1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * ifdtool - Manage Intel Firmware Descriptor information
4 *
5 * Copyright 2014 Google, Inc
6 *
7 * From Coreboot project, but it got a serious code clean-up
8 * and a few new features
9 */
10
11 #include <assert.h>
12 #include <fcntl.h>
13 #include <getopt.h>
14 #include <stdbool.h>
15 #include <stdlib.h>
16 #include <stdio.h>
17 #include <string.h>
18 #include <unistd.h>
19 #include <sys/types.h>
20 #include <sys/stat.h>
21 #include <linux/libfdt.h>
22 #include "ifdtool.h"
23
24 #undef DEBUG
25
26 #ifdef DEBUG
27 #define debug(fmt, args...) printf(fmt, ##args)
28 #else
29 #define debug(fmt, args...)
30 #endif
31
32 #define FD_SIGNATURE 0x0FF0A55A
33 #define FLREG_BASE(reg) ((reg & 0x00000fff) << 12);
34 #define FLREG_LIMIT(reg) (((reg & 0x0fff0000) >> 4) | 0xfff);
35
36 struct input_file {
37 char *fname;
38 unsigned int addr;
39 };
40
41 /**
42 * find_fd() - Find the flash description in the ROM image
43 *
44 * @image: Pointer to image
45 * @size: Size of image in bytes
46 * @return pointer to structure, or NULL if not found
47 */
find_fd(char * image,int size)48 static struct fdbar_t *find_fd(char *image, int size)
49 {
50 uint32_t *ptr, *end;
51
52 /* Scan for FD signature */
53 for (ptr = (uint32_t *)image, end = ptr + size / 4; ptr < end; ptr++) {
54 if (*ptr == FD_SIGNATURE)
55 break;
56 }
57
58 if (ptr == end) {
59 printf("No Flash Descriptor found in this image\n");
60 return NULL;
61 }
62
63 debug("Found Flash Descriptor signature at 0x%08lx\n",
64 (char *)ptr - image);
65
66 return (struct fdbar_t *)ptr;
67 }
68
69 /**
70 * get_region() - Get information about the selected region
71 *
72 * @frba: Flash region list
73 * @region_type: Type of region (0..MAX_REGIONS-1)
74 * @region: Region information is written here
75 * @return 0 if OK, else -ve
76 */
get_region(struct frba_t * frba,int region_type,struct region_t * region)77 static int get_region(struct frba_t *frba, int region_type,
78 struct region_t *region)
79 {
80 if (region_type >= MAX_REGIONS) {
81 fprintf(stderr, "Invalid region type.\n");
82 return -1;
83 }
84
85 region->base = FLREG_BASE(frba->flreg[region_type]);
86 region->limit = FLREG_LIMIT(frba->flreg[region_type]);
87 region->size = region->limit - region->base + 1;
88
89 return 0;
90 }
91
region_name(int region_type)92 static const char *region_name(int region_type)
93 {
94 static const char *const regions[] = {
95 "Flash Descriptor",
96 "BIOS",
97 "Intel ME",
98 "GbE",
99 "Platform Data"
100 };
101
102 assert(region_type < MAX_REGIONS);
103
104 return regions[region_type];
105 }
106
region_filename(int region_type)107 static const char *region_filename(int region_type)
108 {
109 static const char *const region_filenames[] = {
110 "flashregion_0_flashdescriptor.bin",
111 "flashregion_1_bios.bin",
112 "flashregion_2_intel_me.bin",
113 "flashregion_3_gbe.bin",
114 "flashregion_4_platform_data.bin"
115 };
116
117 assert(region_type < MAX_REGIONS);
118
119 return region_filenames[region_type];
120 }
121
dump_region(int num,struct frba_t * frba)122 static int dump_region(int num, struct frba_t *frba)
123 {
124 struct region_t region;
125 int ret;
126
127 ret = get_region(frba, num, ®ion);
128 if (ret)
129 return ret;
130
131 printf(" Flash Region %d (%s): %08x - %08x %s\n",
132 num, region_name(num), region.base, region.limit,
133 region.size < 1 ? "(unused)" : "");
134
135 return ret;
136 }
137
dump_frba(struct frba_t * frba)138 static void dump_frba(struct frba_t *frba)
139 {
140 int i;
141
142 printf("Found Region Section\n");
143 for (i = 0; i < MAX_REGIONS; i++) {
144 printf("FLREG%d: 0x%08x\n", i, frba->flreg[i]);
145 dump_region(i, frba);
146 }
147 }
148
