1 // SPDX-License-Identifier: GPL-2.0+
3 * Copyright 2014 Broadcom Corporation.
10 #include <fastboot-internal.h>
12 #include <image-sparse.h>
18 #include <linux/compat.h>
19 #include <android_image.h>
21 #define BOOT_PARTITION_NAME "boot"
23 struct fb_mmc_sparse {
24 struct blk_desc *dev_desc;
27 static int raw_part_get_info_by_name(struct blk_desc *dev_desc,
29 struct disk_partition *info)
31 /* strlen("fastboot_raw_partition_") + PART_NAME_LEN + 1 */
32 char env_desc_name[23 + PART_NAME_LEN + 1];
35 const char **parg = argv;
37 /* check for raw partition descriptor */
38 strcpy(env_desc_name, "fastboot_raw_partition_");
39 strlcat(env_desc_name, name, sizeof(env_desc_name));
40 raw_part_desc = strdup(env_get(env_desc_name));
41 if (raw_part_desc == NULL)
45 * parse partition descriptor
47 * <lba_start> <lba_size> [mmcpart <num>]
49 for (; parg < argv + sizeof(argv) / sizeof(*argv); ++parg) {
50 *parg = strsep(&raw_part_desc, " ");
52 pr_err("Invalid number of arguments.\n");
57 info->start = simple_strtoul(argv[0], NULL, 0);
58 info->size = simple_strtoul(argv[1], NULL, 0);
59 info->blksz = dev_desc->blksz;
60 strlcpy((char *)info->name, name, PART_NAME_LEN);
63 if (strcmp(strsep(&raw_part_desc, " "), "mmcpart") == 0) {
64 ulong mmcpart = simple_strtoul(raw_part_desc, NULL, 0);
65 int ret = blk_dselect_hwpart(dev_desc, mmcpart);
75 static int do_get_part_info(struct blk_desc **dev_desc, const char *name,
76 struct disk_partition *info)
80 /* First try partition names on the default device */
81 *dev_desc = blk_get_dev("mmc", CONFIG_FASTBOOT_FLASH_MMC_DEV);
83 ret = part_get_info_by_name(*dev_desc, name, info);
87 /* Then try raw partitions */
88 ret = raw_part_get_info_by_name(*dev_desc, name, info);
93 /* Then try dev.hwpart:part */
94 ret = part_get_info_by_dev_and_name_or_num("mmc", name, dev_desc,
99 static int part_get_info_by_name_or_alias(struct blk_desc **dev_desc,
101 struct disk_partition *info)
103 /* strlen("fastboot_partition_alias_") + PART_NAME_LEN + 1 */
104 char env_alias_name[25 + PART_NAME_LEN + 1];
105 char *aliased_part_name;
107 /* check for alias */
108 strlcpy(env_alias_name, "fastboot_partition_alias_", sizeof(env_alias_name));
109 strlcat(env_alias_name, name, sizeof(env_alias_name));
110 aliased_part_name = env_get(env_alias_name);
111 if (aliased_part_name)
112 name = aliased_part_name;
114 return do_get_part_info(dev_desc, name, info);
118 * fb_mmc_blk_write() - Write/erase MMC in chunks of FASTBOOT_MAX_BLK_WRITE
120 * @block_dev: Pointer to block device
121 * @start: First block to write/erase
122 * @blkcnt: Count of blocks
123 * @buffer: Pointer to data buffer for write or NULL for erase
125 static lbaint_t fb_mmc_blk_write(struct blk_desc *block_dev, lbaint_t start,
126 lbaint_t blkcnt, const void *buffer)
128 lbaint_t blk = start;
129 lbaint_t blks_written;
134 for (i = 0; i < blkcnt; i += FASTBOOT_MAX_BLK_WRITE) {
135 cur_blkcnt = min((int)blkcnt - i, FASTBOOT_MAX_BLK_WRITE);
137 if (fastboot_progress_callback)
138 fastboot_progress_callback("writing");
139 blks_written = blk_dwrite(block_dev, blk, cur_blkcnt,
140 buffer + (i * block_dev->blksz));
142 if (fastboot_progress_callback)
