/* * Copyright (C) 2015 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /* Vboot/crossystem interface */ #define LOG_TAG "fwtool" #include <endian.h> #include <errno.h> #include <stdint.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include "ec_commands.h" #include "flash_device.h" #include "fmap.h" #include "update_log.h" #include "vboot_struct.h" #include "gbb_header.h" /* ---- VBoot information passed by the firmware through the device-tree ---- */ /* Base name for firmware FDT files */ #define FDT_BASE_PATH "/proc/device-tree/firmware/chromeos" char *fdt_read_string(const char *prop) { char filename[PATH_MAX]; FILE *file; size_t size; char *data; snprintf(filename, sizeof(filename), FDT_BASE_PATH "/%s", prop); file = fopen(filename, "r"); if (!file) { ALOGD("Unable to open FDT property %s\n", prop); return NULL; } fseek(file, 0, SEEK_END); size = ftell(file); data = malloc(size + 1); if (!data) { goto out_close; } data[size] = '\0'; rewind(file); if (fread(data, 1, size, file) != size) { ALOGD("Unable to read FDT property %s\n", prop); goto out_free; } fclose(file); return data; out_free: free(data); out_close: fclose(file); return NULL; } uint32_t fdt_read_u32(const char *prop) { char filename[PATH_MAX]; FILE *file; int data = 0; snprintf(filename, sizeof(filename), FDT_BASE_PATH "/%s", prop); file = fopen(filename, "r"); if (!file) { ALOGD("Unable to open FDT property %s\n", prop); return -1U; } if (fread(&data, 1, sizeof(data), file) != sizeof(data)) { ALOGD("Unable to read FDT property %s\n", prop); fclose(file); return -1U; } fclose(file); return ntohl(data); /* FDT is network byte order */ } char vboot_get_mainfw_act(void) { VbSharedDataHeader *shd = (void *)fdt_read_string("vboot-shared-data"); char v; if (!shd || shd->magic != VB_SHARED_DATA_MAGIC) { ALOGD("Cannot retrieve VBoot shared data\n"); if (shd) free(shd); return 'E'; /* Error */ } switch(shd->firmware_index) { case 0: v = 'A'; /* RW_A in use */ break; case 1: v = 'B'; /* RW_B in use */ break; case 0xFF: v = 'R'; /* Recovery/RO in use */ break; default: ALOGD("Invalid firmware index : %02x\n", shd->firmware_index); v = 'E'; /* Error */ } free(shd); return v; } /* ---- Flash Maps handling ---- */ off_t fmap_scan_offset(struct flash_device *dev, off_t end) { struct fmap h; uint32_t off = end - (end % 64); /* start on a 64-byte boundary */ int res; /* * Try to find the FMAP signature at 64-byte boundaries * starting from the end. */ do { off -= 64; res = flash_read(dev, off, &h, sizeof(h.signature)); if (res) break; if (!memcmp(&h.signature, FMAP_SIGNATURE, sizeof(h.signature))) break; } while (off); return off; } struct fmap *fmap_load(struct flash_device *dev, off_t offset) { struct fmap hdr; struct fmap *fmap; size_t size; int res; ALOGD("Searching FMAP @0x%08lx\n", offset); res = flash_read(dev, offset, &hdr, sizeof(hdr)); if (res) { ALOGD("Cannot read FMAP header\n"); return NULL; } if (memcmp(&hdr.signature, FMAP_SIGNATURE, sizeof(hdr.signature))) { ALOGD("Cannot