rkcommon.c
9.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
/*
* (C) Copyright 2015 Google, Inc
* Written by Simon Glass <sjg@chromium.org>
*
* (C) 2017 Theobroma Systems Design und Consulting GmbH
*
* SPDX-License-Identifier: GPL-2.0+
*
* Helper functions for Rockchip images
*/
#include "imagetool.h"
#include <image.h>
#include <rc4.h>
#include "mkimage.h"
#include "rkcommon.h"
#define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d))
enum {
RK_SIGNATURE = 0x0ff0aa55,
};
/**
* struct header0_info - header block for boot ROM
*
* This is stored at SD card block 64 (where each block is 512 bytes, or at
* the start of SPI flash. It is encoded with RC4.
*
* @signature: Signature (must be RKSD_SIGNATURE)
* @disable_rc4: 0 to use rc4 for boot image, 1 to use plain binary
* @init_offset: Offset in blocks of the SPL code from this header
* block. E.g. 4 means 2KB after the start of this header.
* Other fields are not used by U-Boot
*/
struct header0_info {
uint32_t signature;
uint8_t reserved[4];
uint32_t disable_rc4;
uint16_t init_offset;
uint8_t reserved1[492];
uint16_t init_size;
uint16_t init_boot_size;
uint8_t reserved2[2];
};
/**
* struct header1_info
*/
struct header1_info {
uint32_t magic;
};
/**
* struct spl_info - spl info for each chip
*
* @imagename: Image name(passed by "mkimage -n")
* @spl_hdr: Boot ROM requires a 4-bytes spl header
* @spl_size: Spl size(include extra 4-bytes spl header)
* @spl_rc4: RC4 encode the SPL binary (same key as header)
*/
struct spl_info {
const char *imagename;
const char *spl_hdr;
const uint32_t spl_size;
const bool spl_rc4;
};
static struct spl_info spl_infos[] = {
{ "rk3036", "RK30", 0x1000, false },
{ "rk3128", "RK31", 0x1800, false },
{ "rk3188", "RK31", 0x8000 - 0x800, true },
{ "rk322x", "RK32", 0x8000 - 0x1000, false },
{ "rk3288", "RK32", 0x8000, false },
{ "rk3328", "RK32", 0x8000 - 0x1000, false },
{ "rk3368", "RK33", 0x8000 - 0x1000, false },
{ "rk3399", "RK33", 0x30000 - 0x2000, false },
{ "rv1108", "RK11", 0x1800, false },
};
static unsigned char rc4_key[16] = {
124, 78, 3, 4, 85, 5, 9, 7,
45, 44, 123, 56, 23, 13, 23, 17
};
static struct spl_info *rkcommon_get_spl_info(char *imagename)
{
int i;
if (!imagename)
return NULL;
for (i = 0; i < ARRAY_SIZE(spl_infos); i++)
if (!strncmp(imagename, spl_infos[i].imagename, 6))
return spl_infos + i;
return NULL;
}
int rkcommon_check_params(struct image_tool_params *params)
{
int i;
if (rkcommon_get_spl_info(params->imagename) != NULL)
return EXIT_SUCCESS;
/*
* If this is a operation (list or extract), the don't require
* imagename to be set.
*/
if (params->lflag || params->iflag)
return EXIT_SUCCESS;
fprintf(stderr, "ERROR: imagename (%s) is not supported!\n",
params->imagename ? params->imagename : "NULL");
fprintf(stderr, "Available imagename:");
for (i = 0; i < ARRAY_SIZE(spl_infos); i++)
fprintf(stderr, "\t%s", spl_infos[i].imagename);
fprintf(stderr, "\n");
return EXIT_FAILURE;
}
const char *rkcommon_get_spl_hdr(struct image_tool_params *params)
{
struct spl_info *info = rkcommon_get_spl_info(params->imagename);
/*
* info would not be NULL, because of we checked params before.