143 fastboot_progress_callback("erasing");
144 blks_written = blk_derase(block_dev, blk, cur_blkcnt);
147 blks += blks_written;
152 static lbaint_t fb_mmc_sparse_write(struct sparse_storage *info,
153 lbaint_t blk, lbaint_t blkcnt, const void *buffer)
155 struct fb_mmc_sparse *sparse = info->priv;
156 struct blk_desc *dev_desc = sparse->dev_desc;
158 return fb_mmc_blk_write(dev_desc, blk, blkcnt, buffer);
161 static lbaint_t fb_mmc_sparse_reserve(struct sparse_storage *info,
162 lbaint_t blk, lbaint_t blkcnt)
167 static void write_raw_image(struct blk_desc *dev_desc,
168 struct disk_partition *info, const char *part_name,
169 void *buffer, u32 download_bytes, char *response)
174 /* determine number of blocks to write */
175 blkcnt = ((download_bytes + (info->blksz - 1)) & ~(info->blksz - 1));
176 blkcnt = lldiv(blkcnt, info->blksz);
178 if (blkcnt > info->size) {
179 pr_err("too large for partition: '%s'\n", part_name);
180 fastboot_fail("too large for partition", response);
184 puts("Flashing Raw Image\n");
186 blks = fb_mmc_blk_write(dev_desc, info->start, blkcnt, buffer);
188 if (blks != blkcnt) {
189 pr_err("failed writing to device %d\n", dev_desc->devnum);
190 fastboot_fail("failed writing to device", response);
194 printf("........ wrote " LBAFU " bytes to '%s'\n", blkcnt * info->blksz,
196 fastboot_okay(NULL, response);
199 #if defined(CONFIG_FASTBOOT_MMC_BOOT_SUPPORT) || \
200 defined(CONFIG_FASTBOOT_MMC_USER_SUPPORT)
201 static int fb_mmc_erase_mmc_hwpart(struct blk_desc *dev_desc)
205 debug("Start Erasing mmc hwpart[%u]...\n", dev_desc->hwpart);
207 blks = fb_mmc_blk_write(dev_desc, 0, dev_desc->lba, NULL);
209 if (blks != dev_desc->lba) {
210 pr_err("Failed to erase mmc hwpart[%u]\n", dev_desc->hwpart);
214 printf("........ erased %lu bytes from mmc hwpart[%u]\n",
215 dev_desc->lba * dev_desc->blksz, dev_desc->hwpart);
221 #ifdef CONFIG_FASTBOOT_MMC_BOOT_SUPPORT
222 static void fb_mmc_boot_ops(struct blk_desc *dev_desc, void *buffer,
223 int hwpart, u32 buff_sz, char *response)
229 // To operate on EMMC_BOOT1/2 (mmc0boot0/1) we first change the hwpart
230 if (blk_dselect_hwpart(dev_desc, hwpart)) {
231 pr_err("Failed to select hwpart\n");
232 fastboot_fail("Failed to select hwpart", response);
236 if (buffer) { /* flash */
238 /* determine number of blocks to write */
239 blksz = dev_desc->blksz;
240 blkcnt = ((buff_sz + (blksz - 1)) & ~(blksz - 1));
241 blkcnt = lldiv(blkcnt, blksz);
243 if (blkcnt > dev_desc->lba) {
244 pr_err("Image size too large\n");
245 fastboot_fail("Image size too large", response);
249 debug("Start Flashing Image to EMMC_BOOT%d...\n", hwpart);
251 blks = fb_mmc_blk_write(dev_desc, 0, blkcnt, buffer);
253 if (blks != blkcnt) {
254 pr_err("Failed to write EMMC_BOOT%d\n", hwpart);
255 fastboot_fail("Failed to write EMMC_BOOT part",
260 printf("........ wrote %lu bytes to EMMC_BOOT%d\n",
261 blkcnt * blksz, hwpart);
263 if (fb_mmc_erase_mmc_hwpart(dev_desc)) {
264 pr_err("Failed to erase EMMC_BOOT%d\n", hwpart);
265 fastboot_fail("Failed to erase EMMC_BOOT part",
271 fastboot_okay(NULL, response);
275 #ifdef CONFIG_ANDROID_BOOT_IMAGE
277 * Read Android boot image header from boot partition.
