Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mustang #7

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Mustang #7

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
e9de84b
brom-payload: fix all the warnings
xyzz Jun 29, 2019
e87648e
mustang: initial port
xyzz Jun 29, 2019
acf05a8
modules: make flash process safer by reordering flashing operations a…
xyzz Jun 30, 2019
e416af1
Don't disable the watchdog, instead kick it now and then
xyzz Jun 30, 2019
f914e03
fastboot-step: do normal reboot so it's compatible with older fastboots
xyzz Jun 30, 2019
4a39432
Make sure there's no modemmanager running
xyzz Jun 30, 2019
3a29281
modules/main: also allow empty boot0
xyzz Jun 30, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion brom-payload/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ AS := arm-none-eabi-as
LD := arm-none-eabi-gcc
OBJCOPY := arm-none-eabi-objcopy

CFLAGS := -std=gnu99 -Os -mthumb -mcpu=cortex-a9 -fno-builtin-printf -fno-strict-aliasing -fno-builtin-memcpy -mno-unaligned-access
CFLAGS := -std=gnu99 -Os -mthumb -mcpu=cortex-a9 -fno-builtin-printf -fno-strict-aliasing -fno-builtin-memcpy -mno-unaligned-access -Wall -Wextra
LDFLAGS := -T linker.x -nodefaultlibs -nostdlib -lgcc

BUILD_DIR := ./build
Expand Down
16 changes: 10 additions & 6 deletions brom-payload/drivers/mmc.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,16 @@
#include "mmc.h"
#include "errno.h"
#include "mt_sd.h"
#include "../crypto/hmac-sha256.h"

#define be32_to_cpup(addr) __builtin_bswap32(*(uint32_t*)addr)
#define be16_to_cpup(addr) __builtin_bswap16(*(uint16_t*)addr)
#define cpu_to_be16p be16_to_cpup
#define cpu_to_be32p be32_to_cpup

unsigned int msdc_cmd(struct msdc_host *host, struct mmc_command *cmd);
void sleepy(void);
void hex_dump(const void* data, size_t size);

int mmc_go_idle(struct msdc_host *host)
{
Expand Down Expand Up @@ -483,6 +486,7 @@ void mmc_rpmb_post_frame(struct mmc_core_rpmb_req *rpmb_req)
static int mmc_rpmb_request_check(struct msdc_host *host,
struct mmc_ioc_rpmb_req *p_req)
{
(void)host;
/*
* Some parameters are a must for the operation. Different
* operation expect different paramters. Below code is
Expand Down Expand Up @@ -692,7 +696,7 @@ int mmc_rpmb_get_write_count(struct msdc_host *host, uint32_t *wc) {
struct mmc_ioc_rpmb_req req = { 0 };
int ret = 0;
uint16_t result = 0;
char nonce[32] = { 0 };
uint8_t nonce[32] = { 0 };
req.type = RPMB_GET_WRITE_COUNTER;
req.wc = wc;
req.result = &result;
Expand Down Expand Up @@ -740,7 +744,7 @@ int mmc_rpmb_read(struct msdc_host *host, void *buf) {
struct mmc_ioc_rpmb_req req = { 0 };
int ret = 0;
uint16_t result = 0;
char nonce[32] = { 0 };
uint8_t nonce[32] = { 0 };
req.type = RPMB_READ_DATA;
req.blk_cnt = 1;
req.result = &result;
Expand Down Expand Up @@ -838,7 +842,7 @@ static void sej_init(int arg) {

static void sej_run(uint32_t *buf1, size_t len, char *buf2) {
char *i;
for ( i = buf2; i - buf2 < len; *(uint32_t *)(i - 4) = sdr_read32(0x1000A05C) )
for ( i = buf2; (size_t)(i - buf2) < len; *(uint32_t *)(i - 4) = sdr_read32(0x1000A05C) )
{
sdr_write32(0x1000A010, buf1[0]);
sdr_write32(0x1000A014, buf1[1]);
Expand Down Expand Up @@ -909,8 +913,8 @@ int mmc_rpmb_write(struct msdc_host *host, void *buf) {
struct mmc_ioc_rpmb_req req = { 0 };
int ret = 0;
uint16_t result = 0;
char nonce[32] = { 0 };
char mac[32] = { 0 };
uint8_t nonce[32] = { 0 };
uint8_t mac[32] = { 0 };
uint32_t wc;

uint8_t tmp[0x100];
Expand Down Expand Up @@ -1023,7 +1027,7 @@ int mmc_init(struct msdc_host *host) {
uint32_t cid_be[4] = { 0 };
for (int i = 0; i < 4; ++i)
cid_be[i] = __builtin_bswap32(cid[i]);
derive_rpmb_key(cid_be);
derive_rpmb_key((void*)cid_be);

