1
2
3
4
5
6
7
8
9
10
11
12#include <assert.h>
13#include <fcntl.h>
14#include <getopt.h>
15#include <stdlib.h>
16#include <stdio.h>
17#include <string.h>
18#include <unistd.h>
19#include <sys/types.h>
20#include <sys/stat.h>
21#include <libfdt.h>
22#include "ifdtool.h"
23
24#undef DEBUG
25
26#ifdef DEBUG
27#define debug(fmt, args...) printf(fmt, ##args)
28#else
29#define debug(fmt, args...)
30#endif
31
32#define FD_SIGNATURE 0x0FF0A55A
33#define FLREG_BASE(reg) ((reg & 0x00000fff) << 12);
34#define FLREG_LIMIT(reg) (((reg & 0x0fff0000) >> 4) | 0xfff);
35
36enum input_file_type_t {
37 IF_normal,
38 IF_fdt,
39 IF_uboot,
40};
41
42struct input_file {
43 char *fname;
44 unsigned int addr;
45 enum input_file_type_t type;
46};
47
48
49
50
51
52
53
54
55static struct fdbar_t *find_fd(char *image, int size)
56{
57 uint32_t *ptr, *end;
58
59
60 for (ptr = (uint32_t *)image, end = ptr + size / 4; ptr < end; ptr++) {
61 if (*ptr == FD_SIGNATURE)
62 break;
63 }
64
65 if (ptr == end) {
66 printf("No Flash Descriptor found in this image\n");
67 return NULL;
68 }
69
70 debug("Found Flash Descriptor signature at 0x%08lx\n",
71 (char *)ptr - image);
72
73 return (struct fdbar_t *)ptr;
74}
75
76
77
78
79
80
81
82
83
84static int get_region(struct frba_t *frba, int region_type,
85 struct region_t *region)
86{
87 if (region_type >= MAX_REGIONS) {
88 fprintf(stderr, "Invalid region type.\n");
89 return -1;
90 }
91
92 region->base = FLREG_BASE(frba->flreg[region_type]);
93 region->limit = FLREG_LIMIT(frba->flreg[region_type]);
94 region->size = region->limit - region->base + 1;
95
96 return 0;
97}
98
99static const char *region_name(int region_type)
100{
101 static const char *const regions[] = {
102 "Flash Descriptor",
103 "BIOS",
104 "Intel ME",
105 "GbE",
106 "Platform Data"
107 };
108
109 assert(region_type < MAX_REGIONS);
110
111 return regions[region_type];
112}
113
114static const char *region_filename(int region_type)
115{
116 static const char *const region_filenames[] = {
117 "flashregion_0_flashdescriptor.bin",
118 "flashregion_1_bios.bin",
119 "flashregion_2_intel_me.bin",
120 "flashregion_3_gbe.bin",
121 "flashregion_4_platform_data.bin"
122 };
123
124 assert(region_type < MAX_REGIONS);
125
126 return region_filenames[region_type];
127}
128
129static int dump_region(int num, struct frba_t *frba)
130{
131 struct region_t region;
132 int ret;
133
134 ret = get_region(frba, num, ®ion);
135 if (ret)
136 return ret;
137
138 printf(" Flash Region %d (%s): %08x - %08x %s\n",
139 num, region_name(num), region.base, region.limit,
140 region.size < 1 ? "(unused)" : "");
141
142 return ret;
143}
144
145static void dump_frba(struct frba_t *frba)
146{
147 int i;
148
149 printf("Found Region Section\n");
150 for (i = 0; i < MAX_REGIONS; i++) {
151 printf("FLREG%d: 0x%08x\n", i, frba->flreg[i]);
152 dump_region(i, frba);
153 }
154}
155
156static void decode_spi_frequency(unsigned int freq)
157{
158 switch (freq) {
159 case SPI_FREQUENCY_20MHZ:
160 printf("20MHz");
161 break;
162 case SPI_FREQUENCY_33MHZ:
163 printf("33MHz");
164 break;
165 case SPI_FREQUENCY_50MHZ:
166 printf("50MHz");
167 break;
168 default:
169 printf("unknown<%x>MHz", freq);
170 }
171}
172
173static void decode_component_density(unsigned int density)
174{
175 switch (density) {
176 case COMPONENT_DENSITY_512KB:
177 printf("512KiB");
178 break;
179 case COMPONENT_DENSITY_1MB:
180 printf("1MiB");
181 break;
182 case COMPONENT_DENSITY_2MB:
183 printf("2MiB");
184 break;
185 case COMPONENT_DENSITY_4MB:
186 printf("4MiB");
187 break;
188 case COMPONENT_DENSITY_8MB:
189 printf("8MiB");
190 break;
191 case COMPONENT_DENSITY_16MB:
192 printf("16MiB");
193 break;
194 default:
195 printf("unknown<%x>MiB", density);
196 }
197}
198
199static void dump_fcba(struct fcba_t *fcba)
200{
201 printf("\nFound Component Section\n");
202 printf("FLCOMP 0x%08x\n", fcba->flcomp);
203 printf(" Dual Output Fast Read Support: %ssupported\n",
204 (fcba->flcomp & (1 << 30)) ? "" : "not ");
205 printf(" Read ID/Read Status Clock Frequency: ");