279 * @param[in] dev_desc MMC device descriptor
280 * @param[in] info Boot partition info
281 * @param[out] hdr Where to store read boot image header
283 * Return: Boot image header sectors count or 0 on error
285 static lbaint_t fb_mmc_get_boot_header(struct blk_desc *dev_desc,
286 struct disk_partition *info,
287 struct andr_boot_img_hdr_v0 *hdr,
290 ulong sector_size; /* boot partition sector size */
291 lbaint_t hdr_sectors; /* boot image header sectors count */
294 /* Calculate boot image sectors count */
295 sector_size = info->blksz;
296 hdr_sectors = DIV_ROUND_UP(sizeof(struct andr_boot_img_hdr_v0), sector_size);
297 if (hdr_sectors == 0) {
298 pr_err("invalid number of boot sectors: 0\n");
299 fastboot_fail("invalid number of boot sectors: 0", response);
303 /* Read the boot image header */
304 res = blk_dread(dev_desc, info->start, hdr_sectors, (void *)hdr);
305 if (res != hdr_sectors) {
306 pr_err("cannot read header from boot partition\n");
307 fastboot_fail("cannot read header from boot partition",
312 /* Check boot header magic string */
313 if (!is_android_boot_image_header(hdr)) {
314 pr_err("bad boot image magic\n");
315 fastboot_fail("boot partition not initialized", response);
323 * Write downloaded zImage to boot partition and repack it properly.
325 * @param dev_desc MMC device descriptor
326 * @param download_buffer Address to fastboot buffer with zImage in it
327 * @param download_bytes Size of fastboot buffer, in bytes
329 * Return: 0 on success or -1 on error
331 static int fb_mmc_update_zimage(struct blk_desc *dev_desc,
332 void *download_buffer,
336 uintptr_t hdr_addr; /* boot image header address */
337 struct andr_boot_img_hdr_v0 *hdr; /* boot image header */
338 lbaint_t hdr_sectors; /* boot image header sectors */
340 u32 ramdisk_sector_start;
342 u32 kernel_sector_start;
344 u32 sectors_per_page;
345 struct disk_partition info;
348 puts("Flashing zImage\n");
350 /* Get boot partition info */
351 res = part_get_info_by_name(dev_desc, BOOT_PARTITION_NAME, &info);
353 pr_err("cannot find boot partition\n");
354 fastboot_fail("cannot find boot partition", response);
358 /* Put boot image header in fastboot buffer after downloaded zImage */
359 hdr_addr = (uintptr_t)download_buffer + ALIGN(download_bytes, PAGE_SIZE);
360 hdr = (struct andr_boot_img_hdr_v0 *)hdr_addr;
362 /* Read boot image header */
363 hdr_sectors = fb_mmc_get_boot_header(dev_desc, &info, hdr, response);
364 if (hdr_sectors == 0) {
365 pr_err("unable to read boot image header\n");
366 fastboot_fail("unable to read boot image header", response);
370 /* Check if boot image header version is 2 or less */
371 if (hdr->header_version > 2) {
372 pr_err("zImage flashing supported only for boot images v2 and less\n");
373 fastboot_fail("zImage flashing supported only for boot images v2 and less",
378 /* Check if boot image has second stage in it (we don't support it) */
379 if (hdr->second_size > 0) {
380 pr_err("moving second stage is not supported yet\n");
381 fastboot_fail("moving second stage is not supported yet",
386 /* Extract ramdisk location */
387 sectors_per_page = hdr->page_size / info.blksz;
388 ramdisk_sector_start = info.start + sectors_per_page;
389 ramdisk_sector_start += DIV_ROUND_UP(hdr->kernel_size, hdr->page_size) *
391 ramdisk_sectors = DIV_ROUND_UP(hdr->ramdisk_size, hdr->page_size) *
394 /* Read ramdisk and put it in fastboot buffer after boot image header */
395 ramdisk_buffer = (u8 *)hdr + (hdr_sectors * info.blksz);
396 res = blk_dread(dev_desc, ramdisk_sector_start, ramdisk_sectors,
398 if (res != ramdisk_sectors) {
399 pr_err("cannot read ramdisk from boot partition\n");
400 fastboot_fail("cannot read ramdisk from boot partition",
