xref: /openbmc/u-boot/tools/ifdtool.c (revision 344c837686b4268882ee4942f2a1e5e5716c7383)
1 /*
2  * ifdtool - Manage Intel Firmware Descriptor information
3  *
4  * Copyright 2014 Google, Inc
5  *
6  * SPDX-License-Identifier:	GPL-2.0
7  *
8  * From Coreboot project, but it got a serious code clean-up
9  * and a few new features
10  */
11 
12 #include <assert.h>
13 #include <fcntl.h>
14 #include <getopt.h>
15 #include <stdlib.h>
16 #include <stdio.h>
17 #include <string.h>
18 #include <unistd.h>
19 #include <sys/types.h>
20 #include <sys/stat.h>
21 #include <libfdt.h>
22 #include "ifdtool.h"
23 
24 #undef DEBUG
25 
26 #ifdef DEBUG
27 #define debug(fmt, args...)	printf(fmt, ##args)
28 #else
29 #define debug(fmt, args...)
30 #endif
31 
32 #define FD_SIGNATURE		0x0FF0A55A
33 #define FLREG_BASE(reg)		((reg & 0x00000fff) << 12);
34 #define FLREG_LIMIT(reg)	(((reg & 0x0fff0000) >> 4) | 0xfff);
35 
36 enum input_file_type_t {
37 	IF_normal,
38 	IF_fdt,
39 	IF_uboot,
40 };
41 
42 struct input_file {
43 	char *fname;
44 	unsigned int addr;
45 	enum input_file_type_t type;
46 };
47 
48 /**
49  * find_fd() - Find the flash description in the ROM image
50  *
51  * @image:	Pointer to image
52  * @size:	Size of image in bytes
53  * @return pointer to structure, or NULL if not found
54  */
55 static struct fdbar_t *find_fd(char *image, int size)
56 {
57 	uint32_t *ptr, *end;
58 
59 	/* Scan for FD signature */
60 	for (ptr = (uint32_t *)image, end = ptr + size / 4; ptr < end; ptr++) {
61 		if (*ptr == FD_SIGNATURE)
62 			break;
63 	}
64 
65 	if (ptr == end) {
66 		printf("No Flash Descriptor found in this image\n");
67 		return NULL;
68 	}
69 
70 	debug("Found Flash Descriptor signature at 0x%08lx\n",
71 	      (char *)ptr - image);
72 
73 	return (struct fdbar_t *)ptr;
74 }
75 
76 /**
77  * get_region() - Get information about the selected region
78  *
79  * @frba:		Flash region list
80  * @region_type:	Type of region (0..MAX_REGIONS-1)
81  * @region:		Region information is written here
82  * @return 0 if OK, else -ve
83  */
84 static int get_region(struct frba_t *frba, int region_type,
85 		      struct region_t *region)
86 {
87 	if (region_type >= MAX_REGIONS) {
88 		fprintf(stderr, "Invalid region type.\n");
89 		return -1;
90 	}
91 
92 	region->base = FLREG_BASE(frba->flreg[region_type]);
93 	region->limit = FLREG_LIMIT(frba->flreg[region_type]);
94 	region->size = region->limit - region->base + 1;
95 
96 	return 0;
97 }
98 
99 static const char *region_name(int region_type)
100 {
101 	static const char *const regions[] = {
102 		"Flash Descriptor",
103 		"BIOS",
104 		"Intel ME",
105 		"GbE",
106 		"Platform Data"
107 	};
108 
109 	assert(region_type < MAX_REGIONS);
110 
111 	return regions[region_type];
112 }
113 
114 static const char *region_filename(int region_type)
115 {
116 	static const char *const region_filenames[] = {
117 		"flashregion_0_flashdescriptor.bin",
118 		"flashregion_1_bios.bin",
119 		"flashregion_2_intel_me.bin",
120 		"flashregion_3_gbe.bin",
121 		"flashregion_4_platform_data.bin"
122 	};
123 
124 	assert(region_type < MAX_REGIONS);
125 
126 	return region_filenames[region_type];
127 }
128 
129 static int dump_region(int num, struct frba_t *frba)
130 {
131 	struct region_t region;
132 	int ret;
133 
134 	ret = get_region(frba, num, &region);
135 	if (ret)
136 		return ret;
137 
138 	printf("  Flash Region %d (%s): %08x - %08x %s\n",
139 	       num, region_name(num), region.base, region.limit,
140 	       region.size < 1 ? "(unused)" : "");
141 
142 	return ret;
143 }
144 
145 static void dump_frba(struct frba_t *frba)
146 {
147 	int i;
148 
149 	printf("Found Region Section\n");
150 	for (i = 0; i < MAX_REGIONS; i++) {
151 		printf("FLREG%d:    0x%08x\n", i, frba->flreg[i]);
152 		dump_region(i, frba);
153 	}
154 }
155 
156 static void decode_spi_frequency(unsigned int freq)
157 {
158 	switch (freq) {
159 	case SPI_FREQUENCY_20MHZ:
160 		printf("20MHz");
161 		break;
162 	case SPI_FREQUENCY_33MHZ:
163 		printf("33MHz");
164 		break;
165 	case SPI_FREQUENCY_50MHZ:
166 		printf("50MHz");
167 		break;
168 	default:
169 		printf("unknown<%x>MHz", freq);
170 	}
171 }
172 
173 static void decode_component_density(unsigned int density)
174 {
175 	switch (density) {
176 	case COMPONENT_DENSITY_512KB:
177 		printf("512KiB");
178 		break;
179 	case COMPONENT_DENSITY_1MB:
180 		printf("1MiB");
181 		break;
182 	case COMPONENT_DENSITY_2MB:
183 		printf("2MiB");
184 		break;
185 	case COMPONENT_DENSITY_4MB:
186 		printf("4MiB");
187 		break;
188 	case COMPONENT_DENSITY_8MB:
189 		printf("8MiB");
190 		break;
191 	case COMPONENT_DENSITY_16MB:
192 		printf("16MiB");
193 		break;
194 	default:
195 		printf("unknown<%x>MiB", density);
196 	}
197 }
198 
199 static void dump_fcba(struct fcba_t *fcba)
200 {
201 	printf("\nFound Component Section\n");
202 	printf("FLCOMP     0x%08x\n", fcba->flcomp);
203 	printf("  Dual Output Fast Read Support:       %ssupported\n",
204 	       (fcba->flcomp & (1 << 30)) ? "" : "not ");
205 	printf("  Read ID/Read Status Clock Frequency: ");
206 	decode_spi_frequency((fcba->flcomp >> 27) & 7);
