[U-Boot] [PATCH sunxi-tools] WIP: fel: Add a command for loading U-Boot SPL binaries in eGON format
Siarhei Siamashka
siarhei.siamashka at gmail.com
Thu Feb 5 20:54:49 CET 2015
On Thu, 5 Feb 2015 11:36:23 +0200
Siarhei Siamashka <siarhei.siamashka at gmail.com> wrote:
> !!! Works only on Allwinner A20 so far and needs a bit more
> !!! debugging. And even on A20, the transition from the SPL to
> !!! the main U-boot binary has some glitches.
>
> Now it should be possible to load and execute the same U-Boot SPL,
> as used for booting from SD cards. The only argument for this new
> command is the name of the SPL binary file (with eGON header).
> It can be run as:
>
> fel spl u-boot-sunxi-with-spl.bin
>
> The free space in SRAM is scattered in the FEL mode across multiple
> locations. We just split SPL into individual chunks, upload them
> to the free locations in SRAM and also upload a small startup code,
> which is responsible for harvesting and gluing the pieces of SPL
> together. Additionally, the eGON checksum is verified to ensure
> that no data corruption has happened due to some unexpected clash
> with the FEL protocol code from the BROM.
>
> After this is done, it is not possible to return back to FEL anymore
> (both IRQ and normal stacks of the BROM are overwritten). However
> it is still possible to transfer control to the FEL init code (so
> that it re-initializes the USB hardware and all the other things):
>
> /* Jump to the FEL entry point in BROM */
> movw r0, #0x20
> movt r0, #0xffff
> bx r0
BTW, we still have the plan B in the case if the jump to 0xffff0020
turns out to be way too problematic.
Essentially, the problem that we want to solve here is to ensure a
sufficiently large and consistent SRAM address space for the SPL
without any potentially SoC variant specific holes in the case of
booting over USB via FEL.
This can be achieved by injecting special entry/exit code fragments,
which would reshuffle data in SRAM to provide a contiguous space for
the SPL at the beginning of SRAM and preserve the data from the BROM
stacks in the higher addresses of SRAM. Then move the BROM stacks
back into the original place just before returning control to FEL
(using the return address from the 'lr' register as usual). Doing it
this way, we get the current FEL boot behaviour, except that dealing
with the SRAM address space layout is abstracted in the 'fel' tool and
the SPL can just always use the 0x20 entry point and a big contiguous
area in the lower addresses of SRAM. The available SRAM space will be
less than 32 KiB though (but at least larger than 16 KiB), because the
backups of the BROM stacks have to be preserved.
Either way, I hope to send some fully working solution tomorrow to
replace this proof-of-concept patch.
>
> This unifies the FEL and SD card SPL binaries. And also removes
> the FEL SPL size limit (now it can be as large as ~30 KiB).
>
> This work had been inspired by the recent FEL mode support
> u-boot patches from Simon Glass and Hans de Goede.
