1 /* 2 * NCI based driver for Samsung S3FWRN5 NFC chip 3 * 4 * Copyright (C) 2015 Samsung Electrnoics 5 * Robert Baldyga <r.baldyga@samsung.com> 6 * 7 * This program is free software; you can redistribute it and/or modify it 8 * under the terms and conditions of the GNU General Public License, 9 * version 2 or later, as published by the Free Software Foundation. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 20 #include <linux/completion.h> 21 #include <linux/firmware.h> 22 #include <crypto/hash.h> 23 #include <crypto/sha.h> 24 25 #include "s3fwrn5.h" 26 #include "firmware.h" 27 28 struct s3fwrn5_fw_version { 29 __u8 major; 30 __u8 build1; 31 __u8 build2; 32 __u8 target; 33 }; 34 35 static int s3fwrn5_fw_send_msg(struct s3fwrn5_fw_info *fw_info, 36 struct sk_buff *msg, struct sk_buff **rsp) 37 { 38 struct s3fwrn5_info *info = 39 container_of(fw_info, struct s3fwrn5_info, fw_info); 40 long ret; 41 42 reinit_completion(&fw_info->completion); 43 44 ret = s3fwrn5_write(info, msg); 45 if (ret < 0) 46 return ret; 47 48 ret = wait_for_completion_interruptible_timeout( 49 &fw_info->completion, msecs_to_jiffies(1000)); 50 if (ret < 0) 51 return ret; 52 else if (ret == 0) 53 return -ENXIO; 54 55 if (!fw_info->rsp) 56 return -EINVAL; 57 58 *rsp = fw_info->rsp; 59 fw_info->rsp = NULL; 60 61 return 0; 62 } 63 64 static int s3fwrn5_fw_prep_msg(struct s3fwrn5_fw_info *fw_info, 65 struct sk_buff **msg, u8 type, u8 code, const void *data, u16 len) 66 { 67 struct s3fwrn5_fw_header hdr; 68 struct sk_buff *skb; 69 70 hdr.type = type | fw_info->parity; 71 fw_info->parity ^= 0x80; 72 hdr.code = code; 73 hdr.len = len; 74 75 skb = alloc_skb(S3FWRN5_FW_HDR_SIZE + len, GFP_KERNEL); 76 if (!skb) 77 return -ENOMEM; 78 79 skb_put_data(skb, &hdr, S3FWRN5_FW_HDR_SIZE); 80 if (len) 81 skb_put_data(skb, data, len); 82 83 *msg = skb; 84 85 return 0; 86 } 87 88 static int s3fwrn5_fw_get_bootinfo(struct s3fwrn5_fw_info *fw_info, 89 struct s3fwrn5_fw_cmd_get_bootinfo_rsp *bootinfo) 90 { 91 struct sk_buff *msg, *rsp = NULL; 92 struct s3fwrn5_fw_header *hdr; 93 int ret; 94 95 /* Send GET_BOOTINFO command */ 96 97 ret = s3fwrn5_fw_prep_msg(fw_info, &msg, S3FWRN5_FW_MSG_CMD, 98 S3FWRN5_FW_CMD_GET_BOOTINFO, NULL, 0); 99 if (ret < 0) 100 return ret; 101 102 ret = s3fwrn5_fw_send_msg(fw_info, msg, &rsp); 103 kfree_skb(msg); 104 if (ret < 0) 105 return ret; 106 107 hdr = (struct s3fwrn5_fw_header *) rsp->data; 108 if (hdr->code != S3FWRN5_FW_RET_SUCCESS) { 109 ret = -EINVAL; 110 goto out; 111 } 112 113 memcpy(bootinfo, rsp->data + S3FWRN5_FW_HDR_SIZE, 10); 114 115 out: 116 kfree_skb(rsp); 117 return ret; 118 } 119 120 static int s3fwrn5_fw_enter_update_mode(struct s3fwrn5_fw_info *fw_info, 121 const void *hash_data, u16 hash_size, 122 const void *sig_data, u16 sig_size) 123 { 124 struct s3fwrn5_fw_cmd_enter_updatemode args; 125 struct sk_buff *msg, *rsp = NULL; 126 struct s3fwrn5_fw_header *hdr; 127 int ret; 128 129 /* Send ENTER_UPDATE_MODE command */ 130 131 args.hashcode_size = hash_size; 132 args.signature_size = sig_size; 133 134 ret = s3fwrn5_fw_prep_msg(fw_info, &msg, S3FWRN5_FW_MSG_CMD, 135 S3FWRN5_FW_CMD_ENTER_UPDATE_MODE, &args, sizeof(args)); 136 if (ret < 0) 137 return ret; 138 139 ret = s3fwrn5_fw_send_msg(fw_info, msg, &rsp); 