1 /* 2 * ifdtool - Manage Intel Firmware Descriptor information 3 * 4 * Copyright 2014 Google, Inc 5 * 6 * SPDX-License-Identifier: GPL-2.0 7 * 8 * From Coreboot project, but it got a serious code clean-up 9 * and a few new features 10 */ 11 12 #include <assert.h> 13 #include <fcntl.h> 14 #include <getopt.h> 15 #include <stdlib.h> 16 #include <stdio.h> 17 #include <string.h> 18 #include <unistd.h> 19 #include <sys/types.h> 20 #include <sys/stat.h> 21 #include <libfdt.h> 22 #include "ifdtool.h" 23 24 #undef DEBUG 25 26 #ifdef DEBUG 27 #define debug(fmt, args...) printf(fmt, ##args) 28 #else 29 #define debug(fmt, args...) 30 #endif 31 32 #define FD_SIGNATURE 0x0FF0A55A 33 #define FLREG_BASE(reg) ((reg & 0x00000fff) << 12); 34 #define FLREG_LIMIT(reg) (((reg & 0x0fff0000) >> 4) | 0xfff); 35 36 enum input_file_type_t { 37 IF_normal, 38 IF_fdt, 39 IF_uboot, 40 }; 41 42 struct input_file { 43 char *fname; 44 unsigned int addr; 45 enum input_file_type_t type; 46 }; 47 48 /** 49 * find_fd() - Find the flash description in the ROM image 50 * 51 * @image: Pointer to image 52 * @size: Size of image in bytes 53 * @return pointer to structure, or NULL if not found 54 */ 55 static struct fdbar_t *find_fd(char *image, int size) 56 { 57 uint32_t *ptr, *end; 58 59 /* Scan for FD signature */ 60 for (ptr = (uint32_t *)image, end = ptr + size / 4; ptr < end; ptr++) { 61 if (*ptr == FD_SIGNATURE) 62 break; 63 } 64 65 if (ptr == end) { 66 printf("No Flash Descriptor found in this image\n"); 67 return NULL; 68 } 69 70 debug("Found Flash Descriptor signature at 0x%08lx\n", 71 (char *)ptr - image); 72 73 return (struct fdbar_t *)ptr; 74 } 75 76 /** 77 * get_region() - Get information about the selected region 78 * 79 * @frba: Flash region list 80 * @region_type: Type of region (0..MAX_REGIONS-1) 81 * @region: Region information is written here 82 * @return 0 if OK, else -ve 83 */ 84 static int get_region(struct frba_t *frba, int region_type, 85 struct region_t *region) 86 { 87 if (region_type >= MAX_REGIONS) { 88 fprintf(stderr, "Invalid region type.\n"); 89 return -1; 90 } 91 92 region->base = FLREG_BASE(frba->flreg[region_type]); 93 region->limit = FLREG_LIMIT(frba->flreg[region_type]); 94 region->size = region->limit - region->base + 1; 95 96 return 0; 97 } 98 99 static const char *region_name(int region_type) 100 { 101 static const char *const regions[] = { 102 "Flash Descriptor", 103 "BIOS", 104 "Intel ME", 105 "GbE", 106 "Platform Data" 107 }; 108 109 assert(region_type < MAX_REGIONS); 110 111 return regions[region_type]; 112 } 113 114 static const char *region_filename(int region_type) 115 { 116 static const char *const region_filenames[] = { 117 "flashregion_0_flashdescriptor.bin", 118 "flashregion_1_bios.bin", 119 "flashregion_2_intel_me.bin", 120 "flashregion_3_gbe.bin", 121 "flashregion_4_platform_data.bin" 122 }; 123 124 assert(region_type < MAX_REGIONS); 125 126 return region_filenames[region_type]; 127 } 128 129 static int dump_region(int num, struct frba_t *frba) 130 { 131 struct region_t region; 132 int ret; 133 134 ret = get_region(frba, num, ®ion); 135 if (ret) 136 return ret; 137 138 printf(" Flash Region %d (%s): %08x - %08x %s\n", 139 num, region_name(num), region.base, region.limit, 140 region.size < 1 ? "(unused)" : ""); 141 142 return ret; 143 } 144 145 static void dump_frba(struct frba_t *frba) 146 { 147 int i; 148 149 printf("Found Region Section\n"); 150 for (i = 0; i < MAX_REGIONS; i++) { 151 printf("FLREG%d: 0x%08x\n", i, frba->flreg[i]); 152 dump_region(i, frba); 153 } 154 } 155 156 static void decode_spi_frequency(unsigned int freq) 157 { 158 switch (freq) { 159 case SPI_FREQUENCY_20MHZ: 160 printf("20MHz"); 161 break; 162 case SPI_FREQUENCY_33MHZ: 163 printf("33MHz"); 164 break; 165 case SPI_FREQUENCY_50MHZ: 166 printf("50MHz"); 167 break; 168 default: 169 printf("unknown<%x>MHz", freq); 170 } 171 } 172 173 static void decode_component_density(unsigned int density) 174 { 175 switch (density) { 176 case COMPONENT_DENSITY_512KB: 177 printf("512KiB"); 178 break; 179 case COMPONENT_DENSITY_1MB: 180 printf("1MiB"); 181 break; 182 case COMPONENT_DENSITY_2MB: 183 printf("2MiB"); 184 break; 185 case COMPONENT_DENSITY_4MB: 186 printf("4MiB"); 187 break; 188 case COMPONENT_DENSITY_8MB: 189 printf("8MiB"); 190 break; 191 case COMPONENT_DENSITY_16MB: 192 printf("16MiB"); 193 break; 194 default: 195 printf("unknown<%x>MiB", density); 196 } 197 } 198 199 static void dump_fcba(struct fcba_t *fcba) 200 { 201 printf("\nFound Component Section\n"); 202 printf("FLCOMP 0x%08x\n", fcba->flcomp); 203 printf(" Dual Output Fast Read Support: %ssupported\n", 204 (fcba->flcomp & (1 << 