diff options
Diffstat (limited to 'common')
-rw-r--r-- | common/Makefile | 1 | ||||
-rw-r--r-- | common/board_r.c | 23 | ||||
-rw-r--r-- | common/cmd_fastboot.c | 1798 |
3 files changed, 1822 insertions, 0 deletions
diff --git a/common/Makefile b/common/Makefile index cecd81a..2d4e877 100644 --- a/common/Makefile +++ b/common/Makefile @@ -189,6 +189,7 @@ obj-$(CONFIG_MENU) += menu.o obj-$(CONFIG_MODEM_SUPPORT) += modem.o obj-$(CONFIG_UPDATE_TFTP) += update.o obj-$(CONFIG_USB_KEYBOARD) += usb_kbd.o +obj-$(CONFIG_FASTBOOT) += cmd_fastboot.o obj-$(CONFIG_CMD_DFU) += cmd_dfu.o obj-$(CONFIG_CMD_GPT) += cmd_gpt.o endif diff --git a/common/board_r.c b/common/board_r.c index 8629a65..b9f8aeb 100644 --- a/common/board_r.c +++ b/common/board_r.c @@ -55,6 +55,9 @@ #include <dm/root.h> #include <linux/compiler.h> #include <linux/err.h> +#ifdef CONFIG_FASTBOOT +#include <fastboot.h> +#endif DECLARE_GLOBAL_DATA_PTR; @@ -714,6 +717,20 @@ static int initr_modem(void) } #endif +#ifdef CONFIG_FASTBOOT +static int initr_fastboot_setup(void) +{ + fastboot_setup(); + return 0; +} + +static int initr_check_fastboot(void) +{ + check_fastboot(); + return 0; +} +#endif + static int run_main_loop(void) { #ifdef CONFIG_SANDBOX @@ -885,6 +902,9 @@ init_fnc_t init_sequence_r[] = { #ifdef CONFIG_BOARD_LATE_INIT board_late_init, #endif +#ifdef CONFIG_FASTBOOT + initr_fastboot_setup, +#endif #ifdef CONFIG_CMD_SCSI INIT_FUNC_WATCHDOG_RESET initr_scsi, @@ -931,6 +951,9 @@ init_fnc_t init_sequence_r[] = { #ifdef CONFIG_MODEM_SUPPORT initr_modem, #endif +#ifdef CONFIG_FASTBOOT + initr_check_fastboot, +#endif run_main_loop, }; diff --git a/common/cmd_fastboot.c b/common/cmd_fastboot.c new file mode 100644 index 0000000..ef37f8e --- /dev/null +++ b/common/cmd_fastboot.c @@ -0,0 +1,1798 @@ +/* + * Copyright 2008 - 2009 (C) Wind River Systems, Inc. + * Tom Rix <Tom.Rix@windriver.com> + * + * Copyright (C) 2010-2014 Freescale Semiconductor, Inc. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, + * MA 02111-1307 USA + * + * Part of the rx_handler were copied from the Android project. + * Specifically rx command parsing in the usb_rx_data_complete + * function of the file bootable/bootloader/legacy/usbloader/usbloader.c + * + * The logical naming of flash comes from the Android project + * Thse structures and functions that look like fastboot_flash_* + * They come from bootable/bootloader/legacy/libboot/flash.c + * + * This is their Copyright: + * + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +#include <asm/byteorder.h> +#include <common.h> +#include <command.h> +#include <nand.h> +#include <fastboot.h> +#include <environment.h> +#include <mmc.h> + + +#ifdef CONFIG_FASTBOOT + +int do_booti(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]); +extern int do_bootm_linux(int flag, int argc, + char *argv[], bootm_headers_t *images); + +/* Forward decl */ +static int tx_handler(void); +static int rx_handler(const unsigned char *buffer, unsigned int buffer_size); +static void reset_handler(void); + +static struct cmd_fastboot_interface interface = { + .rx_handler = rx_handler, + .reset_handler = reset_handler, + .product_name = NULL, + .serial_no = NULL, + .nand_block_size = 0, + .transfer_buffer = (unsigned char *)0xffffffff, + .transfer_buffer_size = 0, +}; + +static unsigned int download_size; +static unsigned int download_bytes; +static unsigned int download_bytes_unpadded; +static unsigned int download_error; +static unsigned int continue_booting; +static unsigned int upload_size; +static unsigned int upload_bytes; +static unsigned int upload_error; + +#define MMC_SATA_BLOCK_SIZE 512 + +#ifdef CONFIG_FASTBOOT_STORAGE_NAND +static void save_env(struct fastboot_ptentry *ptn, + char *var, char *val) +{ +#ifdef CONFIG_CMD_NAND_LOCK_UNLOCK + char lock[128], unlock[128]; +#endif + + setenv(var, val); + +#ifdef CONFIG_CMD_NAND_LOCK_UNLOCK + sprintf(lock, "nand lock 0x%x 0x%x", ptn->start, ptn->length); + sprintf(unlock, "nand unlock 0x%x 0x%x", ptn->start, ptn->length); + + /* This could be a problem is there is an outstanding lock */ + run_command(unlock, 0); +#endif + saveenv(); + +#ifdef CONFIG_CMD_NAND_LOCK_UNLOCK + run_command(lock, 0); +#endif +} + +void save_parts_values(struct fastboot_ptentry *ptn, + unsigned int offset, + unsigned int size) +{ + char var[64], val[32]; +#ifdef CONFIG_CMD_NAND_LOCK_UNLOCK + char lock[128], unlock[128]; + struct fastboot_ptentry *env_ptn; +#endif + + printf("saving it..\n"); + + + sprintf(var, "%s_nand_offset", ptn->name); + sprintf(val, "0x%x", offset); + + printf("setenv %s %s\n", var, val); + + setenv(var, val); + + sprintf(var, "%s_nand_size", ptn->name); + sprintf(val, "0x%x", size); + + printf("setenv %s %s\n", var, val); + + setenv(var, val); + +#ifdef CONFIG_CMD_NAND_LOCK_UNLOCK + /* Warning : + The environment is assumed to be in a partition named 'enviroment'. + It is very possible that your board stores the enviroment + someplace else. */ + env_ptn = fastboot_flash_find_ptn("environment"); + + if (env_ptn) { + sprintf(lock, "nand lock 0x%x 0x%x", + env_ptn->start, env_ptn->length); + sprintf(unlock, "nand unlock 0x%x 0x%x", + env_ptn->start, env_ptn->length); + + run_command(unlock, 0); + } +#endif + saveenv(); + +#ifdef CONFIG_CMD_NAND_LOCK_UNLOCK + if (env_ptn) + run_command(lock, 0); +#endif +} + +int check_parts_values(struct fastboot_ptentry *ptn) +{ + char var[64]; + + sprintf(var, "%s_nand_offset", ptn->name); + if (!getenv(var)) + return 1; + + sprintf(var, "%s_nand_size", ptn->name); + if (!getenv(var)) + return 1; + + return 0; +} + +static int write_to_ptn(struct fastboot_ptentry *ptn) +{ + int ret = 1; + char length[32]; + char