decode_spi_frequency(unsigned int freq)149 static void decode_spi_frequency(unsigned int freq)
150 {
151 switch (freq) {
152 case SPI_FREQUENCY_20MHZ:
153 printf("20MHz");
154 break;
155 case SPI_FREQUENCY_33MHZ:
156 printf("33MHz");
157 break;
158 case SPI_FREQUENCY_50MHZ:
159 printf("50MHz");
160 break;
161 default:
162 printf("unknown<%x>MHz", freq);
163 }
164 }
165
decode_component_density(unsigned int density)166 static void decode_component_density(unsigned int density)
167 {
168 switch (density) {
169 case COMPONENT_DENSITY_512KB:
170 printf("512KiB");
171 break;
172 case COMPONENT_DENSITY_1MB:
173 printf("1MiB");
174 break;
175 case COMPONENT_DENSITY_2MB:
176 printf("2MiB");
177 break;
178 case COMPONENT_DENSITY_4MB:
179 printf("4MiB");
180 break;
181 case COMPONENT_DENSITY_8MB:
182 printf("8MiB");
183 break;
184 case COMPONENT_DENSITY_16MB:
185 printf("16MiB");
186 break;
187 default:
188 printf("unknown<%x>MiB", density);
189 }
190 }
191
dump_fcba(struct fcba_t * fcba)192 static void dump_fcba(struct fcba_t *fcba)
193 {
194 printf("\nFound Component Section\n");
195 printf("FLCOMP 0x%08x\n", fcba->flcomp);
196 printf(" Dual Output Fast Read Support: %ssupported\n",
197 (fcba->flcomp & (1 << 30)) ? "" : "not ");
198 printf(" Read ID/Read Status Clock Frequency: ");
199 decode_spi_frequency((fcba->flcomp >> 27) & 7);
200 printf("\n Write/Erase Clock Frequency: ");
201 decode_spi_frequency((fcba->flcomp >> 24) & 7);
202 printf("\n Fast Read Clock Frequency: ");
203 decode_spi_frequency((fcba->flcomp >> 21) & 7);
204 printf("\n Fast Read Support: %ssupported",
205 (fcba->flcomp & (1 << 20)) ? "" : "not ");
206 printf("\n Read Clock Frequency: ");
207 decode_spi_frequency((fcba->flcomp >> 17) & 7);
208 printf("\n Component 2 Density: ");
209 decode_component_density((fcba->flcomp >> 3) & 7);
210 printf("\n Component 1 Density: ");
211 decode_component_density(fcba->flcomp & 7);
212 printf("\n");
213 printf("FLILL 0x%08x\n", fcba->flill);
214 printf(" Invalid Instruction 3: 0x%02x\n",
215 (fcba->flill >> 24) & 0xff);
216 printf(" Invalid Instruction 2: 0x%02x\n",
217 (fcba->flill >> 16) & 0xff);
218 printf(" Invalid Instruction 1: 0x%02x\n",
219 (fcba->flill >> 8) & 0xff);
220 printf(" Invalid Instruction 0: 0x%02x\n",
221 fcba->flill & 0xff);
222 printf("FLPB 0x%08x\n", fcba->flpb);
223 printf(" Flash Partition Boundary Address: 0x%06x\n\n",
224 (fcba->flpb & 0xfff) << 12);
225 }
226
dump_fpsba(struct fpsba_t * fpsba)227 static void dump_fpsba(struct fpsba_t *fpsba)
228 {
229 int i;
230
231 printf("Found PCH Strap Section\n");
232 for (i = 0; i < MAX_STRAPS; i++)
233 printf("PCHSTRP%-2d: 0x%08x\n", i, fpsba->pchstrp[i]);
234 }
235
get_enabled(int flag)236 static const char *get_enabled(int flag)
237 {
238 return flag ? "enabled" : "disabled";
239 }
240
decode_flmstr(uint32_t flmstr)241 static void decode_flmstr(uint32_t flmstr)
242 {
243 printf(" Platform Data Region Write Access: %s\n",
244 get_enabled(flmstr & (1 << 28)));
245 printf(" GbE Region Write Access: %s\n",
246 get_enabled(flmstr & (1 << 27)));
247 printf(" Intel ME Region Write Access: %s\n",
248 get_enabled(flmstr & (1 << 26)));
249 printf(" Host CPU/BIOS Region Write Access: %s\n",
250 get_enabled(flmstr & (1 << 25)));
251 printf(" Flash Descriptor Write Access: %s\n",
252 get_enabled(flmstr & (1 << 24)));
253
254 printf(" Platform Data Region Read Access: %s\n",
255 get_enabled(flmstr & (1 << 20)));
256 printf(" GbE Region Read Access: %s\n",
257 get_enabled(flmstr & (1 << 19)));
258 printf(" Intel ME Region Read Access: %s\n",
259 get_enabled(flmstr & (1 << 18)));
260 printf(" Host CPU/BIOS Region Read Access: %s\n",
261 get_enabled(flmstr & (1 << 17)));