30)) ? "" : "not "); 205 printf(" Read ID/Read Status Clock Frequency: "); 206 decode_spi_frequency((fcba->flcomp >> 27) & 7); 207 printf("\n Write/Erase Clock Frequency: "); 208 decode_spi_frequency((fcba->flcomp >> 24) & 7); 209 printf("\n Fast Read Clock Frequency: "); 210 decode_spi_frequency((fcba->flcomp >> 21) & 7); 211 printf("\n Fast Read Support: %ssupported", 212 (fcba->flcomp & (1 << 20)) ? "" : "not "); 213 printf("\n Read Clock Frequency: "); 214 decode_spi_frequency((fcba->flcomp >> 17) & 7); 215 printf("\n Component 2 Density: "); 216 decode_component_density((fcba->flcomp >> 3) & 7); 217 printf("\n Component 1 Density: "); 218 decode_component_density(fcba->flcomp & 7); 219 printf("\n"); 220 printf("FLILL 0x%08x\n", fcba->flill); 221 printf(" Invalid Instruction 3: 0x%02x\n", 222 (fcba->flill >> 24) & 0xff); 223 printf(" Invalid Instruction 2: 0x%02x\n", 224 (fcba->flill >> 16) & 0xff); 225 printf(" Invalid Instruction 1: 0x%02x\n", 226 (fcba->flill >> 8) & 0xff); 227 printf(" Invalid Instruction 0: 0x%02x\n", 228 fcba->flill & 0xff); 229 printf("FLPB 0x%08x\n", fcba->flpb); 230 printf(" Flash Partition Boundary Address: 0x%06x\n\n", 231 (fcba->flpb & 0xfff) << 12); 232 } 233 234 static void dump_fpsba(struct fpsba_t *fpsba) 235 { 236 int i; 237 238 printf("Found PCH Strap Section\n"); 239 for (i = 0; i < MAX_STRAPS; i++) 240 printf("PCHSTRP%-2d: 0x%08x\n", i, fpsba->pchstrp[i]); 241 } 242 243 static const char *get_enabled(int flag) 244 { 245 return flag ? "enabled" : "disabled"; 246 } 247 248 static void decode_flmstr(uint32_t flmstr) 249 { 250 printf(" Platform Data Region Write Access: %s\n", 251 get_enabled(flmstr & (1 << 28))); 252 printf(" GbE Region Write Access: %s\n", 253 get_enabled(flmstr & (1 << 27))); 254 printf(" Intel ME Region Write Access: %s\n", 255 get_enabled(flmstr & (1 << 26))); 256 printf(" Host CPU/BIOS Region Write Access: %s\n", 257 get_enabled(flmstr & (1 << 25))); 258 printf(" Flash Descriptor Write Access: %s\n", 259 get_enabled(flmstr & (1 << 24))); 260 261 printf(" Platform Data Region Read Access: %s\n", 262 get_enabled(flmstr & (1 << 20))); 263 printf(" GbE Region Read Access: %s\n", 264 get_enabled(flmstr & (1 << 19))); 265 printf(" Intel ME Region Read Access: %s\n", 266 get_enabled(flmstr & (1 << 18))); 267 printf(" Host CPU/BIOS Region Read Access: %s\n", 268 get_enabled(flmstr & (1 << 17))); 269 printf(" Flash Descriptor Read Access: %s\n", 270 get_enabled(flmstr & (1 << 16))); 271 272 printf(" Requester ID: 0x%04x\n\n", 273 flmstr & 0xffff); 274 } 275 276 static void dump_fmba(struct fmba_t *fmba) 277 { 278 printf("Found Master Section\n"); 279 printf("FLMSTR1: 0x%08x (Host CPU/BIOS)\n", fmba->flmstr1); 280 decode_flmstr(fmba->flmstr1); 281 printf("FLMSTR2: 0x%08x (Intel ME)\n", fmba->flmstr2); 282 decode_flmstr(fmba->flmstr2); 283 printf("FLMSTR3: 0x%08x (GbE)\n", fmba->flmstr3); 284 decode_flmstr(fmba->flmstr3); 285 } 286 287 static void dump_fmsba(struct fmsba_t *fmsba) 288 { 289 int i; 290 291 printf("Found Processor Strap Section\n"); 292 for (i = 0; i < 4; i++) 293 printf("????: 0x%08x\n", fmsba->data[0]); 294 } 295 296 static void dump_jid(uint32_t jid) 297 { 298 printf(" SPI Component Device ID 1: 0x%02x\n", 299 (jid >> 16) & 0xff); 300 printf(" SPI Component Device ID 0: 0x%02x\n", 301 (jid >> 8) & 0xff); 302 printf(" SPI Component Vendor ID: 0x%02x\n", 303 jid & 0xff); 304 } 305 306 static void dump_vscc(uint32_t vscc) 307 { 308 printf(" Lower Erase Opcode: 0x%02x\n", 309 vscc >> 24); 310 printf(" Lower Write Enable on Write Status: 0x%02x\n", 311 vscc & (1 << 20) ? 0x06 : 0x50); 312 printf(" Lower Write Status Required: %s\n", 313 vscc & (1 << 19) ? "Yes" : "No"); 314 printf(" Lower Write Granularity: %d bytes\n", 315 vscc & (1 << 18) ? 64 : 1); 316 printf(" Lower Block / Sector Erase Size: "); 317 switch ((vscc >> 16) & 0x3) { 318 case 0: 319 printf("256 Byte\n"); 320 break; 321 case 1: 322 printf("4KB\n"); 323 break; 324 case 2: 325 printf("8KB\n"); 326 break; 327 case 3: 328 printf("64KB\n"); 329 break; 330 } 331 332 printf(" Upper Erase Opcode: 0x%02x\n", 333 (vscc >> 8) & 0xff); 334 printf(" Upper Write Enable on Write Status: 0x%02x\n", 335 vscc & (1 << 4) ? 0x06 : 0x50); 336 printf(" Upper Write Status Required: %s\n", 337 vscc & (1 << 3) ? "Yes" : "No"); 338 printf(" Upper Write Granularity: %d bytes\n", 339 vscc & (1 << 2) ? 