140 kfree_skb(msg); 141 if (ret < 0) 142 return ret; 143 144 hdr = (struct s3fwrn5_fw_header *) rsp->data; 145 if (hdr->code != S3FWRN5_FW_RET_SUCCESS) { 146 ret = -EPROTO; 147 goto out; 148 } 149 150 kfree_skb(rsp); 151 152 /* Send hashcode data */ 153 154 ret = s3fwrn5_fw_prep_msg(fw_info, &msg, S3FWRN5_FW_MSG_DATA, 0, 155 hash_data, hash_size); 156 if (ret < 0) 157 return ret; 158 159 ret = s3fwrn5_fw_send_msg(fw_info, msg, &rsp); 160 kfree_skb(msg); 161 if (ret < 0) 162 return ret; 163 164 hdr = (struct s3fwrn5_fw_header *) rsp->data; 165 if (hdr->code != S3FWRN5_FW_RET_SUCCESS) { 166 ret = -EPROTO; 167 goto out; 168 } 169 170 kfree_skb(rsp); 171 172 /* Send signature data */ 173 174 ret = s3fwrn5_fw_prep_msg(fw_info, &msg, S3FWRN5_FW_MSG_DATA, 0, 175 sig_data, sig_size); 176 if (ret < 0) 177 return ret; 178 179 ret = s3fwrn5_fw_send_msg(fw_info, msg, &rsp); 180 kfree_skb(msg); 181 if (ret < 0) 182 return ret; 183 184 hdr = (struct s3fwrn5_fw_header *) rsp->data; 185 if (hdr->code != S3FWRN5_FW_RET_SUCCESS) 186 ret = -EPROTO; 187 188 out: 189 kfree_skb(rsp); 190 return ret; 191 } 192 193 static int s3fwrn5_fw_update_sector(struct s3fwrn5_fw_info *fw_info, 194 u32 base_addr, const void *data) 195 { 196 struct s3fwrn5_fw_cmd_update_sector args; 197 struct sk_buff *msg, *rsp = NULL; 198 struct s3fwrn5_fw_header *hdr; 199 int ret, i; 200 201 /* Send UPDATE_SECTOR command */ 202 203 args.base_address = base_addr; 204 205 ret = s3fwrn5_fw_prep_msg(fw_info, &msg, S3FWRN5_FW_MSG_CMD, 206 S3FWRN5_FW_CMD_UPDATE_SECTOR, &args, sizeof(args)); 207 if (ret < 0) 208 return ret; 209 210 ret = s3fwrn5_fw_send_msg(fw_info, msg, &rsp); 211 kfree_skb(msg); 212 if (ret < 0) 213 return ret; 214 215 hdr = (struct s3fwrn5_fw_header *) rsp->data; 216 if (hdr->code != S3FWRN5_FW_RET_SUCCESS) { 217 ret = -EPROTO; 218 goto err; 219 } 220 221 kfree_skb(rsp); 222 223 /* Send data split into 256-byte packets */ 224 225 for (i = 0; i < 16; ++i) { 226 ret = s3fwrn5_fw_prep_msg(fw_info, &msg, 227 S3FWRN5_FW_MSG_DATA, 0, data+256*i, 256); 228 if (ret < 0) 229 break; 230 231 ret = s3fwrn5_fw_send_msg(fw_info, msg, &rsp); 232 kfree_skb(msg); 233 if (ret < 0) 234 break; 235 236 hdr = (struct s3fwrn5_fw_header *) rsp->data; 237 if (hdr->code != S3FWRN5_FW_RET_SUCCESS) { 238 ret = -EPROTO; 239 goto err; 240 } 241 242 kfree_skb(rsp); 243 } 244 245 return ret; 246 247 err: 248 kfree_skb(rsp); 249 return ret; 250 } 251 252 static int s3fwrn5_fw_complete_update_mode(struct s3fwrn5_fw_info *fw_info) 253 { 254 struct sk_buff *msg, *rsp = NULL; 255 struct s3fwrn5_fw_header *hdr; 256 int ret; 257 258 /* Send COMPLETE_UPDATE_MODE command */ 259 260 ret = s3fwrn5_fw_prep_msg(fw_info, &msg, S3FWRN5_FW_MSG_CMD, 261 S3FWRN5_FW_CMD_COMPLETE_UPDATE_MODE, NULL, 0); 262 if (ret < 0) 263 return ret; 264 265 ret = s3fwrn5_fw_send_msg(fw_info, msg, &rsp); 266 kfree_skb(msg); 267 if (ret < 0) 268 return ret; 269 270 hdr = (struct s3fwrn5_fw_header *) rsp->data; 271 if (hdr->code != S3FWRN5_FW_RET_SUCCESS) 272 ret = -EPROTO; 273 274 kfree_skb(rsp); 275 276 return ret; 277 } 278 279 /* 280 * Firmware header stucture: 281 * 282 * 0x00 - 0x0B : Date and time string (w/o NUL termination) 283 * 0x10 - 0x13 : Firmware version 284 * 0x14 - 