1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
|
/* Copyright 2016 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#include "byteorder.h"
#include "console.h"
#include "dcrypto/dcrypto.h"
#include "extension.h"
#include "flash.h"
#include "hooks.h"
#include "include/compile_time_macros.h"
#include "sha1.h"
#include "uart.h"
#define CPRINTF(format, args...) cprintf(CC_EXTENSION, format, ## args)
/* Various upgrade extension command return values. */
enum return_value {
UPGRADE_SUCCESS = 0,
UPGRADE_BAD_ADDR = 1,
UPGRADE_ERASE_FAILURE = 2,
UPGRADE_DATA_ERROR = 3,
UPGRADE_WRITE_FAILURE = 4,
UPGRADE_VERIFY_ERROR = 5,
UPGRADE_GEN_ERROR = 6,
};
/*
* The payload of the upgrade command. (Integer values in network byte order).
*
* block digest: the first four bytes of the sha1 digest of the rest of the
* structure.
* block_base: address where this block needs to be written to.
* block_body: variable size data to written at address 'block_base'.
*/
struct upgrade_command {
uint32_t block_digest;
uint32_t block_base;
uint8_t block_body[0];
} __packed;
/*
* This array defines two possibe sections available for the firmare update.
* The section whcih does not map the current execting code is picked as the
* valid update area. The values are offsets into the flash space.
*/
const struct section_descriptor {
uint32_t sect_base_offset;
uint32_t sect_top_offset;
} rw_sections[] = {
{CONFIG_RW_MEM_OFF,
CONFIG_RW_MEM_OFF + CONFIG_RW_SIZE},
{CONFIG_RW_B_MEM_OFF,
CONFIG_RW_B_MEM_OFF + CONFIG_RW_SIZE}
};
const struct section_descriptor *valid_section;
/* Pick the section where updates can go to based on current code address. */
static void set_valid_section(void)
{
int i;
uint32_t run_time_offs = (uint32_t) set_valid_section -
CONFIG_PROGRAM_MEMORY_BASE;
for (i = 0; i < ARRAY_SIZE(rw_sections); i++) {
if ((run_time_offs > rw_sections[i].sect_base_offset) &&
(run_time_offs < rw_sections[i].sect_top_offset))
continue;
valid_section = rw_sections + i;
break;
}
}
/* Verify that the passed in block fits into the valid area. */
static int valid_upgrade_chunk(uint32_t block_offset, size_t body_size)
{
if (valid_section &&
(block_offset >= valid_section->sect_base_offset) &&
((block_offset + body_size) < valid_section->sect_top_offset))
return 1;
return 0;
}
void fw_upgrade_command_handler(void *body,
size_t cmd_size,
size_t *response_size)
{
struct upgrade_command *cmd_body = body;
uint8_t *rv = body;
uint8_t sha1_digest[SHA1_DIGEST_SIZE];
size_t body_size;
uint32_t block_offset;
/*
* A single byte response, unless this is the first message in the
* programming sequence.
*/
*response_size = sizeof(*rv);
body_size = cmd_size - offsetof(struct upgrade_command, block_body);
if (body_size < 0) {
CPRINTF("%s:%d\n", __func__, __LINE__);
*rv = UPGRADE_GEN_ERROR;
return;
}
if (!cmd_body->block_base && !body_size) {
/*
* This is the first message of the upgrade process, let's
* determine the valid upgrade section and erase its contents.
*/
set_valid_section();
if (flash_physical_erase(valid_section->sect_base_offset,
valid_section->sect_top_offset -
valid_section->sect_base_offset)) {
CPRINTF("%s:%d erase failure of 0x%x..+0x%x\n",
__func__, __LINE__,
valid_section->sect_base_offset,
valid_section->sect_top_offset -
valid_section->sect_base_offset);
*rv = UPGRADE_ERASE_FAILURE;
return;
}
/*
* Successful erase means that we need to return the base
* address of the section to be programmed with the upgrade.
*/
*(uint32_t *)body = htobe32(valid_section->sect_base_offset +
CONFIG_PROGRAM_MEMORY_BASE);
*response_size = sizeof(uint32_t);
return;
}
/* Check if the block will fit into the valid area. */
block_offset = be32toh(cmd_body->block_base) -
CONFIG_PROGRAM_MEMORY_BASE;
if (!valid_upgrade_chunk(block_offset, body_size)) {
*rv = UPGRADE_BAD_ADDR;
CPRINTF("%s:%d %x, %d base %x top %x\n", __func__, __LINE__,
block_offset, body_size,
valid_section->sect_base_offset,
valid_section->sect_top_offset);
return;
}
/* Check if the block was received properly. */
DCRYPTO_SHA1_hash((uint8_t *)&cmd_body->block_base,
body_size + sizeof(cmd_body->block_base),
sha1_digest);
if (memcmp(sha1_digest, &cmd_body->block_digest,
sizeof(cmd_body->block_digest))) {
*rv = UPGRADE_DATA_ERROR;
CPRINTF("%s:%d sha1 %x not equal received %x at offs. 0x%x\n",
__func__, __LINE__,
*(uint32_t *)sha1_digest, cmd_body->block_digest,
block_offset);
return;
}
CPRINTF("%s: programming at address 0x%x\n", __func__,
block_offset + CONFIG_PROGRAM_MEMORY_BASE);
if (flash_physical_write(block_offset, body_size,
cmd_body->block_body) != EC_SUCCESS) {
*rv = UPGRADE_WRITE_FAILURE;
CPRINTF("%s:%d upgrade write error\n",
__func__, __LINE__);
return;
}
/* Werify that data was written properly. */
if (memcmp(cmd_body->block_body, (void *)
(block_offset + CONFIG_PROGRAM_MEMORY_BASE),
body_size)) {
*rv = UPGRADE_VERIFY_ERROR;
CPRINTF("%s:%d upgrade verification error\n",
__func__, __LINE__);
return;
}
*rv = UPGRADE_SUCCESS;
}
|