207 	printf("\n  Write/Erase Clock Frequency:         ");
208 	decode_spi_frequency((fcba->flcomp >> 24) & 7);
209 	printf("\n  Fast Read Clock Frequency:           ");
210 	decode_spi_frequency((fcba->flcomp >> 21) & 7);
211 	printf("\n  Fast Read Support:                   %ssupported",
212 	       (fcba->flcomp & (1 << 20)) ? "" : "not ");
213 	printf("\n  Read Clock Frequency:                ");
214 	decode_spi_frequency((fcba->flcomp >> 17) & 7);
215 	printf("\n  Component 2 Density:                 ");
216 	decode_component_density((fcba->flcomp >> 3) & 7);
217 	printf("\n  Component 1 Density:                 ");
218 	decode_component_density(fcba->flcomp & 7);
219 	printf("\n");
220 	printf("FLILL      0x%08x\n", fcba->flill);
221 	printf("  Invalid Instruction 3: 0x%02x\n",
222 	       (fcba->flill >> 24) & 0xff);
223 	printf("  Invalid Instruction 2: 0x%02x\n",
224 	       (fcba->flill >> 16) & 0xff);
225 	printf("  Invalid Instruction 1: 0x%02x\n",
226 	       (fcba->flill >> 8) & 0xff);
227 	printf("  Invalid Instruction 0: 0x%02x\n",
228 	       fcba->flill & 0xff);
229 	printf("FLPB       0x%08x\n", fcba->flpb);
230 	printf("  Flash Partition Boundary Address: 0x%06x\n\n",
231 	       (fcba->flpb & 0xfff) << 12);
232 }
233 
234 static void dump_fpsba(struct fpsba_t *fpsba)
235 {
236 	int i;
237 
238 	printf("Found PCH Strap Section\n");
239 	for (i = 0; i < MAX_STRAPS; i++)
240 		printf("PCHSTRP%-2d:  0x%08x\n", i, fpsba->pchstrp[i]);
241 }
242 
243 static const char *get_enabled(int flag)
244 {
245 	return flag ? "enabled" : "disabled";
246 }
247 
248 static void decode_flmstr(uint32_t flmstr)
249 {
250 	printf("  Platform Data Region Write Access: %s\n",
251 	       get_enabled(flmstr & (1 << 28)));
252 	printf("  GbE Region Write Access:           %s\n",
253 	       get_enabled(flmstr & (1 << 27)));
254 	printf("  Intel ME Region Write Access:      %s\n",
255 	       get_enabled(flmstr & (1 << 26)));
256 	printf("  Host CPU/BIOS Region Write Access: %s\n",
257 	       get_enabled(flmstr & (1 << 25)));
258 	printf("  Flash Descriptor Write Access:     %s\n",
259 	       get_enabled(flmstr & (1 << 24)));
260 
261 	printf("  Platform Data Region Read Access:  %s\n",
262 	       get_enabled(flmstr & (1 << 20)));
263 	printf("  GbE Region Read Access:            %s\n",
264 	       get_enabled(flmstr & (1 << 19)));
265 	printf("  Intel ME Region Read Access:       %s\n",
266 	       get_enabled(flmstr & (1 << 18)));
267 	printf("  Host CPU/BIOS Region Read Access:  %s\n",
268 	       get_enabled(flmstr & (1 << 17)));
269 	printf("  Flash Descriptor Read Access:      %s\n",
270 	       get_enabled(flmstr & (1 << 16)));
271 
272 	printf("  Requester ID:                      0x%04x\n\n",
273 	       flmstr & 0xffff);
274 }
275 
276 static void dump_fmba(struct fmba_t *fmba)
277 {
278 	printf("Found Master Section\n");
279 	printf("FLMSTR1:   0x%08x (Host CPU/BIOS)\n", fmba->flmstr1);
280 	decode_flmstr(fmba->flmstr1);
281 	printf("FLMSTR2:   0x%08x (Intel ME)\n", fmba->flmstr2);
282 	decode_flmstr(fmba->flmstr2);
283 	printf("FLMSTR3:   0x%08x (GbE)\n", fmba->flmstr3);
284 	decode_flmstr(fmba->flmstr3);
285 }
286 
287 static void dump_fmsba(struct fmsba_t *fmsba)
288 {
289 	int i;
290 
291 	printf("Found Processor Strap Section\n");
292 	for (i = 0; i < 4; i++)
293 		printf("????:      0x%08x\n", fmsba->data[0]);
294 }
295 
296 static void dump_jid(uint32_t jid)
297 {
298 	printf("    SPI Component Device ID 1:          0x%02x\n",
299 	       (jid >> 16) & 0xff);
300 	printf("    SPI Component Device ID 0:          0x%02x\n",
301 	       (jid >> 8) & 0xff);
302 	printf("    SPI Component Vendor ID:            0x%02x\n",
303 	       jid & 0xff);
304 }
305 
306 static void dump_vscc(uint32_t vscc)
307 {
308 	printf("    Lower Erase Opcode:                 0x%02x\n",
309 	       vscc >> 24);
310 	printf("    Lower Write Enable on Write Status: 0x%02x\n",
311 	       vscc & (1 << 20) ? 0x06 : 0x50);
312 	printf("    Lower Write Status Required:        %s\n",
313 	       vscc & (1 << 19) ? "Yes" : "No");
314 	printf("    Lower Write Granularity:            %d bytes\n",
315 	       vscc & (1 << 18) ? 64 : 1);
316 	printf("    Lower Block / Sector Erase Size:    ");
317 	switch ((vscc >> 16) & 0x3) {
318 	case 0:
319 		printf("256 Byte\n");
320 		break;
321 	case 1:
322 		printf("4KB\n");
323 		break;
324 	case 2:
325 		printf("8KB\n");
326 		break;
327 	case 3:
328 		printf("64KB\n");
329 		break;
330 	}
331 
332 	printf("    Upper Erase Opcode:                 0x%02x\n",
333 	       (vscc >> 8) & 0xff);
334 	printf("    Upper Write Enable on Write Status: 0x%02x\n",
335 	       vscc & (1 << 4) ? 0x06 : 0x50);
336 	printf("    Upper Write Status Required:        %s\n",
337 	       vscc & (1 << 3) ? "Yes" : "No");
338 	printf("    Upper Write Granularity:            %d bytes\n",
339 	       vscc & (1 << 2) ? 64 : 1);
340 	printf("    Upper Block / Sector Erase Size:    ");
341 	switch (vscc & 0x3) {
342 	case 0:
343 		printf("256 Byte\n");
344 		break;
345 	case 1:
346 		printf("4KB\n");