262 printf(" Flash Descriptor Read Access: %s\n",
263 get_enabled(flmstr & (1 << 16)));
264
265 printf(" Requester ID: 0x%04x\n\n",
266 flmstr & 0xffff);
267 }
268
dump_fmba(struct fmba_t * fmba)269 static void dump_fmba(struct fmba_t *fmba)
270 {
271 printf("Found Master Section\n");
272 printf("FLMSTR1: 0x%08x (Host CPU/BIOS)\n", fmba->flmstr1);
273 decode_flmstr(fmba->flmstr1);
274 printf("FLMSTR2: 0x%08x (Intel ME)\n", fmba->flmstr2);
275 decode_flmstr(fmba->flmstr2);
276 printf("FLMSTR3: 0x%08x (GbE)\n", fmba->flmstr3);
277 decode_flmstr(fmba->flmstr3);
278 }
279
dump_fmsba(struct fmsba_t * fmsba)280 static void dump_fmsba(struct fmsba_t *fmsba)
281 {
282 int i;
283
284 printf("Found Processor Strap Section\n");
285 for (i = 0; i < 4; i++)
286 printf("????: 0x%08x\n", fmsba->data[0]);
287 }
288
dump_jid(uint32_t jid)289 static void dump_jid(uint32_t jid)
290 {
291 printf(" SPI Component Device ID 1: 0x%02x\n",
292 (jid >> 16) & 0xff);
293 printf(" SPI Component Device ID 0: 0x%02x\n",
294 (jid >> 8) & 0xff);
295 printf(" SPI Component Vendor ID: 0x%02x\n",
296 jid & 0xff);
297 }
298
dump_vscc(uint32_t vscc)299 static void dump_vscc(uint32_t vscc)
300 {
301 printf(" Lower Erase Opcode: 0x%02x\n",
302 vscc >> 24);
303 printf(" Lower Write Enable on Write Status: 0x%02x\n",
304 vscc & (1 << 20) ? 0x06 : 0x50);
305 printf(" Lower Write Status Required: %s\n",
306 vscc & (1 << 19) ? "Yes" : "No");
307 printf(" Lower Write Granularity: %d bytes\n",
308 vscc & (1 << 18) ? 64 : 1);
309 printf(" Lower Block / Sector Erase Size: ");
310 switch ((vscc >> 16) & 0x3) {
311 case 0:
312 printf("256 Byte\n");
313 break;
314 case 1:
315 printf("4KB\n");
316 break;
317 case 2:
318 printf("8KB\n");
319 break;
320 case 3:
321 printf("64KB\n");
322 break;
323 }
324
325 printf(" Upper Erase Opcode: 0x%02x\n",
326 (vscc >> 8) & 0xff);
327 printf(" Upper Write Enable on Write Status: 0x%02x\n",
328 vscc & (1 << 4) ? 0x06 : 0x50);
329 printf(" Upper Write Status Required: %s\n",
330 vscc & (1 << 3) ? "Yes" : "No");
331 printf(" Upper Write Granularity: %d bytes\n",
332 vscc & (1 << 2) ? 64 : 1);
333 printf(" Upper Block / Sector Erase Size: ");
334 switch (vscc & 0x3) {
335 case 0:
336 printf("256 Byte\n");
337 break;
338 case 1:
339 printf("4KB\n");
340 break;
341 case 2:
342 printf("8KB\n");
343 break;
344 case 3:
345 printf("64KB\n");
346 break;
347 }
348 }
349
dump_vtba(struct vtba_t * vtba,int vtl)350 static void dump_vtba(struct vtba_t *vtba, int vtl)
351 {
352 int i;
353 int num = (vtl >> 1) < 8 ? (vtl >> 1) : 8;
354
355 printf("ME VSCC table:\n");
356 for (i = 0; i < num; i++) {
357 printf(" JID%d: 0x%08x\n", i, vtba->entry[i].jid);
358 dump_jid(vtba->entry[i].jid);
359 printf(" VSCC%d: 0x%08x\n", i, vtba->entry[i].vscc);
360 dump_vscc(vtba->entry[i].vscc);
361 }
362 printf("\n");
363 }
364
dump_oem(uint8_t * oem)365 static void dump_oem(uint8_t *oem)
366 {
367 int i, j;
368 printf("OEM Section:\n");
369 for (i = 0; i < 4; i++) {
370 printf("%02x:", i << 4);
371 for (j = 0; j < 16; j++)
372 printf(" %02x", oem[(i<<4)+j]);
373 printf("\n");
374 }
375 printf("\n");
376 }
377
378 /**
379 * dump_fd() - Display a dump of the full flash description
380 *
381 * @image: Pointer to image
382 * @size: Size of image in bytes
383 * @return 0 if OK, -1 on error
384 */
dump_fd(char * image,int size)385 static int dump_fd(char *image, int size)
386 {
387 struct fdbar_t *fdb = find_fd(image, size);
388
389 if (!fdb)
390 return -1;
391
392 printf("FLMAP0: 0x%08x\n", fdb->flmap0);
393 printf(" NR: %d\n", (fdb->flmap0 >> 24) & 7);
394 printf(" FRBA: 0x%x\n", ((fdb->flmap0 >> 16) & 0xff) << 4);
395 printf(" NC: %d\n", ((fdb->flmap0 >> 8) & 3) + 1);
396 printf(" FCBA: 0x%x\n", ((fdb->flmap0) & 0xff) << 4);
