/* * Copyright 2014 Intel Corporation * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include <errno.h> #include <stdio.h> #include <unistd.h> #include <stdbool.h> #include <stdlib.h> #include <string.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <cutils/properties.h> #include <sys/mman.h> #include <memory> #include <string> #include <vector> #include "fw_version_check.h" #include "edify/expr.h" #define FORCE_RW_OPT "0" #define BOOT_IFWI_SIZE 0x400000 #define BOOT_UMIP_SIZE 0x10000 #define BOOT_UMIP_SECTOR_SIZE 0x200 #define BOOT_UMIP_XOR_OFFSET 0x7 #define BOOT_UMIP_3GPP_OFFSET 0x76F #define BOOT_IFWI_XOR_OFFSET 0x0112d8 #define BOOT_DNX_TIMEOUT_OFFSET 0x400 #define IFWI_OFFSET 0 #define TOKEN_UMIP_AREA_OFFSET 0x4000 #define TOKEN_UMIP_AREA_SIZE 0x2C00 #define FILE_PATH_SIZE 64 #define IFWI_TYPE_LSH 12 static void dump_fw_versions(struct firmware_versions *v) { fprintf(stderr, "Image FW versions:\n"); fprintf(stderr, " ifwi: %04X.%04X\n", v->ifwi.major, v->ifwi.minor); fprintf(stderr, "---- components ----\n"); fprintf(stderr, " scu: %04X.%04X\n", v->scu.major, v->scu.minor); fprintf(stderr, " hooks/oem: %04X.%04X\n", v->valhooks.major, v->valhooks.minor); fprintf(stderr, " ia32: %04X.%04X\n", v->ia32.major, v->ia32.minor); fprintf(stderr, " chaabi: %04X.%04X\n", v->chaabi.major, v->chaabi.minor); fprintf(stderr, " mIA: %04X.%04X\n", v->mia.major, v->mia.minor); } static int force_rw(const char *name) { int ret, fd; fd = open(name, O_WRONLY); if (fd < 0) { fprintf(stderr, "force_ro(): failed to open %s\n", name); return fd; } ret = write(fd, FORCE_RW_OPT, sizeof(FORCE_RW_OPT)); if (ret <= 0) { fprintf(stderr, "force_ro(): failed to write %s\n", name); close(fd); return ret; } close(fd); return 0; } int check_ifwi_file_scu_emmc(void *data, size_t size) { struct firmware_versions dev_fw_rev, img_fw_rev; if (get_image_fw_rev(data, size, &img_fw_rev)) { fprintf(stderr, "Coudn't extract FW version data from image\n"); return -1; } dump_fw_versions(&img_fw_rev); if (get_current_fw_rev(&dev_fw_rev)) { fprintf(stderr, "Couldn't query existing IFWI version\n"); return -1; } fprintf(stderr, "Attempting to flash ifwi image version %04X.%04X over ifwi current version %04X.%04X\n", img_fw_rev.ifwi.major, img_fw_rev.ifwi.minor, dev_fw_rev.ifwi.major, dev_fw_rev.ifwi.minor); if (img_fw_rev.ifwi.major != dev_fw_rev.ifwi.major) { fprintf(stderr, "IFWI FW Major version numbers (file=%04X current=%04X) don't match, Update abort.\n", img_fw_rev.ifwi.major, dev_fw_rev.ifwi.major); return -1; } return 1; } static uint32_t xor_compute(char *ptr, uint32_t size) { uint32_t val = 0; uint32_t i; for (i = 0; i < size; i+=4) val = val ^ *(uint32_t *)(ptr + i); return val; } static uint8_t xor_factorize(uint32_t val) { return (uint8_t)((val & 0xff) ^ ((val >> 8) & 0xff) ^ ((val >> 16) & 0xff) ^ ((val >> 24) & 0xff)); } static void xor_update(char *ptr) { uint16_t i; uint32_t val; /* update UMIP xor of sector 2 to 127 */ for (i = 2; i < 128; i++) { val = xor_compute(ptr + i * BOOT_UMIP_SECTOR_SIZE, BOOT_UMIP_SECTOR_SIZE); *(uint32_t *)(ptr + 4 * i) = val; } /* update UMIP xor */ *(ptr + BOOT_UMIP_XOR_OFFSET) = 0; val= xor_compute(ptr, BOOT_UMIP_SIZE); *(ptr + BOOT_UMIP_XOR_OFFSET) = xor_factorize(val); /* update IFWI xor */ *(uint32_t *)(ptr + BOOT_IFWI_XOR_OFFSET) = 0x0; val= xor_compute(ptr, BOOT_IFWI_SIZE); *(uint32_t *)(ptr + BOOT_IFWI_XOR_OFFSET) = val; } static int write_umip_emmc(uint32_t addr_offset, void *data, size_t size) { int boot_fd = 0; int boot_index; char boot_partition[FILE_PATH_SIZE]; char boot_partition_force_ro[FILE_PATH_SIZE]; char *ptr; char *token_data; if (addr_offset == IFWI_OFFSET) { token_data = reinterpret_cast<char *>(malloc(TOKEN_UMIP_AREA_SIZE)); if (!token_data) { fprintf(stderr, "write_umip_emmc: Malloc error\n"); return -1; } if (size > BOOT_IFWI_SIZE) { fprintf(stderr, "write_umip_emmc: Truncating last %d bytes from the IFWI\n", (size - BOOT_IFWI_SIZE)); /* Since the last 144 bytes are the FUP header which are not required,*/ /* we truncate it to fit into the boot partition. */ size = BOOT_IFWI_SIZE; } } for (boot_index = 0; boot_index < 2; boot_index++) { snprintf(boot_partition, FILE_PATH_SIZE, "/dev/block/mmcblk0boot%d", boot_index); snprintf(boot_partition_force_ro, FILE_PATH_SIZE, "/sys/block/mmcblk0boot%d/force_ro", boot_index); if (force_rw(boot_partition_force_ro)) { fprintf(stderr, "write_umip_emmc: unable to force_ro %s\n", boot_partition); goto err_boot1; } boot_fd = open(boot_partition, O_RDWR); if (boot_fd < 0) { fprintf(stderr, "write_umip_emmc: failed to open %s\n", boot_partition); goto err_boot1; } ptr = (char *)mmap(NULL, BOOT_IFWI_SIZE, PROT_READ|PROT_WRITE, MAP_SHARED, boot_fd, 0); if (ptr == MAP_FAILED) { fprintf(stderr, "write_umip_emmc: mmap failed on boot%d with error : %s\n", boot_index, strerror(errno)); goto err_boot1; } if (addr_offset == IFWI_OFFSET) memcpy(token_data, ptr + TOKEN_UMIP_AREA_OFFSET, TOKEN_UMIP_AREA_SIZE); /* Write the data */ if (addr_offset + size <= BOOT_IFWI_SIZE) if (data == NULL) memset(ptr + addr_offset, 0, size); else memcpy(ptr + addr_offset, data, size); else { fprintf(stderr, "write_umip_emmc: write failed\n"); goto err_boot2; } if (addr_offset == IFWI_OFFSET) memcpy(ptr + TOKEN_UMIP_AREA_OFFSET, token_data, TOKEN_UMIP_AREA_SIZE); /* Compute and write xor */ xor_update(ptr); munmap(ptr, BOOT_IFWI_SIZE); close(boot_fd); } if (addr_offset == IFWI_OFFSET) free(token_data); return 0; err_boot2: munmap(ptr, BOOT_IFWI_SIZE); err_boot1: if (addr_offset == IFWI_OFFSET) free(token_data); close(boot_fd); return -1; } static int readbyte_umip_emmc(uint32_t addr_offset) { int boot_fd = 0; char *ptr; int value = 0; if (force_rw("/sys/block/mmcblk0boot0/force_ro")) { fprintf(stderr, "read_umip_emmc: unable to force_ro\n"); goto err_boot1; } boot_fd = open("/dev/block/mmcblk0boot0", O_RDWR); if (boot_fd < 0) { fprintf(stderr, "read_umip_emmc: failed to open /dev/block/mmcblk0boot0\n"); goto err_boot1; } ptr = (char *)mmap(NULL, BOOT_UMIP_SIZE, PROT_READ|PROT_WRITE, MAP_SHARED, boot_fd, 0); if (ptr == MAP_FAILED) { fprintf(stderr, "read_umip_emmc: mmap failed on boot0 with error : %s\n", strerror(errno)); goto err_boot1; } /* Read the data */ if (addr_offset < BOOT_UMIP_SIZE) value = (int)*(ptr + addr_offset); else { fprintf(stderr, "read_umip_emmc: read failed\n"); goto err_boot2; } munmap(ptr, BOOT_UMIP_SIZE); close(boot_fd); return value; err_boot2: munmap(ptr, BOOT_UMIP_SIZE); err_boot1: close(boot_fd); return -1; } int update_ifwi_file_scu_emmc(void *data, size_t size) { return write_umip_emmc(IFWI_OFFSET, data, size); } int flash_ifwi_scu_emmc(void *data, unsigned size) { int ret; ret = check_ifwi_file_scu_emmc(data, size); if (ret > 0) return update_ifwi_file_scu_emmc(data, size); return ret; } Value* FlashIfwiFuguFn(const char *name, State * state, const std::vector<std::unique_ptr<Expr>>& argv) { Value *ret = NULL; unsigned char *buffer = NULL; int ifwi_size; FILE *f = NULL; if (argv.size() != 1) { ErrorAbort(state, "%s() expected 1 arg, got %zu", name, argv.size()); return NULL; } std::vector<std::string> args; if (!ReadArgs(state, argv, &args)) { ErrorAbort(state, "%s() invalid args ", name); return NULL; } const std::string& filename = args[0]; if (filename.empty()) { ErrorAbort(state, "filename argument to %s can't be empty", name); return nullptr; } if ((f = fopen(filename.c_str(),"rb")) == NULL) { ErrorAbort(state, "Unable to open file %s: %s ", filename.c_str(), strerror(errno)); return nullptr; } fseek(f, 0, SEEK_END); ifwi_size = ftell(f); if (ifwi_size < 0) { ErrorAbort(state, "Unable to get ifwi_size "); return nullptr; }; fseek(f, 0, SEEK_SET); if ((buffer = reinterpret_cast<unsigned char *>(malloc(ifwi_size))) == NULL) { ErrorAbort(state, "Unable to alloc ifwi flash buffer of size %d", ifwi_size); return nullptr; } fread(buffer, ifwi_size, 1, f); fclose(f); if(flash_ifwi_scu_emmc(buffer, ifwi_size) !=0) { ErrorAbort(state, "Unable to flash ifwi in emmc"); free(buffer); return nullptr; }; free(buffer); ret = StringValue(""); return ret; } void Register_librecovery_updater_fugu() { RegisterFunction("fugu.flash_ifwi", FlashIfwiFuguFn); }