347 		break;
348 	case 2:
349 		printf("8KB\n");
350 		break;
351 	case 3:
352 		printf("64KB\n");
353 		break;
354 	}
355 }
356 
357 static void dump_vtba(struct vtba_t *vtba, int vtl)
358 {
359 	int i;
360 	int num = (vtl >> 1) < 8 ? (vtl >> 1) : 8;
361 
362 	printf("ME VSCC table:\n");
363 	for (i = 0; i < num; i++) {
364 		printf("  JID%d:  0x%08x\n", i, vtba->entry[i].jid);
365 		dump_jid(vtba->entry[i].jid);
366 		printf("  VSCC%d: 0x%08x\n", i, vtba->entry[i].vscc);
367 		dump_vscc(vtba->entry[i].vscc);
368 	}
369 	printf("\n");
370 }
371 
372 static void dump_oem(uint8_t *oem)
373 {
374 	int i, j;
375 	printf("OEM Section:\n");
376 	for (i = 0; i < 4; i++) {
377 		printf("%02x:", i << 4);
378 		for (j = 0; j < 16; j++)
379 			printf(" %02x", oem[(i<<4)+j]);
380 		printf("\n");
381 	}
382 	printf("\n");
383 }
384 
385 /**
386  * dump_fd() - Display a dump of the full flash description
387  *
388  * @image:	Pointer to image
389  * @size:	Size of image in bytes
390  * @return 0 if OK, -1 on error
391  */
392 static int dump_fd(char *image, int size)
393 {
394 	struct fdbar_t *fdb = find_fd(image, size);
395 
396 	if (!fdb)
397 		return -1;
398 
399 	printf("FLMAP0:    0x%08x\n", fdb->flmap0);
400 	printf("  NR:      %d\n", (fdb->flmap0 >> 24) & 7);
401 	printf("  FRBA:    0x%x\n", ((fdb->flmap0 >> 16) & 0xff) << 4);
402 	printf("  NC:      %d\n", ((fdb->flmap0 >> 8) & 3) + 1);
403 	printf("  FCBA:    0x%x\n", ((fdb->flmap0) & 0xff) << 4);
404 
405 	printf("FLMAP1:    0x%08x\n", fdb->flmap1);
406 	printf("  ISL:     0x%02x\n", (fdb->flmap1 >> 24) & 0xff);
407 	printf("  FPSBA:   0x%x\n", ((fdb->flmap1 >> 16) & 0xff) << 4);
408 	printf("  NM:      %d\n", (fdb->flmap1 >> 8) & 3);
409 	printf("  FMBA:    0x%x\n", ((fdb->flmap1) & 0xff) << 4);
410 
411 	printf("FLMAP2:    0x%08x\n", fdb->flmap2);
412 	printf("  PSL:     0x%04x\n", (fdb->flmap2 >> 8) & 0xffff);
413 	printf("  FMSBA:   0x%x\n", ((fdb->flmap2) & 0xff) << 4);
414 
415 	printf("FLUMAP1:   0x%08x\n", fdb->flumap1);
416 	printf("  Intel ME VSCC Table Length (VTL):        %d\n",
417 	       (fdb->flumap1 >> 8) & 0xff);
418 	printf("  Intel ME VSCC Table Base Address (VTBA): 0x%06x\n\n",
419 	       (fdb->flumap1 & 0xff) << 4);
420 	dump_vtba((struct vtba_t *)
421 			(image + ((fdb->flumap1 & 0xff) << 4)),
422 			(fdb->flumap1 >> 8) & 0xff);
423 	dump_oem((uint8_t *)image + 0xf00);
424 	dump_frba((struct frba_t *)(image + (((fdb->flmap0 >> 16) & 0xff)
425 			<< 4)));
426 	dump_fcba((struct fcba_t *)(image + (((fdb->flmap0) & 0xff) << 4)));
427 	dump_fpsba((struct fpsba_t *)
428 			(image + (((fdb->flmap1 >> 16) & 0xff) << 4)));
429 	dump_fmba((struct fmba_t *)(image + (((fdb->flmap1) & 0xff) << 4)));
430 	dump_fmsba((struct fmsba_t *)(image + (((fdb->flmap2) & 0xff) << 4)));
431 
432 	return 0;
433 }
434 
435 /**
436  * write_regions() - Write each region from an image to its own file
437  *
438  * The filename to use in each case is fixed - see region_filename()
439  *
440  * @image:	Pointer to image
441  * @size:	Size of image in bytes
442  * @return 0 if OK, -ve on error
443  */
444 static int write_regions(char *image, int size)
445 {
446 	struct fdbar_t *fdb;
447 	struct frba_t *frba;
448 	int ret = 0;
449 	int i;
450 
451 	fdb =  find_fd(image, size);
452 	if (!fdb)
453 		return -1;
454 
455 	frba = (struct frba_t *)(image + (((fdb->flmap0 >> 16) & 0xff) << 4));
456 
457 	for (i = 0; i < MAX_REGIONS; i++) {
458 		struct region_t region;
459 		int region_fd;
460 
461 		ret = get_region(frba, i, &region);
462 		if (ret)
463 			return ret;
464 		dump_region(i, frba);
465 		if (region.size <= 0)
466 			continue;
467 		region_fd = open(region_filename(i),
468 				 O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR |
469 				 S_IWUSR | S_IRGRP | S_IROTH);
470 		if (write(region_fd, image + region.base, region.size) !=
471 				region.size) {
472 			perror("Error while writing");
473 			ret = -1;
474 		}
475 		close(region_fd);
476 	}
477 
478 	return ret;
479 }
480 
481 static int perror_fname(const char *fmt, const char *fname)
482 {
483 	char msg[strlen(fmt) + strlen(fname) + 1];
484 
485 	sprintf(msg, fmt, fname);
486 	perror(msg);
487 
488 	return -1;
489 }
490 
491 /**
492  * write_image() - Write the image to a file
493  *
494  * @filename:	Filename to use for the image
495  * @image:	Pointer to image
496  * @size:	Size of image in bytes
497  * @return 0 if OK, -ve on error
498  */
499 static int write_image(char *filename, char *image, int size)
500 {
501 	int new_fd;
502 
503 	debug("Writing new image to %s\n", filename);
504 
505 	new_fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR |
506 		      S_IWUSR | S_IRGRP | S_IROTH);
507 	if (new_fd < 0)
508 		return perror_fname("Could not open file '%s'", filename);
509 	if (write(new_fd, image, size) != size)
510 		return perror_fname("Could not write file '%s'", filename);
511 	close(new_fd);
512 
513 	return 0;
514 }
515 
516 /**
517  * set_spi_frequency() - Set the SPI frequency to use when booting
518  *
519  * Several frequencies are supported, some of which work with fast devices.