ret = mmc_set_relative_addr(host, 1);
printf("SET_RELATIVE_ADDR = 0x%08X\n", ret);
Expand Down
10 changes: 10 additions & 0 deletions brom-payload/drivers/mmc.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -489,4 +489,14 @@ struct mmc_core_rpmb_req {
bool ready;
};

int mmc_init(struct msdc_host *host);
int mmc_read(struct msdc_host *host, uint32_t blk, void *buf);
int mmc_write(struct msdc_host *host, uint32_t blk, void *buf);
int mmc_set_part(struct msdc_host *host, int part);
int mmc_rpmb_read(struct msdc_host *host, void *buf);
int mmc_rpmb_write(struct msdc_host *host, void *buf);
void msdc_set_blknum(struct msdc_host *host, u32 blknum);
int msdc_pio_read(struct msdc_host *host, void *buf);
int msdc_pio_write(struct msdc_host* host, void *buf);

#endif /* LINUX_MMC_MMC_H */
22 changes: 8 additions & 14 deletions brom-payload/drivers/sd.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@ static int msdc_rsp[] = {

static void msdc_dump_info() {}

void mdelay (unsigned long msec);

#define msdc_retry(expr, retry, cnt,id) \
do { \
int backup = cnt; \
Expand Down Expand Up @@ -165,7 +167,6 @@ int msdc_pio_read(struct msdc_host *host, void *buf)

break;
}
end:
// data->bytes_xfered += size;
N_MSG(FIO, " PIO Read<%d>bytes\n", size);

Expand All @@ -180,7 +181,6 @@ int msdc_pio_read(struct msdc_host *host, void *buf)
*/
int msdc_pio_write(struct msdc_host* host, void *buf)
{
u32 base = host->base;
u32 num = 1;
u32 *ptr;
u8 *u8ptr;
Expand Down Expand Up @@ -251,7 +251,6 @@ int msdc_pio_write(struct msdc_host* host, void *buf)

break;
}
end:
// data->bytes_xfered += size;
N_MSG(FIO, " PIO Write<%d>bytes\n", size);
if (size != 0x200)
Expand All @@ -270,7 +269,9 @@ static unsigned int msdc_command_start(struct msdc_host *host,
int tune, /* not used */
unsigned long timeout)
{
u32 base = host->base;
(void)tune;
(void)timeout;

u32 opcode = cmd->opcode;
u32 rawcmd;
u32 rawarg;
Expand Down Expand Up @@ -471,12 +472,9 @@ static unsigned int msdc_command_resp_polling(struct msdc_host *host,
int tune,
unsigned long timeout)
{
u32 base = host->base;
(void)tune;
(void)timeout;
u32 intsts;
u32 resp;
//u32 status;
// unsigned long tmo;
//struct mmc_data *data = host->data;

u32 cmdsts = MSDC_INT_CMDRDY | MSDC_INT_RSPCRCERR | MSDC_INT_CMDTMO;

Expand All @@ -492,8 +490,6 @@ static unsigned int msdc_command_resp_polling(struct msdc_host *host,
#endif


resp = host->cmd_rsp;

/*polling*/
// tmo = jiffies + timeout;
while (1){
Expand Down Expand Up @@ -615,7 +611,6 @@ static unsigned int msdc_command_resp_polling(struct msdc_host *host,
}
#endif /* end of MTK_MSDC_USE_CMD23 */
}
out:
host->cmd = NULL;

return cmd->error;
Expand Down Expand Up @@ -648,7 +643,6 @@ unsigned int msdc_cmd(struct msdc_host *host, struct mmc_command *cmd) {

void msdc_set_blknum(struct msdc_host *host, u32 blknum)
{
u32 base = host->base;

(void)host;
sdr_write32(SDC_BLK_NUM, blknum);
}
12 changes: 8 additions & 4 deletions brom-payload/libc.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,14 @@ void* memset(void* dst, int c, u32_t n)
char* end = q + n;

for (;;) {
if (q >= end) break; *q++ = (char) c;
if (q >= end) break; *q++ = (char) c;
if (q >= end) break; *q++ = (char) c;
if (q >= end) break; *q++ = (char) c;
if (q >= end) break;
*q++ = (char) c;
if (q >= end) break;
*q++ = (char) c;
if (q >= end) break;
*q++ = (char) c;
if (q >= end) break;
*q++ = (char) c;
}