0x17 : Signature address 285 * 0x18 - 0x1B : Signature size 286 * 0x1C - 0x1F : Firmware image address 287 * 0x20 - 0x23 : Firmware sectors count 288 * 0x24 - 0x27 : Custom signature address 289 * 0x28 - 0x2B : Custom signature size 290 */ 291 292 #define S3FWRN5_FW_IMAGE_HEADER_SIZE 44 293 294 static int s3fwrn5_fw_request_firmware(struct s3fwrn5_fw_info *fw_info) 295 { 296 struct s3fwrn5_fw_image *fw = &fw_info->fw; 297 u32 sig_off; 298 u32 image_off; 299 u32 custom_sig_off; 300 int ret; 301 302 ret = request_firmware(&fw->fw, fw_info->fw_name, 303 &fw_info->ndev->nfc_dev->dev); 304 if (ret < 0) 305 return ret; 306 307 if (fw->fw->size < S3FWRN5_FW_IMAGE_HEADER_SIZE) 308 return -EINVAL; 309 310 memcpy(fw->date, fw->fw->data + 0x00, 12); 311 fw->date[12] = '\0'; 312 313 memcpy(&fw->version, fw->fw->data + 0x10, 4); 314 315 memcpy(&sig_off, fw->fw->data + 0x14, 4); 316 fw->sig = fw->fw->data + sig_off; 317 memcpy(&fw->sig_size, fw->fw->data + 0x18, 4); 318 319 memcpy(&image_off, fw->fw->data + 0x1C, 4); 320 fw->image = fw->fw->data + image_off; 321 memcpy(&fw->image_sectors, fw->fw->data + 0x20, 4); 322 323 memcpy(&custom_sig_off, fw->fw->data + 0x24, 4); 324 fw->custom_sig = fw->fw->data + custom_sig_off; 325 memcpy(&fw->custom_sig_size, fw->fw->data + 0x28, 4); 326 327 return 0; 328 } 329 330 static void s3fwrn5_fw_release_firmware(struct s3fwrn5_fw_info *fw_info) 331 { 332 release_firmware(fw_info->fw.fw); 333 } 334 335 static int s3fwrn5_fw_get_base_addr( 336 struct s3fwrn5_fw_cmd_get_bootinfo_rsp *bootinfo, u32 *base_addr) 337 { 338 int i; 339 struct { 340 u8 version[4]; 341 u32 base_addr; 342 } match[] = { 343 {{0x05, 0x00, 0x00, 0x00}, 0x00005000}, 344 {{0x05, 0x00, 0x00, 0x01}, 0x00003000}, 345 {{0x05, 0x00, 0x00, 0x02}, 0x00003000}, 346 {{0x05, 0x00, 0x00, 0x03}, 0x00003000}, 347 {{0x05, 0x00, 0x00, 0x05}, 0x00003000} 348 }; 349 350 for (i = 0; i < ARRAY_SIZE(match); ++i) 351 if (bootinfo->hw_version[0] == match[i].version[0] && 352 bootinfo->hw_version[1] == match[i].version[1] && 353 bootinfo->hw_version[3] == match[i].version[3]) { 354 *base_addr = match[i].base_addr; 355 return 0; 356 } 357 358 return -EINVAL; 359 } 360 361 static inline bool 362 s3fwrn5_fw_is_custom(struct s3fwrn5_fw_cmd_get_bootinfo_rsp *bootinfo) 363 { 364 return !!bootinfo->hw_version[2]; 365 } 366 367 int s3fwrn5_fw_setup(struct s3fwrn5_fw_info *fw_info) 368 { 369 struct s3fwrn5_fw_cmd_get_bootinfo_rsp bootinfo; 370 int ret; 371 372 /* Get firmware data */ 373 374 ret = s3fwrn5_fw_request_firmware(fw_info); 375 if (ret < 0) { 376 dev_err(&fw_info->ndev->nfc_dev->dev, 377 "Failed to get fw file, ret=%02x\n", ret); 378 return ret; 379 } 380 381 /* Get bootloader info */ 382 383 ret = s3fwrn5_fw_get_bootinfo(fw_info, &bootinfo); 384 if (ret < 0) { 385 dev_err(&fw_info->ndev->nfc_dev->dev, 386 "Failed to get bootinfo, ret=%02x\n", ret); 387 goto err; 388 } 389 390 /* Match hardware version to obtain firmware base address */ 391 392 ret = s3fwrn5_fw_get_base_addr(&bootinfo, &fw_info->base_addr); 393 if (ret < 0) { 394 dev_err(&fw_info->ndev->nfc_dev->dev, 395 "Unknown hardware version\n"); 396 goto err; 397 } 398 399 fw_info->sector_size = bootinfo.sector_size; 400 401 fw_info->sig_size = s3fwrn5_fw_is_custom(&bootinfo) ? 