520  * For SPI emulators, the slowest (SPI_FREQUENCY_20MHZ) is often used. The
521  * Intel boot system uses this information somehow on boot.
522  *
523  * The image is updated with the supplied value
524  *
525  * @image:	Pointer to image
526  * @size:	Size of image in bytes
527  * @freq:	SPI frequency to use
528  */
529 static void set_spi_frequency(char *image, int size, enum spi_frequency freq)
530 {
531 	struct fdbar_t *fdb = find_fd(image, size);
532 	struct fcba_t *fcba;
533 
534 	fcba = (struct fcba_t *)(image + (((fdb->flmap0) & 0xff) << 4));
535 
536 	/* clear bits 21-29 */
537 	fcba->flcomp &= ~0x3fe00000;
538 	/* Read ID and Read Status Clock Frequency */
539 	fcba->flcomp |= freq << 27;
540 	/* Write and Erase Clock Frequency */
541 	fcba->flcomp |= freq << 24;
542 	/* Fast Read Clock Frequency */
543 	fcba->flcomp |= freq << 21;
544 }
545 
546 /**
547  * set_em100_mode() - Set a SPI frequency that will work with Dediprog EM100
548  *
549  * @image:	Pointer to image
550  * @size:	Size of image in bytes
551  */
552 static void set_em100_mode(char *image, int size)
553 {
554 	struct fdbar_t *fdb = find_fd(image, size);
555 	struct fcba_t *fcba;
556 
557 	fcba = (struct fcba_t *)(image + (((fdb->flmap0) & 0xff) << 4));
558 	fcba->flcomp &= ~(1 << 30);
559 	set_spi_frequency(image, size, SPI_FREQUENCY_20MHZ);
560 }
561 
562 /**
563  * lock_descriptor() - Lock the NE descriptor so it cannot be updated
564  *
565  * @image:	Pointer to image
566  * @size:	Size of image in bytes
567  */
568 static void lock_descriptor(char *image, int size)
569 {
570 	struct fdbar_t *fdb = find_fd(image, size);
571 	struct fmba_t *fmba;
572 
573 	/*
574 	 * TODO: Dynamically take Platform Data Region and GbE Region into
575 	 * account.
576 	 */
577 	fmba = (struct fmba_t *)(image + (((fdb->flmap1) & 0xff) << 4));
578 	fmba->flmstr1 = 0x0a0b0000;
579 	fmba->flmstr2 = 0x0c0d0000;
580 	fmba->flmstr3 = 0x08080118;
581 }
582 
583 /**
584  * unlock_descriptor() - Lock the NE descriptor so it can be updated
585  *
586  * @image:	Pointer to image
587  * @size:	Size of image in bytes
588  */
589 static void unlock_descriptor(char *image, int size)
590 {
591 	struct fdbar_t *fdb = find_fd(image, size);
592 	struct fmba_t *fmba;
593 
594 	fmba = (struct fmba_t *)(image + (((fdb->flmap1) & 0xff) << 4));
595 	fmba->flmstr1 = 0xffff0000;
596 	fmba->flmstr2 = 0xffff0000;
597 	fmba->flmstr3 = 0x08080118;
598 }
599 
600 /**
601  * open_for_read() - Open a file for reading
602  *
603  * @fname:	Filename to open
604  * @sizep:	Returns file size in bytes
605  * @return 0 if OK, -1 on error
606  */
607 int open_for_read(const char *fname, int *sizep)
608 {
609 	int fd = open(fname, O_RDONLY);
610 	struct stat buf;
611 
612 	if (fd == -1)
613 		return perror_fname("Could not open file '%s'", fname);
614 	if (fstat(fd, &buf) == -1)
615 		return perror_fname("Could not stat file '%s'", fname);
616 	*sizep = buf.st_size;
617 	debug("File %s is %d bytes\n", fname, *sizep);
618 
619 	return fd;
620 }
621 
622 /**
623  * inject_region() - Add a file to an image region
624  *
625  * This puts a file into a particular region of the flash. Several pre-defined
626  * regions are used.