write_type[32]; + int repeat, repeat_max; + +#ifdef CONFIG_CMD_NAND_LOCK_UNLOCK + char lock[128]; + char unlock[128]; +#endif + char write[128]; + char erase[128]; + + printf("flashing '%s'\n", ptn->name); + + /* Which flavor of write to use */ + if (ptn->flags & FASTBOOT_PTENTRY_FLAGS_WRITE_I) + sprintf(write_type, "write.i"); +#ifdef CONFIG_CMD_NAND_TRIMFFS + else if (ptn->flags & FASTBOOT_PTENTRY_FLAGS_WRITE_TRIMFFS) + sprintf(write_type, "write.trimffs"); +#endif + else + sprintf(write_type, "write"); + + /* Some flashing requires writing the same data in multiple, + consecutive flash partitions */ + repeat_max = 1; + if (ptn->flags & FASTBOOT_PTENTRY_FLAGS_REPEAT_MASK) { + if (ptn->flags & + FASTBOOT_PTENTRY_FLAGS_WRITE_CONTIGUOUS_BLOCK) { + printf("Warning can not do both 'contiguous block' " + "and 'repeat' writes for for partition '%s'\n", ptn->name); + printf("Ignoring repeat flag\n"); + } else { + repeat_max = ptn->flags & + FASTBOOT_PTENTRY_FLAGS_REPEAT_MASK; + } + } + + /* Unlock the whole partition instead of trying to + manage special cases */ + sprintf(length, "0x%x", ptn->length * repeat_max); + + for (repeat = 0; repeat < repeat_max; repeat++) { +#ifdef CONFIG_CMD_NAND_LOCK_UNLOCK + sprintf(lock, "nand lock 0x%x %s", + ptn->start + (repeat * ptn->length), length); + sprintf(unlock, "nand unlock 0x%x %s", + ptn->start + (repeat * ptn->length), length); +#endif + sprintf(erase, "nand erase 0x%x %s", + ptn->start + (repeat * ptn->length), length); + +#ifdef CONFIG_CMD_NAND_LOCK_UNLOCK + run_command(unlock, 0); +#endif + run_command(erase, 0); + + if ((ptn->flags & + FASTBOOT_PTENTRY_FLAGS_WRITE_NEXT_GOOD_BLOCK) && + (ptn->flags & + FASTBOOT_PTENTRY_FLAGS_WRITE_CONTIGUOUS_BLOCK)) { + /* Both can not be true */ + printf("Warning can not do 'next good block' and \ + 'contiguous block' for partition '%s'\n", + ptn->name); + printf("Ignoring these flags\n"); + } else if (ptn->flags & + FASTBOOT_PTENTRY_FLAGS_WRITE_NEXT_GOOD_BLOCK) { + /* Keep writing until you get a good block + transfer_buffer should already be aligned */ + if (interface.nand_block_size) { + unsigned int blocks = download_bytes / + interface.nand_block_size; + unsigned int i = 0; + unsigned int offset = 0; + + while (i < blocks) { + /* Check for overflow */ + if (offset >= ptn->length) + break; + + /* download's address only advance + if last write was successful */ + + /* nand's address always advances */ + sprintf(write, "nand %s 0x%p 0x%x 0x%x", write_type, + interface.transfer_buffer + + (i * interface.nand_block_size), + ptn->start + (repeat * ptn->length) + offset, + interface.nand_block_size); + + ret = run_command(write, 0); + if (ret) + break; + else + i++; + + /* Go to next nand block */ + offset += interface.nand_block_size; + } + } else { + printf("Warning nand block size can not be 0 \ + when using 'next good block' for \ + partition '%s'\n", ptn->name); + printf("Ignoring write request\n"); + } + } else if (ptn->flags & + FASTBOOT_PTENTRY_FLAGS_WRITE_CONTIGUOUS_BLOCK) { + /* Keep writing until you get a good block + transfer_buffer should already be aligned */ + if (interface.nand_block_size) { + if (0 == nand_curr_device) { + nand_info_t *nand; + unsigned long off; + unsigned int ok_start; + + nand = &nand_info[nand_curr_device]; + + printf("\nDevice %d bad blocks:\n", + nand_curr_device); + + /* Initialize the ok_start to the + start of the partition + Then try to find a block large + enough for the download */ + ok_start = ptn->start; + + /* It is assumed that the start and + length are multiples of block size */ + for (off = ptn->start; + off < ptn->start + ptn->length; + off += nand->erasesize) { + if (nand_block_isbad(nand, off)) { + /* Reset the ok_start + to the next block */ + ok_start = off + + nand->erasesize; + } + + /* Check if we have enough + blocks */ + if ((ok_start - off) >= + download_bytes) + break; + } + + /* Check if there is enough space */ + if (ok_start + download_bytes <= + ptn->start + ptn->length) { + + sprintf(write, "nand %s 0x%p 0x%x 0x%x", write_type, + interface.transfer_buffer, + ok_start, + download_bytes); + + ret = run_command(write, 0); + + /* Save the results into an + environment variable on the + format + ptn_name + 'offset' + ptn_name + 'size' */ + if (ret) { + /* failed */ + save_parts_values(ptn, ptn->start, 0); + } else { + /* success */ + save_parts_values(ptn, ok_start, download_bytes); + } + } else { + printf("Error could not find enough contiguous space " + "in partition '%s'\n", ptn->name); + printf("Ignoring write request\n"); + } + } else { + /* TBD : Generalize flash handling */ + printf("Error only handling 1 NAND per board"); + printf("Ignoring write request\n"); + } + } else { + printf("Warning nand block size can not be 0 \ + when using 'continuous block' for \ + partition '%s'\n", ptn->name); + printf("Ignoring write request\n"); + } + } else { + /* Normal case */ + sprintf(write, "nand %s 0x%p 0x%x 0x%x", write_type, + interface.transfer_buffer, + ptn->start + (repeat * ptn->length), + download_bytes); +#ifdef CONFIG_CMD_NAND_TRIMFFS + if (ptn->flags & FASTBOOT_PTENTRY_FLAGS_WRITE_TRIMFFS) { + sprintf(write, "nand %s 0x%p 0x%x 0x%x", write_type, + interface.transfer_buffer, + ptn->start + (repeat * ptn->length), + download_bytes_unpadded); + } +#endif + + ret = run_command(write, 0); + + if (0 == repeat) { + if (ret) /* failed */ + save_parts_values(ptn, ptn->start, 0); + else /* success */ + save_parts_values(ptn, ptn->start, + download_bytes); + } + } + +#ifdef CONFIG_CMD_NAND_LOCK_UNLOCK + run_command(lock, 0); +#endif + + if (ret) + break; + } + + return ret; +} +#else +static void