206 decode_spi_frequency((fcba->flcomp >> 27) & 7);
207 printf("\n Write/Erase Clock Frequency: ");
208 decode_spi_frequency((fcba->flcomp >> 24) & 7);
209 printf("\n Fast Read Clock Frequency: ");
210 decode_spi_frequency((fcba->flcomp >> 21) & 7);
211 printf("\n Fast Read Support: %ssupported",
212 (fcba->flcomp & (1 << 20)) ? "" : "not ");
213 printf("\n Read Clock Frequency: ");
214 decode_spi_frequency((fcba->flcomp >> 17) & 7);
215 printf("\n Component 2 Density: ");
216 decode_component_density((fcba->flcomp >> 3) & 7);
217 printf("\n Component 1 Density: ");
218 decode_component_density(fcba->flcomp & 7);
219 printf("\n");
220 printf("FLILL 0x%08x\n", fcba->flill);
221 printf(" Invalid Instruction 3: 0x%02x\n",
222 (fcba->flill >> 24) & 0xff);
223 printf(" Invalid Instruction 2: 0x%02x\n",
224 (fcba->flill >> 16) & 0xff);
225 printf(" Invalid Instruction 1: 0x%02x\n",
226 (fcba->flill >> 8) & 0xff);
227 printf(" Invalid Instruction 0: 0x%02x\n",
228 fcba->flill & 0xff);
229 printf("FLPB 0x%08x\n", fcba->flpb);
230 printf(" Flash Partition Boundary Address: 0x%06x\n\n",
231 (fcba->flpb & 0xfff) << 12);
232}
233
234static void dump_fpsba(struct fpsba_t *fpsba)
235{
236 int i;
237
238 printf("Found PCH Strap Section\n");
239 for (i = 0; i < MAX_STRAPS; i++)
240 printf("PCHSTRP%-2d: 0x%08x\n", i, fpsba->pchstrp[i]);
241}
242
243static const char *get_enabled(int flag)
244{
245 return flag ? "enabled" : "disabled";
246}
247
248static void decode_flmstr(uint32_t flmstr)
249{
250 printf(" Platform Data Region Write Access: %s\n",
251 get_enabled(flmstr & (1 << 28)));
252 printf(" GbE Region Write Access: %s\n",
253 get_enabled(flmstr & (1 << 27)));
254 printf(" Intel ME Region Write Access: %s\n",
255 get_enabled(flmstr & (1 << 26)));
256 printf(" Host CPU/BIOS Region Write Access: %s\n",
257 get_enabled(flmstr & (1 << 25)));
258 printf(" Flash Descriptor Write Access: %s\n",
259 get_enabled(flmstr & (1 << 24)));
260
261 printf(" Platform Data Region Read Access: %s\n",
262 get_enabled(flmstr & (1 << 20)));
263 printf(" GbE Region Read Access: %s\n",
264 get_enabled(flmstr & (1 << 19)));
265 printf(" Intel ME Region Read Access: %s\n",
266 get_enabled(flmstr & (1 << 18)));
267 printf(" Host CPU/BIOS Region Read Access: %s\n",
268 get_enabled(flmstr & (1 << 17)));
269 printf(" Flash Descriptor Read Access: %s\n",
270 get_enabled(flmstr & (1 << 16)));
271
272 printf(" Requester ID: 0x%04x\n\n",
273 flmstr & 0xffff);
274}
275
276static void dump_fmba(struct fmba_t *fmba)
277{
278 printf("Found Master Section\n");
279 printf("FLMSTR1: 0x%08x (Host CPU/BIOS)\n", fmba->flmstr1);
280 decode_flmstr(fmba->flmstr1);
281 printf("FLMSTR2: 0x%08x (Intel ME)\n", fmba->flmstr2);
282 decode_flmstr(fmba->flmstr2);
283 printf("FLMSTR3: 0x%08x (GbE)\n", fmba->flmstr3);
284 decode_flmstr(fmba->flmstr3);
285}
286
287static void dump_fmsba(struct fmsba_t *fmsba)
288{
289 int i;
290
291 printf("Found Processor Strap Section\n");
292 for (i = 0; i < 4; i++)
293 printf("????: 0x%08x\n", fmsba->data[0]);
294}
295
296static void dump_jid(uint32_t jid)
297{
298 printf(" SPI Component Device ID 1: 0x%02x\n",
299 (jid >> 16) & 0xff);
300 printf(" SPI Component Device ID 0: 0x%02x\n",
301 (jid >> 8) & 0xff);
302 printf(" SPI Component Vendor ID: 0x%02x\n",
303 jid & 0xff);
304}
305
306static void dump_vscc(uint32_t vscc)
307{
308 printf(" Lower Erase Opcode: 0x%02x\n",
309 vscc >> 24);
310 printf(" Lower Write Enable on Write Status: 0x%02x\n",
311 vscc & (1 << 20) ? 0x06 : 0x50);
312 printf(" Lower Write Status Required: %s\n",
313 vscc & (1 << 19) ? "Yes" : "No");
314 printf(" Lower Write Granularity: %d bytes\n",
315 vscc & (1 << 18) ? 64 : 1);
316 printf(" Lower Block / Sector Erase Size: ");
317 switch ((vscc >> 16) & 0x3) {
318 case 0:
319 printf("256 Byte\n");
320 break;
321 case 1:
322 printf("4KB\n");
323 break;
324 case 2:
325 printf("8KB\n");
326 break;
327 case 3:
328 printf("64KB\n");
329 break;
330 }
331
332 printf(" Upper Erase Opcode: 0x%02x\n",