find FMAP\n"); return NULL; } size = sizeof(struct fmap) + hdr.nareas * sizeof(struct fmap_area); fmap = malloc(size); res = flash_read(dev, offset, fmap, size); if (res) { ALOGD("Cannot read FMAP\n"); free(fmap); return NULL; } return fmap; } int fmap_get_section_offset(struct flash_device *dev, const char *name, off_t *offset) { int i; struct fmap *fmap = flash_get_fmap(dev); if (!fmap) return -1; if (name) { for (i = 0; i < fmap->nareas; i++) if (!strcmp(name, (const char*)fmap->areas[i].name)) break; if (i == fmap->nareas) { ALOGD("Cannot find section '%s'\n", name); return -1; } *offset = fmap->areas[i].offset; } else { *offset = 0; } return 0; } void *fmap_read_section(struct flash_device *dev, const char *name, size_t *size, off_t *offset) { int i, r; struct fmap *fmap = flash_get_fmap(dev); void *data; off_t start_offset; if (!fmap) return NULL; if (name) { for (i = 0; i < fmap->nareas; i++) if (!strcmp(name, (const char*)fmap->areas[i].name)) break; if (i == fmap->nareas) { ALOGD("Cannot find section '%s'\n", name); return NULL; } *size = fmap->areas[i].size; start_offset = fmap->areas[i].offset; } else { *size = flash_get_size(dev); start_offset = 0; } data = malloc(*size); if (!data) return NULL; r = flash_read(dev, start_offset, data, *size); if (r) { ALOGD("Cannot read section '%s'\n", name); free(data); return NULL; } if (offset) *offset = start_offset; return data; } /* ---- Google Binary Block (GBB) ---- */ uint8_t *gbb_get_rootkey(struct flash_device *dev, size_t *size) { size_t gbb_size; uint8_t *gbb = flash_get_gbb(dev, &gbb_size); GoogleBinaryBlockHeader *hdr = (void *)gbb; if (!gbb || memcmp(hdr->signature, GBB_SIGNATURE, GBB_SIGNATURE_SIZE) || gbb_size < sizeof(*hdr)) return NULL; if (hdr->rootkey_offset + hdr->rootkey_size > gbb_size) return NULL; if (size) *size = hdr->rootkey_size; return gbb + hdr->rootkey_offset; } /* ---- VBoot NVRAM (stored in SPI flash) ---- */ /* bits definition in NVRAM */ enum { VB_HEADER_OFFSET = 0, VB_BOOT_OFFSET = 1, VB_RECOVERY_OFFSET = 2, VB_LOCALIZATION_OFFSET = 3, VB_DEV_OFFSET = 4, VB_TPM_OFFSET = 5, VB_RECVOERY_SUBCODE_OFFSET = 6, VB_BOOT2_OFFSET = 7, VB_MISC_OFFSET = 8, VB_KERNEL_OFFSET = 11, VB_CRC_OFFSET = 15, VB_NVDATA_SIZE = 16 }; #define VB_DEFAULT_MASK 0x01 /* HEADER_OFFSET */ #define VB_HEADER_WIPEOUT_SHIFT 3 #define VB_HEADER_KERNEL_SETTINGS_RESET_SHIFT 4 #define VB_HEADER_FW_SETTINGS_RESET_SHIFT 5 #define VB_HEADER_SIGNATURE_SHIFT 6 /* BOOT_OFFSET */ #define VB_BOOT_TRY_COUNT_MASK 0xf #define VB_BOOT_TRY_COUNT_SHIFT 0 #define VB_BOOT_BACKUP_NVRAM_SHIFT 4 #define VB_BOOT_OPROM_NEEDED_SHIFT 5 #define VB_BOOT_DISABLE_DEV_SHIFT 6 #define VB_BOOT_DEBUG_RESET_SHIFT 7 /* RECOVERY_OFFSET */ #define VB_RECOVERY_REASON_SHIFT 0 #define VB_RECOVERY_REASON_MASK 0xff /* BOOT2_OFFSET */ #define VB_BOOT2_RESULT_MASK 0x3 #define VB_BOOT2_RESULT_SHIFT 0 #define VB_BOOT2_TRIED_SHIFT 2 #define VB_BOOT2_TRY_NEXT_SHIFT 3 #define