save_env(struct fastboot_ptentry *ptn, + char *var, char *val) +{ + setenv(var, val); + saveenv(); +} +#endif + +/* When save = 0, just parse. The input is unchanged + When save = 1, parse and do the save. The input is changed */ +static int parse_env(void *ptn, char *err_string, int save, int debug) +{ + int ret = 1; + unsigned int sets = 0; + unsigned int comment_start = 0; + char *var = NULL; + char *var_end = NULL; + char *val = NULL; + char *val_end = NULL; + unsigned int i; + + char *buff = (char *)interface.transfer_buffer; + unsigned int size = download_bytes_unpadded; + + /* The input does not have to be null terminated. + This will cause a problem in the corner case + where the last line does not have a new line. + Put a null after the end of the input. + + WARNING : Input buffer is assumed to be bigger + than the size of the input */ + if (save) + buff[size] = 0; + + for (i = 0; i < size; i++) { + + if (NULL == var) { + + /* + * Check for comments, comment ok only on + * mostly empty lines + */ + if (buff[i] == '#') + comment_start = 1; + + if (comment_start) { + if ((buff[i] == '\r') || + (buff[i] == '\n')) { + comment_start = 0; + } + } else { + if (!((buff[i] == ' ') || + (buff[i] == '\t') || + (buff[i] == '\r') || + (buff[i] == '\n'))) { + /* + * Normal whitespace before the + * variable + */ + var = &buff[i]; + } + } + + } else if (((NULL == var_end) || (NULL == val)) && + ((buff[i] == '\r') || (buff[i] == '\n'))) { + + /* This is the case when a variable + is unset. */ + + if (save) { + /* Set the var end to null so the + normal string routines will work + + WARNING : This changes the input */ + buff[i] = '\0'; + + save_env(ptn, var, val); + + if (debug) + printf("Unsetting %s\n", var); + } + + /* Clear the variable so state is parse is back + to initial. */ + var = NULL; + var_end = NULL; + sets++; + } else if (NULL == var_end) { + if ((buff[i] == ' ') || + (buff[i] == '\t')) + var_end = &buff[i]; + } else if (NULL == val) { + if (!((buff[i] == ' ') || + (buff[i] == '\t'))) + val = &buff[i]; + } else if (NULL == val_end) { + if ((buff[i] == '\r') || + (buff[i] == '\n')) { + /* look for escaped cr or ln */ + if ('\\' == buff[i - 1]) { + /* check for dos */ + if ((buff[i] == '\r') && + (buff[i+1] == '\n')) + buff[i + 1] = ' '; + buff[i - 1] = buff[i] = ' '; + } else { + val_end = &buff[i]; + } + } + } else { + sprintf(err_string, "Internal Error"); + + if (debug) + printf("Internal error at %s %d\n", + __FILE__, __LINE__); + return 1; + } + /* Check if a var / val pair is ready */ + if (NULL != val_end) { + if (save) { + /* Set the end's with nulls so + normal string routines will + work. + + WARNING : This changes the input */ + *var_end = '\0'; + *val_end = '\0'; + + save_env(ptn, var, val); + + if (debug) + printf("Setting %s %s\n", var, val); + } + + /* Clear the variable so state is parse is back + to initial. */ + var = NULL; + var_end = NULL; + val = NULL; + val_end = NULL; + + sets++; + } + } + + /* Corner case + Check for the case that no newline at end of the input */ + if ((NULL != var) && + (NULL == val_end)) { + if (save) { + /* case of val / val pair */ + if (var_end) + *var_end = '\0'; + /* else case handled by setting 0 past + the end of buffer. + Similar for val_end being null */ + save_env(ptn, var, val); + + if (debug) { + if (var_end) + printf("Trailing Setting %s %s\n", var, val); + else + printf("Trailing Unsetting %s\n", var); + } + } + sets++; + } + /* Did we set anything ? */ + if (0 == sets) + sprintf(err_string, "No variables set"); + else + ret = 0; + + return ret; +} + +static int saveenv_to_ptn(struct fastboot_ptentry *ptn, char *err_string) +{ + int ret = 1; + int save = 0; + int debug = 0; + + /* err_string is only 32 bytes + Initialize with a generic error message. */ + sprintf(err_string, "%s", "Unknown Error"); + + /* Parse the input twice. + Only save to the enviroment if the entire input if correct */ + save = 0; + if (0 == parse_env(ptn, err_string, save, debug)) { + save = 1; + ret = parse_env(ptn, err_string, save, debug); + } + return ret; +} + + +#if defined(CONFIG_FASTBOOT_STORAGE_NAND) + +static void process_flash_nand(const char *cmdbuf, char *response) +{ + if (download_bytes) { + struct fastboot_ptentry *ptn; + + ptn = fastboot_flash_find_ptn(cmdbuf + 6); + if (ptn == 0) { + sprintf(response, "FAILpartition does not exist"); + } else if ((download_bytes > ptn->length) && + !(ptn->flags & FASTBOOT_PTENTRY_FLAGS_WRITE_ENV)) { + sprintf(response, "FAILimage too large for partition"); + /* TODO : Improve check for yaffs write */ + } else { + /* Check if this is not really a flash write + but rather a saveenv */ + if (ptn->flags & FASTBOOT_PTENTRY_FLAGS_WRITE_ENV) { + /* Since the response can only be 64 bytes, + there is no point in having a large error message. */ + char err_string[32]; + if (saveenv_to_ptn(ptn, &err_string[0])) { + printf("savenv '%s' failed : %s\n", + ptn->name, err_string); + sprintf(response, "FAIL%s", err_string); + } else { + printf("partition '%s' saveenv-ed\n", ptn->name); + sprintf(response, "OKAY"); + } + } else { + /* Normal case */ + if (write_to_ptn(ptn)) { + printf("flashing '%s' failed\n", ptn->name); + sprintf(response, "FAILfailed to flash partition"); + } else { + printf("partition '%s' flashed\n", ptn->name); + sprintf(response, "OKAY"); + } + } + } + } else { + sprintf(response, "FAILno image downloaded"); + } + +} +#endif + +#if defined(CONFIG_FASTBOOT_STORAGE_SATA) +static void process_flash_sata(const char *cmdbuf, char *response) +{ + if (download_bytes) { + struct fastboot_ptentry *ptn; + + /* Next is the partition name */ + ptn = fastboot_flash_find_ptn(cmdbuf + 6); + if (ptn == 0) { + printf("Partition:'%s' does not exist\n", ptn->name); + sprintf(response, "FAILpartition does not exist"); + } else if ((download_bytes > + ptn->length * MMC_SATA_BLOCK_SIZE) && + !