64 : 1); 340 printf(" Upper Block / Sector Erase Size: "); 341 switch (vscc & 0x3) { 342 case 0: 343 printf("256 Byte\n"); 344 break; 345 case 1: 346 printf("4KB\n"); 347 break; 348 case 2: 349 printf("8KB\n"); 350 break; 351 case 3: 352 printf("64KB\n"); 353 break; 354 } 355 } 356 357 static void dump_vtba(struct vtba_t *vtba, int vtl) 358 { 359 int i; 360 int num = (vtl >> 1) < 8 ? (vtl >> 1) : 8; 361 362 printf("ME VSCC table:\n"); 363 for (i = 0; i < num; i++) { 364 printf(" JID%d: 0x%08x\n", i, vtba->entry[i].jid); 365 dump_jid(vtba->entry[i].jid); 366 printf(" VSCC%d: 0x%08x\n", i, vtba->entry[i].vscc); 367 dump_vscc(vtba->entry[i].vscc); 368 } 369 printf("\n"); 370 } 371 372 static void dump_oem(uint8_t *oem) 373 { 374 int i, j; 375 printf("OEM Section:\n"); 376 for (i = 0; i < 4; i++) { 377 printf("%02x:", i << 4); 378 for (j = 0; j < 16; j++) 379 printf(" %02x", oem[(i<<4)+j]); 380 printf("\n"); 381 } 382 printf("\n"); 383 } 384 385 /** 386 * dump_fd() - Display a dump of the full flash description 387 * 388 * @image: Pointer to image 389 * @size: Size of image in bytes 390 * @return 0 if OK, -1 on error 391 */ 392 static int dump_fd(char *image, int size) 393 { 394 struct fdbar_t *fdb = find_fd(image, size); 395 396 if (!fdb) 397 return -1; 398 399 printf("FLMAP0: 0x%08x\n", fdb->flmap0); 400 printf(" NR: %d\n", (fdb->flmap0 >> 24) & 7); 401 printf(" FRBA: 0x%x\n", ((fdb->flmap0 >> 16) & 0xff) << 4); 402 printf(" NC: %d\n", ((fdb->flmap0 >> 8) & 3) + 1); 403 printf(" FCBA: 0x%x\n", ((fdb->flmap0) & 0xff) << 4); 404 405 printf("FLMAP1: 0x%08x\n", fdb->flmap1); 406 printf(" ISL: 0x%02x\n", (fdb->flmap1 >> 24) & 0xff); 407 printf(" FPSBA: 0x%x\n", ((fdb->flmap1 >> 16) & 0xff) << 4); 408 printf(" NM: %d\n", (fdb->flmap1 >> 8) & 3); 409 printf(" FMBA: 0x%x\n", ((fdb->flmap1) & 0xff) << 4); 410 411 printf("FLMAP2: 0x%08x\n", fdb->flmap2); 412 printf(" PSL: 0x%04x\n", (fdb->flmap2 >> 8) & 0xffff); 413 printf(" FMSBA: 0x%x\n", ((fdb->flmap2) & 0xff) << 4); 414 415 printf("FLUMAP1: 0x%08x\n", fdb->flumap1); 416 printf(" Intel ME VSCC Table Length (VTL): %d\n", 417 (fdb->flumap1 >> 8) & 0xff); 418 printf(" Intel ME VSCC Table Base Address (VTBA): 0x%06x\n\n", 419 (fdb->flumap1 & 0xff) << 4); 420 dump_vtba((struct vtba_t *) 421 (image + ((fdb->flumap1 & 0xff) << 4)), 422 (fdb->flumap1 >> 8) & 0xff); 423 dump_oem((uint8_t *)image + 0xf00); 424 dump_frba((struct frba_t *)(image + (((fdb->flmap0 >> 16) & 0xff) 425 << 4))); 426 dump_fcba((struct fcba_t *)(image + (((fdb->flmap0) & 0xff) << 4))); 427 dump_fpsba((struct fpsba_t *) 428 (image + (((fdb->flmap1 >> 16) & 0xff) << 4))); 429 dump_fmba((struct fmba_t *)(image + (((fdb->flmap1) & 0xff) << 4))); 430 dump_fmsba((struct fmsba_t *)(image + (((fdb->flmap2) & 0xff) << 4))); 431 432 return 0; 433 } 434 435 /** 436 * write_regions() - Write each region from an image to its own file 437 * 438 * The filename to use in each case is fixed - see region_filename() 439 * 440 * @image: Pointer to image 441 * @size: Size of image in bytes 442 * @return 0 if OK, -ve on error 443 */ 444 static int write_regions(char *image, int size) 445 { 446 struct fdbar_t *fdb; 447 struct frba_t *frba; 448 int ret = 0; 449 int i; 450 451 fdb = find_fd(image, size); 452 if (!fdb) 453 return -1; 454 455 frba = (struct frba_t *)(image + (((fdb->flmap0 >> 16) & 0xff) << 4)); 456 457 for (i = 0; i < MAX_REGIONS; i++) { 458 struct region_t region; 459 int region_fd; 460 461 ret = get_region(frba, i, ®ion); 462 if (ret) 463 return ret; 464 dump_region(i, frba); 465 if (region.size <= 0) 466 continue; 467 region_fd = open(region_filename(i), 468 O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | 469 S_IWUSR | S_IRGRP | S_IROTH); 470 if (write(region_fd, image + region.base, region.size) != 471 region.size) { 472 perror("Error while writing"); 473 ret = -1; 474 } 475 close(region_fd); 476 } 477 478 return ret; 479 } 480 481 static int perror_fname(const char *fmt, const char *fname) 482 { 483 char msg[strlen(fmt) + strlen(fname) + 1]; 484 485 sprintf(msg, fmt, fname); 486 perror(msg); 487 488 return -1; 489 } 490 491 /** 492 * write_image() - Write the image to a file 493 * 494 * @filename: Filename to use for the image 495 * @image: Pointer to image 496 * @size: Size of image in bytes 497 * @return 0 if OK, -ve on error 498 */ 499 static int write_image(char *filename, char *image, int size) 500 { 501 int new_fd; 502 503 debug("Writing new image to %s\n", filename); 504 505 new_fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | 506 S_IWUSR | S_IRGRP | S_IROTH); 507 if (new_fd < 0) 508 return perror_fname("Could not open file '%s'", filename); 509 if (write(new_fd, image, size) != size) 510 return perror_fname("Could not write file '%s'", filename); 511 close(new_fd); 512 513 return 0; 514 } 515 516 /** 517 * set_spi_frequency() - Set the SPI frequency to use when booting 518 * 519 * Several frequencies are supported, some of which work with fast devices. 