*/
return info->spl_hdr;
}
int rkcommon_get_spl_size(struct image_tool_params *params)
{
struct spl_info *info = rkcommon_get_spl_info(params->imagename);
/*
* info would not be NULL, because of we checked params before.
*/
return info->spl_size;
}
bool rkcommon_need_rc4_spl(struct image_tool_params *params)
{
struct spl_info *info = rkcommon_get_spl_info(params->imagename);
/*
* info would not be NULL, because of we checked params before.
*/
return info->spl_rc4;
}
static void rkcommon_set_header0(void *buf, uint file_size,
struct image_tool_params *params)
{
struct header0_info *hdr = buf;
memset(buf, '\0', RK_INIT_OFFSET * RK_BLK_SIZE);
hdr->signature = RK_SIGNATURE;
hdr->disable_rc4 = !rkcommon_need_rc4_spl(params);
hdr->init_offset = RK_INIT_OFFSET;
hdr->init_size = DIV_ROUND_UP(file_size, RK_BLK_SIZE);
/*
* The init_size has to be a multiple of 4 blocks (i.e. of 2K)
* or the BootROM will not boot the image.
*
* Note: To verify that this is not a legacy constraint, we
* rechecked this against the RK3399 BootROM.
*/
hdr->init_size = ROUND(hdr->init_size, 4);
/*
* init_boot_size needs to be set, as it is read by the BootROM
* to determine the size of the next-stage bootloader (e.g. U-Boot
* proper), when used with the back-to-bootrom functionality.
*
* see https://lists.denx.de/pipermail/u-boot/2017-May/293267.html
* for a more detailed explanation by Andy Yan
*/
hdr->init_boot_size = hdr->init_size + RK_MAX_BOOT_SIZE / RK_BLK_SIZE;
rc4_encode(buf, RK_BLK_SIZE, rc4_key);
}
int rkcommon_set_header(void *buf, uint file_size,
struct image_tool_params *params)
{
struct header1_info *hdr = buf + RK_SPL_HDR_START;
if (file_size > rkcommon_get_spl_size(params))
return -ENOSPC;
rkcommon_set_header0(buf, file_size, params);
/* Set up the SPL name (i.e. copy spl_hdr over) */
memcpy(&hdr->magic, rkcommon_get_spl_hdr(params), RK_SPL_HDR_SIZE);
if (rkcommon_need_rc4_spl(params))
rkcommon_rc4_encode_spl(buf, RK_SPL_HDR_START,
params->file_size - RK_SPL_HDR_START);
return 0;
}
static inline unsigned rkcommon_offset_to_spi(unsigned offset)
{
/*
* While SD/MMC images use a flat addressing, SPI images are padded
* to use the first 2K of every 4K sector only.
*/
return ((offset & ~0x7ff) << 1) + (offset & 0x7ff);
}
static int rkcommon_parse_header(const void *buf, struct header0_info *header0,
struct spl_info **spl_info)
{
unsigned hdr1_offset;
struct header1_info *hdr1_sdmmc, *hdr1_spi;
int i;
if (spl_info)
*spl_info = NULL;
/*
* The first header (hdr0) is always RC4 encoded, so try to decrypt
* with the well-known key.