VB_BOOT2_PREV_RESULT_MASK 0x3 #define VB_BOOT2_PREV_RESULT_SHIFT 4 #define VB_BOOT2_PREV_TRIED_SHIFT 6 /* DEV_OFFSET */ #define VB_DEV_FLAG_USB_SHIFT 0 #define VB_DEV_FLAG_SIGNED_ONLY_SHIFT 1 #define VB_DEV_FLAG_LEGACY_SHIFT 2 #define VB_DEV_FLAG_FASTBOOT_FULL_CAP_SHIFT 3 /* TPM_OFFSET */ #define VB_TPM_CLEAR_OWNER_REQUEST_SHIFT 0 #define VB_TPM_CLEAR_OWNER_DONE_SHIFT 1 /* MISC_OFFSET */ #define VB_MISC_UNLOCK_FASTBOOT_SHIFT 0 #define VB_MISC_BOOT_ON_AC_DETECT_SHIFT 1 typedef enum { VBNV_DEFAULT_FLAG = 0x00, VBNV_WRITABLE = 0x01, } vbnv_param_flags_t; typedef struct vbnv_param { char *name; vbnv_param_flags_t flags; int offset; int shift; int mask; } vbnv_param_t; static const vbnv_param_t param_table[] = { {"try_count", VBNV_WRITABLE, VB_BOOT_OFFSET, VB_BOOT_TRY_COUNT_SHIFT, VB_BOOT_TRY_COUNT_MASK}, {"backup_nvram", VBNV_WRITABLE, VB_BOOT_OFFSET, VB_BOOT_BACKUP_NVRAM_SHIFT, VB_DEFAULT_MASK}, {"oprom_needed", VBNV_WRITABLE, VB_BOOT_OFFSET, VB_BOOT_OPROM_NEEDED_SHIFT, VB_DEFAULT_MASK}, {"disable_dev", VBNV_WRITABLE, VB_BOOT_OFFSET, VB_BOOT_DISABLE_DEV_SHIFT, VB_DEFAULT_MASK}, {"debug_reset", VBNV_WRITABLE, VB_BOOT_OFFSET, VB_BOOT_DEBUG_RESET_SHIFT, VB_DEFAULT_MASK}, {"boot_result", VBNV_WRITABLE, VB_BOOT2_OFFSET, VB_BOOT2_RESULT_SHIFT, VB_BOOT2_RESULT_MASK}, {"fw_tried", VBNV_DEFAULT_FLAG, VB_BOOT2_OFFSET, VB_BOOT2_TRIED_SHIFT, VB_DEFAULT_MASK}, {"fw_try_next", VBNV_WRITABLE, VB_BOOT2_OFFSET, VB_BOOT2_TRY_NEXT_SHIFT, VB_DEFAULT_MASK}, {"fw_prev_result", VBNV_DEFAULT_FLAG, VB_BOOT2_OFFSET, VB_BOOT2_PREV_RESULT_SHIFT, VB_BOOT2_PREV_RESULT_MASK}, {"prev_tried", VBNV_DEFAULT_FLAG, VB_BOOT2_OFFSET, VB_BOOT2_PREV_TRIED_SHIFT, VB_DEFAULT_MASK}, {"dev_boot_usb", VBNV_WRITABLE, VB_DEV_OFFSET, VB_DEV_FLAG_USB_SHIFT, VB_DEFAULT_MASK}, {"dev_boot_signed_only", VBNV_WRITABLE, VB_DEV_OFFSET, VB_DEV_FLAG_SIGNED_ONLY_SHIFT, VB_DEFAULT_MASK}, {"dev_boot_legacy", VBNV_WRITABLE, VB_DEV_OFFSET, VB_DEV_FLAG_LEGACY_SHIFT, VB_DEFAULT_MASK}, {"dev_boot_fastboot_full_cap", VBNV_WRITABLE, VB_DEV_OFFSET, VB_DEV_FLAG_FASTBOOT_FULL_CAP_SHIFT, VB_DEFAULT_MASK}, {"tpm_clear_owner_request", VBNV_WRITABLE, VB_TPM_OFFSET, VB_TPM_CLEAR_OWNER_REQUEST_SHIFT, VB_DEFAULT_MASK}, {"tpm_clear_owner_done", VBNV_WRITABLE, VB_TPM_OFFSET, VB_TPM_CLEAR_OWNER_DONE_SHIFT, VB_DEFAULT_MASK}, {"unlock_fastboot", VBNV_WRITABLE, VB_MISC_OFFSET, VB_MISC_UNLOCK_FASTBOOT_SHIFT, VB_DEFAULT_MASK}, {"boot_on_ac_detect", VBNV_WRITABLE, VB_MISC_OFFSET, VB_MISC_BOOT_ON_AC_DETECT_SHIFT, VB_DEFAULT_MASK}, {"recovery_reason", VBNV_WRITABLE, VB_RECOVERY_OFFSET, VB_RECOVERY_REASON_SHIFT, VB_RECOVERY_REASON_MASK}, }; static uint8_t crc8(const uint8_t *data, int len) { uint32_t crc = 0; int i, j; for (j = len; j; j--, data++) { crc ^= (*data << 8); for(i = 8; i; i--) { if (crc & 0x8000) crc ^= (0x1070 << 3); crc <<= 1; } } return (uint8_t)(crc >> 8); } static inline int can_overwrite(uint8_t current, uint8_t new) { return (current & new) == new; } int vbnv_readwrite(struct flash_device *spi, const