333 (vscc >> 8) & 0xff);
334 printf(" Upper Write Enable on Write Status: 0x%02x\n",
335 vscc & (1 << 4) ? 0x06 : 0x50);
336 printf(" Upper Write Status Required: %s\n",
337 vscc & (1 << 3) ? "Yes" : "No");
338 printf(" Upper Write Granularity: %d bytes\n",
339 vscc & (1 << 2) ? 64 : 1);
340 printf(" Upper Block / Sector Erase Size: ");
341 switch (vscc & 0x3) {
342 case 0:
343 printf("256 Byte\n");
344 break;
345 case 1:
346 printf("4KB\n");
347 break;
348 case 2:
349 printf("8KB\n");
350 break;
351 case 3:
352 printf("64KB\n");
353 break;
354 }
355}
356
357static void dump_vtba(struct vtba_t *vtba, int vtl)
358{
359 int i;
360 int num = (vtl >> 1) < 8 ? (vtl >> 1) : 8;
361
362 printf("ME VSCC table:\n");
363 for (i = 0; i < num; i++) {
364 printf(" JID%d: 0x%08x\n", i, vtba->entry[i].jid);
365 dump_jid(vtba->entry[i].jid);
366 printf(" VSCC%d: 0x%08x\n", i, vtba->entry[i].vscc);
367 dump_vscc(vtba->entry[i].vscc);
368 }
369 printf("\n");
370}
371
372static void dump_oem(uint8_t *oem)
373{
374 int i, j;
375 printf("OEM Section:\n");
376 for (i = 0; i < 4; i++) {
377 printf("%02x:", i << 4);
378 for (j = 0; j < 16; j++)
379 printf(" %02x", oem[(i<<4)+j]);
380 printf("\n");
381 }
382 printf("\n");
383}
384
385
386
387
388
389
390
391
392static int dump_fd(char *image, int size)
393{
394 struct fdbar_t *fdb = find_fd(image, size);
395
396 if (!fdb)
397 return -1;
398
399 printf("FLMAP0: 0x%08x\n", fdb->flmap0);
400 printf(" NR: %d\n", (fdb->flmap0 >> 24) & 7);
401 printf(" FRBA: 0x%x\n", ((fdb->flmap0 >> 16) & 0xff) << 4);
402 printf(" NC: %d\n", ((fdb->flmap0 >> 8) & 3) + 1);
403 printf(" FCBA: 0x%x\n", ((fdb->flmap0) & 0xff) << 4);
404
405 printf("FLMAP1: 0x%08x\n", fdb->flmap1);
406 printf(" ISL: 0x%02x\n", (fdb->flmap1 >> 24) & 0xff);
407 printf(" FPSBA: 0x%x\n", ((fdb->flmap1 >> 16) & 0xff) << 4);
408 printf(" NM: %d\n", (fdb->flmap1 >> 8) & 3);
409 printf(" FMBA: 0x%x\n", ((fdb->flmap1) & 0xff) << 4);
410
411 printf("FLMAP2: 0x%08x\n", fdb->flmap2);
412 printf(" PSL: 0x%04x\n", (fdb->flmap2 >> 8) & 0xffff);
413 printf(" FMSBA: 0x%x\n", ((fdb->flmap2) & 0xff) << 4);
414
415 printf("FLUMAP1: 0x%08x\n", fdb->flumap1);
416 printf(" Intel ME VSCC Table Length (VTL): %d\n",
417 (fdb->flumap1 >> 8) & 0xff);
418 printf(" Intel ME VSCC Table Base Address (VTBA): 0x%06x\n\n",
419 (fdb->flumap1 & 0xff) << 4);
420 dump_vtba((struct vtba_t *)
421 (image + ((fdb->flumap1 & 0xff) << 4)),
422 (fdb->flumap1 >> 8) & 0xff);
423 dump_oem((uint8_t *)image + 0xf00);
424 dump_frba((struct frba_t *)(image + (((fdb->flmap0 >> 16) & 0xff)
425 << 4)));
426 dump_fcba((struct fcba_t *)(image + (((fdb->flmap0) & 0xff) << 4)));
427 dump_fpsba((struct fpsba_t *)
428 (image + (((fdb->flmap1 >> 16) & 0xff) << 4)));
429 dump_fmba((struct fmba_t *)(image + (((fdb->flmap1) & 0xff) << 4)));
430 dump_fmsba((struct fmsba_t *)(image + (((fdb->flmap2) & 0xff) << 4)));
431
432 return 0;
433}
434
435
436
437
438
439
440
441
442
443
444static int write_regions(char *image, int size)
445{
446 struct fdbar_t *fdb;
447 struct frba_t *frba;
448 int ret = 0;
449 int i;
450
451 fdb = find_fd(image, size);
452 if (!fdb)
453 return -1;
454
455 frba = (struct frba_t *)(image + (((fdb->flmap0 >> 16) & 0xff) << 4));
456
457 for (i = 0; i < MAX_REGIONS; i++) {
458 struct region_t region;
459 int region_fd;
460
461 ret = get_region(frba, i, ®ion);
462 if (ret)
463 return ret;
464 dump_region(i, frba);
465 if (region.size <= 0)
466 continue;
467 region_fd = open(region_filename(i),
468 O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR |
469 S_IWUSR | S_IRGRP | S_IROTH);
470 if (write(region_fd, image + region.base, region.size) !=
471 region.size) {
472 perror("Error while writing");
473 ret = -1;
474 }
475 close(region_fd);
476 }
477
478 return ret;
479}
480
481static int perror_fname(const char *fmt, const char *fname)
482{
483 char msg[strlen(fmt) + strlen(fname) + 1];
484
485 sprintf(msg, fmt, fname);
486 perror(msg);
487
488 return -1;
489}
490
491
492
493
494
495
496
497
498