*/
memcpy((void *)header0, buf, sizeof(struct header0_info));
rc4_encode((void *)header0, sizeof(struct header0_info), rc4_key);
if (header0->signature != RK_SIGNATURE)
return -EPROTO;
/* We don't support RC4 encoded image payloads here, yet... */
if (header0->disable_rc4 == 0)
return -ENOSYS;
hdr1_offset = header0->init_offset * RK_BLK_SIZE;
hdr1_sdmmc = (struct header1_info *)(buf + hdr1_offset);
hdr1_spi = (struct header1_info *)(buf +
rkcommon_offset_to_spi(hdr1_offset));
for (i = 0; i < ARRAY_SIZE(spl_infos); i++) {
if (!memcmp(&hdr1_sdmmc->magic, spl_infos[i].spl_hdr, 4)) {
if (spl_info)
*spl_info = &spl_infos[i];
return IH_TYPE_RKSD;
} else if (!memcmp(&hdr1_spi->magic, spl_infos[i].spl_hdr, 4)) {
if (spl_info)
*spl_info = &spl_infos[i];
return IH_TYPE_RKSPI;
}
}
return -1;
}
int rkcommon_verify_header(unsigned char *buf, int size,
struct image_tool_params *params)
{
struct header0_info header0;
struct spl_info *img_spl_info, *spl_info;
int ret;
ret = rkcommon_parse_header(buf, &header0, &img_spl_info);
/* If this is the (unimplemented) RC4 case, then rewrite the result */
if (ret == -ENOSYS)
return 0;
if (ret < 0)
return ret;
/*
* If no 'imagename' is specified via the commandline (e.g. if this is
* 'dumpimage -l' w/o any further constraints), we accept any spl_info.
*/
if (params->imagename == NULL)
return 0;
/* Match the 'imagename' against the 'spl_hdr' found */
spl_info = rkcommon_get_spl_info(params->imagename);
if (spl_info && img_spl_info)
return strcmp(spl_info->spl_hdr, img_spl_info->spl_hdr);
return -ENOENT;
}
void rkcommon_print_header(const void *buf)
{
struct header0_info header0;
struct spl_info *spl_info;
uint8_t image_type;
int ret;
ret = rkcommon_parse_header(buf, &header0, &spl_info);
/* If this is the (unimplemented) RC4 case, then fail silently */
if (ret == -ENOSYS)
return;
if (ret < 0) {
fprintf(stderr, "Error: image verification failed\n");
return;
}
image_type = ret;
printf("Image Type: Rockchip %s (%s) boot image\n",
spl_info->spl_hdr,
(image_type == IH_TYPE_RKSD) ? "SD/MMC" : "SPI");
printf("Data Size: %d bytes\n", header0.init_size * RK_BLK_SIZE);
}
void rkcommon_rc4_encode_spl(void *buf, unsigned int offset, unsigned int size)
{
unsigned int remaining = size;
while (remaining > 0) {
int step = (remaining > RK_BLK_SIZE) ? RK_BLK_SIZE : remaining;
rc4_encode(buf + offset, step, rc4_key);
offset += RK_BLK_SIZE;
remaining -= step;
}
}
int rkcommon_vrec_header(struct image_tool_params *params,
struct image_type_params *tparams,
unsigned int alignment)
{
unsigned int unpadded_size;
unsigned int padded_size;
/*
* The SPL image looks as follows:
*
* 0x0 header0 (see rkcommon.c)
* 0x800 spl_name ('RK30', ..., 'RK33')
* (start of the payload for AArch64 payloads: we expect the
* first 4 bytes to be available for overwriting with our
* spl_name)
* 0x804 first instruction to be executed
* (start of the image/payload for 32bit payloads)
*
* For AArch64 (ARMv8) payloads, natural alignment (8-bytes) is
* required for its sections (so the image we receive needs to
* have the first 4 bytes reserved for the spl_name). Reserving
* these 4 bytes is done using the BOOT0_HOOK infrastructure.
*
* The header is always at 0x800 (as we now use a payload
* prepadded using the boot0 hook for all targets): the first
* 4 bytes of these images can safely be overwritten using the
* boot magic.
*/
tparams->header_size = RK_SPL_HDR_START;
/* Allocate, clear and install the header */
tparams->hdr = malloc(tparams->header_size);
if (!tparams->hdr)
return -ENOMEM;
memset(tparams->hdr, 0, tparams->header_size);
/*
* If someone passed in 0 for the alignment, we'd better handle
* it correctly...
*/
if (!alignment)
alignment = 1;
unpadded_size = tparams->header_size + params->file_size;
padded_size = ROUND(unpadded_size, alignment);
return padded_size - unpadded_size;
}