627  *
628  * @image:		Pointer to image
629  * @size:		Size of image in bytes
630  * @region_type:	Region where the file should be added
631  * @region_fname:	Filename to add to the image
632  * @return 0 if OK, -ve on error
633  */
634 int inject_region(char *image, int size, int region_type, char *region_fname)
635 {
636 	struct fdbar_t *fdb = find_fd(image, size);
637 	struct region_t region;
638 	struct frba_t *frba;
639 	int region_size;
640 	int offset = 0;
641 	int region_fd;
642 	int ret;
643 
644 	if (!fdb)
645 		exit(EXIT_FAILURE);
646 	frba = (struct frba_t *)(image + (((fdb->flmap0 >> 16) & 0xff) << 4));
647 
648 	ret = get_region(frba, region_type, &region);
649 	if (ret)
650 		return -1;
651 	if (region.size <= 0xfff) {
652 		fprintf(stderr, "Region %s is disabled in target. Not injecting.\n",
653 			region_name(region_type));
654 		return -1;
655 	}
656 
657 	region_fd = open_for_read(region_fname, &region_size);
658 	if (region_fd < 0)
659 		return region_fd;
660 
661 	if ((region_size > region.size) ||
662 	    ((region_type != 1) && (region_size > region.size))) {
663 		fprintf(stderr, "Region %s is %d(0x%x) bytes. File is %d(0x%x)  bytes. Not injecting.\n",
664 			region_name(region_type), region.size,
665 			region.size, region_size, region_size);
666 		return -1;
667 	}
668 
669 	if ((region_type == 1) && (region_size < region.size)) {
670 		fprintf(stderr, "Region %s is %d(0x%x) bytes. File is %d(0x%x) bytes. Padding before injecting.\n",
671 			region_name(region_type), region.size,
672 			region.size, region_size, region_size);
673 		offset = region.size - region_size;
674 		memset(image + region.base, 0xff, offset);
675 	}
676 
677 	if (size < region.base + offset + region_size) {
678 		fprintf(stderr, "Output file is too small. (%d < %d)\n",
679 			size, region.base + offset + region_size);
680 		return -1;
681 	}
682 
683 	if (read(region_fd, image + region.base + offset, region_size)
684 							!= region_size) {
685 		perror("Could not read file");
686 		return -1;
687 	}
688 
689 	close(region_fd);
690 
691 	debug("Adding %s as the %s section\n", region_fname,
692 	      region_name(region_type));
693 
694 	return 0;
695 }
696 
697 /**
698  * write_data() - Write some raw data into a region
699  *
700  * This puts a file into a particular place in the flash, ignoring the
701  * regions. Be careful not to overwrite something important.
702  *
703  * @image:		Pointer to image
704  * @size:		Size of image in bytes
705  * @addr:		x86 ROM address to put file. The ROM ends at
706  *			0xffffffff so use an address relative to that. For an
707  *			8MB ROM the start address is 0xfff80000.
708  * @write_fname:	Filename to add to the image
709  * @offset_uboot_top:	Offset of the top of U-Boot
710  * @return number of bytes written if OK, -ve on error
711  */
712 static int write_data(char *image, int size, unsigned int addr,
713 		      const char *write_fname, int offset_uboot_top)
714 {
715 	int write_fd, write_size;
716 	int offset;
717 
718 	write_fd = open_for_read(write_fname, &write_size);
719 	if (write_fd < 0)
720 		return write_fd;
721 
722 	offset = (uint32_t)(addr + size);
723 	if (offset_uboot_top && offset_uboot_top >= offset) {
724 		fprintf(stderr, "U-Boot image overlaps with region '%s'\n",
725 			write_fname);
726 		fprintf(stderr,
727 			"U-Boot finishes at offset %x, file starts at %x\n",
728 			offset_uboot_top, offset);
729 		return -EXDEV;
730 	}
731 	debug("Writing %s to offset %#x\n", write_fname, offset);
732 
733 	if (offset < 0 || offset + write_size > size) {
734 		fprintf(stderr, "Output file is too small. (%d < %d)\n",
735 			size, offset + write_size);
736 		return -1;
737 	}
738 
739 	if (read(write_fd, image + offset, write_size) != write_size) {
740 		perror("Could not read file");
741 		return -1;
742 	}
743 
744 	close(write_fd);
745 
746 	return write_size;
747 }
748 
749 static int scan_ucode(const void *blob, char *ucode_base, int *countp,
750 		      const char **datap, int *data_sizep)
751 {
752 	const char *data = NULL;
753 	int node, count;
754 	int data_size;
755 	char *ucode;
756 
757 	for (node = 0, count = 0, ucode = ucode_base; node >= 0; count++) {
758 		node = fdt_node_offset_by_compatible(blob, node,
759 						     "intel,microcode");
760 		if (node < 0)
761 			break;
762 
763 		data = fdt_getprop(blob, node, "data", &data_size);
764 		if (!data) {
765 			debug("Missing microcode data in FDT '%s': %s\n",
766 			      fdt_get_name(blob, node, NULL),
767 			      fdt_strerror(data_size));
768 			return -ENOENT;
769 		}
770 
771 		if (ucode_base)
772 			memcpy(ucode, data, data_size);
773 		ucode += data_size;
774 	}
775 
776 	if (countp)
777 		*countp = count;
778 	if (datap)
779 		*datap = data;
780 	if (data_sizep)
781 		*data_sizep = data_size;
782 
783 	return ucode - ucode_base;
784 }
785 
786 static int remove_ucode(char *blob)
787 {
788 	int node, count;
789 	int ret;
790 
791 	/* Keep going until we find no more microcode to remove */
792 	do {
793 		for (node = 0, count = 0; node >= 0;) {
794 			int ret;
795 
796 			node = fdt_node_offset_by_compatible(blob, node,
797 							     "intel,microcode");
798 			if (node < 0)
799 				break;
800 
801 			ret = fdt_delprop(blob, node, "data");
802 
803 			/*
804 			 * -FDT_ERR_NOTFOUND means we already removed the
805 			 * data for this one, so we just continue.
806 			 * 0 means we did remove it, so offsets may have
807 			 * changed and we need to restart our scan.
808 			 * Anything else indicates an error we should report.
809 			 */
810 			if (ret == -FDT_ERR_NOTFOUND)
811 				continue;
812 			else if (!ret)
813 				node = 0;
814 			else
815 				return ret;
816 		}
817 	} while (count);
818 
819 	/* Pack down to remove excees space */
820 	ret = fdt_pack(blob);
821 	if (ret)
822 		return ret;
823 
824 	return fdt_totalsize(blob);
825 }
826 
827 static int write_ucode(char *image, int size, struct input_file *fdt,
828 		       int fdt_size, unsigned int ucode_ptr,
829 		       int collate_ucode)
830 {
831 	const char *data = NULL;
832 	char *ucode_buf;
833 	const void *blob;
834 	char *ucode_base;
835 	uint32_t *ptr;
836 	int ucode_size;
837 	int data_size;
838 	int offset;
839 	int count;
840 	int ret;
841 
842 	blob = (void *)image + (uint32_t)(fdt->addr + size);
843 
844 	debug("DTB at %lx\n", (char *)blob - image);
845 
846 	/* Find out about the micrcode we have */
847 	ucode_size = scan_ucode(blob, NULL, &count, &data, &data_size);
848 	if (ucode_size < 0)
849 		return ucode_size;
850 	if (!count) {
851 		debug("No microcode found in FDT\n");
852 		return -ENOENT;
853 	}
854 
855 	if (count > 1 && !collate_ucode) {
856 		fprintf(stderr,
857 			"Cannot handle multiple microcode blocks - please use -C flag to collate them\n");
858 		return -EMLINK;
859 	}
860 
861 	/*
862 	 * Collect the microcode into a buffer, remove it from the device
863 	 * tree and place it immediately above the (now smaller) device tree.
