes and up to the 32 kB.
+ */
+ for (blksz = 512; blksz < 0x10000; blksz *= 2) {
+ if (blkoff * blksz > total_size ||
+ blkoff * blksz + data_size > total_size ||
+ data_size % 4)
+ break;
+
+ /*
+ * Calculate data checksum and if it matches
+ * then tried blksz should be correct.
+ */
+ ptr = img + blkoff * blksz;
+ end = (void *)ptr + data_size - 4;
+ for (sum = 0; ptr < end; ptr++)
+ sum += *ptr;
+
+ if (sum == *end)
+ return blksz;
+ }
+
+ /* Fallback to 512 bytes */
+ return 512;
+}
+
+static const char *
+kwboot_img_type(uint8_t blockid)
+{
+ switch (blockid) {
+ case IBR_HDR_I2C_ID: return "I2C";
+ case IBR_HDR_SPI_ID: return "SPI";
+ case IBR_HDR_NAND_ID: return "NAND";
+ case IBR_HDR_SATA_ID: return "SATA";
+ case IBR_HDR_PEX_ID: return "PEX";
+ case IBR_HDR_UART_ID: return "UART";
+ case IBR_HDR_SDIO_ID: return "SDIO";
+ default: return "unknown";
+ }
+}
+
+static int
kwboot_img_patch(void *img, size_t *size, int baudrate)
{
struct main_hdr_v1 *hdr;
+ struct opt_hdr_v1 *ohdr;
uint32_t srcaddr;
uint8_t csum;
size_t hdrsz;
hdr = img;
- if (*size < sizeof(struct main_hdr_v1))
+ if (*size < sizeof(struct main_hdr_v1)) {
+ fprintf(stderr, "Invalid image header size\n");
goto err;
+ }
image_ver = kwbimage_version(img);
if (image_ver != 0 && image_ver != 1) {
hdrsz = kwbheader_size(hdr);
- if (*size < hdrsz)
+ if (*size < hdrsz) {
+ fprintf(stderr, "Invalid image header size\n");
goto err;
+ }
+
+ kwboot_printv("Detected kwbimage v%d with %s boot signature\n", image_ver, kwboot_img_type(hdr->blockid));
csum = kwboot_hdr_csum8(hdr) - hdr->checksum;
- if (csum != hdr->checksum)
+ if (csum != hdr->checksum) {
+ fprintf(stderr, "Image has invalid header checksum stored in image header\n");
goto err;
+ }
srcaddr = le32_to_cpu(hdr->srcaddr);
switch (hdr->blockid) {
case IBR_HDR_SATA_ID:
- if (srcaddr < 1)
- goto err;
-
- hdr->srcaddr = cpu_to_le32((srcaddr - 1) * 512);
- break;
-
- case IBR_HDR_SDIO_ID:
- hdr->srcaddr = cpu_to_le32(srcaddr * 512);
+ hdr->srcaddr = cpu_to_le32(srcaddr * kwboot_img_guess_sata_blksz(img, srcaddr, le32_to_cpu(hdr->blocksize), *size));
break;
case IBR_HDR_PEX_ID:
case IBR_HDR_SPI_ID:
if (hdr->destaddr == cpu_to_le32(0xFFFFFFFF)) {
kwboot_printv("Patching destination and execution addresses from SPI/NOR XIP area to DDR area 0x00800000\n");
- hdr->destaddr = cpu_to_le32(0x00800000);
- hdr->execaddr = cpu_to_le32(0x00800000);
+ hdr->destaddr = cpu_to_le32(0x00800000 + le32_to_cpu(hdr->srcaddr));
+ hdr->execaddr = cpu_to_le32(0x00800000 + le32_to_cpu(hdr->execaddr));
}
break;
}
- if (hdrsz > le32_to_cpu(hdr->srcaddr) ||
- *size < le32_to_cpu(hdr->srcaddr) + le32_to_cpu(hdr->blocksize))
+ if (hdrsz > le32_to_cpu(hdr->srcaddr)) {
+ fprintf(stderr, "Image has invalid data offset stored in image header\n");
+ goto err;
+ }
+
+ if (*size < le32_to_cpu(hdr->srcaddr) + le32_to_cpu(hdr->blocksize)) {
+ fprintf(stderr, "Image has invalid data size stored in image header\n");
goto err;
+ }
+
+ for_each_opt_hdr_v1 (ohdr, hdr) {
+ if (!opt_hdr_v1_valid_size(ohdr, (const uint8_t *)hdr + hdrsz)) {
+ fprintf(stderr, "Invalid optional image header\n");
+ goto err;
+ }
+ }
+
+ /*
+ * The 32-bit data checksum is optional for UART image. If it is not
+ * present (checksum detected as invalid) then grow data part of the
+ * image for the checksum, so it can be inserted there.