>
> Signed-off-by: Siarhei Siamashka <siarhei.siamashka at gmail.com>
> ---
> fel.c | 211 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------
> 1 file changed, 189 insertions(+), 22 deletions(-)
>
> diff --git a/fel.c b/fel.c
> index c21d6ec..c0f28d8 100644
> --- a/fel.c
> +++ b/fel.c
> @@ -41,6 +41,17 @@ struct aw_usb_request {
> char pad[10];
> } __attribute__((packed));
>
> +struct aw_fel_version {
> + char signature[8];
> + uint32_t soc_id; /* 0x00162300 */
> + uint32_t unknown_0a; /* 1 */
> + uint16_t protocol; /* 1 */
> + uint8_t unknown_12; /* 0x44 */
> + uint8_t unknown_13; /* 0x08 */
> + uint32_t scratchpad; /* 0x7e00 */
> + uint32_t pad[2]; /* unused */
> +} __attribute__((packed));
> +
> static const int AW_USB_READ = 0x11;
> static const int AW_USB_WRITE = 0x12;
>
> @@ -136,32 +147,27 @@ void aw_read_fel_status(libusb_device_handle *usb)
> aw_usb_read(usb, &buf, sizeof(buf));
> }
>
> -void aw_fel_get_version(libusb_device_handle *usb)
> +void aw_fel_get_version(libusb_device_handle *usb, struct aw_fel_version *buf)
> {
> - struct aw_fel_version {
> - char signature[8];
> - uint32_t soc_id; /* 0x00162300 */
> - uint32_t unknown_0a; /* 1 */
> - uint16_t protocol; /* 1 */
> - uint8_t unknown_12; /* 0x44 */
> - uint8_t unknown_13; /* 0x08 */
> - uint32_t scratchpad; /* 0x7e00 */
> - uint32_t pad[2]; /* unused */
> - } __attribute__((packed)) buf;
> -
> aw_send_fel_request(usb, AW_FEL_VERSION, 0, 0);
> - aw_usb_read(usb, &buf, sizeof(buf));
> + aw_usb_read(usb, buf, sizeof(*buf));
> aw_read_fel_status(usb);
>
> - buf.soc_id = le32toh(buf.soc_id);
> - buf.unknown_0a = le32toh(buf.unknown_0a);
> - buf.protocol = le32toh(buf.protocol);
> - buf.scratchpad = le16toh(buf.scratchpad);
> - buf.pad[0] = le32toh(buf.pad[0]);
> - buf.pad[1] = le32toh(buf.pad[1]);
> + buf->soc_id = (le32toh(buf->soc_id) >> 8) & 0xFFFF;
> + buf->unknown_0a = le32toh(buf->unknown_0a);
> + buf->protocol = le32toh(buf->protocol);
> + buf->scratchpad = le16toh(buf->scratchpad);
> + buf->pad[0] = le32toh(buf->pad[0]);
> + buf->pad[1] = le32toh(buf->pad[1]);
> +}
> +
> +void aw_fel_print_version(libusb_device_handle *usb)
> +{
> + struct aw_fel_version buf;
> + aw_fel_get_version(usb, &buf);
>
> const char *soc_name="unknown";
> - switch ((buf.soc_id >> 8) & 0xFFFF) {
> + switch (buf.soc_id) {
> case 0x1623: soc_name="A10";break;
> case 0x1625: soc_name="A13";break;
> case 0x1633: soc_name="A31";break;
> @@ -170,7 +176,10 @@ void aw_fel_get_version(libusb_device_handle *usb)
> case 0x1639: soc_name="A80";break;
> }
>
> - printf("%.8s soc=%08x(%s) %08x ver=%04x %02x %02x scratchpad=%08x %08x %08x\n", buf.signature, buf.soc_id, soc_name, buf.unknown_0a, buf.protocol, buf.unknown_12, buf.unknown_13, buf.scratchpad, buf.pad[0], buf.pad[1]);
> + printf("%.8s soc=%08x(%s) %08x ver=%04x %02x %02x scratchpad=%08x %08x %08x\n",
> + buf.signature, buf.soc_id, soc_name, buf.unknown_0a,
> + buf.protocol, buf.unknown_12, buf.unknown_13,
> + buf.scratchpad, buf.pad[0], buf.pad[1]);
> }
>
> void aw_fel_read(libusb_device_handle *usb, uint32_t offset, void *buf, size_t len)
> @@ -285,6 +294,158 @@ void aw_fel_fill(libusb_device_handle *usb, uint32_t offset, size_t size, unsign
> aw_fel_write(usb, buf, offset, size);
> }
>
> +/*
> + * Information about usable areas in SRAM, which are not clashing with
> + * the FEL support code from BROM.