499static int write_image(char *filename, char *image, int size)
500{
501 int new_fd;
502
503 debug("Writing new image to %s\n", filename);
504
505 new_fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR |
506 S_IWUSR | S_IRGRP | S_IROTH);
507 if (new_fd < 0)
508 return perror_fname("Could not open file '%s'", filename);
509 if (write(new_fd, image, size) != size)
510 return perror_fname("Could not write file '%s'", filename);
511 close(new_fd);
512
513 return 0;
514}
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529static void set_spi_frequency(char *image, int size, enum spi_frequency freq)
530{
531 struct fdbar_t *fdb = find_fd(image, size);
532 struct fcba_t *fcba;
533
534 fcba = (struct fcba_t *)(image + (((fdb->flmap0) & 0xff) << 4));
535
536
537 fcba->flcomp &= ~0x3fe00000;
538
539 fcba->flcomp |= freq << 27;
540
541 fcba->flcomp |= freq << 24;
542
543 fcba->flcomp |= freq << 21;
544}
545
546
547
548
549
550
551
552static void set_em100_mode(char *image, int size)
553{
554 struct fdbar_t *fdb = find_fd(image, size);
555 struct fcba_t *fcba;
556
557 fcba = (struct fcba_t *)(image + (((fdb->flmap0) & 0xff) << 4));
558 fcba->flcomp &= ~(1 << 30);
559 set_spi_frequency(image, size, SPI_FREQUENCY_20MHZ);
560}
561
562
563
564
565
566
567
568static void lock_descriptor(char *image, int size)
569{
570 struct fdbar_t *fdb = find_fd(image, size);
571 struct fmba_t *fmba;
572
573
574
575
576
577 fmba = (struct fmba_t *)(image + (((fdb->flmap1) & 0xff) << 4));
578 fmba->flmstr1 = 0x0a0b0000;
579 fmba->flmstr2 = 0x0c0d0000;
580 fmba->flmstr3 = 0x08080118;
581}
582
583
584
585
586
587
588
589static void unlock_descriptor(char *image, int size)
590{
591 struct fdbar_t *fdb = find_fd(image, size);
592 struct fmba_t *fmba;
593
594 fmba = (struct fmba_t *)(image + (((fdb->flmap1) & 0xff) << 4));
595 fmba->flmstr1 = 0xffff0000;
596 fmba->flmstr2 = 0xffff0000;
597 fmba->flmstr3 = 0x08080118;
598}
599
600
601
602
603
604
605
606
607int open_for_read(const char *fname, int *sizep)
608{
609 int fd = open(fname, O_RDONLY);
610 struct stat buf;
611
612 if (fd == -1)
613 return perror_fname("Could not open file '%s'", fname);
614 if (fstat(fd, &buf) == -1)
615 return perror_fname("Could not stat file '%s'", fname);
616 *sizep = buf.st_size;
617 debug("File %s is %d bytes\n", fname, *sizep);
618
619 return fd;
620}
621
622
623
624
625
626
627
628
629
630
631
632
633
634int inject_region(char *image, int size, int region_type, char *region_fname)
635{
636 struct fdbar_t *fdb = find_fd(image, size);
637 struct region_t region;
638 struct frba_t *frba;
639 int region_size;
640 int offset = 0;
641 int region_fd;
642 int ret;
643
644 if (!fdb)
645 exit(EXIT_FAILURE);
646 frba = (struct frba_t *)(image + (((fdb->flmap0 >> 16) & 0xff) << 4));
647
648 ret = get_region(frba, region_type, ®ion);
649 if (ret)
650 return -1;
651 if (region.size <= 0xfff) {
652 fprintf(stderr, "Region %s is disabled in target. Not injecting.\n",
653 region_name(region_type));
654 return -1;
655 }
656
657 region_fd = open_for_read(region_fname, ®ion_size);
658 if (region_fd < 0)
659 return region_fd;
660
661 if ((region_size > region.size) ||
662 ((region_type != 1) && (region_size > region.size))) {
663 fprintf(stderr, "Region %s is %d(0x%x) bytes. File is %d(0x%x) bytes. Not injecting.\n",
664 region_name(region_type), region.size,
665 region.size, region_size, region_size);
666 return -1;
667 }
668
669 if ((region_type == 1) && (region_size < region.size)) {
670 fprintf(stderr, "Region %s is %d(0x%x) bytes. File is %d(0x%x) bytes. Padding before injecting.\n",
671 region_name(region_type), region.size,
672 region.size, region_size, region_size);
673 offset = region.size - region_size;
674 memset(image + region.base, 0xff, offset);
675 }
676
677 if (size < region.base + offset + region_size) {
678 fprintf(stderr, "Output file is too small. (%d < %d)\n",
679 size, region.base + offset + region_size);
680 return -1;
681 }
682
683 if (read(region_fd, image + region.base + offset, region_size)
684 != region_size) {