vbnv_param_t *param, uint8_t *value, int write) { int i; int res; size_t size; off_t offset; uint8_t *block, *nvram, *end, *curr; uint8_t dummy[VB_NVDATA_SIZE]; int off = param->offset; uint8_t mask = param->mask << param->shift; if (off >= VB_NVDATA_SIZE) { ALOGW("ERROR: Incorrect offset %d for NvStorage\n", off); return -EIO; } /* Read NVRAM. */ nvram = fmap_read_section(spi, "RW_NVRAM", &size, &offset); /* * Ensure NVRAM is found, size is at least 1 block and total size is * multiple of VB_NVDATA_SIZE. */ if ((nvram == NULL) || (size < VB_NVDATA_SIZE) || (size % VB_NVDATA_SIZE)) { ALOGW("ERROR: NVRAM not found\n"); return -EIO; } /* Create an empty dummy block to compare. */ memset(dummy, 0xFF, sizeof(dummy)); /* * Loop until the last used block in NVRAM. * 1. All blocks will not be empty since we just booted up fine. * 2. If all blocks are used, select the last block. */ block = nvram; end = block + size; for (curr = block; curr < end; curr += VB_NVDATA_SIZE) { if (memcmp(curr, dummy, VB_NVDATA_SIZE) == 0) break; block = curr; } if (write) { uint8_t flag_value = (*value & param->mask) << param->shift; /* Copy last used block to make modifications. */ memcpy(dummy, block, VB_NVDATA_SIZE); dummy[off] = (dummy[off] & ~mask) | (flag_value & mask); dummy[VB_CRC_OFFSET] = crc8(dummy, VB_CRC_OFFSET); /* Check if new block can be overwritten */ for (i = 0; i < VB_NVDATA_SIZE; i++) { if (!can_overwrite(block[i], dummy[i])) { if (curr != end) offset += (curr - nvram); else if (flash_erase(spi, offset, size)) { ALOGW("ERROR: Cannot erase flash\n"); return -EIO; } break; } } /* Block can be overwritten. */ if (i == VB_NVDATA_SIZE) offset += (block - nvram); ALOGI("Writing new entry into NVRAM @ 0x%lx\n", offset); /* Write new entry into NVRAM. */ if (flash_write(spi, offset, dummy, VB_NVDATA_SIZE)) { ALOGW("ERROR: Cannot update NVRAM\n"); return -EIO; } ALOGD("NVRAM updated.\n"); } else { *value = (block[off] & mask) >> param->shift; } return 0; } #define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0])) int vbnv_set_flag(struct flash_device *spi, const char *param, uint8_t value) { size_t i; for (i = 0; i < ARRAY_SIZE(param_table); i++) { if (!strcmp(param, param_table[i].name)) { if (param_table[i].flags & VBNV_WRITABLE) return vbnv_readwrite(spi, ¶m_table[i], &value, 1); fprintf(stderr, "ERROR: Cannot write this flag.\n"); return -EIO; } } fprintf(stderr, "Error: Unknown param\n"); return -EIO; } int vbnv_get_flag(struct flash_device *spi, const char *param, uint8_t *value) { size_t i; for (i = 0; i < ARRAY_SIZE(param_table); i++) { if (!strcmp(param, param_table[i].name)) return vbnv_readwrite(spi, ¶m_table[i], value, 0); } fprintf(stderr, "Error: Unknown param\n"); return -EIO; } void vbnv_usage(int write) { size_t i; for (i = 0; i < ARRAY_SIZE(param_table); i++) if ((write == 0) || (write && (param_table[i].flags & VBNV_WRITABLE))) printf(" %s\n", param_table[i].name); } /* ---- Vital Product Data handling ---- */