520 * For SPI emulators, the slowest (SPI_FREQUENCY_20MHZ) is often used. The 521 * Intel boot system uses this information somehow on boot. 522 * 523 * The image is updated with the supplied value 524 * 525 * @image: Pointer to image 526 * @size: Size of image in bytes 527 * @freq: SPI frequency to use 528 */ 529 static void set_spi_frequency(char *image, int size, enum spi_frequency freq) 530 { 531 struct fdbar_t *fdb = find_fd(image, size); 532 struct fcba_t *fcba; 533 534 fcba = (struct fcba_t *)(image + (((fdb->flmap0) & 0xff) << 4)); 535 536 /* clear bits 21-29 */ 537 fcba->flcomp &= ~0x3fe00000; 538 /* Read ID and Read Status Clock Frequency */ 539 fcba->flcomp |= freq << 27; 540 /* Write and Erase Clock Frequency */ 541 fcba->flcomp |= freq << 24; 542 /* Fast Read Clock Frequency */ 543 fcba->flcomp |= freq << 21; 544 } 545 546 /** 547 * set_em100_mode() - Set a SPI frequency that will work with Dediprog EM100 548 * 549 * @image: Pointer to image 550 * @size: Size of image in bytes 551 */ 552 static void set_em100_mode(char *image, int size) 553 { 554 struct fdbar_t *fdb = find_fd(image, size); 555 struct fcba_t *fcba; 556 557 fcba = (struct fcba_t *)(image + (((fdb->flmap0) & 0xff) << 4)); 558 fcba->flcomp &= ~(1 << 30); 559 set_spi_frequency(image, size, SPI_FREQUENCY_20MHZ); 560 } 561 562 /** 563 * lock_descriptor() - Lock the NE descriptor so it cannot be updated 564 * 565 * @image: Pointer to image 566 * @size: Size of image in bytes 567 */ 568 static void lock_descriptor(char *image, int size) 569 { 570 struct fdbar_t *fdb = find_fd(image, size); 571 struct fmba_t *fmba; 572 573 /* 574 * TODO: Dynamically take Platform Data Region and GbE Region into 575 * account. 576 */ 577 fmba = (struct fmba_t *)(image + (((fdb->flmap1) & 0xff) << 4)); 578 fmba->flmstr1 = 0x0a0b0000; 579 fmba->flmstr2 = 0x0c0d0000; 580 fmba->flmstr3 = 0x08080118; 581 } 582 583 /** 584 * unlock_descriptor() - Lock the NE descriptor so it can be updated 585 * 586 * @image: Pointer to image 587 * @size: Size of image in bytes 588 */ 589 static void unlock_descriptor(char *image, int size) 590 { 591 struct fdbar_t *fdb = find_fd(image, size); 592 struct fmba_t *fmba; 593 594 fmba = (struct fmba_t *)(image + (((fdb->flmap1) & 0xff) << 4)); 595 fmba->flmstr1 = 0xffff0000; 596 fmba->flmstr2 = 0xffff0000; 597 fmba->flmstr3 = 0x08080118; 598 } 599 600 /** 601 * open_for_read() - Open a file for reading 602 * 603 * @fname: Filename to open 604 * @sizep: Returns file size in bytes 605 * @return 0 if OK, -1 on error 606 */ 607 int open_for_read(const char *fname, int *sizep) 608 { 609 int fd = open(fname, O_RDONLY); 610 struct stat buf; 611 612 if (fd == -1) 613 return perror_fname("Could not open file '%s'", fname); 614 if (fstat(fd, &buf) == -1) 615 return perror_fname("Could not stat file '%s'", fname); 616 *sizep = buf.st_size; 617 debug("File %s is %d bytes\n", fname, *sizep); 618 619 return fd; 620 } 621 622 /** 623 * inject_region() - Add a file to an image region 624 * 625 * This puts a file into a particular region of the flash. Several pre-defined 626 * regions are used. 627 * 628 * @image: Pointer to image 629 * @size: Size of image in bytes 630 * @region_type: Region where the file should be added 631 * @region_fname: Filename to add to the image 632 * @return 0 if OK, -ve on error 633 */ 634 int inject_region(char *image, int size, int region_type, char *region_fname) 635 { 636 struct fdbar_t *fdb = find_fd(image, size); 637 struct region_t region; 638 struct frba_t *frba; 639 int region_size; 640 int offset = 0; 641 int region_fd; 642 int ret; 643 644 if (!fdb) 645 exit(EXIT_FAILURE); 646 frba = (struct frba_t *)(image + (((fdb->flmap0 >> 16) & 0xff) << 4)); 647 648 ret = get_region(frba, region_type, ®ion); 649 if (ret) 650 return -1; 651 if (region.size <= 0xfff) { 652 fprintf(stderr, "Region %s is disabled in target. Not injecting.\n", 653 region_name(region_type)); 654 return -1; 655 } 656 657 region_fd = open_for_read(region_fname, ®ion_size); 658 if (region_fd < 0) 659 return region_fd; 660 661 if ((region_size > region.size) || 662 ((region_type != 1) && (region_size > region.size))) { 663 fprintf(stderr, "Region %s is %d(0x%x) bytes. File is %d(0x%x) bytes. Not injecting.\n", 664 region_name(region_type), region.size, 665 region.size, region_size, region_size); 666 return -1; 667 } 668 669 if ((region_type == 1) && (region_size < region.size)) { 670 fprintf(stderr, "Region %s is %d(0x%x) bytes. File is %d(0x%x) bytes. Padding before injecting.