685 perror("Could not read file");
686 return -1;
687 }
688
689 close(region_fd);
690
691 debug("Adding %s as the %s section\n", region_fname,
692 region_name(region_type));
693
694 return 0;
695}
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713static int write_data(char *image, int size, unsigned int addr,
714 const char *write_fname, int offset_uboot_top,
715 int offset_uboot_start)
716{
717 int write_fd, write_size;
718 int offset;
719
720 write_fd = open_for_read(write_fname, &write_size);
721 if (write_fd < 0)
722 return write_fd;
723
724 offset = (uint32_t)(addr + size);
725 if (offset_uboot_top) {
726 if (offset_uboot_start < offset &&
727 offset_uboot_top >= offset) {
728 fprintf(stderr, "U-Boot image overlaps with region '%s'\n",
729 write_fname);
730 fprintf(stderr,
731 "U-Boot finishes at offset %x, file starts at %x\n",
732 offset_uboot_top, offset);
733 return -EXDEV;
734 }
735 if (offset_uboot_start > offset &&
736 offset_uboot_start <= offset + write_size) {
737 fprintf(stderr, "U-Boot image overlaps with region '%s'\n",
738 write_fname);
739 fprintf(stderr,
740 "U-Boot starts at offset %x, file finishes at %x\n",
741 offset_uboot_start, offset + write_size);
742 return -EXDEV;
743 }
744 }
745 debug("Writing %s to offset %#x\n", write_fname, offset);
746
747 if (offset < 0 || offset + write_size > size) {
748 fprintf(stderr, "Output file is too small. (%d < %d)\n",
749 size, offset + write_size);
750 return -1;
751 }
752
753 if (read(write_fd, image + offset, write_size) != write_size) {
754 perror("Could not read file");
755 return -1;
756 }
757
758 close(write_fd);
759
760 return write_size;
761}
762
763static int scan_ucode(const void *blob, char *ucode_base, int *countp,
764 const char **datap, int *data_sizep)
765{
766 const char *data = NULL;
767 int node, count;
768 int data_size;
769 char *ucode;
770
771 for (node = 0, count = 0, ucode = ucode_base; node >= 0; count++) {
772 node = fdt_node_offset_by_compatible(blob, node,
773 "intel,microcode");
774 if (node < 0)
775 break;
776
777 data = fdt_getprop(blob, node, "data", &data_size);
778 if (!data) {
779 debug("Missing microcode data in FDT '%s': %s\n",
780 fdt_get_name(blob, node, NULL),
781 fdt_strerror(data_size));
782 return -ENOENT;
783 }
784
785 if (ucode_base)
786 memcpy(ucode, data, data_size);
787 ucode += data_size;
788 }
789
790 if (countp)
791 *countp = count;
792 if (datap)
793 *datap = data;
794 if (data_sizep)
795 *data_sizep = data_size;
796
797 return ucode - ucode_base;
798}
799
800static int remove_ucode(char *blob)
801{
802 int node, count;
803 int ret;
804
805
806 do {
807 for (node = 0, count = 0; node >= 0;) {
808 int ret;
809
810 node = fdt_node_offset_by_compatible(blob, node,
811 "intel,microcode");
812 if (node < 0)
813 break;
814
815 ret = fdt_delprop(blob, node, "data");
816
817
818
819
820
821
822
823
824 if (ret == -FDT_ERR_NOTFOUND)
825 continue;
826 else if (!ret)
827 node = 0;
828 else
829 return ret;
830 }
831 } while (count);
832
833
834 ret = fdt_pack(blob);
835 if (ret)
836 return ret;
837
838 return fdt_totalsize(blob);
839}
840
841static int write_ucode(char *image, int size, struct input_file *fdt,
842 int fdt_size, unsigned int ucode_ptr,
843 int collate_ucode)
844{
845 const char *data = NULL;
846 char *ucode_buf;
847 const void *blob;
848 char *ucode_base;
849 uint32_t *ptr;
850 int ucode_size;
851 int data_size;
852 int offset;
853 int count;
854 int ret;
855
856 blob = (void *)image + (uint32_t)(fdt->addr + size);
857
858 debug("DTB at %lx\n", (char *)blob - image);
859
860
861 ucode_size = scan_ucode(blob, NULL, &count, &data, &data_size);
862 if (ucode_size < 0)
863 return ucode_size;
864 if (!count) {
865 debug("No microcode found in FDT\n");
866 return -ENOENT;
867 }
868
869 if (count > 1 && !collate_ucode) {
870 fprintf(stderr,
871 "Cannot handle multiple microcode blocks - please use -C flag to collate them\n");
872 return -EMLINK;
873 }
874
875
876
877
878
879 if (collate_ucode && count > 1) {