397
398 printf("FLMAP1: 0x%08x\n", fdb->flmap1);
399 printf(" ISL: 0x%02x\n", (fdb->flmap1 >> 24) & 0xff);
400 printf(" FPSBA: 0x%x\n", ((fdb->flmap1 >> 16) & 0xff) << 4);
401 printf(" NM: %d\n", (fdb->flmap1 >> 8) & 3);
402 printf(" FMBA: 0x%x\n", ((fdb->flmap1) & 0xff) << 4);
403
404 printf("FLMAP2: 0x%08x\n", fdb->flmap2);
405 printf(" PSL: 0x%04x\n", (fdb->flmap2 >> 8) & 0xffff);
406 printf(" FMSBA: 0x%x\n", ((fdb->flmap2) & 0xff) << 4);
407
408 printf("FLUMAP1: 0x%08x\n", fdb->flumap1);
409 printf(" Intel ME VSCC Table Length (VTL): %d\n",
410 (fdb->flumap1 >> 8) & 0xff);
411 printf(" Intel ME VSCC Table Base Address (VTBA): 0x%06x\n\n",
412 (fdb->flumap1 & 0xff) << 4);
413 dump_vtba((struct vtba_t *)
414 (image + ((fdb->flumap1 & 0xff) << 4)),
415 (fdb->flumap1 >> 8) & 0xff);
416 dump_oem((uint8_t *)image + 0xf00);
417 dump_frba((struct frba_t *)(image + (((fdb->flmap0 >> 16) & 0xff)
418 << 4)));
419 dump_fcba((struct fcba_t *)(image + (((fdb->flmap0) & 0xff) << 4)));
420 dump_fpsba((struct fpsba_t *)
421 (image + (((fdb->flmap1 >> 16) & 0xff) << 4)));
422 dump_fmba((struct fmba_t *)(image + (((fdb->flmap1) & 0xff) << 4)));
423 dump_fmsba((struct fmsba_t *)(image + (((fdb->flmap2) & 0xff) << 4)));
424
425 return 0;
426 }
427
428 /**
429 * write_regions() - Write each region from an image to its own file
430 *
431 * The filename to use in each case is fixed - see region_filename()
432 *
433 * @image: Pointer to image
434 * @size: Size of image in bytes
435 * @return 0 if OK, -ve on error
436 */
write_regions(char * image,int size)437 static int write_regions(char *image, int size)
438 {
439 struct fdbar_t *fdb;
440 struct frba_t *frba;
441 int ret = 0;
442 int i;
443
444 fdb = find_fd(image, size);
445 if (!fdb)
446 return -1;
447
448 frba = (struct frba_t *)(image + (((fdb->flmap0 >> 16) & 0xff) << 4));
449
450 for (i = 0; i < MAX_REGIONS; i++) {
451 struct region_t region;
452 int region_fd;
453
454 ret = get_region(frba, i, ®ion);
455 if (ret)
456 return ret;
457 dump_region(i, frba);
458 if (region.size <= 0)
459 continue;
460 region_fd = open(region_filename(i),
461 O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR |
462 S_IWUSR | S_IRGRP | S_IROTH);
463 if (write(region_fd, image + region.base, region.size) !=
464 region.size) {
465 perror("Error while writing");
466 ret = -1;
467 }
468 close(region_fd);
469 }
470
471 return ret;
472 }
473
perror_fname(const char * fmt,const char * fname)474 static int perror_fname(const char *fmt, const char *fname)
475 {
476 char msg[strlen(fmt) + strlen(fname) + 1];
477
478 sprintf(msg, fmt, fname);
479 perror(msg);
480
481 return -1;
482 }
483
484 /**
485 * write_image() - Write the image to a file
486 *
487 * @filename: Filename to use for the image
488 * @image: Pointer to image
489 * @size: Size of image in bytes
490 * @return 0 if OK, -ve on error
491 */
write_image(char * filename,char * image,int size)492 static int write_image(char *filename, char *image, int size)
493 {
494 int new_fd;
495
496 debug("Writing new image to %s\n", filename);
497
498 new_fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR |
499 S_IWUSR | S_IRGRP | S_IROTH);
500 if (new_fd < 0)
501 return perror_fname("Could not open file '%s'", filename);
502 if (write(new_fd, image, size) != size)
503 return perror_fname("Could not write file '%s'", filename);
504 close(new_fd);
505
506 return 0;
507 }
508
509 /**
510 * set_spi_frequency() - Set the SPI frequency to use when booting
511 *
512 * Several frequencies are supported, some of which work with fast devices.
513 * For SPI emulators, the slowest (SPI_FREQUENCY_20MHZ) is often used. The
514 * Intel boot system uses this information somehow on boot.