\n", 671 region_name(region_type), region.size, 672 region.size, region_size, region_size); 673 offset = region.size - region_size; 674 memset(image + region.base, 0xff, offset); 675 } 676 677 if (size < region.base + offset + region_size) { 678 fprintf(stderr, "Output file is too small. (%d < %d)\n", 679 size, region.base + offset + region_size); 680 return -1; 681 } 682 683 if (read(region_fd, image + region.base + offset, region_size) 684 != region_size) { 685 perror("Could not read file"); 686 return -1; 687 } 688 689 close(region_fd); 690 691 debug("Adding %s as the %s section\n", region_fname, 692 region_name(region_type)); 693 694 return 0; 695 } 696 697 /** 698 * write_data() - Write some raw data into a region 699 * 700 * This puts a file into a particular place in the flash, ignoring the 701 * regions. Be careful not to overwrite something important. 702 * 703 * @image: Pointer to image 704 * @size: Size of image in bytes 705 * @addr: x86 ROM address to put file. The ROM ends at 706 * 0xffffffff so use an address relative to that. For an 707 * 8MB ROM the start address is 0xfff80000. 708 * @write_fname: Filename to add to the image 709 * @offset_uboot_top: Offset of the top of U-Boot 710 * @offset_uboot_start: Offset of the start of U-Boot 711 * @return number of bytes written if OK, -ve on error 712 */ 713 static int write_data(char *image, int size, unsigned int addr, 714 const char *write_fname, int offset_uboot_top, 715 int offset_uboot_start) 716 { 717 int write_fd, write_size; 718 int offset; 719 720 write_fd = open_for_read(write_fname, &write_size); 721 if (write_fd < 0) 722 return write_fd; 723 724 offset = (uint32_t)(addr + size); 725 if (offset_uboot_top) { 726 if (offset_uboot_start < offset && 727 offset_uboot_top >= offset) { 728 fprintf(stderr, "U-Boot image overlaps with region '%s'\n", 729 write_fname); 730 fprintf(stderr, 731 "U-Boot finishes at offset %x, file starts at %x\n", 732 offset_uboot_top, offset); 733 return -EXDEV; 734 } 735 if (offset_uboot_start > offset && 736 offset_uboot_start <= offset + write_size) { 737 fprintf(stderr, "U-Boot image overlaps with region '%s'\n", 738 write_fname); 739 fprintf(stderr, 740 "U-Boot starts at offset %x, file finishes at %x\n", 741 offset_uboot_start, offset + write_size); 742 return -EXDEV; 743 } 744 } 745 debug("Writing %s to offset %#x\n", write_fname, offset); 746 747 if (offset < 0 || offset + write_size > size) { 748 fprintf(stderr, "Output file is too small. (%d < %d)\n", 749 size, offset + write_size); 750 return -1; 751 } 752 753 if (read(write_fd, image + offset, write_size) != write_size) { 754 perror("Could not read file"); 755 return -1; 756 } 757 758 close(write_fd); 759 760 return write_size; 761 } 762 763 static int scan_ucode(const void *blob, char *ucode_base, int *countp, 764 const char **datap, int *data_sizep) 765 { 766 const char *data = NULL; 767 int node, count; 768 int data_size; 769 char *ucode; 770 771 for (node = 0, count = 0, ucode = ucode_base; node >= 0; count++) { 772 node = fdt_node_offset_by_compatible(blob, node, 773 "intel,microcode"); 774 if (node < 0) 775 break; 776 777 data = fdt_getprop(blob, node, "data", &data_size); 778 if (!data) { 779 debug("Missing microcode data in FDT '%s': %s\n", 780 fdt_get_name(blob, node, NULL), 781 fdt_strerror(data_size)); 782 return -ENOENT; 783 } 784 785 if (ucode_base) 786 memcpy(ucode, data, data_size); 787 ucode += data_size; 788 } 789 790 if (countp) 791 *countp = count; 792 if (datap) 793 *datap = data; 794 if (data_sizep) 795 *data_sizep = data_size; 796 797 return ucode - ucode_base; 798 } 799 800 static int remove_ucode(char *blob) 801 { 802 int node, count; 803 int ret; 804 805 /* Keep going until we find no more microcode to remove */ 806 do { 807 for (node = 0, count = 0; node >= 0;) { 808 int ret; 809 810 node = fdt_node_offset_by_compatible(blob, node, 811 "intel,microcode"); 812 if (node < 0) 813 break; 814 815 ret = fdt_delprop(blob, node, "data"); 816 817 /* 818 * -FDT_ERR_NOTFOUND means we already removed the 819 * data for this one, so we just continue. 820 * 0 means we did remove it, so offsets may have 821 * changed and we need to restart our scan. 822 * Anything else indicates an error we should report. 