880 ucode_buf = malloc(ucode_size);
881 if (!ucode_buf) {
882 fprintf(stderr,
883 "Out of memory for microcode (%d bytes)\n",
884 ucode_size);
885 return -ENOMEM;
886 }
887 ret = scan_ucode(blob, ucode_buf, NULL, NULL, NULL);
888 if (ret < 0)
889 return ret;
890
891
892 ret = remove_ucode((char *)blob);
893 if (ret < 0) {
894 debug("Could not remove FDT microcode: %s\n",
895 fdt_strerror(ret));
896 return -EINVAL;
897 }
898 debug("Collated %d microcode block(s)\n", count);
899 debug("Device tree reduced from %x to %x bytes\n",
900 fdt_size, ret);
901 fdt_size = ret;
902
903
904
905
906
907 ucode_base = (char *)(((unsigned long)blob + fdt_size + 15) &
908 ~15);
909
910 data = ucode_base;
911 data_size = ucode_size;
912 memcpy(ucode_base, ucode_buf, ucode_size);
913 free(ucode_buf);
914 }
915
916 offset = (uint32_t)(ucode_ptr + size);
917 ptr = (void *)image + offset;
918
919 ptr[0] = (data - image) - size;
920 ptr[1] = data_size;
921 debug("Wrote microcode pointer at %x: addr=%x, size=%x\n", ucode_ptr,
922 ptr[0], ptr[1]);
923
924 return (collate_ucode ? data + data_size : (char *)blob + fdt_size) -
925 image;
926}
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942static int write_uboot(char *image, int size, struct input_file *uboot,
943 struct input_file *fdt, unsigned int ucode_ptr,
944 int collate_ucode, int *offset_uboot_top,
945 int *offset_uboot_start)
946{
947 int uboot_size, fdt_size;
948 int uboot_top;
949
950 uboot_size = write_data(image, size, uboot->addr, uboot->fname, 0, 0);
951 if (uboot_size < 0)
952 return uboot_size;
953 fdt->addr = uboot->addr + uboot_size;
954 debug("U-Boot size %#x, FDT at %#x\n", uboot_size, fdt->addr);
955 fdt_size = write_data(image, size, fdt->addr, fdt->fname, 0, 0);
956 if (fdt_size < 0)
957 return fdt_size;
958
959 uboot_top = (uint32_t)(fdt->addr + size) + fdt_size;
960
961 if (ucode_ptr) {
962 uboot_top = write_ucode(image, size, fdt, fdt_size, ucode_ptr,
963 collate_ucode);
964 if (uboot_top < 0)
965 return uboot_top;
966 }
967
968 if (offset_uboot_top && offset_uboot_start) {
969 *offset_uboot_top = uboot_top;
970 *offset_uboot_start = (uint32_t)(uboot->addr + size);
971 }
972
973 return 0;
974}
975
976static void print_version(void)
977{
978 printf("ifdtool v%s -- ", IFDTOOL_VERSION);
979 printf("Copyright (C) 2014 Google Inc.\n\n");
980 printf("SPDX-License-Identifier: GPL-2.0+\n");
981}
982
983static void print_usage(const char *name)
984{
985 printf("usage: %s [-vhdix?] <filename> [<outfile>]\n", name);
986 printf("\n"
987 " -d | --dump: dump intel firmware descriptor\n"
988 " -x | --extract: extract intel fd modules\n"
989 " -i | --inject <region>:<module> inject file <module> into region <region>\n"
990 " -w | --write <addr>:<file> write file to appear at memory address <addr>\n"
991 " multiple files can be written simultaneously\n"
992 " -s | --spifreq <20|33|50> set the SPI frequency\n"
993 " -e | --em100 set SPI frequency to 20MHz and disable\n"
994 " Dual Output Fast Read Support\n"
995 " -l | --lock Lock firmware descriptor and ME region\n"
996 " -u | --unlock Unlock firmware descriptor and ME region\n"
997 " -r | --romsize Specify ROM size\n"
998 " -D | --write-descriptor <file> Write descriptor at base\n"
999 " -c | --create Create a new empty image\n"
1000 " -v | --version: print the version\n"
1001 " -h | --help: print this help\n\n"
1002 "<region> is one of Descriptor, BIOS, ME, GbE, Platform\n"
1003 "\n");
1004}
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017static int get_two_words(const char *str, char **firstp, char **secondp)
1018{
1019 const char *p;
1020
1021 p = strchr(str, ':');
1022 if (!p)
1023 return -1;
1024 *firstp = strdup(str);
1025 (*firstp)[p - str] = '\0';
1026 *secondp = strdup(p + 1);
1027
1028 return 0;
1029}
1030
1031int main(int argc, char *argv[])
1032{
1033 int opt, option_index = 0;
1034 int mode_dump = 0, mode_extract = 0, mode_inject = 0;
1035 int mode_spifreq = 0, mode_em100 = 0, mode_locked = 0;
1036 int mode_unlocked = 0, mode_write = 0, mode_write_descriptor = 0;