402 fw_info->fw.custom_sig_size : fw_info->fw.sig_size; 403 fw_info->sig = s3fwrn5_fw_is_custom(&bootinfo) ? 404 fw_info->fw.custom_sig : fw_info->fw.sig; 405 406 return 0; 407 408 err: 409 s3fwrn5_fw_release_firmware(fw_info); 410 return ret; 411 } 412 413 bool s3fwrn5_fw_check_version(struct s3fwrn5_fw_info *fw_info, u32 version) 414 { 415 struct s3fwrn5_fw_version *new = (void *) &fw_info->fw.version; 416 struct s3fwrn5_fw_version *old = (void *) &version; 417 418 if (new->major > old->major) 419 return true; 420 if (new->build1 > old->build1) 421 return true; 422 if (new->build2 > old->build2) 423 return true; 424 425 return false; 426 } 427 428 int s3fwrn5_fw_download(struct s3fwrn5_fw_info *fw_info) 429 { 430 struct s3fwrn5_fw_image *fw = &fw_info->fw; 431 u8 hash_data[SHA1_DIGEST_SIZE]; 432 struct crypto_shash *tfm; 433 u32 image_size, off; 434 int ret; 435 436 image_size = fw_info->sector_size * fw->image_sectors; 437 438 /* Compute SHA of firmware data */ 439 440 tfm = crypto_alloc_shash("sha1", 0, 0); 441 if (IS_ERR(tfm)) { 442 ret = PTR_ERR(tfm); 443 dev_err(&fw_info->ndev->nfc_dev->dev, 444 "Cannot allocate shash (code=%d)\n", ret); 445 goto out; 446 } 447 448 { 449 SHASH_DESC_ON_STACK(desc, tfm); 450 451 desc->tfm = tfm; 452 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; 453 454 ret = crypto_shash_digest(desc, fw->image, image_size, 455 hash_data); 456 shash_desc_zero(desc); 457 } 458 459 crypto_free_shash(tfm); 460 if (ret) { 461 dev_err(&fw_info->ndev->nfc_dev->dev, 462 "Cannot compute hash (code=%d)\n", ret); 463 goto out; 464 } 465 466 /* Firmware update process */ 467 468 dev_info(&fw_info->ndev->nfc_dev->dev, 469 "Firmware update: %s\n", fw_info->fw_name); 470 471 ret = s3fwrn5_fw_enter_update_mode(fw_info, hash_data, 472 SHA1_DIGEST_SIZE, fw_info->sig, fw_info->sig_size); 473 if (ret < 0) { 474 dev_err(&fw_info->ndev->nfc_dev->dev, 475 "Unable to enter update mode\n"); 476 goto out; 477 } 478 479 for (off = 0; off < image_size; off += fw_info->sector_size) { 480 ret = s3fwrn5_fw_update_sector(fw_info, 481 fw_info->base_addr + off, fw->image + off); 482 if (ret < 0) { 483 dev_err(&fw_info->ndev->nfc_dev->dev, 484 "Firmware update error (code=%d)\n", ret); 485 goto out; 486 } 487 } 488 489 ret = s3fwrn5_fw_complete_update_mode(fw_info); 490 if (ret < 0) { 491 dev_err(&fw_info->ndev->nfc_dev->dev, 492 "Unable to complete update mode\n"); 493 goto out; 494 } 495 496 dev_info(&fw_info->ndev->nfc_dev->dev, 497 "Firmware update: success\n"); 498 499 out: 500 return ret; 501 } 502 503 void s3fwrn5_fw_init(struct s3fwrn5_fw_info *fw_info, const char *fw_name) 504 { 505 fw_info->parity = 0x00; 506 fw_info->rsp = NULL; 507 fw_info->fw.fw = NULL; 508 strcpy(fw_info->fw_name, fw_name); 509 init_completion(&fw_info->completion); 510 } 511 512 void s3fwrn5_fw_cleanup(struct s3fwrn5_fw_info *fw_info) 513 { 514 s3fwrn5_fw_release_firmware(fw_info); 515 } 516 517 int s3fwrn5_fw_recv_frame(struct nci_dev *ndev, struct sk_buff *skb) 518 { 519 struct s3fwrn5_info *info = nci_get_drvdata(ndev); 520 struct s3fwrn5_fw_info *fw_info = &info->fw_info; 521 522 BUG_ON(fw_info->rsp); 523 524 fw_info->rsp = skb; 525 526 complete(&fw_info->completion); 527 528 return 0; 529 } 530