+ */
+ if (kwboot_img_csum32(img) != *kwboot_img_csum32_ptr(img)) {
+ if (hdr->blockid != IBR_HDR_UART_ID) {
+ fprintf(stderr, "Image has invalid data checksum\n");
+ goto err;
+ }
+ kwboot_img_grow_data_right(img, size, sizeof(uint32_t));
+ /* Update the 32-bit data checksum */
+ *kwboot_img_csum32_ptr(img) = kwboot_img_csum32(img);
+ }
- if (kwboot_img_csum32(img) != *kwboot_img_csum32_ptr(img))
+ if (!kwboot_img_has_ddr_init(img) &&
+ (le32_to_cpu(hdr->destaddr) < 0x40000000 ||
+ le32_to_cpu(hdr->destaddr) + le32_to_cpu(hdr->blocksize) > 0x40034000)) {
+ fprintf(stderr, "Image does not contain DDR init code needed for UART booting\n");
goto err;
+ }
is_secure = kwboot_img_is_secure(img);
* baudrate (which should be 115200) and do not touch
* UART MPP configuration.
*/
+ hdr->flags |= 0x1;
hdr->options &= ~0x1F;
hdr->options |= MAIN_HDR_V1_OPT_BAUD_DEFAULT;
hdr->options |= 0 << 3;
kwboot_printv("Aligning image header to Xmodem block size\n");
kwboot_img_grow_hdr(img, size, grow);
+ hdrsz += grow;
+
+ /*
+ * kwbimage v1 contains header size field and for UART type it
+ * must be set to the aligned xmodem header size because BootROM
+ * rounds header size down to xmodem block size.
+ */
+ if (kwbimage_version(img) == 1) {
+ hdr->headersz_msb = hdrsz >> 16;
+ hdr->headersz_lsb = cpu_to_le16(hdrsz & 0xffff);
+ }
+ }
+
+ /* Header size and source address must be same for UART type due to A38x BootROM bug */
+ if (hdrsz != le32_to_cpu(hdr->srcaddr)) {
+ if (is_secure) {
+ fprintf(stderr, "Cannot align image with secure header\n");
+ goto err;
+ }
+
+ kwboot_printv("Removing gap between image header and data\n");
+ memmove(img + hdrsz, img + le32_to_cpu(hdr->srcaddr), le32_to_cpu(hdr->blocksize));
+ hdr->srcaddr = cpu_to_le32(hdrsz);
}
hdr->checksum = kwboot_hdr_csum8(hdr) - csum;
kwboot_usage(FILE *stream, char *progname)
{
fprintf(stream,
- "Usage: %s [OPTIONS] [-b <image> | -D <image> ] [-B <baud> ] <TTY>\n",
+ "Usage: %s [OPTIONS] [-b <image> | -D <image> | -b | -d ] [-B <baud> ] [-t] <TTY>\n",
progname);
fprintf(stream, "\n");
fprintf(stream,
- " -b <image>: boot <image> with preamble (Kirkwood, Armada 370/XP)\n");
+ " -b <image>: boot <image> with preamble (Kirkwood, Avanta, Armada 370/XP/375/38x/39x)\n");
fprintf(stream,
" -D <image>: boot <image> without preamble (Dove)\n");
- fprintf(stream, " -d: enter debug mode\n");
+ fprintf(stream, " -b: enter xmodem boot mode\n");
+ fprintf(stream, " -d: enter console debug mode\n");
fprintf(stream, " -a: use timings for Armada XP\n");
- fprintf(stream, " -q <req-delay>: use specific request-delay\n");
fprintf(stream, " -s <resp-timeo>: use specific response-timeout\n");
fprintf(stream,
" -o <block-timeo>: use specific xmodem block timeout\n");
{
const char *ttypath, *imgpath;