1037 int create = 0, collate_ucode = 0;
1038 char *region_type_string = NULL, *inject_fname = NULL;
1039 char *desc_fname = NULL, *addr_str = NULL;
1040 int region_type = -1, inputfreq = 0;
1041 enum spi_frequency spifreq = SPI_FREQUENCY_20MHZ;
1042 struct input_file input_file[WRITE_MAX], *ifile, *fdt = NULL;
1043 unsigned char wr_idx, wr_num = 0;
1044 int rom_size = -1;
1045 bool write_it;
1046 char *filename;
1047 char *outfile = NULL;
1048 struct stat buf;
1049 int size = 0;
1050 unsigned int ucode_ptr = 0;
1051 bool have_uboot = false;
1052 int bios_fd;
1053 char *image;
1054 int ret;
1055 static struct option long_options[] = {
1056 {"create", 0, NULL, 'c'},
1057 {"collate-microcode", 0, NULL, 'C'},
1058 {"dump", 0, NULL, 'd'},
1059 {"descriptor", 1, NULL, 'D'},
1060 {"em100", 0, NULL, 'e'},
1061 {"extract", 0, NULL, 'x'},
1062 {"fdt", 1, NULL, 'f'},
1063 {"inject", 1, NULL, 'i'},
1064 {"lock", 0, NULL, 'l'},
1065 {"microcode", 1, NULL, 'm'},
1066 {"romsize", 1, NULL, 'r'},
1067 {"spifreq", 1, NULL, 's'},
1068 {"unlock", 0, NULL, 'u'},
1069 {"uboot", 1, NULL, 'U'},
1070 {"write", 1, NULL, 'w'},
1071 {"version", 0, NULL, 'v'},
1072 {"help", 0, NULL, 'h'},
1073 {0, 0, 0, 0}
1074 };
1075
1076 while ((opt = getopt_long(argc, argv, "cCdD:ef:hi:lm:r:s:uU:vw:x?",
1077 long_options, &option_index)) != EOF) {
1078 switch (opt) {
1079 case 'c':
1080 create = 1;
1081 break;
1082 case 'C':
1083 collate_ucode = 1;
1084 break;
1085 case 'd':
1086 mode_dump = 1;
1087 break;
1088 case 'D':
1089 mode_write_descriptor = 1;
1090 desc_fname = optarg;
1091 break;
1092 case 'e':
1093 mode_em100 = 1;
1094 break;
1095 case 'i':
1096 if (get_two_words(optarg, ®ion_type_string,
1097 &inject_fname)) {
1098 print_usage(argv[0]);
1099 exit(EXIT_FAILURE);
1100 }
1101 if (!strcasecmp("Descriptor", region_type_string))
1102 region_type = 0;
1103 else if (!strcasecmp("BIOS", region_type_string))
1104 region_type = 1;
1105 else if (!strcasecmp("ME", region_type_string))
1106 region_type = 2;
1107 else if (!strcasecmp("GbE", region_type_string))
1108 region_type = 3;
1109 else if (!strcasecmp("Platform", region_type_string))
1110 region_type = 4;
1111 if (region_type == -1) {
1112 fprintf(stderr, "No such region type: '%s'\n\n",
1113 region_type_string);
1114 print_usage(argv[0]);
1115 exit(EXIT_FAILURE);
1116 }
1117 mode_inject = 1;
1118 break;
1119 case 'l':
1120 mode_locked = 1;
1121 break;
1122 case 'm':
1123 ucode_ptr = strtoul(optarg, NULL, 0);
1124 break;
1125 case 'r':
1126 rom_size = strtol(optarg, NULL, 0);
1127 debug("ROM size %d\n", rom_size);
1128 break;
1129 case 's':
1130
1131 inputfreq = strtol(optarg, NULL, 0);
1132 switch (inputfreq) {
1133 case 20:
1134 spifreq = SPI_FREQUENCY_20MHZ;
1135 break;
1136 case 33:
1137 spifreq = SPI_FREQUENCY_33MHZ;
1138 break;
1139 case 50:
1140 spifreq = SPI_FREQUENCY_50MHZ;
1141 break;
1142 default:
1143 fprintf(stderr, "Invalid SPI Frequency: %d\n",
1144 inputfreq);
1145 print_usage(argv[0]);
1146 exit(EXIT_FAILURE);
1147 }
1148 mode_spifreq = 1;
1149 break;
1150 case 'u':
1151 mode_unlocked = 1;
1152 break;
1153 case 'v':
1154 print_version();
1155 exit(EXIT_SUCCESS);
1156 break;
1157 case 'w':
1158 case 'U':
1159 case 'f':
1160 ifile = &input_file[wr_num];
1161 mode_write = 1;
1162 if (wr_num < WRITE_MAX) {
1163 if (get_two_words(optarg, &addr_str,
1164 &ifile->fname)) {
1165 print_usage(argv[0]);
1166 exit(EXIT_FAILURE);
1167 }
1168 ifile->addr = strtoll(optarg, NULL, 0);
1169 ifile->type = opt == 'f' ? IF_fdt :
1170 opt == 'U' ? IF_uboot : IF_normal;
1171 if (ifile->type == IF_fdt)
1172 fdt = ifile;
1173 else if (ifile->type == IF_uboot)
1174 have_uboot = true;
1175 wr_num++;
1176 } else {
1177 fprintf(stderr,
1178 "The number of files to write simultaneously exceeds the limitation (%d)\n",
1179 WRITE_MAX);
1180 }
1181 break;
1182 case 'x':
1183 mode_extract = 1;
1184 break;
1185 case 'h':
1186 case '?':
1187 default:
1188 print_usage(argv[0]);
1189 exit(EXIT_SUCCESS);
1190 break;
1191 }
1192 }
1193