823 */ 824 if (ret == -FDT_ERR_NOTFOUND) 825 continue; 826 else if (!ret) 827 node = 0; 828 else 829 return ret; 830 } 831 } while (count); 832 833 /* Pack down to remove excees space */ 834 ret = fdt_pack(blob); 835 if (ret) 836 return ret; 837 838 return fdt_totalsize(blob); 839 } 840 841 static int write_ucode(char *image, int size, struct input_file *fdt, 842 int fdt_size, unsigned int ucode_ptr, 843 int collate_ucode) 844 { 845 const char *data = NULL; 846 char *ucode_buf; 847 const void *blob; 848 char *ucode_base; 849 uint32_t *ptr; 850 int ucode_size; 851 int data_size; 852 int offset; 853 int count; 854 int ret; 855 856 blob = (void *)image + (uint32_t)(fdt->addr + size); 857 858 debug("DTB at %lx\n", (char *)blob - image); 859 860 /* Find out about the micrcode we have */ 861 ucode_size = scan_ucode(blob, NULL, &count, &data, &data_size); 862 if (ucode_size < 0) 863 return ucode_size; 864 if (!count) { 865 debug("No microcode found in FDT\n"); 866 return -ENOENT; 867 } 868 869 if (count > 1 && !collate_ucode) { 870 fprintf(stderr, 871 "Cannot handle multiple microcode blocks - please use -C flag to collate them\n"); 872 return -EMLINK; 873 } 874 875 /* 876 * Collect the microcode into a buffer, remove it from the device 877 * tree and place it immediately above the (now smaller) device tree. 878 */ 879 if (collate_ucode && count > 1) { 880 ucode_buf = malloc(ucode_size); 881 if (!ucode_buf) { 882 fprintf(stderr, 883 "Out of memory for microcode (%d bytes)\n", 884 ucode_size); 885 return -ENOMEM; 886 } 887 ret = scan_ucode(blob, ucode_buf, NULL, NULL, NULL); 888 if (ret < 0) 889 return ret; 890 891 /* Remove the microcode from the device tree */ 892 ret = remove_ucode((char *)blob); 893 if (ret < 0) { 894 debug("Could not remove FDT microcode: %s\n", 895 fdt_strerror(ret)); 896 return -EINVAL; 897 } 898 debug("Collated %d microcode block(s)\n", count); 899 debug("Device tree reduced from %x to %x bytes\n", 900 fdt_size, ret); 901 fdt_size = ret; 902 903 /* 904 * Place microcode area immediately above the FDT, aligned 905 * to a 16-byte boundary. 906 */ 907 ucode_base = (char *)(((unsigned long)blob + fdt_size + 15) & 908 ~15); 909 910 data = ucode_base; 911 data_size = ucode_size; 912 memcpy(ucode_base, ucode_buf, ucode_size); 913 free(ucode_buf); 914 } 915 916 offset = (uint32_t)(ucode_ptr + size); 917 ptr = (void *)image + offset; 918 919 ptr[0] = (data - image) - size; 920 ptr[1] = data_size; 921 debug("Wrote microcode pointer at %x: addr=%x, size=%x\n", ucode_ptr, 922 ptr[0], ptr[1]); 923 924 return (collate_ucode ? data + data_size : (char *)blob + fdt_size) - 925 image; 926 } 927 928 /** 929 * write_uboot() - Write U-Boot, device tree and microcode pointer 930 * 931 * This writes U-Boot into a place in the flash, followed by its device tree. 932 * The microcode pointer is written so that U-Boot can find the microcode in 933 * the device tree very early in boot. 934 * 935 * @image: Pointer to image 936 * @size: Size of image in bytes 937 * @uboot: Input file information for u-boot.bin 938 * @fdt: Input file information for u-boot.dtb 939 * @ucode_ptr: Address in U-Boot where the microcode pointer should be placed 940 * @return 0 if OK, -ve on error 941 */ 942 static int write_uboot(char *image, int size, struct input_file *uboot, 943 struct input_file *fdt, unsigned int ucode_ptr, 944 int collate_ucode, int *offset_uboot_top, 945 int *offset_uboot_start) 946 { 947 int uboot_size, fdt_size; 948 int uboot_top; 949 950 uboot_size = write_data(image, size, uboot->addr, uboot->fname, 0, 0); 951 if (uboot_size < 0) 952 return uboot_size; 953 fdt->addr = uboot->addr + uboot_size; 954 debug("U-Boot size %#x, FDT at %#x\n", uboot_size, fdt->addr); 955 fdt_size = write_data(image, size, fdt->addr, fdt->fname, 0, 0); 956 if (fdt_size < 0) 957 return fdt_size; 958 959 uboot_top = (uint32_t)(fdt->addr + size) + fdt_size; 960 961 if (ucode_ptr) { 962 uboot_top = write_ucode(image, size, fdt, fdt_size, ucode_ptr, 963 collate_ucode); 964 if (uboot_top < 0) 965 return uboot_top; 966 } 967 968 if (offset_uboot_top && offset_uboot_start) { 969 *offset_uboot_top = uboot_top; 970 *offset_uboot_start = (uint32_t)(uboot->addr + size); 971 } 972 973 return 0; 974 } 975 976 static void print_version(void) 977 { 978 printf("ifdtool v%s -- ", IFDTOOL_VERSION); 979 printf("Copyright (C) 2014 Google Inc.\n\n"); 980 printf("SPDX-License-Identifier: GPL-2.0+\n"); 981 } 982 983 static void print_usage(const char *name) 984 { 985 printf("usage: %s [-vhdix?] <filename> [<outfile>]\n", name); 986 printf("\n" 987 " -d | --dump: dump intel firmware descriptor\n" 988 " -x | --extract: extract intel fd modules\n" 989 " -i | --inject <region>:<module> inject file <module> into region <region>\n" 990 " -w | --write <addr>:<file> write file to appear at memory address <addr>\n" 991 " multiple files can be written simultaneously\n" 992 " -s | --spifreq <20|33|50> set the SPI frequency\n" 993 " -e | --em100 set SPI frequency to 20MHz and disable\n" 994 " Dual Output Fast Read Support\n" 995 " -l | --lock Lock firmware descriptor and ME region\n" 996 " -u | --unlock Unlock firmware descriptor and ME region\n" 997 " -r | --romsize Specify ROM size\n" 998 " -D | --write-descriptor <file> Write descriptor at base\n" 999 " -c | --create Create a new empty image\n" 1000 " -v | --version: print the version\n" 1001 " -h | --help: print this help\n\n" 1002 "<region> is one of Descriptor, BIOS, ME, GbE, Platform\n" 1003 "\n"); 1004 } 1005 1006 /** 1007 * get_two_words() - Convert a string into two words separated by : 1008 * 1009 * The supplied string is split at ':', two substrings are allocated and 1010 * returned. 