(ptn->flags & FASTBOOT_PTENTRY_FLAGS_WRITE_ENV)) { + printf("Image too large for the partition\n"); + sprintf(response, "FAILimage too large for partition"); + } else if (ptn->flags & FASTBOOT_PTENTRY_FLAGS_WRITE_ENV) { + /* Since the response can only be 64 bytes, + there is no point in having a large error message. */ + char err_string[32]; + if (saveenv_to_ptn(ptn, &err_string[0])) { + printf("savenv '%s' failed : %s\n", ptn->name, err_string); + sprintf(response, "FAIL%s", err_string); + } else { + printf("partition '%s' saveenv-ed\n", ptn->name); + sprintf(response, "OKAY"); + } + } else { + unsigned int temp; + char sata_write[128]; + + /* block count */ + temp = (download_bytes + + MMC_SATA_BLOCK_SIZE - 1) / + MMC_SATA_BLOCK_SIZE; + + sprintf(sata_write, "sata write 0x%x 0x%x 0x%x", + (unsigned int)interface.transfer_buffer, + ptn->start, + temp) + + if (run_command(sata_write, 0)) { + printf("Writing '%s' FAILED!\n", + ptn->name); + sprintf(response, + "FAIL: Write partition"); + } else { + printf("Writing '%s' DONE!\n", + ptn->name); + sprintf(response, "OKAY"); + } + } + } else { + sprintf(response, "FAILno image downloaded"); + } + +} +#endif + +#if defined(CONFIG_FASTBOOT_STORAGE_MMC) +static void process_flash_mmc(const char *cmdbuf, char *response) +{ + if (download_bytes) { + struct fastboot_ptentry *ptn; + + /* Next is the partition name */ + ptn = fastboot_flash_find_ptn(cmdbuf + 6); + if (ptn == 0) { + printf("Partition:'%s' does not exist\n", ptn->name); + sprintf(response, "FAILpartition does not exist"); + } else if ((download_bytes > + ptn->length * MMC_SATA_BLOCK_SIZE) && + !(ptn->flags & FASTBOOT_PTENTRY_FLAGS_WRITE_ENV)) { + printf("Image too large for the partition\n"); + sprintf(response, "FAILimage too large for partition"); + } else if (ptn->flags & FASTBOOT_PTENTRY_FLAGS_WRITE_ENV) { + /* Since the response can only be 64 bytes, + there is no point in having a large error message. */ + char err_string[32]; + if (saveenv_to_ptn(ptn, &err_string[0])) { + printf("savenv '%s' failed : %s\n", ptn->name, err_string); + sprintf(response, "FAIL%s", err_string); + } else { + printf("partition '%s' saveenv-ed\n", ptn->name); + sprintf(response, "OKAY"); + } + } else { + unsigned int temp; + + char mmc_dev[128]; + char mmc_write[128]; + int mmcret; + + printf("writing to partition '%s'\n", ptn->name); + + if (ptn->partition_id != FASTBOOT_MMC_NONE_PARTITION_ID) + sprintf(mmc_dev, "mmc dev %x %x", + fastboot_devinfo.dev_id, /*slot no*/ + ptn->partition_id /*part no*/); + else + sprintf(mmc_dev, "mmc dev %x", + fastboot_devinfo.dev_id /*slot no*/); + + /* block count */ + temp = (download_bytes + + MMC_SATA_BLOCK_SIZE - 1) / + MMC_SATA_BLOCK_SIZE; + + sprintf(mmc_write, "mmc write 0x%x 0x%x 0x%x", + (unsigned int)interface.transfer_buffer, /*source*/ + ptn->start, /*dest*/ + temp /*length*/); + + printf("Initializing '%s'\n", ptn->name); + + mmcret = run_command(mmc_dev, 0); + if (mmcret) + sprintf(response, "FAIL:Init of MMC card"); + else + sprintf(response, "OKAY"); + + printf("Writing '%s'\n", ptn->name); + if (run_command(mmc_write, 0)) { + printf("Writing '%s' FAILED!\n", ptn->name); + sprintf(response, "FAIL: Write partition"); + } else { + printf("Writing '%s' DONE!\n", ptn->name); + sprintf(response, "OKAY"); + } + } + } else { + sprintf(response, "FAILno image downloaded"); + } +} + +#endif + +static void reset_handler () +{ + /* If there was a download going on, bail */ + download_size = 0; + download_bytes = 0; + download_bytes_unpadded = 0; + download_error = 0; + continue_booting = 0; + upload_size = 0; + upload_bytes = 0; + upload_error = 0; +} + +static void rx_process_getvar(const char *cmdbuf, char *response) +{ + int temp_len = 0; + + strcpy(response, "OKAY"); + + temp_len = strlen("getvar:"); + if (!strcmp(cmdbuf + temp_len, "version")) { + strcpy(response + 4, FASTBOOT_VERSION); + } else if (!strcmp(cmdbuf + temp_len, + "product")) { + if (interface.product_name) + strcpy(response + 4, interface.product_name); + + } else if (!strcmp(cmdbuf + temp_len, + "serialno")) { + if (interface.serial_no) + strcpy(response + 4, interface.serial_no); + + } else if (!strcmp(cmdbuf + temp_len, + "downloadsize")) { + if (interface.transfer_buffer_size) + sprintf(response + 4, "0x%x", + interface.transfer_buffer_size); + } else { + fastboot_getvar(cmdbuf + 7, response + 4); + } +} + +static void rx_process_reboot(const char *cmdbuf, char *response) +{ + sprintf(response, "OKAY"); + fastboot_tx_status(response, strlen(response)); + udelay(1000000); /* 1 sec */ + + do_reset(NULL, 0, 0, NULL); +} + +static int rx_process_erase(const char *cmdbuf, char *response) +{ +#if defined(CONFIG_FASTBOOT_STORAGE_NAND) + struct fastboot_ptentry *ptn; + + ptn = fastboot_flash_find_ptn(cmdbuf + 6); + if (ptn == 0) { + sprintf(response, "FAILpartition does not exist"); + } else { + int status, repeat, repeat_max; + + printf("erasing '%s'\n", ptn->name); + +#ifdef CONFIG_CMD_NAND_LOCK_UNLOCK + char lock[128]; + char unlock[128]; +#endif + char erase[128]; + + repeat_max = 1; + if (ptn->flags & FASTBOOT_PTENTRY_FLAGS_REPEAT_MASK) + repeat_max = ptn->flags & FASTBOOT_PTENTRY_FLAGS_REPEAT_MASK; + + for (repeat = 0; repeat < repeat_max; + repeat++) { +#ifdef CONFIG_CMD_NAND_LOCK_UNLOCK + sprintf(lock, "nand lock 0x%x 0x%x", + ptn->start + (repeat * ptn->length), + ptn->length); + sprintf(unlock, "nand unlock 0x%x 0x%x", + ptn->start + (repeat * ptn->length), + ptn->length); +#endif + sprintf(erase, "nand erase 0x%x 0x%x", + ptn->start + (repeat * ptn->length), + ptn->length); + +#ifdef CONFIG_CMD_NAND_LOCK_UNLOCK + run_command(unlock, 0); +#endif + status = run_command(erase, 0); +#ifdef CONFIG_CMD_NAND_LOCK_UNLOCK + run_command(lock, 0); +#endif + + if (status) + break; + } + + if (status) { + sprintf(response, + "FAILfailed to erase partition"); + } else { + printf("partition '%s' erased\n", ptn->name); + sprintf(response, "OKAY"); + } + } + return 0; +#else + printf("Not support erase command for EMMC\n"); + return -1; +#endif + +} + +static void rx_process_flash(const char *cmdbuf, char *response) +{ + switch (fastboot_devinfo.type) { +#if defined(CONFIG_FASTBOOT_STORAGE_SATA) + case DEV_SATA: + process_flash_sata(cmdbuf, response); + break; +#endif +#if defined(CONFIG_FASTBOOT_STORAGE_MMC) + case DEV_MMC: + process_flash_mmc(cmdbuf, response); + break; +#endif +#if defined(CONFIG_FASTBOOT_STORAGE_NAND) + case DEV_NAND: + process_flash_nand(cmdbuf, response); + break; +#endif + default: + printf("Not support flash command for current device %d\n", + fastboot_devinfo.type); + sprintf(response, + "FAILfailed to flash device"); + break; + } +} + +static void rx_process_boot(const char *cmdbuf, char *response) +{ + if ((download_bytes) && + (CFG_FASTBOOT_MKBOOTIMAGE_PAGE_SIZE < + download_bytes)) { + char start[32]; + char *booti_args[4] = {"booti", NULL, "boot", NULL}; + + /* + * Use this later to determine if a command line was passed + * for the kernel. + */ + /* struct fastboot_boot_img_hdr *fb_hdr = */ + /* (struct fastboot_boot_img_hdr *) interface.transfer_buffer; */ + + /* Skip the mkbootimage header */ + /* image_header_t *hdr = */ + /* (image_header_t *) */ + /* &interface.transfer_buffer[CFG_FASTBOOT_MKBOOTIMAGE_PAGE_SIZE]; */ + + booti_args[1] = start; + sprintf(start, "0x%x", (unsigned int)interface.transfer_buffer); + + /* Execution should jump to kernel so send the response + now and wait a bit. */ + sprintf(response, "OKAY"); + fastboot_tx_status(response, strlen(response)); + + printf("Booting kernel...\n"); + + + /* Reserve for further use, this can + * be more convient for developer. */ + /* if (strlen ((char *) &fb_hdr->cmdline[0])) */ + /* set_env("bootargs", (char *) &fb_hdr->cmdline[0]); */ + + /* boot the boot.img */ + do_booti(NULL, 0, 3, booti_args); + + + } + sprintf(response, "FAILinvalid boot image"); +} + +static void rx_process_upload(const char *cmdbuf, char *response) +{ +#if defined(CONFIG_FASTBOOT_STORAGE_NAND) + unsigned int adv, delim_index, len; + struct fastboot_ptentry *ptn; + unsigned int is_raw = 0; + + /* Is this a raw read ? */ + if (memcmp(cmdbuf, "uploadraw:", 10) == 0) { + is_raw = 1; + adv = 10; + } else { + adv = 7; + } + + /* Scan to the next ':' to find when the size starts */ + len = strlen(cmdbuf); + for (delim_index = adv; + delim_index < len; delim_index++) { + if (cmdbuf[delim_index] == ':') { + /* WARNING, cmdbuf is being modified. */ + *((char *) &cmdbuf[delim_index]) = 0; + break; + } + } + + ptn = fastboot_flash_find_ptn(cmdbuf + adv); + if (ptn == 0) { + sprintf(response, + "FAILpartition does not exist"); + } else { + /* This is how much the user is expecting */ + unsigned int user_size; + /* + * This is the maximum size needed for + * this partition + */ + unsigned int size; + /* This is the length of the data */ + unsigned int length; + /* + * Used to check previous write of + * the parition + */ + char env_ptn_length_var[128]; + char *env_ptn_length_val; + + user_size = 0; + if (delim_index < len) + user_size = + simple_strtoul(cmdbuf + delim_index + 1, + NULL, 16); + + /* Make sure output is padded to block size */ + length = ptn->length; + sprintf(env_ptn_length_var, + "%s_nand_size", ptn->name); + env_ptn_length_val = getenv(env_ptn_length_var); + if (env_ptn_length_val) { + length = + simple_strtoul(env_ptn_length_val, + NULL, 16); + /* Catch possible problems */ + if (!length) + length = ptn->length; + } + + size = length / interface.nand_block_size; + size *= interface.nand_block_size; + if (length % interface.nand_block_size) + size += interface.nand_block_size; + + if (is_raw) + size += (size / + interface.nand_block_size) * + interface.nand_oob_size; + + if (size > interface.transfer_buffer_size) { + + sprintf(response, "FAILdata too large"); + + } else if (user_size == 0) { + + /* Send the data response */ + sprintf(response, "DATA%08x", size); + + } else if (user_size != size) { + /* This is the wrong size */ + sprintf(response, "FAIL"); + } else { + /* + * This is where the transfer + * buffer is populated + */ + unsigned char *buf = + interface.transfer_buffer; + char read[128]; + + /* + * Setting upload_size causes + * transfer to happen in main loop + */ + upload_size = size; + upload_bytes = 0; + upload_error = 0; + + /* + * Poison the transfer buffer, 0xff + * is erase value of nand + */ + memset(buf, 0xff, upload_size); + + /* Which flavor of read to use */ + if (is_raw) + sprintf(read, "nand read.raw 0x%x 0x%x 0x%x", + (unsigned int)(interface.transfer_buffer), + ptn->start, + upload_size); + else + sprintf(read, "nand read.i 0x%x 0x%x 0x%x", + (unsigned int)(interface.transfer_buffer), + ptn->start, + upload_size); + + run_command(read, 0); + + /* Send the data response */ + sprintf(response, "DATA%08x", size); + } + } +#endif + +} + +static int tx_handler(void) +{ + if (upload_size) { + + int bytes_written; + bytes_written = fastboot_tx(interface.transfer_buffer + + upload_bytes, upload_size - + upload_bytes); + if (bytes_written > 0) { + + upload_bytes += bytes_written; + /* Check if this is the last */ + if (upload_bytes == upload_size) { + + /* Reset upload */ + upload_size = 0; + upload_bytes = 0; + upload_error = 0; + } + } + } + return upload_error; +} + +static int rx_handler (const unsigned char *buffer, unsigned int buffer_size) +{ + int ret = 1; + + /*response buffer, Use 65 instead of 64 + null gets dropped. strcpy's need the extra byte */ + char response[FASTBOOT_RESPONSE_SIZE]; + + if (download_size) { + /* Something to download */ + + if (buffer_size) { + /* Handle possible overflow */ + unsigned int transfer_size = + download_size - download_bytes; + + if (buffer_size < transfer_size) + transfer_size = buffer_size; + + /* Save the data to the transfer buffer */ + memcpy(interface.transfer_buffer + download_bytes, + buffer, transfer_size); + + download_bytes += transfer_size; + + /* Check if transfer is done */ + if (download_bytes >= download_size) { + /* Reset global transfer variable, + Keep download_bytes because it will be + used in the next possible flashing command */ + download_size = 0; + + if (download_error) { + /* There was an earlier error */ + sprintf(response, "ERROR"); + } else { + /* Everything has transferred, + send the OK response */ + sprintf(response, "OKAY"); + } + fastboot_tx_status(response, strlen(response)); + + printf("\ndownloading of %d bytes finished\n", + download_bytes); + +#if defined(CONFIG_FASTBOOT_STORAGE_NAND) + /* Pad to block length + In most cases, padding the download to be + block aligned is correct. The exception is + when the following flash writes to the oob + area. This happens when the image is a + YAFFS image. Since we do not know what + the download is until it is flashed, + go ahead and pad it, but save the true + size in case if should have + been unpadded */ + download_bytes_unpadded = download_bytes; + if (interface.nand_block_size) { + if (download_bytes % + interface.nand_block_size) { + unsigned int pad = + interface.nand_block_size - + (download_bytes % interface.nand_block_size); + unsigned int i; + + for (i = 0; i < pad; i++) { + if (download_bytes >= + interface.transfer_buffer_size) + break; + + interface.transfer_buffer[download_bytes] = 0; + download_bytes++; + } + } + } +#endif + } + + /* Provide some feedback */ + if (download_bytes && + 0 == (download_bytes % + (16 * interface.nand_block_size))) { + /* Some feeback that the + download is happening */ + if (download_error) + printf("X"); + else + printf("."); + if (0 == (download_bytes % + (80 * 16 * + interface.nand_block_size))) + printf("\n"); + + } + } else { + /* Ignore empty buffers */ + printf("Warning empty download buffer\n"); + printf("Ignoring\n"); + } + ret = 0; + } else { + /* A command */ + + /* Cast to make compiler happy with string functions */ + const char *cmdbuf = (char *) buffer; + printf("cmdbuf: %s\n", cmdbuf); + + /* Generic failed response */ + sprintf(response, "FAIL"); + + /* reboot + Reboot the board. */ + if (memcmp(cmdbuf, "reboot", 6) == 0) { + rx_process_reboot(cmdbuf, response); + /* This code is unreachable, + leave it to make the compiler happy */ + return 0; + } + + /* getvar + Get common fastboot variables + Board has a chance to handle other variables */ + if (memcmp(cmdbuf, "getvar:", 7) == 0) { + rx_process_getvar(cmdbuf, response); + ret = 0; + } + + /* erase + Erase a register flash partition + Board has to set up flash partitions */ + if (memcmp(cmdbuf, "erase:", 6) == 0) + ret = rx_process_erase(cmdbuf, response); + + /* download + download something .. + What happens to it depends on the next command after data */ + + if (memcmp(cmdbuf, "download:", 9) == 0) { + + /* save the size */ + download_size = simple_strtoul(cmdbuf + 9, NULL, 16); + /* Reset the bytes count, now it is safe */ + download_bytes = 0; + /* Reset error */ + download_error = 0; + + printf("Starting download of %d bytes\n", + download_size); + + if (0 == download_size) { + /* bad user input */ + sprintf(response, "FAILdata invalid size"); + } else if (download_size > + interface.transfer_buffer_size) { + /* set download_size to 0 because this is an error */ + download_size = 0; + sprintf(response, "FAILdata too large"); + } else { + /* The default case, the transfer fits + completely in the interface buffer */ + sprintf(response, "DATA%08x", download_size); + } + ret = 0; + } + + /* boot + boot what was downloaded + + WARNING WARNING WARNING + + This is not what you expect. + The fastboot client does its own packaging of the + kernel. The layout is defined in the android header + file bootimage.h. This layeout is copiedlooks like this, + + ** + ** +-----------------+ + ** | boot header | 1 page + ** +-----------------+ + ** | kernel | n pages + ** +-----------------+ + ** | ramdisk | m pages + ** +-----------------+ + ** | second stage | o pages + ** +-----------------+ + ** + + We only care about the kernel. + So we have to jump past a page. + + What is a page size ? + The fastboot client uses 2048 + + The is the default value of + + CFG_FASTBOOT_MKBOOTIMAGE_PAGE_SIZE + + */ + + if (memcmp(cmdbuf, "boot", 4) == 0) { + rx_process_boot(cmdbuf, response); + ret = 0; + } + + /* flash + Flash what was downloaded */ + if (memcmp(cmdbuf, "flash:", 6) == 0) { + rx_process_flash(cmdbuf, response); + ret = 0; + } + + /* continue + Stop doing fastboot */ + if (memcmp(cmdbuf, "continue", 8) == 0) { + sprintf(response, "OKAY"); + continue_booting = 1; + ret = 0; + } + + /* upload + Upload just the data in a partition */ + if ((memcmp(cmdbuf, "upload:", 7) == 0) || + (memcmp(cmdbuf, "uploadraw:", 10) == 0)) { + rx_process_upload(cmdbuf, response); + ret = 0; + } + + fastboot_tx_status(response, strlen(response)); + + } /* End