return dst;
Expand Down
24 changes: 10 additions & 14 deletions brom-payload/main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,30 +26,20 @@ void _putchar(char character)
}

void hex_dump(const void* data, size_t size) {
char ascii[17];
size_t i, j;
ascii[16] = '\0';
for (i = 0; i < size; ++i) {
printf("%02X ", ((unsigned char*)data)[i]);
if (((unsigned char*)data)[i] >= ' ' && ((unsigned char*)data)[i] <= '~') {
ascii[i % 16] = ((unsigned char*)data)[i];
} else {
ascii[i % 16] = '.';
}
if ((i+1) % 8 == 0 || i+1 == size) {
printf(" ");
if ((i+1) % 16 == 0) {
printf("\n");
// printf("| %s \n", ascii);
} else if (i+1 == size) {
ascii[(i+1) % 16] = '\0';
if ((i+1) % 16 <= 8) {
printf(" ");
}
for (j = (i+1) % 16; j < 16; ++j) {
printf(" ");
}
// printf("| %s \n", ascii);
printf("\n");
}
}
Expand All @@ -61,18 +51,18 @@ void sleepy(void) {
for (volatile int i = 0; i < 0x80000; ++i) {}
}

#if 1
void mdelay (unsigned long msec)
{
sleepy();
(void)msec;
sleepy();
}

/* delay usec useconds */
void udelay (unsigned long usec)
{
sleepy();
(void)usec;
sleepy();
}
#endif

int main() {
char buf[0x200] = { 0 };
Expand Down Expand Up @@ -165,6 +155,12 @@ int main() {

}
}
case 0x3001: {
printf("Kick watchdog\n");
volatile uint32_t *reg = (volatile uint32_t *)0x10007000;
reg[8/4] = 0x1971;
break;
}
default:
printf("Invalid command\n");
break;
Expand Down
4 changes: 2 additions & 2 deletions fastboot-step.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@ set -e

fastboot flash boot bin/recovery-inj.img
fastboot flash recovery bin/recovery-inj.img
fastboot reboot recovery
fastboot reboot

echo ""
echo ""
echo "If you don't see the recovery in a few seconds, try pressing the power button twice"
echo "If you don't see the recovery in a few seconds, press the power button twice"
echo ""
2 changes: 1 addition & 1 deletion lk-payload/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ AS := arm-none-eabi-as
LD := arm-none-eabi-gcc
OBJCOPY := arm-none-eabi-objcopy

CFLAGS := -std=gnu99 -Os -mthumb -mcpu=cortex-a9 -fno-builtin-printf -fno-strict-aliasing -fno-builtin-memcpy -mno-unaligned-access -DPRINTF_DISABLE_SUPPORT_FLOAT=1
CFLAGS := -std=gnu99 -Os -mthumb -mcpu=cortex-a9 -fno-builtin-printf -fno-strict-aliasing -fno-builtin-memcpy -mno-unaligned-access -DPRINTF_DISABLE_SUPPORT_FLOAT=1 -Wall -Wextra
LDFLAGS := -T linker.x -nodefaultlibs -nostdlib

BUILD_DIR := ./build
Expand Down
7 changes: 5 additions & 2 deletions lk-payload/common.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,15 @@ struct device_t {
size_t (*read)(struct device_t *dev, uint64_t dev_addr, void *dst, uint32_t size, uint32_t part);
};

struct device_t* (*get_device)() = (void*)0x4BD1EC99;
void (*cache_clean)(void *addr, size_t sz) = (void*)0x4BD24C90;
struct device_t* (*get_device)() = (void*)0x4BD1EE19;
void (*cache_clean)(void *addr, size_t sz) = (void*)0x4BD24E70;

#define PAYLOAD_DST 0x41000000
#define PAYLOAD_SRC 0x200000
#define PAYLOAD_SIZE 0x200000

#define BOOT0_PART 1
#define USER_PART 8

#define LK_BASE (0x4BD00000)
#define LK_SIZE (1024 * 1024)
12 changes: 8 additions & 4 deletions lk-payload/libc.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,10 +59,14 @@ void* memset(void* dst, int c, u32_t n)
char* end = q + n;

for (;;) {
if (q >= end) break; *q++ = (char) c;
if (q >= end) break; *q++ = (char) c;
if (q >= end) break; *q++ = (char) c;
if (q >= end) break; *q++ = (char) c;
if (q >= end) break;
*q++ = (char) c;
if (q >= end) break;
*q++ = (char) c;
if (q >= end) break;
*q++ = (char) c;
if (q >= end) break;
*q++ = (char) c;
}

return dst;
Expand Down
Loading