515 *
516 * The image is updated with the supplied value
517 *
518 * @image: Pointer to image
519 * @size: Size of image in bytes
520 * @freq: SPI frequency to use
521 */
set_spi_frequency(char * image,int size,enum spi_frequency freq)522 static void set_spi_frequency(char *image, int size, enum spi_frequency freq)
523 {
524 struct fdbar_t *fdb = find_fd(image, size);
525 struct fcba_t *fcba;
526
527 fcba = (struct fcba_t *)(image + (((fdb->flmap0) & 0xff) << 4));
528
529 /* clear bits 21-29 */
530 fcba->flcomp &= ~0x3fe00000;
531 /* Read ID and Read Status Clock Frequency */
532 fcba->flcomp |= freq << 27;
533 /* Write and Erase Clock Frequency */
534 fcba->flcomp |= freq << 24;
535 /* Fast Read Clock Frequency */
536 fcba->flcomp |= freq << 21;
537 }
538
539 /**
540 * set_em100_mode() - Set a SPI frequency that will work with Dediprog EM100
541 *
542 * @image: Pointer to image
543 * @size: Size of image in bytes
544 */
set_em100_mode(char * image,int size)545 static void set_em100_mode(char *image, int size)
546 {
547 struct fdbar_t *fdb = find_fd(image, size);
548 struct fcba_t *fcba;
549
550 fcba = (struct fcba_t *)(image + (((fdb->flmap0) & 0xff) << 4));
551 fcba->flcomp &= ~(1 << 30);
552 set_spi_frequency(image, size, SPI_FREQUENCY_20MHZ);
553 }
554
555 /**
556 * lock_descriptor() - Lock the NE descriptor so it cannot be updated
557 *
558 * @image: Pointer to image
559 * @size: Size of image in bytes
560 */
lock_descriptor(char * image,int size)561 static void lock_descriptor(char *image, int size)
562 {
563 struct fdbar_t *fdb = find_fd(image, size);
564 struct fmba_t *fmba;
565
566 /*
567 * TODO: Dynamically take Platform Data Region and GbE Region into
568 * account.
569 */
570 fmba = (struct fmba_t *)(image + (((fdb->flmap1) & 0xff) << 4));
571 fmba->flmstr1 = 0x0a0b0000;
572 fmba->flmstr2 = 0x0c0d0000;
573 fmba->flmstr3 = 0x08080118;
574 }
575
576 /**
577 * unlock_descriptor() - Lock the NE descriptor so it can be updated
578 *
579 * @image: Pointer to image
580 * @size: Size of image in bytes
581 */
unlock_descriptor(char * image,int size)582 static void unlock_descriptor(char *image, int size)
583 {
584 struct fdbar_t *fdb = find_fd(image, size);
585 struct fmba_t *fmba;
586
587 fmba = (struct fmba_t *)(image + (((fdb->flmap1) & 0xff) << 4));
588 fmba->flmstr1 = 0xffff0000;
589 fmba->flmstr2 = 0xffff0000;
590 fmba->flmstr3 = 0x08080118;
591 }
592
593 /**
594 * open_for_read() - Open a file for reading
595 *
596 * @fname: Filename to open
597 * @sizep: Returns file size in bytes
598 * @return 0 if OK, -1 on error
599 */
open_for_read(const char * fname,int * sizep)600 int open_for_read(const char *fname, int *sizep)
601 {
602 int fd = open(fname, O_RDONLY);
603 struct stat buf;
604
605 if (fd == -1)
606 return perror_fname("Could not open file '%s'", fname);
607 if (fstat(fd, &buf) == -1)
608 return perror_fname("Could not stat file '%s'", fname);
609 *sizep = buf.st_size;
610 debug("File %s is %d bytes\n", fname, *sizep);
611
612 return fd;
613 }
614
615 /**
616 * inject_region() - Add a file to an image region
617 *
618 * This puts a file into a particular region of the flash. Several pre-defined
619 * regions are used.
620 *
621 * @image: Pointer to image
622 * @size: Size of image in bytes
623 * @region_type: Region where the file should be added
624 * @region_fname: Filename to add to the image
625 * @return 0 if OK, -ve on error
626 */
inject_region(char * image,int size,int region_type,char * region_fname)627 int inject_region(char *image, int size, int region_type, char *region_fname)
628 {
629 struct fdbar_t *fdb = find_fd(image, size);
630 struct region_t region;
631 struct frba_t *frba;
632 int region_size;
633 int offset = 0;
634 int region_fd;
635 int ret;
636
637 if (!fdb)
638 exit(EXIT_FAILURE);
639 frba = (struct frba_t *)(image + (((fdb->flmap0 >> 16) & 0xff) << 4));
640
641 ret = get_region(frba, region_type, ®ion);
642 if (ret)
643 return -1;
644 if (region.size <= 0xfff) {
645 fprintf(stderr, "Region %s is disabled in target. Not injecting.\n",
646 region_name(region_type));
647 return -1;
648 }
649
650 region_fd = open_for_read(region_fname, ®ion_size);
651 if (region_fd < 0)
652 return region_fd;
653
654 if ((region_size > region.size) ||
655 ((region_type != 1) && (region_size > region.size))) {
656 fprintf(stderr, "Region %s is %d(0x%x) bytes. File is %d(0x%x) bytes. Not injecting.\n",
657 region_name(region_type), region.size,
658 region.size, region_size, region_size);
659 return -1;
660 }
661
662 if ((region_type == 1) && (region_size < region.size)) {
663 fprintf(stderr, "Region %s is %d(0x%x) bytes. File is %d(0x%x) bytes. Padding before injecting.\n",
664 region_name(region_type), region.size,
665 region.size, region_size, region_size);
666 offset = region.size - region_size;
667 memset(image + region.base, 0xff, offset);
668 }
669
670 if (size < region.base + offset + region_size) {
671 fprintf(stderr, "Output file is too small. (%d < %d)\n",
672 size, region.base + offset + region_size);
673 return -1;
674 }
675
676 if (read(region_fd, image + region.base + offset, region_size)
677 != region_size) {
678 perror("Could not read file");
679 return -1;
680 }
681
682 close(region_fd);
683
684 debug("Adding %s as the %s section\n", region_fname,
685 region_name(region_type));
686
687 return 0;
688 }
689
690 /**
691 * write_data() - Write some raw data into a region
692 *
693 * This puts a file into a particular place in the flash, ignoring the
694 * regions. Be careful not to overwrite something important.