405 /* Write new kernel size to boot image header */
406 hdr->kernel_size = download_bytes;
407 res = blk_dwrite(dev_desc, info.start, hdr_sectors, (void *)hdr);
409 pr_err("cannot writeback boot image header\n");
410 fastboot_fail("cannot write back boot image header", response);
414 /* Write the new downloaded kernel */
415 kernel_sector_start = info.start + sectors_per_page;
416 kernel_sectors = DIV_ROUND_UP(hdr->kernel_size, hdr->page_size) *
418 res = blk_dwrite(dev_desc, kernel_sector_start, kernel_sectors,
421 pr_err("cannot write new kernel\n");
422 fastboot_fail("cannot write new kernel", response);
426 /* Write the saved ramdisk back */
427 ramdisk_sector_start = info.start + sectors_per_page;
428 ramdisk_sector_start += DIV_ROUND_UP(hdr->kernel_size, hdr->page_size) *
430 res = blk_dwrite(dev_desc, ramdisk_sector_start, ramdisk_sectors,
433 pr_err("cannot write back original ramdisk\n");
434 fastboot_fail("cannot write back original ramdisk", response);
438 puts("........ zImage was updated in boot partition\n");
439 fastboot_okay(NULL, response);
445 * fastboot_mmc_get_part_info() - Lookup eMMC partion by name
447 * @part_name: Named partition to lookup
448 * @dev_desc: Pointer to returned blk_desc pointer
449 * @part_info: Pointer to returned struct disk_partition
450 * @response: Pointer to fastboot response buffer
452 int fastboot_mmc_get_part_info(const char *part_name,
453 struct blk_desc **dev_desc,
454 struct disk_partition *part_info, char *response)
458 if (!part_name || !strcmp(part_name, "")) {
459 fastboot_fail("partition not given", response);
463 ret = part_get_info_by_name_or_alias(dev_desc, part_name, part_info);
468 fastboot_fail("invalid partition or device", response);
471 fastboot_fail("no such device", response);
474 fastboot_fail("no such partition", response);
476 case -EPROTONOSUPPORT:
477 fastboot_fail("unknown partition table type", response);
480 fastboot_fail("unanticipated error", response);
488 static struct blk_desc *fastboot_mmc_get_dev(char *response)
490 struct blk_desc *ret = blk_get_dev("mmc",
491 CONFIG_FASTBOOT_FLASH_MMC_DEV);
493 if (!ret || ret->type == DEV_TYPE_UNKNOWN) {
494 pr_err("invalid mmc device\n");
495 fastboot_fail("invalid mmc device", response);
502 * fastboot_mmc_flash_write() - Write image to eMMC for fastboot
504 * @cmd: Named partition to write image to
505 * @download_buffer: Pointer to image data
506 * @download_bytes: Size of image data
507 * @response: Pointer to fastboot response buffer
509 void fastboot_mmc_flash_write(const char *cmd, void *download_buffer,
510 u32 download_bytes, char *response)
512 struct blk_desc *dev_desc;
513 struct disk_partition info = {0};
515 #ifdef CONFIG_FASTBOOT_MMC_BOOT_SUPPORT
516 if (strcmp(cmd, CONFIG_FASTBOOT_MMC_BOOT1_NAME) == 0) {
517 dev_desc = fastboot_mmc_get_dev(response);
519 fb_mmc_boot_ops(dev_desc, download_buffer, 1,
520 download_bytes, response);
523 if (strcmp(cmd, CONFIG_FASTBOOT_MMC_BOOT2_NAME) == 0) {
524 dev_desc = fastboot_mmc_get_dev(response);
526 fb_mmc_boot_ops(dev_desc, download_buffer, 2,
527 download_bytes, response);
532 #if CONFIG_IS_ENABLED(EFI_PARTITION)
533 if (strcmp(cmd, CONFIG_FASTBOOT_GPT_NAME) == 0) {
534 dev_desc = fastboot_mmc_get_dev(response);
538 printf("%s: updating MBR, Primary and Backup GPT(s)\n",
540 if (is_valid_gpt_buf(dev_desc, download_buffer)) {
541 printf("%s: invalid GPT - refusing to write to flash\n",
543 fastboot_fail("invalid GPT partition", response);
546 if (write_mbr_and_gpt_partitions(dev_desc, download_buffer)) {
547 printf("%s: writing GPT partitions failed\n", __func__);
548 fastboot_fail("writing GPT partitions failed",
553 printf("........ success\n");
554 fastboot_okay(NULL, response);