864 	 */
865 	if (collate_ucode && count > 1) {
866 		ucode_buf = malloc(ucode_size);
867 		if (!ucode_buf) {
868 			fprintf(stderr,
869 				"Out of memory for microcode (%d bytes)\n",
870 				ucode_size);
871 			return -ENOMEM;
872 		}
873 		ret = scan_ucode(blob, ucode_buf, NULL, NULL, NULL);
874 		if (ret < 0)
875 			return ret;
876 
877 		/* Remove the microcode from the device tree */
878 		ret = remove_ucode((char *)blob);
879 		if (ret < 0) {
880 			debug("Could not remove FDT microcode: %s\n",
881 			      fdt_strerror(ret));
882 			return -EINVAL;
883 		}
884 		debug("Collated %d microcode block(s)\n", count);
885 		debug("Device tree reduced from %x to %x bytes\n",
886 		      fdt_size, ret);
887 		fdt_size = ret;
888 
889 		/*
890 		 * Place microcode area immediately above the FDT, aligned
891 		 * to a 16-byte boundary.
892 		 */
893 		ucode_base = (char *)(((unsigned long)blob + fdt_size + 15) &
894 				~15);
895 
896 		data = ucode_base;
897 		data_size = ucode_size;
898 		memcpy(ucode_base, ucode_buf, ucode_size);
899 		free(ucode_buf);
900 	}
901 
902 	offset = (uint32_t)(ucode_ptr + size);
903 	ptr = (void *)image + offset;
904 
905 	ptr[0] = (data - image) - size;
906 	ptr[1] = data_size;
907 	debug("Wrote microcode pointer at %x: addr=%x, size=%x\n", ucode_ptr,
908 	      ptr[0], ptr[1]);
909 
910 	return (collate_ucode ? data + data_size : (char *)blob + fdt_size) -
911 			image;
912 }
913 
914 /**
915  * write_uboot() - Write U-Boot, device tree and microcode pointer
916  *
917  * This writes U-Boot into a place in the flash, followed by its device tree.
918  * The microcode pointer is written so that U-Boot can find the microcode in
919  * the device tree very early in boot.
920  *
921  * @image:	Pointer to image
922  * @size:	Size of image in bytes
923  * @uboot:	Input file information for u-boot.bin
924  * @fdt:	Input file information for u-boot.dtb
925  * @ucode_ptr:	Address in U-Boot where the microcode pointer should be placed
926  * @return 0 if OK, -ve on error
927  */
928 static int write_uboot(char *image, int size, struct input_file *uboot,
929 		       struct input_file *fdt, unsigned int ucode_ptr,
930 		       int collate_ucode)
931 {
932 	const void *blob;
933 	int uboot_size, fdt_size;
934 
935 	uboot_size = write_data(image, size, uboot->addr, uboot->fname, 0);
936 	if (uboot_size < 0)
937 		return uboot_size;
938 	fdt->addr = uboot->addr + uboot_size;
939 	debug("U-Boot size %#x, FDT at %#x\n", uboot_size, fdt->addr);
940 	fdt_size = write_data(image, size, fdt->addr, fdt->fname, 0);
941 	if (fdt_size < 0)
942 		return fdt_size;
943 	blob = (void *)image + (uint32_t)(fdt->addr + size);
944 
945 	if (ucode_ptr) {
946 		return write_ucode(image, size, fdt, fdt_size, ucode_ptr,
947 				   collate_ucode);
948 	}
949 
950 	return ((char *)blob + fdt_size) - image;
951 }
952 
953 static void print_version(void)
954 {
955 	printf("ifdtool v%s -- ", IFDTOOL_VERSION);
956 	printf("Copyright (C) 2014 Google Inc.\n\n");
957 	printf("SPDX-License-Identifier:	GPL-2.0+\n");
958 }
959 
960 static void print_usage(const char *name)
961 {
962 	printf("usage: %s [-vhdix?] <filename> [<outfile>]\n", name);
963 	printf("\n"
964 	       "   -d | --dump:                      dump intel firmware descriptor\n"
965 	       "   -x | --extract:                   extract intel fd modules\n"
966 	       "   -i | --inject <region>:<module>   inject file <module> into region <region>\n"
967 	       "   -w | --write <addr>:<file>        write file to appear at memory address <addr>\n"
968 	       "                                     multiple files can be written simultaneously\n"
969 	       "   -s | --spifreq <20|33|50>         set the SPI frequency\n"
970 	       "   -e | --em100                      set SPI frequency to 20MHz and disable\n"
971 	       "                                     Dual Output Fast Read Support\n"
972 	       "   -l | --lock                       Lock firmware descriptor and ME region\n"
973 	       "   -u | --unlock                     Unlock firmware descriptor and ME region\n"
974 	       "   -r | --romsize                    Specify ROM size\n"
975 	       "   -D | --write-descriptor <file>    Write descriptor at base\n"
976 	       "   -c | --create                     Create a new empty image\n"
977 	       "   -v | --version:                   print the version\n"
978 	       "   -h | --help:                      print this help\n\n"
979 	       "<region> is one of Descriptor, BIOS, ME, GbE, Platform\n"
980 	       "\n");
981 }
982 
983 /**
984  * get_two_words() - Convert a string into two words separated by :
985  *
986  * The supplied string is split at ':', two substrings are allocated and
987  * returned.