1011 * 1012 * @str: String to split 1013 * @firstp: Returns first string 1014 * @secondp: Returns second string 1015 * @return 0 if OK, -ve if @str does not have a : 1016 */ 1017 static int get_two_words(const char *str, char **firstp, char **secondp) 1018 { 1019 const char *p; 1020 1021 p = strchr(str, ':'); 1022 if (!p) 1023 return -1; 1024 *firstp = strdup(str); 1025 (*firstp)[p - str] = '\0'; 1026 *secondp = strdup(p + 1); 1027 1028 return 0; 1029 } 1030 1031 int main(int argc, char *argv[]) 1032 { 1033 int opt, option_index = 0; 1034 int mode_dump = 0, mode_extract = 0, mode_inject = 0; 1035 int mode_spifreq = 0, mode_em100 = 0, mode_locked = 0; 1036 int mode_unlocked = 0, mode_write = 0, mode_write_descriptor = 0; 1037 int create = 0, collate_ucode = 0; 1038 char *region_type_string = NULL, *inject_fname = NULL; 1039 char *desc_fname = NULL, *addr_str = NULL; 1040 int region_type = -1, inputfreq = 0; 1041 enum spi_frequency spifreq = SPI_FREQUENCY_20MHZ; 1042 struct input_file input_file[WRITE_MAX], *ifile, *fdt = NULL; 1043 unsigned char wr_idx, wr_num = 0; 1044 int rom_size = -1; 1045 bool write_it; 1046 char *filename; 1047 char *outfile = NULL; 1048 struct stat buf; 1049 int size = 0; 1050 unsigned int ucode_ptr = 0; 1051 bool have_uboot = false; 1052 int bios_fd; 1053 char *image; 1054 int ret; 1055 static struct option long_options[] = { 1056 {"create", 0, NULL, 'c'}, 1057 {"collate-microcode", 0, NULL, 'C'}, 1058 {"dump", 0, NULL, 'd'}, 1059 {"descriptor", 1, NULL, 'D'}, 1060 {"em100", 0, NULL, 'e'}, 1061 {"extract", 0, NULL, 'x'}, 1062 {"fdt", 1, NULL, 'f'}, 1063 {"inject", 1, NULL, 'i'}, 1064 {"lock", 0, NULL, 'l'}, 1065 {"microcode", 1, NULL, 'm'}, 1066 {"romsize", 1, NULL, 'r'}, 1067 {"spifreq", 1, NULL, 's'}, 1068 {"unlock", 0, NULL, 'u'}, 1069 {"uboot", 1, NULL, 'U'}, 1070 {"write", 1, NULL, 'w'}, 1071 {"version", 0, NULL, 'v'}, 1072 {"help", 0, NULL, 'h'}, 1073 {0, 0, 0, 0} 1074 }; 1075 1076 while ((opt = getopt_long(argc, argv, "cCdD:ef:hi:lm:r:s:uU:vw:x?", 1077 long_options, &option_index)) != EOF) { 1078 switch (opt) { 1079 case 'c': 1080 create = 1; 1081 break; 1082 case 'C': 1083 collate_ucode = 1; 1084 break; 1085 case 'd': 1086 mode_dump = 1; 1087 break; 1088 case 'D': 1089 mode_write_descriptor = 1; 1090 desc_fname = optarg; 1091 break; 1092 case 'e': 1093 mode_em100 = 1; 1094 break; 1095 case 'i': 1096 if (get_two_words(optarg, ®ion_type_string, 1097 &inject_fname)) { 1098 print_usage(argv[0]); 1099 exit(EXIT_FAILURE); 1100 } 1101 if (!strcasecmp("Descriptor", region_type_string)) 1102 region_type = 0; 1103 else if (!strcasecmp("BIOS", region_type_string)) 1104 region_type = 1; 1105 else if (!strcasecmp("ME", region_type_string)) 1106 region_type = 2; 1107 else if (!strcasecmp("GbE", region_type_string)) 1108 region_type = 3; 1109 else if (!strcasecmp("Platform", region_type_string)) 1110 region_type = 4; 1111 if (region_type == -1) { 1112 fprintf(stderr, "No such region type: '%s'\n\n", 1113 region_type_string); 1114 print_usage(argv[0]); 1115 exit(EXIT_FAILURE); 1116 } 1117 mode_inject = 1; 1118 break; 1119 case 'l': 1120 mode_locked = 1; 1121 break; 1122 case 'm': 1123 ucode_ptr = strtoul(optarg, NULL, 0); 1124 break; 1125 case 'r': 1126 rom_size = strtol(optarg, NULL, 0); 1127 debug("ROM size %d\n", rom_size); 1128 break; 1129 case 's': 1130 /* Parse the requested SPI frequency */ 1131 inputfreq = strtol(optarg, NULL, 0); 1132 switch (inputfreq) { 1133 case 20: 1134 spifreq = SPI_FREQUENCY_20MHZ; 1135 break; 1136 case 33: 1137 spifreq = SPI_FREQUENCY_33MHZ; 1138 break; 1139 case 50: 1140 spifreq = SPI_FREQUENCY_50MHZ; 1141 break; 1142 default: 1143 fprintf(stderr, "Invalid SPI Frequency: %d\n", 1144 inputfreq); 1145 print_usage(argv[0]); 1146 exit(EXIT_FAILURE); 1147 } 1148 mode_spifreq = 1; 1149 break; 1150 case 'u': 1151 mode_unlocked = 1; 1152 break; 1153 case 'v': 1154 print_version(); 1155 exit(EXIT_SUCCESS); 1156 break; 1157 case 'w': 1158 case 'U': 1159 case 'f': 1160 ifile = &input_file[wr_num]; 1161 mode_write = 1; 1162 if (wr_num < WRITE_MAX) { 1163 if (get_two_words(optarg, &addr_str, 1164 &ifile->fname)) { 1165 print_usage(argv[0]); 