int rv, rc, tty, term;
- void *bootmsg;
- void *debugmsg;
+ int bootmsg;
+ int debugmsg;
void *img;
size_t size;
size_t after_img_rsv;
rv = 1;
tty = -1;
- bootmsg = NULL;
- debugmsg = NULL;
+ bootmsg = 0;
+ debugmsg = 0;
imgpath = NULL;
img = NULL;
term = 0;
case 'b':
if (imgpath || bootmsg || debugmsg)
goto usage;
- bootmsg = kwboot_msg_boot;
+ bootmsg = 1;
if (prev_optind == optind)
goto usage;
- if (argv[optind] && argv[optind][0] != '-')
+ /* Option -b could have optional argument which specify image path */
+ if (optind < argc && argv[optind] && argv[optind][0] != '-')
imgpath = argv[optind++];
break;
case 'D':
if (imgpath || bootmsg || debugmsg)
goto usage;
- bootmsg = NULL;
+ bootmsg = 0;
imgpath = optarg;
break;
case 'd':
if (imgpath || bootmsg || debugmsg)
goto usage;
- debugmsg = kwboot_msg_debug;
+ debugmsg = 1;
break;
case 'p':
break;
case 'a':
- msg_req_delay = KWBOOT_MSG_REQ_DELAY_AXP;
msg_rsp_timeo = KWBOOT_MSG_RSP_TIMEO_AXP;
break;
case 'q':
- msg_req_delay = atoi(optarg);
+ /* nop, for backward compatibility */
break;
case 's':
}
} while (1);
- if (!bootmsg && !term && !debugmsg)
+ if (!bootmsg && !term && !debugmsg && !imgpath)
goto usage;
- ttypath = argv[optind++];
+ /*
+ * If there is no remaining argument but optional imgpath was parsed
+ * then it means that optional imgpath was eaten by getopt parser.
+ * Reassing imgpath to required ttypath argument.
+ */
+ if (optind == argc && imgpath) {
+ ttypath = imgpath;
+ imgpath = NULL;
+ } else if (optind + 1 == argc) {
+ ttypath = argv[optind];
+ } else {
+ goto usage;
+ }
- if (optind != argc)
+ /* boot and debug message use baudrate 115200 */
+ if (((bootmsg && !imgpath) || debugmsg) && baudrate != 115200) {
+ fprintf(stderr, "Baudrate other than 115200 cannot be used for this operation.\n");
goto usage;
+ }
- tty = kwboot_open_tty(ttypath, imgpath ? 115200 : baudrate);
+ tty = kwboot_open_tty(ttypath, baudrate);
if (tty < 0) {
perror(ttypath);
goto out;
}
+ /*
+ * initial baudrate for image transfer is always 115200,
+ * the change to different baudrate is done only after the header is sent
+ */
+ if (imgpath && baudrate != 115200) {
+ rc = kwboot_tty_change_baudrate(tty, 115200);
+ if (rc) {
+ perror(ttypath);
+ goto out;
+ }
+ }
+
if (baudrate == 115200)
/* do not change baudrate during Xmodem to the same value */
baudrate = 0;
KWBOOT_XM_BLKSZ +
sizeof(kwboot_baud_code) +
sizeof(kwboot_baud_code_data_jump) +
+ sizeof(uint32_t) +
KWBOOT_XM_BLKSZ;
if (imgpath) {
}
if (debugmsg) {
- rc = kwboot_debugmsg(tty, debugmsg);
- if (rc) {
- perror("debugmsg");
+ rc = kwboot_debugmsg(tty);
+ if (rc)
goto out;
- }
} else if (bootmsg) {
- rc = kwboot_bootmsg(tty, bootmsg);
- if (rc) {
- perror("bootmsg");
+ rc = kwboot_bootmsg(tty);
+ if (rc)
goto out;
- }
}
if (img) {