of command */ + + return ret; +} + +int do_fastboot(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +{ + int ret = 1; + int check_timeout = 0; + uint64_t timeout_endtime = 0; + uint64_t timeout_ticks = 1000; + int continue_from_disconnect = 0; + + do { + continue_from_disconnect = 0; + + /* Initialize the board specific support */ + if (0 == fastboot_init(&interface)) { + + int poll_status; + + /* If we got this far, we are a success */ + ret = 0; + printf("fastboot initialized\n"); + + timeout_endtime = get_timer(0); + timeout_endtime += timeout_ticks; + + while (1) { + uint64_t current_time = 0; + poll_status = fastboot_poll(); + + if (1 == check_timeout) + current_time = get_timer(0); + + if (FASTBOOT_ERROR == poll_status) { + /* Error */ + break; + } else if (FASTBOOT_DISCONNECT == poll_status) { + /* beak, cleanup and re-init */ + printf("Fastboot disconnect detected\n"); + continue_from_disconnect = 1; + break; + } else if ((1 == check_timeout) && + (FASTBOOT_INACTIVE == poll_status)) { + + /* No activity */ + if (current_time >= timeout_endtime) { + printf("Fastboot inactivity detected\n"); + break; + } + } else { + /* Something happened */ + if (1 == check_timeout) { + /* Update the timeout endtime */ + timeout_endtime = current_time; + timeout_endtime += timeout_ticks; + } + } + + /* Check if the user wanted to terminate with ^C */ + if ((FASTBOOT_INACTIVE == poll_status) && + (ctrlc())) { + printf("Fastboot ended by user\n"); + break; + } + + /* + * Check if the fastboot client wanted to + * continue booting + */ + if (continue_booting) { + printf("Fastboot ended by client\n"); + break; + } + + /* Check if there is something to upload */ + tx_handler(); + } + } + + /* Reset the board specific support */ + fastboot_shutdown(); + + /* restart the loop if a disconnect was detected */ + } while (continue_from_disconnect); + + return ret; +} + +U_BOOT_CMD( + fastboot, 2, 1, do_fastboot, + "fastboot- use USB Fastboot protocol\n", + "[inactive timeout]\n" + " - Run as a fastboot usb device.\n" + " - The optional inactive timeout is the decimal seconds before\n" + " - the normal console resumes\n" +); + + +#ifdef CONFIG_CMD_BOOTI + /* Section for Android bootimage format support + * Refer: + * http://android.git.kernel.org/?p=platform/system/core.git;a=blob; + * f=mkbootimg/bootimg.h + */ + +void +bootimg_print_image_hdr(struct fastboot_boot_img_hdr *hdr) +{ +#ifdef DEBUG + int i; + printf(" Image magic: %s\n", hdr->magic); + + printf(" kernel_size: 0x%x\n", hdr->kernel_size); + printf(" kernel_addr: 0x%x\n", hdr->kernel_addr); + + printf(" rdisk_size: 0x%x\n", hdr->ramdisk_size); + printf(" rdisk_addr: 0x%x\n", hdr->ramdisk_addr); + + printf(" second_size: 0x%x\n", hdr->second_size); + printf(" second_addr: 0x%x\n", hdr->second_addr); + + printf(" tags_addr: 0x%x\n", hdr->tags_addr); + printf(" page_size: 0x%x\n", hdr->page_size); + + printf(" name: %s\n", hdr->name); + printf(" cmdline: %s%x\n", hdr->cmdline); + + for (i = 0; i < 8; i++) + printf(" id[%d]: 0x%x\n", i, hdr->id[i]); +#endif +} + +static unsigned char boothdr[512] __aligned(ARCH_DMA_MINALIGN); + +#define ALIGN_SECTOR(n, pagesz) ((n + (pagesz - 1)) & (~(pagesz - 1))) + +#ifdef CONFIG_LMB +static void boot_start_lmb(bootm_headers_t *images) +{ + ulong mem_start; + phys_size_t mem_size; + + lmb_init(&images->lmb); + + mem_start = getenv_bootm_low(); + mem_size = getenv_bootm_size(); + + lmb_add(&images->lmb, (phys_addr_t)mem_start, mem_size); + + arch_lmb_reserve(&images->lmb); + board_lmb_reserve(&images->lmb); +} +#else +#define lmb_reserve(lmb, base, size) +static inline void boot_start_lmb(bootm_headers_t *images) { } +#endif + +/* booti <addr> [ mmc0 | mmc1 [ <partition> ] ] */ +int do_booti(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) +{ + unsigned addr = 0; + char *ptn = "boot"; + int mmcc = -1; + struct fastboot_boot_img_hdr *hdr = (void *)boothdr; +#ifdef CONFIG_SECURE_BOOT + u_int32_t load_addr; + uint32_t image_size; +#endif + int i = 0; + bootm_headers_t images; + + for (i = 0; i < argc; i++) + printf("%s ", argv[i]); + printf("\n"); + + if (argc < 2) + return -1; + + if (!strncmp(argv[1], "mmc", 3)) + mmcc = simple_strtoul(argv[1]+3, NULL, 10); + else + addr = simple_strtoul(argv[1], NULL, 16); + + if (argc > 2) + ptn = argv[2]; + + if (mmcc != -1) { +#ifdef CONFIG_MMC + struct fastboot_ptentry *pte; + struct mmc *mmc; + disk_partition_t info; + block_dev_desc_t *dev_desc = NULL; + unsigned sector; + + memset((void *)&info, 0 , sizeof(disk_partition_t)); + /* i.MX use MBR as partition table, so this will have + to find the start block and length for the + partition name and register the fastboot pte we + define the partition number of each partition in + config file + */ + mmc = find_mmc_device(mmcc); + if (!mmc) { + printf("booti: cannot find '%d' mmc device\n", mmcc); + goto fail; + } + dev_desc = get_dev("mmc", mmcc); + if (NULL == dev_desc) { + printf("** Block device MMC %d not supported\n", mmcc); + goto fail; + } + + /* below was i.MX mmc operation code */ + if (mmc_init(mmc)) { + printf("mmc%d init failed\n", mmcc); + goto fail; + } + + pte = fastboot_flash_find_ptn(ptn); + if (!pte) { + printf("booti: cannot find '%s' partition\n", ptn); + goto fail; + } + + if (mmc->block_dev.block_read(mmcc, pte->start, + 1, (void *)hdr) < 0) { + printf("booti: mmc failed to read bootimg header\n"); + goto fail; + } + + if (memcmp(hdr->magic, FASTBOOT_BOOT_MAGIC, 8)) { + printf("booti: bad boot image magic\n"); + goto fail; + } + + sector = pte->start + (hdr->page_size / 512); + + if (mmc->block_dev.block_read(mmcc, sector, + (hdr->kernel_size / 512) + 