695 *
696 * @image: Pointer to image
697 * @size: Size of image in bytes
698 * @addr: x86 ROM address to put file. The ROM ends at
699 * 0xffffffff so use an address relative to that. For an
700 * 8MB ROM the start address is 0xfff80000.
701 * @write_fname: Filename to add to the image
702 * @offset_uboot_top: Offset of the top of U-Boot
703 * @offset_uboot_start: Offset of the start of U-Boot
704 * @return number of bytes written if OK, -ve on error
705 */
write_data(char * image,int size,unsigned int addr,const char * write_fname,int offset_uboot_top,int offset_uboot_start)706 static int write_data(char *image, int size, unsigned int addr,
707 const char *write_fname, int offset_uboot_top,
708 int offset_uboot_start)
709 {
710 int write_fd, write_size;
711 int offset;
712
713 write_fd = open_for_read(write_fname, &write_size);
714 if (write_fd < 0)
715 return write_fd;
716
717 offset = (uint32_t)(addr + size);
718 if (offset_uboot_top) {
719 if (offset_uboot_start < offset &&
720 offset_uboot_top >= offset) {
721 fprintf(stderr, "U-Boot image overlaps with region '%s'\n",
722 write_fname);
723 fprintf(stderr,
724 "U-Boot finishes at offset %x, file starts at %x\n",
725 offset_uboot_top, offset);
726 return -EXDEV;
727 }
728 if (offset_uboot_start > offset &&
729 offset_uboot_start <= offset + write_size) {
730 fprintf(stderr, "U-Boot image overlaps with region '%s'\n",
731 write_fname);
732 fprintf(stderr,
733 "U-Boot starts at offset %x, file finishes at %x\n",
734 offset_uboot_start, offset + write_size);
735 return -EXDEV;
736 }
737 }
738 debug("Writing %s to offset %#x\n", write_fname, offset);
739
740 if (offset < 0 || offset + write_size > size) {
741 fprintf(stderr, "Output file is too small. (%d < %d)\n",
742 size, offset + write_size);
743 return -1;
744 }
745
746 if (read(write_fd, image + offset, write_size) != write_size) {
747 perror("Could not read file");
748 return -1;
749 }
750
751 close(write_fd);
752
753 return write_size;
754 }
755
print_version(void)756 static void print_version(void)
757 {
758 printf("ifdtool v%s -- ", IFDTOOL_VERSION);
759 printf("Copyright (C) 2014 Google Inc.\n\n");
760 printf("SPDX-License-Identifier: GPL-2.0+\n");
761 }
762
print_usage(const char * name)763 static void print_usage(const char *name)
764 {
765 printf("usage: %s [-vhdix?] <filename> [<outfile>]\n", name);
766 printf("\n"
767 " -d | --dump: dump intel firmware descriptor\n"
768 " -x | --extract: extract intel fd modules\n"
769 " -i | --inject <region>:<module> inject file <module> into region <region>\n"
770 " -w | --write <addr>:<file> write file to appear at memory address <addr>\n"
771 " multiple files can be written simultaneously\n"
772 " -s | --spifreq <20|33|50> set the SPI frequency\n"
773 " -e | --em100 set SPI frequency to 20MHz and disable\n"
774 " Dual Output Fast Read Support\n"
775 " -l | --lock Lock firmware descriptor and ME region\n"
776 " -u | --unlock Unlock firmware descriptor and ME region\n"
777 " -r | --romsize Specify ROM size\n"
778 " -D | --write-descriptor <file> Write descriptor at base\n"
779 " -c | --create Create a new empty image\n"
780 " -v | --version: print the version\n"
781 " -h | --help: print this help\n\n"
782 "<region> is one of Descriptor, BIOS, ME, GbE, Platform\n"
783 "\n");
784 }
785
786 /**
787 * get_two_words() - Convert a string into two words separated by :
788 *
789 * The supplied string is split at ':', two substrings are allocated and
790 * returned.