1166 exit(EXIT_FAILURE); 1167 } 1168 ifile->addr = strtoll(optarg, NULL, 0); 1169 ifile->type = opt == 'f' ? IF_fdt : 1170 opt == 'U' ? IF_uboot : IF_normal; 1171 if (ifile->type == IF_fdt) 1172 fdt = ifile; 1173 else if (ifile->type == IF_uboot) 1174 have_uboot = true; 1175 wr_num++; 1176 } else { 1177 fprintf(stderr, 1178 "The number of files to write simultaneously exceeds the limitation (%d)\n", 1179 WRITE_MAX); 1180 } 1181 break; 1182 case 'x': 1183 mode_extract = 1; 1184 break; 1185 case 'h': 1186 case '?': 1187 default: 1188 print_usage(argv[0]); 1189 exit(EXIT_SUCCESS); 1190 break; 1191 } 1192 } 1193 1194 if (mode_locked == 1 && mode_unlocked == 1) { 1195 fprintf(stderr, "Locking/Unlocking FD and ME are mutually exclusive\n"); 1196 exit(EXIT_FAILURE); 1197 } 1198 1199 if (mode_inject == 1 && mode_write == 1) { 1200 fprintf(stderr, "Inject/Write are mutually exclusive\n"); 1201 exit(EXIT_FAILURE); 1202 } 1203 1204 if ((mode_dump + mode_extract + mode_inject + 1205 (mode_spifreq | mode_em100 | mode_unlocked | 1206 mode_locked)) > 1) { 1207 fprintf(stderr, "You may not specify more than one mode.\n\n"); 1208 print_usage(argv[0]); 1209 exit(EXIT_FAILURE); 1210 } 1211 1212 if ((mode_dump + mode_extract + mode_inject + mode_spifreq + 1213 mode_em100 + mode_locked + mode_unlocked + mode_write + 1214 mode_write_descriptor) == 0 && !create) { 1215 fprintf(stderr, "You need to specify a mode.\n\n"); 1216 print_usage(argv[0]); 1217 exit(EXIT_FAILURE); 1218 } 1219 1220 if (create && rom_size == -1) { 1221 fprintf(stderr, "You need to specify a rom size when creating.\n\n"); 1222 exit(EXIT_FAILURE); 1223 } 1224 1225 if (optind + 1 != argc) { 1226 fprintf(stderr, "You need to specify a file.\n\n"); 1227 print_usage(argv[0]); 1228 exit(EXIT_FAILURE); 1229 } 1230 1231 if (have_uboot && !fdt) { 1232 fprintf(stderr, 1233 "You must supply a device tree file for U-Boot\n\n"); 1234 print_usage(argv[0]); 1235 exit(EXIT_FAILURE); 1236 } 1237 1238 filename = argv[optind]; 1239 if (optind + 2 != argc) 1240 outfile = argv[optind + 1]; 1241 1242 if (create) 1243 bios_fd = open(filename, O_WRONLY | O_CREAT, 0666); 1244 else 1245 bios_fd = open(filename, outfile ? O_RDONLY : O_RDWR); 1246 1247 if (bios_fd == -1) { 1248 perror("Could not open file"); 1249 exit(EXIT_FAILURE); 1250 } 1251 1252 if (!create) { 1253 if (fstat(bios_fd, &buf) == -1) { 1254 perror("Could not stat file"); 1255 exit(EXIT_FAILURE); 1256 } 1257 size = buf.st_size; 1258 } 1259 1260 debug("File %s is %d bytes\n", filename, size); 1261 1262 if (rom_size == -1) 1263 rom_size = size; 1264 1265 image = malloc(rom_size); 1266 if (!image) { 1267 printf("Out of memory.\n"); 1268 exit(EXIT_FAILURE); 1269 } 1270 1271 memset(image, '\xff', rom_size); 1272 if (!create && read(bios_fd, image, size) != size) { 1273 perror("Could not read file"); 1274 exit(EXIT_FAILURE); 1275 } 1276 if (size != rom_size) { 1277 debug("ROM size changed to %d bytes\n", rom_size); 1278 size = rom_size; 1279 } 1280 1281 write_it = true; 1282 ret = 0; 1283 if (mode_dump) { 1284 ret = dump_fd(image, size); 1285 write_it = false; 1286 } 1287 1288 if (mode_extract) { 1289 ret = write_regions(image, size); 1290 write_it = false; 1291 } 1292 1293 if (mode_write_descriptor) 1294 ret = write_data(image, size, -size, desc_fname, 0, 0); 1295 1296 if (mode_inject) 1297 ret = inject_region(image, size, region_type, inject_fname); 1298 1299 if (mode_write) { 1300 int offset_uboot_top = 0; 1301 int offset_uboot_start = 0; 1302 1303 for (wr_idx = 0; wr_idx < wr_num; wr_idx++) { 1304 ifile = &input_file[wr_idx]; 1305 if (ifile->type == IF_fdt) { 1306 continue; 1307 } else if (ifile->type == IF_uboot) { 1308 ret = write_uboot(image, size, ifile, fdt, 1309 ucode_ptr, collate_ucode, 1310 &offset_uboot_top, 1311 &offset_uboot_start); 1312 } else { 1313 ret = write_data(image, size, ifile->addr, 1314 ifile->fname, offset_uboot_top, 1315 offset_uboot_start); 1316 } 1317 if (ret < 0) 1318 break; 1319 } 1320 } 1321 1322 if (mode_spifreq) 1323 set_spi_frequency(image, size, spifreq); 1324 1325 if (mode_em100) 1326 set_em100_mode(image, size); 1327 1328 if (mode_locked) 1329 lock_descriptor(image, size); 1330 1331 if (mode_unlocked) 1332 unlock_descriptor(image, size); 1333 1334 if (write_it) { 1335 if (outfile) { 1336 ret = write_image(outfile, image, size); 1337 } else { 1338 if (lseek(bios_fd, 0, SEEK_SET)) { 1339 perror("Error while seeking"); 1340 ret = -1; 1341 } 1342 if (write(bios_fd, image, size) != size) { 1343 perror("Error while writing"); 1344 ret = -1; 1345 } 1346 } 1347 } 1348 1349 free(image); 1350 close(bios_fd); 1351 1352 return ret < 0 ? 1 : 0; 1353 } 1354