559 #if CONFIG_IS_ENABLED(DOS_PARTITION)
560 if (strcmp(cmd, CONFIG_FASTBOOT_MBR_NAME) == 0) {
561 dev_desc = fastboot_mmc_get_dev(response);
565 printf("%s: updating MBR\n", __func__);
566 if (is_valid_dos_buf(download_buffer)) {
567 printf("%s: invalid MBR - refusing to write to flash\n",
569 fastboot_fail("invalid MBR partition", response);
572 if (write_mbr_sector(dev_desc, download_buffer)) {
573 printf("%s: writing MBR partition failed\n", __func__);
574 fastboot_fail("writing MBR partition failed",
579 printf("........ success\n");
580 fastboot_okay(NULL, response);
585 #ifdef CONFIG_ANDROID_BOOT_IMAGE
586 if (strncasecmp(cmd, "zimage", 6) == 0) {
587 dev_desc = fastboot_mmc_get_dev(response);
589 fb_mmc_update_zimage(dev_desc, download_buffer,
590 download_bytes, response);
595 #if IS_ENABLED(CONFIG_FASTBOOT_MMC_USER_SUPPORT)
596 if (strcmp(cmd, CONFIG_FASTBOOT_MMC_USER_NAME) == 0) {
597 dev_desc = fastboot_mmc_get_dev(response);
601 strlcpy((char *)&info.name, cmd, sizeof(info.name));
602 info.size = dev_desc->lba;
603 info.blksz = dev_desc->blksz;
608 fastboot_mmc_get_part_info(cmd, &dev_desc, &info, response) < 0)
611 if (is_sparse_image(download_buffer)) {
612 struct fb_mmc_sparse sparse_priv;
613 struct sparse_storage sparse;
616 sparse_priv.dev_desc = dev_desc;
618 sparse.blksz = info.blksz;
619 sparse.start = info.start;
620 sparse.size = info.size;
621 sparse.write = fb_mmc_sparse_write;
622 sparse.reserve = fb_mmc_sparse_reserve;
623 sparse.mssg = fastboot_fail;
625 printf("Flashing sparse image at offset " LBAFU "\n",
628 sparse.priv = &sparse_priv;
629 err = write_sparse_image(&sparse, cmd, download_buffer,
632 fastboot_okay(NULL, response);
634 write_raw_image(dev_desc, &info, cmd, download_buffer,
635 download_bytes, response);
640 * fastboot_mmc_flash_erase() - Erase eMMC for fastboot
642 * @cmd: Named partition to erase
643 * @response: Pointer to fastboot response buffer
645 void fastboot_mmc_erase(const char *cmd, char *response)
647 struct blk_desc *dev_desc;
648 struct disk_partition info;
649 lbaint_t blks, blks_start, blks_size, grp_size;
650 struct mmc *mmc = find_mmc_device(CONFIG_FASTBOOT_FLASH_MMC_DEV);
652 #ifdef CONFIG_FASTBOOT_MMC_BOOT_SUPPORT
653 if (strcmp(cmd, CONFIG_FASTBOOT_MMC_BOOT1_NAME) == 0) {
654 /* erase EMMC boot1 */
655 dev_desc = fastboot_mmc_get_dev(response);
657 fb_mmc_boot_ops(dev_desc, NULL, 1, 0, response);
660 if (strcmp(cmd, CONFIG_FASTBOOT_MMC_BOOT2_NAME) == 0) {
661 /* erase EMMC boot2 */
662 dev_desc = fastboot_mmc_get_dev(response);
664 fb_mmc_boot_ops(dev_desc, NULL, 2, 0, response);
669 #ifdef CONFIG_FASTBOOT_MMC_USER_SUPPORT
670 if (strcmp(cmd, CONFIG_FASTBOOT_MMC_USER_NAME) == 0) {
671 /* erase EMMC userdata */
672 dev_desc = fastboot_mmc_get_dev(response);
676 if (fb_mmc_erase_mmc_hwpart(dev_desc))
677 fastboot_fail("Failed to erase EMMC_USER", response);
679 fastboot_okay(NULL, response);
684 if (fastboot_mmc_get_part_info(cmd, &dev_desc, &info, response) < 0)
687 /* Align blocks to erase group size to avoid erasing other partitions */
688 grp_size = mmc->erase_grp_size;
689 blks_start = (info.start + grp_size - 1) & ~(grp_size - 1);
690 if (info.size >= grp_size)
691 blks_size = (info.size - (blks_start - info.start)) &
696 printf("Erasing blocks " LBAFU " to " LBAFU " due to alignment\n",
697 blks_start, blks_start + blks_size);
699 blks = fb_mmc_blk_write(dev_desc, blks_start, blks_size, NULL);
701 if (blks != blks_size) {
702 pr_err("failed erasing from device %d\n", dev_desc->devnum);
703 fastboot_fail("failed erasing from device", response);
707 printf("........ erased " LBAFU " bytes from '%s'\n",
708 blks_size * info.blksz, cmd);
709 fastboot_okay(NULL, response);