1, + (void *)hdr->kernel_addr) < 0) { + printf("booti: mmc failed to read kernel\n"); + goto fail; + } + /* flush cache after read */ + flush_cache((ulong)hdr->kernel_addr, hdr->kernel_size); /* FIXME */ + sector += ALIGN_SECTOR(hdr->kernel_size, hdr->page_size) / 512; + if (mmc->block_dev.block_read(mmcc, sector, + (hdr->ramdisk_size / 512) + 1, + (void *)hdr->ramdisk_addr) < 0) { + printf("booti: mmc failed to read ramdisk\n"); + goto fail; + } + /* flush cache after read */ + flush_cache((ulong)hdr->ramdisk_addr, hdr->ramdisk_size); /* FIXME */ + +#ifdef CONFIG_OF_LIBFDT + /* load the dtb file */ + if (hdr->second_size && hdr->second_addr) { + sector += ALIGN_SECTOR(hdr->ramdisk_size, hdr->page_size) / 512; + if (mmc->block_dev.block_read(mmcc, sector, + (hdr->second_size / 512) + 1, + (void *)hdr->second_addr) < 0) { + printf("booti: mmc failed to dtb\n"); + goto fail; + } + /* flush cache after read */ + flush_cache((ulong)hdr->second_addr, hdr->second_size); /* FIXME */ + } +#endif /*CONFIG_OF_LIBFDT*/ + +#else /*! CONFIG_MMC*/ + return -1; +#endif /*! CONFIG_MMC*/ + } else { + unsigned kaddr, raddr, end; +#ifdef CONFIG_OF_LIBFDT + unsigned fdtaddr = 0; +#endif + + /* set this aside somewhere safe */ + memcpy(hdr, (void *) addr, sizeof(*hdr)); + + if (memcmp(hdr->magic, FASTBOOT_BOOT_MAGIC, 8)) { + printf("booti: bad boot image magic\n"); + return 1; + } + + bootimg_print_image_hdr(hdr); + + kaddr = addr + hdr->page_size; + raddr = kaddr + ALIGN_SECTOR(hdr->kernel_size, hdr->page_size); + end = raddr + hdr->ramdisk_size; +#ifdef CONFIG_OF_LIBFDT + if (hdr->second_size) { + fdtaddr = raddr + ALIGN_SECTOR(hdr->ramdisk_size, hdr->page_size); + end = fdtaddr + hdr->second_size; + } +#endif /*CONFIG_OF_LIBFDT*/ + if (kaddr != hdr->kernel_addr) { + /*check overlap*/ + if (((hdr->kernel_addr >= addr) && + (hdr->kernel_addr <= end)) || + ((addr >= hdr->kernel_addr) && + (addr <= hdr->kernel_addr + hdr->kernel_size))) { + printf("Fail: booti address overlap with kernel address\n"); + return 1; + } + memmove((void *) hdr->kernel_addr, + (void *)kaddr, hdr->kernel_size); + } + if (raddr != hdr->ramdisk_addr) { + /*check overlap*/ + if (((hdr->ramdisk_addr >= addr) && + (hdr->ramdisk_addr <= end)) || + ((addr >= hdr->ramdisk_addr) && + (addr <= hdr->ramdisk_addr + hdr->ramdisk_size))) { + printf("Fail: booti address overlap with ramdisk address\n"); + return 1; + } + memmove((void *) hdr->ramdisk_addr, + (void *)raddr, hdr->ramdisk_size); + } + +#ifdef CONFIG_OF_LIBFDT + if (hdr->second_size && fdtaddr != hdr->second_addr) { + /*check overlap*/ + if (((hdr->second_addr >= addr) && + (hdr->second_addr <= end)) || + ((addr >= hdr->second_addr) && + (addr <= hdr->second_addr + hdr->second_size))) { + printf("Fail: booti address overlap with FDT address\n"); + return 1; + } + memmove((void *) hdr->second_addr, + (void *)fdtaddr, hdr->second_size); + } +#endif /*CONFIG_OF_LIBFDT*/ + } + + printf("kernel @ %08x (%d)\n", hdr->kernel_addr, hdr->kernel_size); + printf("ramdisk @ %08x (%d)\n", hdr->ramdisk_addr, hdr->ramdisk_size); +#ifdef CONFIG_OF_LIBFDT + if (hdr->second_size) + printf("fdt @ %08x (%d)\n", hdr->second_addr, hdr->second_size); +#endif /*CONFIG_OF_LIBFDT*/ + +#ifdef CONFIG_SECURE_BOOT +#define IVT_SIZE 0x20 +#define CSF_PAD_SIZE 0x2000 + extern uint32_t authenticate_image(uint32_t ddr_start, + uint32_t image_size); + + image_size = hdr->ramdisk_addr + hdr->ramdisk_size - hdr->kernel_addr - + IVT_SIZE - CSF_PAD_SIZE; + + if (authenticate_image(hdr->kernel_addr, image_size)) { + printf("Authenticate OK\n"); + } else { + printf("Authenticate image Fail, Please check\n\n"); + return 1; + } +#endif /*CONFIG_SECURE_BOOT*/ + +#ifdef CONFIG_CMDLINE_TAG + char *commandline = getenv("bootargs"); + + /* If no bootargs env, just use hdr command line */ + if (!commandline) { + commandline = (char *)hdr->cmdline; + setenv("bootargs", commandline); + } + + /* XXX: in production, you should always use boot.img 's cmdline !!! */ + printf("kernel cmdline:\n"); + printf("\tuse boot.img "); + printf("command line:\n\t%s\n", commandline); +#endif /*CONFIG_CMDLINE_TAG*/ + + memset(&images, 0, sizeof(images)); + + /*Setup lmb for memory reserve*/ + boot_start_lmb(&images); + + images.ep = hdr->kernel_addr; + images.rd_start = hdr->ramdisk_addr; + images.rd_end = hdr->ramdisk_addr + hdr->ramdisk_size; + + /*Reserve memory for kernel image*/ + lmb_reserve(&images.lmb, images.ep, hdr->kernel_size); + +#ifdef CONFIG_OF_LIBFDT + /*use secondary fields for fdt, second_size= fdt size, second_addr= fdt addr*/ + images.ft_addr = (char *)(hdr->second_addr); + images.ft_len = (ulong)(hdr->second_size); + set_working_fdt_addr(images.ft_addr); +#endif /*CONFIG_OF_LIBFDT*/ + + arch_preboot_os(); + + do_bootm_linux(0, 0, NULL, &images); + + puts("booti: Control returned to monitor - resetting...\n"); + do_reset(cmdtp, flag, argc, argv); + return 1; + +fail: +#ifdef CONFIG_FASTBOOT + return do_fastboot(NULL, 0, 0, NULL); +#else /*! CONFIG_FASTBOOT*/ + return -1; +#endif /*! CONFIG_FASTBOOT*/ +} + +U_BOOT_CMD( + booti, 3, 1, do_booti, + "booti - boot android bootimg from memory\n", + "[<addr> | mmc0 | mmc1 | mmc2 | mmcX] [<partition>]\n " + "- boot application image stored in memory or mmc\n" + "\t'addr' should be the address of boot image " + "which is zImage+ramdisk.img\n" + "\t'mmcX' is the mmc device you store your boot.img, " + "which will read the boot.img from 1M offset('/boot' partition)\n" + "\t 'partition' (optional) is the partition id of your device, " + "if no partition give, will going to 'boot' partition\n" +); +#endif /* CONFIG_CMD_BOOTI */ + +#endif /* CONFIG_FASTBOOT */ |