> + */
> +
> +typedef struct { uint32_t addr; uint32_t size; } sram_data_chunk;
> +
> +sram_data_chunk a10_a13_a20_sram_layout[] = {
> + { .addr = 0x00000, .size = 0x1800 }, /* Part of the IRQ handler stack */
> + { .addr = 0x02000, .size = 0x3D00 }, /* Part of the normal stack */
> + { .addr = 0x08000, .size = 0x3000 }, /* SRAM section A3 */
> + { 0, 0 }
> +};
> +
> +sram_data_chunk a31_sram_layout[] = {
> + { .addr = 0x00000, .size = 0x1800 }, /* Part of the IRQ handler stack */
> + { .addr = 0x02000, .size = 0x3D00 }, /* Part of the normal stack */
> + { .addr = 0x44000, .size = 0x3000 }, /* SRAM section A2 */
> + { 0, 0 }
> +};
> +
> +sram_data_chunk default_sram_layout[] = {
> + { .addr = 0x00000, .size = 0x1800 }, /* Part of the IRQ handler stack */
> + { .addr = 0x02000, .size = 0x3D00 }, /* Part of the normal stack */
> + { 0, 0 }
> +};
> +
> +struct {
> + uint32_t soc_id;
> + sram_data_chunk *sram_layout;
> +} soc_sram_layout[] = {
> + { .soc_id = 0x1623, .sram_layout = a10_a13_a20_sram_layout },
> + { .soc_id = 0x1625, .sram_layout = a10_a13_a20_sram_layout },
> + { .soc_id = 0x1651, .sram_layout = a10_a13_a20_sram_layout },
> + { .soc_id = 0x1633, .sram_layout = a31_sram_layout },
> + { 0, 0 }
> +};
> +
> +sram_data_chunk *aw_fel_get_sram_layout(libusb_device_handle *usb)
> +{
> + int i;
> + struct aw_fel_version buf;
> +
> + aw_fel_get_version(usb, &buf);
> +
> + for (i = 0; soc_sram_layout[i].sram_layout; i++)
> + if (soc_sram_layout[i].soc_id == buf.soc_id)
> + return soc_sram_layout[i].sram_layout;
> +
> + return default_sram_layout;
> +}
> +
> +static uint32_t spl_loader[] = {
> + /* Disable IRQ and FIQ */
> + 0xe10f0000, /* 0: mrs r0, CPSR */
> + 0xe38000c0, /* 4: orr r0, r0, #192 */
> + 0xe121f000, /* 8: msr CPSR_c, r0 */
> +
> + /* Collect and glue pieces of SPL */
> + 0xe3066c39, /* c: movw r6, #27705 */
> + 0xe3456f0a, /* 10: movt r6, #24330 */
> + 0xe3a02010, /* 14: mov r2, #16 */
> + 0xe5924000, /* 18: ldr r4, [r2] */
> + 0xe3a00000, /* 1c: mov r0, #0 */
> + 0xe28f3068, /* 20: add r3, pc, #104 */
> + 0xe4931004, /* 24: ldr r1, [r3], #4 */
> + 0xe4935004, /* 28: ldr r5, [r3], #4 */
> + 0xe1550004, /* 2c: cmp r5, r4 */
> + 0xa1a05004, /* 30: movge r5, r4 */
> + 0xe0444005, /* 34: sub r4, r4, r5 */
> + 0xe3550000, /* 38: cmp r5, #0 */
> + 0x0a000006, /* 3c: beq 5c <entry_point+0x5c> */
> + 0xe4912004, /* 40: ldr r2, [r1], #4 */
> + 0xe2555004, /* 44: subs r5, r5, #4 */
> + 0xe4802004, /* 48: str r2, [r0], #4 */
> + 0xe0866002, /* 4c: add r6, r6, r2 */
> + 0x1afffffa, /* 50: bne 40 <entry_point+0x40> */
> + 0xe3540000, /* 54: cmp r4, #0 */
> + 0x1afffff1, /* 58: bne 24 <entry_point+0x24> */
> + 0xe3a0200c, /* 5c: mov r2, #12 */
> + 0xe5922000, /* 60: ldr r2, [r2] */
> +
> + /* Verify the checksum */
> + 0xe0566082, /* 64: subs r6, r6, r2, lsl #1 */
> + 0x1a000003, /* 68: bne 7c <entry_point+0x7c> */
> +
> + /* The checksum is good - jump to SPL */
> + 0xf57ff04f, /* 6c: dsb sy */
> + 0xf57ff06f, /* 70: isb sy */
> + 0xe3a00000, /* 74: mov r0, #0 */