791 *
792 * @str: String to split
793 * @firstp: Returns first string
794 * @secondp: Returns second string
795 * @return 0 if OK, -ve if @str does not have a :
796 */
get_two_words(const char * str,char ** firstp,char ** secondp)797 static int get_two_words(const char *str, char **firstp, char **secondp)
798 {
799 const char *p;
800
801 p = strchr(str, ':');
802 if (!p)
803 return -1;
804 *firstp = strdup(str);
805 (*firstp)[p - str] = '\0';
806 *secondp = strdup(p + 1);
807
808 return 0;
809 }
810
main(int argc,char * argv[])811 int main(int argc, char *argv[])
812 {
813 int opt, option_index = 0;
814 int mode_dump = 0, mode_extract = 0, mode_inject = 0;
815 int mode_spifreq = 0, mode_em100 = 0, mode_locked = 0;
816 int mode_unlocked = 0, mode_write = 0, mode_write_descriptor = 0;
817 int create = 0;
818 char *region_type_string = NULL, *inject_fname = NULL;
819 char *desc_fname = NULL, *addr_str = NULL;
820 int region_type = -1, inputfreq = 0;
821 enum spi_frequency spifreq = SPI_FREQUENCY_20MHZ;
822 struct input_file input_file[WRITE_MAX], *ifile, *fdt = NULL;
823 unsigned char wr_idx, wr_num = 0;
824 int rom_size = -1;
825 bool write_it;
826 char *filename;
827 char *outfile = NULL;
828 struct stat buf;
829 int size = 0;
830 bool have_uboot = false;
831 int bios_fd;
832 char *image;
833 int ret;
834 static struct option long_options[] = {
835 {"create", 0, NULL, 'c'},
836 {"dump", 0, NULL, 'd'},
837 {"descriptor", 1, NULL, 'D'},
838 {"em100", 0, NULL, 'e'},
839 {"extract", 0, NULL, 'x'},
840 {"fdt", 1, NULL, 'f'},
841 {"inject", 1, NULL, 'i'},
842 {"lock", 0, NULL, 'l'},
843 {"romsize", 1, NULL, 'r'},
844 {"spifreq", 1, NULL, 's'},
845 {"unlock", 0, NULL, 'u'},
846 {"uboot", 1, NULL, 'U'},
847 {"write", 1, NULL, 'w'},
848 {"version", 0, NULL, 'v'},
849 {"help", 0, NULL, 'h'},
850 {0, 0, 0, 0}
851 };
852
853 while ((opt = getopt_long(argc, argv, "cdD:ef:hi:lr:s:uU:vw:x?",
854 long_options, &option_index)) != EOF) {
855 switch (opt) {
856 case 'c':
857 create = 1;
858 break;
859 case 'd':
860 mode_dump = 1;
861 break;
862 case 'D':
863 mode_write_descriptor = 1;
864 desc_fname = optarg;
865 break;
866 case 'e':
867 mode_em100 = 1;
868 break;
869 case 'i':
870 if (get_two_words(optarg, ®ion_type_string,
871 &inject_fname)) {
872 print_usage(argv[0]);
873 exit(EXIT_FAILURE);
874 }
875 if (!strcasecmp("Descriptor", region_type_string))
876 region_type = 0;
877 else if (!strcasecmp("BIOS", region_type_string))
878 region_type = 1;
879 else if (!strcasecmp("ME", region_type_string))
880 region_type = 2;
881 else if (!strcasecmp("GbE", region_type_string))
882 region_type = 3;
883 else if (!strcasecmp("Platform", region_type_string))
884 region_type = 4;
885 if (region_type == -1) {
886 fprintf(stderr, "No such region type: '%s'\n\n",
887 region_type_string);
888 print_usage(argv[0]);
889 exit(EXIT_FAILURE);
890 }
891 mode_inject = 1;
892 break;
893 case 'l':
894 mode_locked = 1;
895 break;
896 case 'r':
897 rom_size = strtol(optarg, NULL, 0);
898 debug("ROM size %d\n", rom_size);
899 break;
900 case 's':
901 /* Parse the requested SPI frequency */
902 inputfreq = strtol(optarg, NULL, 0);
903 switch (inputfreq) {
904 case 20:
905 spifreq = SPI_FREQUENCY_20MHZ;
906 break;
907 case 33:
908 spifreq = SPI_FREQUENCY_33MHZ;
909 break;
910 case 50:
911 spifreq = SPI_FREQUENCY_50MHZ;
912 break;
913 default:
914 fprintf(stderr, "Invalid SPI Frequency: %d\n",
915 inputfreq);
916 print_usage(argv[0]);
917 exit(EXIT_FAILURE);
918 }
919 mode_spifreq = 1;
920 break;
921 case 'u':
922 mode_unlocked = 1;
923 break;
924 case 'v':
925 print_version();
926 exit(EXIT_SUCCESS);
927 break;
928 case 'w':
929 case 'U':
930 case 'f':
931 ifile = &input_file[wr_num];
932 mode_write = 1;
933 if (wr_num < WRITE_MAX) {
934 if (get_two_words(optarg, &addr_str,
935 &ifile->fname)) {
936 print_usage(argv[0]);
937 exit(EXIT_FAILURE);
938 }
939 ifile->addr = strtoll(optarg, NULL, 0);
940 wr_num++;
941 } else {
942 fprintf(stderr,