988  *
989  * @str:	String to split
990  * @firstp:	Returns first string
991  * @secondp:	Returns second string
992  * @return 0 if OK, -ve if @str does not have a :
993  */
994 static int get_two_words(const char *str, char **firstp, char **secondp)
995 {
996 	const char *p;
997 
998 	p = strchr(str, ':');
999 	if (!p)
1000 		return -1;
1001 	*firstp = strdup(str);
1002 	(*firstp)[p - str] = '\0';
1003 	*secondp = strdup(p + 1);
1004 
1005 	return 0;
1006 }
1007 
1008 int main(int argc, char *argv[])
1009 {
1010 	int opt, option_index = 0;
1011 	int mode_dump = 0, mode_extract = 0, mode_inject = 0;
1012 	int mode_spifreq = 0, mode_em100 = 0, mode_locked = 0;
1013 	int mode_unlocked = 0, mode_write = 0, mode_write_descriptor = 0;
1014 	int create = 0, collate_ucode = 0;
1015 	char *region_type_string = NULL, *inject_fname = NULL;
1016 	char *desc_fname = NULL, *addr_str = NULL;
1017 	int region_type = -1, inputfreq = 0;
1018 	enum spi_frequency spifreq = SPI_FREQUENCY_20MHZ;
1019 	struct input_file input_file[WRITE_MAX], *ifile, *fdt = NULL;
1020 	unsigned char wr_idx, wr_num = 0;
1021 	int rom_size = -1;
1022 	bool write_it;
1023 	char *filename;
1024 	char *outfile = NULL;
1025 	struct stat buf;
1026 	int size = 0;
1027 	unsigned int ucode_ptr = 0;
1028 	bool have_uboot = false;
1029 	int bios_fd;
1030 	char *image;
1031 	int ret;
1032 	static struct option long_options[] = {
1033 		{"create", 0, NULL, 'c'},
1034 		{"collate-microcode", 0, NULL, 'C'},
1035 		{"dump", 0, NULL, 'd'},
1036 		{"descriptor", 1, NULL, 'D'},
1037 		{"em100", 0, NULL, 'e'},
1038 		{"extract", 0, NULL, 'x'},
1039 		{"fdt", 1, NULL, 'f'},
1040 		{"inject", 1, NULL, 'i'},
1041 		{"lock", 0, NULL, 'l'},
1042 		{"microcode", 1, NULL, 'm'},
1043 		{"romsize", 1, NULL, 'r'},
1044 		{"spifreq", 1, NULL, 's'},
1045 		{"unlock", 0, NULL, 'u'},
1046 		{"uboot", 1, NULL, 'U'},
1047 		{"write", 1, NULL, 'w'},
1048 		{"version", 0, NULL, 'v'},
1049 		{"help", 0, NULL, 'h'},
1050 		{0, 0, 0, 0}
1051 	};
1052 
1053 	while ((opt = getopt_long(argc, argv, "cCdD:ef:hi:lm:r:s:uU:vw:x?",
1054 				  long_options, &option_index)) != EOF) {
1055 		switch (opt) {
1056 		case 'c':
1057 			create = 1;
1058 			break;
1059 		case 'C':
1060 			collate_ucode = 1;
1061 			break;
1062 		case 'd':
1063 			mode_dump = 1;
1064 			break;
1065 		case 'D':
1066 			mode_write_descriptor = 1;
1067 			desc_fname = optarg;
1068 			break;
1069 		case 'e':
1070 			mode_em100 = 1;
1071 			break;
1072 		case 'i':
1073 			if (get_two_words(optarg, &region_type_string,
1074 					  &inject_fname)) {
1075 				print_usage(argv[0]);
1076 				exit(EXIT_FAILURE);
1077 			}
1078 			if (!strcasecmp("Descriptor", region_type_string))
1079 				region_type = 0;
1080 			else if (!strcasecmp("BIOS", region_type_string))
1081 				region_type = 1;
1082 			else if (!strcasecmp("ME", region_type_string))
1083 				region_type = 2;
1084 			else if (!strcasecmp("GbE", region_type_string))
1085 				region_type = 3;
1086 			else if (!strcasecmp("Platform", region_type_string))
1087 				region_type = 4;
1088 			if (region_type == -1) {
1089 				fprintf(stderr, "No such region type: '%s'\n\n",
1090 					region_type_string);
1091 				print_usage(argv[0]);
1092 				exit(EXIT_FAILURE);
1093 			}
1094 			mode_inject = 1;
1095 			break;
1096 		case 'l':
1097 			mode_locked = 1;
1098 			break;
1099 		case 'm':
1100 			ucode_ptr = strtoul(optarg, NULL, 0);
1101 			break;
1102 		case 'r':
1103 			rom_size = strtol(optarg, NULL, 0);
1104 			debug("ROM size %d\n", rom_size);
1105 			break;
1106 		case 's':
1107 			/* Parse the requested SPI frequency */
1108 			inputfreq = strtol(optarg, NULL, 0);
1109 			switch (inputfreq) {
1110 			case 20:
1111 				spifreq = SPI_FREQUENCY_20MHZ;
1112 				break;
1113 			case 33:
1114 				spifreq = SPI_FREQUENCY_33MHZ;
1115 				break;
1116 			case 50:
1117 				spifreq = SPI_FREQUENCY_50MHZ;
1118 				break;
1119 			default:
1120 				fprintf(stderr, "Invalid SPI Frequency: %d\n",
1121 					inputfreq);
1122 				print_usage(argv[0]);
1123 				exit(EXIT_FAILURE);
1124 			}
1125 			mode_spifreq = 1;
1126 			break;
1127 		case 'u':
1128 			mode_unlocked = 1;
1129 			break;
1130 		case 'v':
1131 			print_version();
1132 			exit(EXIT_SUCCESS);
1133 			break;
1134 		case 'w':
1135 		case 'U':
1136 		case 'f':
1137 			ifile = &input_file[wr_num];
1138 			mode_write = 1;
1139 			if (wr_num < WRITE_MAX) {
1140 				if (get_two_words(optarg, &addr_str,
1141 						  &ifile->fname)) {
1142 					print_usage(argv[0]);
1143 					exit(EXIT_FAILURE);
1144 				}
1145 				ifile->addr = strtoll(optarg, NULL, 0);
1146 				ifile->type = opt == 'f' ? IF_fdt :
1147 					opt == 'U' ? IF_uboot : IF_normal;
1148 				if (ifile->type == IF_fdt)