1194 if (mode_locked == 1 && mode_unlocked == 1) {
1195 fprintf(stderr, "Locking/Unlocking FD and ME are mutually exclusive\n");
1196 exit(EXIT_FAILURE);
1197 }
1198
1199 if (mode_inject == 1 && mode_write == 1) {
1200 fprintf(stderr, "Inject/Write are mutually exclusive\n");
1201 exit(EXIT_FAILURE);
1202 }
1203
1204 if ((mode_dump + mode_extract + mode_inject +
1205 (mode_spifreq | mode_em100 | mode_unlocked |
1206 mode_locked)) > 1) {
1207 fprintf(stderr, "You may not specify more than one mode.\n\n");
1208 print_usage(argv[0]);
1209 exit(EXIT_FAILURE);
1210 }
1211
1212 if ((mode_dump + mode_extract + mode_inject + mode_spifreq +
1213 mode_em100 + mode_locked + mode_unlocked + mode_write +
1214 mode_write_descriptor) == 0 && !create) {
1215 fprintf(stderr, "You need to specify a mode.\n\n");
1216 print_usage(argv[0]);
1217 exit(EXIT_FAILURE);
1218 }
1219
1220 if (create && rom_size == -1) {
1221 fprintf(stderr, "You need to specify a rom size when creating.\n\n");
1222 exit(EXIT_FAILURE);
1223 }
1224
1225 if (optind + 1 != argc) {
1226 fprintf(stderr, "You need to specify a file.\n\n");
1227 print_usage(argv[0]);
1228 exit(EXIT_FAILURE);
1229 }
1230
1231 if (have_uboot && !fdt) {
1232 fprintf(stderr,
1233 "You must supply a device tree file for U-Boot\n\n");
1234 print_usage(argv[0]);
1235 exit(EXIT_FAILURE);
1236 }
1237
1238 filename = argv[optind];
1239 if (optind + 2 != argc)
1240 outfile = argv[optind + 1];
1241
1242 if (create)
1243 bios_fd = open(filename, O_WRONLY | O_CREAT, 0666);
1244 else
1245 bios_fd = open(filename, outfile ? O_RDONLY : O_RDWR);
1246
1247 if (bios_fd == -1) {
1248 perror("Could not open file");
1249 exit(EXIT_FAILURE);
1250 }
1251
1252 if (!create) {
1253 if (fstat(bios_fd, &buf) == -1) {
1254 perror("Could not stat file");
1255 exit(EXIT_FAILURE);
1256 }
1257 size = buf.st_size;
1258 }
1259
1260 debug("File %s is %d bytes\n", filename, size);
1261
1262 if (rom_size == -1)
1263 rom_size = size;
1264
1265 image = malloc(rom_size);
1266 if (!image) {
1267 printf("Out of memory.\n");
1268 exit(EXIT_FAILURE);
1269 }
1270
1271 memset(image, '\xff', rom_size);
1272 if (!create && read(bios_fd, image, size) != size) {
1273 perror("Could not read file");
1274 exit(EXIT_FAILURE);
1275 }
1276 if (size != rom_size) {
1277 debug("ROM size changed to %d bytes\n", rom_size);
1278 size = rom_size;
1279 }
1280
1281 write_it = true;
1282 ret = 0;
1283 if (mode_dump) {
1284 ret = dump_fd(image, size);
1285 write_it = false;
1286 }
1287
1288 if (mode_extract) {
1289 ret = write_regions(image, size);
1290 write_it = false;
1291 }
1292
1293 if (mode_write_descriptor)
1294 ret = write_data(image, size, -size, desc_fname, 0, 0);
1295
1296 if (mode_inject)
1297 ret = inject_region(image, size, region_type, inject_fname);
1298
1299 if (mode_write) {
1300 int offset_uboot_top = 0;
1301 int offset_uboot_start = 0;
1302
1303 for (wr_idx = 0; wr_idx < wr_num; wr_idx++) {
1304 ifile = &input_file[wr_idx];
1305 if (ifile->type == IF_fdt) {
1306 continue;
1307 } else if (ifile->type == IF_uboot) {
1308 ret = write_uboot(image, size, ifile, fdt,
1309 ucode_ptr, collate_ucode,
1310 &offset_uboot_top,
1311 &offset_uboot_start);
1312 } else {
1313 ret = write_data(image, size, ifile->addr,
1314 ifile->fname, offset_uboot_top,
1315 offset_uboot_start);
1316 }
1317 if (ret < 0)
1318 break;
1319 }
1320 }
1321
1322 if (mode_spifreq)
1323 set_spi_frequency(image, size, spifreq);
1324
1325 if (mode_em100)
1326 set_em100_mode(image, size);
1327
1328 if (mode_locked)
1329 lock_descriptor(image, size);
1330
1331 if (mode_unlocked)
1332 unlock_descriptor(image, size);
1333
1334 if (write_it) {
1335 if (outfile) {
1336 ret = write_image(outfile, image, size);
1337 } else {
1338 if (lseek(bios_fd, 0, SEEK_SET)) {
1339 perror("Error while seeking");
1340 ret = -1;
1341 }
1342 if (write(bios_fd, image, size) != size) {
1343 perror("Error while writing");
1344 ret = -1;
1345 }
1346 }
1347 }
1348
1349 free(image);
1350 close(bios_fd);
1351
1352 return ret < 0 ? 1 : 0;
1353}
1354