943 "The number of files to write simultaneously exceeds the limitation (%d)\n",
944 WRITE_MAX);
945 }
946 break;
947 case 'x':
948 mode_extract = 1;
949 break;
950 case 'h':
951 case '?':
952 default:
953 print_usage(argv[0]);
954 exit(EXIT_SUCCESS);
955 break;
956 }
957 }
958
959 if (mode_locked == 1 && mode_unlocked == 1) {
960 fprintf(stderr, "Locking/Unlocking FD and ME are mutually exclusive\n");
961 exit(EXIT_FAILURE);
962 }
963
964 if (mode_inject == 1 && mode_write == 1) {
965 fprintf(stderr, "Inject/Write are mutually exclusive\n");
966 exit(EXIT_FAILURE);
967 }
968
969 if ((mode_dump + mode_extract + mode_inject +
970 (mode_spifreq | mode_em100 | mode_unlocked |
971 mode_locked)) > 1) {
972 fprintf(stderr, "You may not specify more than one mode.\n\n");
973 print_usage(argv[0]);
974 exit(EXIT_FAILURE);
975 }
976
977 if ((mode_dump + mode_extract + mode_inject + mode_spifreq +
978 mode_em100 + mode_locked + mode_unlocked + mode_write +
979 mode_write_descriptor) == 0 && !create) {
980 fprintf(stderr, "You need to specify a mode.\n\n");
981 print_usage(argv[0]);
982 exit(EXIT_FAILURE);
983 }
984
985 if (create && rom_size == -1) {
986 fprintf(stderr, "You need to specify a rom size when creating.\n\n");
987 exit(EXIT_FAILURE);
988 }
989
990 if (optind + 1 != argc) {
991 fprintf(stderr, "You need to specify a file.\n\n");
992 print_usage(argv[0]);
993 exit(EXIT_FAILURE);
994 }
995
996 if (have_uboot && !fdt) {
997 fprintf(stderr,
998 "You must supply a device tree file for U-Boot\n\n");
999 print_usage(argv[0]);
1000 exit(EXIT_FAILURE);
1001 }
1002
1003 filename = argv[optind];
1004 if (optind + 2 != argc)
1005 outfile = argv[optind + 1];
1006
1007 if (create)
1008 bios_fd = open(filename, O_WRONLY | O_CREAT, 0666);
1009 else
1010 bios_fd = open(filename, outfile ? O_RDONLY : O_RDWR);
1011
1012 if (bios_fd == -1) {
1013 perror("Could not open file");
1014 exit(EXIT_FAILURE);
1015 }
1016
1017 if (!create) {
1018 if (fstat(bios_fd, &buf) == -1) {
1019 perror("Could not stat file");
1020 exit(EXIT_FAILURE);
1021 }
1022 size = buf.st_size;
1023 }
1024
1025 debug("File %s is %d bytes\n", filename, size);
1026
1027 if (rom_size == -1)
1028 rom_size = size;
1029
1030 image = malloc(rom_size);
1031 if (!image) {
1032 printf("Out of memory.\n");
1033 exit(EXIT_FAILURE);
1034 }
1035
1036 memset(image, '\xff', rom_size);
1037 if (!create && read(bios_fd, image, size) != size) {
1038 perror("Could not read file");
1039 exit(EXIT_FAILURE);
1040 }
1041 if (size != rom_size) {
1042 debug("ROM size changed to %d bytes\n", rom_size);
1043 size = rom_size;
1044 }
1045
1046 write_it = true;
1047 ret = 0;
1048 if (mode_dump) {
1049 ret = dump_fd(image, size);
1050 write_it = false;
1051 }
1052
1053 if (mode_extract) {
1054 ret = write_regions(image, size);
1055 write_it = false;
1056 }
1057
1058 if (mode_write_descriptor)
1059 ret = write_data(image, size, -size, desc_fname, 0, 0);
1060
1061 if (mode_inject)
1062 ret = inject_region(image, size, region_type, inject_fname);
1063
1064 if (mode_write) {
1065 int offset_uboot_top = 0;
1066 int offset_uboot_start = 0;
1067
1068 for (wr_idx = 0; wr_idx < wr_num; wr_idx++) {
1069 ifile = &input_file[wr_idx];
1070 ret = write_data(image, size, ifile->addr,
1071 ifile->fname, offset_uboot_top,
1072 offset_uboot_start);
1073 if (ret < 0)
1074 break;
1075 }
1076 }
1077
1078 if (mode_spifreq)
1079 set_spi_frequency(image, size, spifreq);
1080
1081 if (mode_em100)
1082 set_em100_mode(image, size);
1083
1084 if (mode_locked)
1085 lock_descriptor(image, size);
1086
1087 if (mode_unlocked)
1088 unlock_descriptor(image, size);
1089
1090 if (write_it) {
1091 if (outfile) {
1092 ret = write_image(outfile, image, size);
1093 } else {
1094 if (lseek(bios_fd, 0, SEEK_SET)) {
1095 perror("Error while seeking");
1096 ret = -1;
1097 }
1098 if (write(bios_fd, image, size) != size) {
1099 perror("Error while writing");
1100 ret = -1;
1101 }
1102 }
1103 }
1104
1105 free(image);
1106 close(bios_fd);
1107
1108 return ret < 0 ? 1 : 0;
1109 }
1110