1149 					fdt = ifile;
1150 				else if (ifile->type == IF_uboot)
1151 					have_uboot = true;
1152 				wr_num++;
1153 			} else {
1154 				fprintf(stderr,
1155 					"The number of files to write simultaneously exceeds the limitation (%d)\n",
1156 					WRITE_MAX);
1157 			}
1158 			break;
1159 		case 'x':
1160 			mode_extract = 1;
1161 			break;
1162 		case 'h':
1163 		case '?':
1164 		default:
1165 			print_usage(argv[0]);
1166 			exit(EXIT_SUCCESS);
1167 			break;
1168 		}
1169 	}
1170 
1171 	if (mode_locked == 1 && mode_unlocked == 1) {
1172 		fprintf(stderr, "Locking/Unlocking FD and ME are mutually exclusive\n");
1173 		exit(EXIT_FAILURE);
1174 	}
1175 
1176 	if (mode_inject == 1 && mode_write == 1) {
1177 		fprintf(stderr, "Inject/Write are mutually exclusive\n");
1178 		exit(EXIT_FAILURE);
1179 	}
1180 
1181 	if ((mode_dump + mode_extract + mode_inject +
1182 		(mode_spifreq | mode_em100 | mode_unlocked |
1183 		 mode_locked)) > 1) {
1184 		fprintf(stderr, "You may not specify more than one mode.\n\n");
1185 		print_usage(argv[0]);
1186 		exit(EXIT_FAILURE);
1187 	}
1188 
1189 	if ((mode_dump + mode_extract + mode_inject + mode_spifreq +
1190 	     mode_em100 + mode_locked + mode_unlocked + mode_write +
1191 	     mode_write_descriptor) == 0 && !create) {
1192 		fprintf(stderr, "You need to specify a mode.\n\n");
1193 		print_usage(argv[0]);
1194 		exit(EXIT_FAILURE);
1195 	}
1196 
1197 	if (create && rom_size == -1) {
1198 		fprintf(stderr, "You need to specify a rom size when creating.\n\n");
1199 		exit(EXIT_FAILURE);
1200 	}
1201 
1202 	if (optind + 1 != argc) {
1203 		fprintf(stderr, "You need to specify a file.\n\n");
1204 		print_usage(argv[0]);
1205 		exit(EXIT_FAILURE);
1206 	}
1207 
1208 	if (have_uboot && !fdt) {
1209 		fprintf(stderr,
1210 			"You must supply a device tree file for U-Boot\n\n");
1211 		print_usage(argv[0]);
1212 		exit(EXIT_FAILURE);
1213 	}
1214 
1215 	filename = argv[optind];
1216 	if (optind + 2 != argc)
1217 		outfile = argv[optind + 1];
1218 
1219 	if (create)
1220 		bios_fd = open(filename, O_WRONLY | O_CREAT, 0666);
1221 	else
1222 		bios_fd = open(filename, outfile ? O_RDONLY : O_RDWR);
1223 
1224 	if (bios_fd == -1) {
1225 		perror("Could not open file");
1226 		exit(EXIT_FAILURE);
1227 	}
1228 
1229 	if (!create) {
1230 		if (fstat(bios_fd, &buf) == -1) {
1231 			perror("Could not stat file");
1232 			exit(EXIT_FAILURE);
1233 		}
1234 		size = buf.st_size;
1235 	}
1236 
1237 	debug("File %s is %d bytes\n", filename, size);
1238 
1239 	if (rom_size == -1)
1240 		rom_size = size;
1241 
1242 	image = malloc(rom_size);
1243 	if (!image) {
1244 		printf("Out of memory.\n");
1245 		exit(EXIT_FAILURE);
1246 	}
1247 
1248 	memset(image, '\xff', rom_size);
1249 	if (!create && read(bios_fd, image, size) != size) {
1250 		perror("Could not read file");
1251 		exit(EXIT_FAILURE);
1252 	}
1253 	if (size != rom_size) {
1254 		debug("ROM size changed to %d bytes\n", rom_size);
1255 		size = rom_size;
1256 	}
1257 
1258 	write_it = true;
1259 	ret = 0;
1260 	if (mode_dump) {
1261 		ret = dump_fd(image, size);
1262 		write_it = false;
1263 	}
1264 
1265 	if (mode_extract) {
1266 		ret = write_regions(image, size);
1267 		write_it = false;
1268 	}
1269 
1270 	if (mode_write_descriptor)
1271 		ret = write_data(image, size, -size, desc_fname, 0);
1272 
1273 	if (mode_inject)
1274 		ret = inject_region(image, size, region_type, inject_fname);
1275 
1276 	if (mode_write) {
1277 		int offset_uboot_top = 0;
1278 
1279 		for (wr_idx = 0; wr_idx < wr_num; wr_idx++) {
1280 			ifile = &input_file[wr_idx];
1281 			if (ifile->type == IF_fdt) {
1282 				continue;
1283 			} else if (ifile->type == IF_uboot) {
1284 				ret = write_uboot(image, size, ifile, fdt,
1285 						  ucode_ptr, collate_ucode);
1286 				offset_uboot_top = ret;
1287 			} else {
1288 				ret = write_data(image, size, ifile->addr,
1289 					 ifile->fname, offset_uboot_top);
1290 			}
1291 			if (ret < 0)
1292 				break;
1293 		}
1294 	}
1295 
1296 	if (mode_spifreq)
1297 		set_spi_frequency(image, size, spifreq);
1298 
1299 	if (mode_em100)
1300 		set_em100_mode(image, size);
1301 
1302 	if (mode_locked)
1303 		lock_descriptor(image, size);
1304 
1305 	if (mode_unlocked)
1306 		unlock_descriptor(image, size);
1307 
1308 	if (write_it) {
1309 		if (outfile) {
1310 			ret = write_image(outfile, image, size);
1311 		} else {
1312 			if (lseek(bios_fd, 0, SEEK_SET)) {
1313 				perror("Error while seeking");
1314 				ret = -1;
1315 			}
1316 			if (write(bios_fd, image, size) != size) {
1317 				perror("Error while writing");
1318 				ret = -1;
1319 			}
1320 		}
1321 	}
1322 
1323 	free(image);
1324 	close(bios_fd);
1325 
1326 	return ret < 0 ? 1 : 0;
1327 }
1328