> + 0xe12fff10, /* 78: bx r0 */
> +
> + /* The checksum is bad - jump to FEL mode init in BROM */
> + 0xf57ff04f, /* 7c: dsb sy */
> + 0xf57ff06f, /* 80: isb sy */
> + 0xe3000020, /* 84: movw r0, #32 */
> + 0xe34f0fff, /* 88: movt r0, #65535 */
> + 0xe12fff10, /* 8c: bx r0 */
> +};
> +
> +void aw_fel_write_and_execute_spl(libusb_device_handle *usb,
> + uint8_t *buf, size_t len)
> +{
> + sram_data_chunk *sram_layout = aw_fel_get_sram_layout(usb);
> + size_t i;
> + uint32_t spl_checksum, spl_len;
> + uint32_t *buf32 = (uint32_t *)buf;
> +
> + if (len < 32 || memcmp(buf + 4, "eGON.BT0", 8) != 0) {
> + fprintf(stderr, "Invalid file format: eGON header not found\n");
> + return;
> + }
> +
> + spl_checksum = 2 * le32toh(buf32[3]) - 0x5F0A6C39;
> + spl_len = le32toh(buf32[4]);
> +
> + if (spl_len > len || (spl_len % 4) != 0) {
> + fprintf(stderr, "Invalid file format: bad length\n");
> + return;
> + }
> +
> + len = spl_len;
> + for (i = 0; i < len / 4; i++)
> + spl_checksum -= le32toh(buf32[i]);
> +
> +
> + if (spl_checksum != 0) {
> + fprintf(stderr, "Invalid file format: bad checksum\n");
> + return;
> + }
> +
> + for (i = 0; len > 0 && sram_layout[i].size; i++) {
> + uint32_t chunk_addr = sram_layout[i].addr;
> + size_t chunk_size = sram_layout[i].size;
> + if (chunk_size > len)
> + chunk_size = len;
> + aw_fel_write(usb, buf, chunk_addr, chunk_size);
> + buf += chunk_size;
> + len -= chunk_size;
> + }
> +
> + if (len > 0) {
> + printf("The SPL size (%d) is too large\n", spl_len);
> + return;
> + }
> +
> + aw_fel_write(usb, spl_loader, 0x7e00, sizeof(spl_loader));
> + aw_fel_write(usb, sram_layout, 0x7e00 + sizeof(spl_loader),
> + (i + 1) * sizeof(*sram_layout));
> + aw_fel_execute(usb, 0x7e00);
> +}
> +
> static int aw_fel_get_endpoint(libusb_device_handle *usb)
> {
> struct libusb_device *dev = libusb_get_device(usb);
> @@ -343,6 +504,7 @@ int main(int argc, char **argv)
> " ver[sion] Show BROM version\n"
> " clear address length Clear memory\n"
> " fill address length value Fill memory\n"
> + " spl file Load and execute U-Boot SPL\n"
> , argv[0]
> );
> }
> @@ -387,7 +549,7 @@ int main(int argc, char **argv)
> aw_fel_execute(handle, strtoul(argv[2], NULL, 0));
> skip=3;
> } else if (strncmp(argv[1], "ver", 3) == 0 && argc > 1) {
> - aw_fel_get_version(handle);
> + aw_fel_print_version(handle);
> skip=1;
> } else if (strcmp(argv[1], "write") == 0 && argc > 3) {
> size_t size;
> @@ -408,6 +570,11 @@ int main(int argc, char **argv)
> } else if (strcmp(argv[1], "fill") == 0 && argc > 3) {
> aw_fel_fill(handle, strtoul(argv[2], NULL, 0), strtoul(argv[3], NULL, 0), (unsigned char)strtoul(argv[4], NULL, 0));
> skip=4;
> + } else if (strcmp(argv[1], "spl") == 0 && argc > 2) {
> + size_t size;
> + uint8_t *buf = load_file(argv[2], &size);
> + aw_fel_write_and_execute_spl(handle, buf, size);
> + skip=2;
> } else {
> fprintf(stderr,"Invalid command %s\n", argv[1]);
> exit(1);
--
Best regards,
Siarhei Siamashka
More information about the U-Boot
mailing list