Gitiles
Code Review Sign In
gerrit.devboardsforandroid.linaro.org / platform / external / u-boot / fa08d39517773882b07965ca4330777c6d6697ae / . / drivers / misc / cros_ec_sandbox.c
blob: 4bb1d60e5a9964c6d8415d015deb03a605565f26 [file] [log] [blame]
Simon Glassdf93d902014-02-27 13:26:12 -0700[diff] [blame]1/*
2 * Chromium OS cros_ec driver - sandbox emulation
3 *
4 * Copyright (c) 2013 The Chromium OS Authors.
5 *
6 * SPDX-License-Identifier: GPL-2.0+
7 */
8
9#include <common.h>
10#include <cros_ec.h>
11#include <ec_commands.h>
12#include <errno.h>
13#include <hash.h>
14#include <malloc.h>
15#include <os.h>
16#include <sha256.h>
17#include <spi.h>
18#include <asm/state.h>
19#include <asm/sdl.h>
20#include <linux/input.h>
21
22/*
23 * Ultimately it shold be possible to connect an Chrome OS EC emulation
24 * to U-Boot and remove all of this code. But this provides a test
25 * environment for bringing up chromeos_sandbox and demonstrating its
26 * utility.
27 *
28 * This emulation includes the following:
29 *
30 * 1. Emulation of the keyboard, by converting keypresses received from SDL
31 * into key scan data, passed back from the EC as key scan messages. The
32 * key layout is read from the device tree.
33 *
34 * 2. Emulation of vboot context - so this can be read/written as required.
35 *
36 * 3. Save/restore of EC state, so that the vboot context, flash memory
37 * contents and current image can be preserved across boots. This is important
38 * since the EC is supposed to continue running even if the AP resets.
39 *
40 * 4. Some event support, in particular allowing Escape to be pressed on boot
41 * to enter recovery mode. The EC passes this to U-Boot through the normal
42 * event message.
43 *
44 * 5. Flash read/write/erase support, so that software sync works. The
45 * protect messages are supported but no protection is implemented.
46 *
47 * 6. Hashing of the EC image, again to support software sync.
48 *
49 * Other features can be added, although a better path is probably to link
50 * the EC image in with U-Boot (Vic has demonstrated a prototype for this).
51 */
52
53DECLARE_GLOBAL_DATA_PTR;
54
55#define KEYBOARD_ROWS 8
56#define KEYBOARD_COLS 13
57
58/* A single entry of the key matrix */
59struct ec_keymatrix_entry {
60 int row; /* key matrix row */
61 int col; /* key matrix column */
62 int keycode; /* corresponding linux key code */
63};
64
65/**
66 * struct ec_state - Information about the EC state
67 *
68 * @vbnv_context: Vboot context data stored by EC
69 * @ec_config: FDT config information about the EC (e.g. flashmap)
70 * @flash_data: Contents of flash memory
71 * @flash_data_len: Size of flash memory
72 * @current_image: Current image the EC is running
73 * @matrix_count: Number of keys to decode in matrix
74 * @matrix: Information about keyboard matrix
75 * @keyscan: Current keyscan information (bit set for each row/column pressed)
76 * @recovery_req: Keyboard recovery requested
77 */
78struct ec_state {
79 uint8_t vbnv_context[EC_VBNV_BLOCK_SIZE];
80 struct fdt_cros_ec ec_config;
81 uint8_t *flash_data;
82 int flash_data_len;
83 enum ec_current_image current_image;
84 int matrix_count;
85 struct ec_keymatrix_entry *matrix; /* the key matrix info */
86 uint8_t keyscan[KEYBOARD_COLS];
87 bool recovery_req;
88} s_state, *state;
89
90/**
91 * cros_ec_read_state() - read the sandbox EC state from the state file
92 *
93 * If data is available, then blob and node will provide access to it. If
94 * not this function sets up an empty EC.
95 *
96 * @param blob: Pointer to device tree blob, or NULL if no data to read
97 * @param node: Node offset to read from
98 */
99static int cros_ec_read_state(const void *blob, int node)
100{
101 struct ec_state *ec = &s_state;
102 const char *prop;
103 int len;
104
105 /* Set everything to defaults */
106 ec->current_image = EC_IMAGE_RO;
107 if (!blob)
108 return 0;
109
110 /* Read the data if available */
111 ec->current_image = fdtdec_get_int(blob, node, "current-image",
112 EC_IMAGE_RO);
113 prop = fdt_getprop(blob, node, "vbnv-context", &len);
114 if (prop && len == sizeof(ec->vbnv_context))
115 memcpy(ec->vbnv_context, prop, len);
116
117 prop = fdt_getprop(blob, node, "flash-data", &len);
118 if (prop) {
119 ec->flash_data_len = len;
120 ec->flash_data = os_malloc(len);
121 if (!ec->flash_data)
122 return -ENOMEM;
123 memcpy(ec->flash_data, prop, len);
124 debug("%s: Loaded EC flash data size %#x\n", __func__, len);
125 }
126
127 return 0;
128}
129
130/**
131 * cros_ec_write_state() - Write out our state to the state file
132 *
133 * The caller will ensure that there is a node ready for the state. The node
134 * may already contain the old state, in which case it is overridden.
135 *
136 * @param blob: Device tree blob holding state
137 * @param node: Node to write our state into
138 */
139static int cros_ec_write_state(void *blob, int node)
140{
141 struct ec_state *ec = &s_state;
142
143 /* We are guaranteed enough space to write basic properties */
144 fdt_setprop_u32(blob, node, "current-image", ec->current_image);
145 fdt_setprop(blob, node, "vbnv-context", ec->vbnv_context,
146 sizeof(ec->vbnv_context));
147 return state_setprop(node, "flash-data", ec->flash_data,
148 ec->ec_config.flash.length);
149}
150
151SANDBOX_STATE_IO(cros_ec, "google,cros-ec", cros_ec_read_state,
152 cros_ec_write_state);
153
154/**
155 * Return the number of bytes used in the specified image.
156 *
157 * This is the actual size of code+data in the image, as opposed to the
158 * amount of space reserved in flash for that image. This code is similar to
159 * that used by the real EC code base.
160 *
161 * @param ec Current emulated EC state
162 * @param entry Flash map entry containing the image to check
163 * @return actual image size in bytes, 0 if the image contains no content or
164 * error.
165 */
166static int get_image_used(struct ec_state *ec, struct fmap_entry *entry)
167{
168 int size;
169
170 /*
171 * Scan backwards looking for 0xea byte, which is by definition the
172 * last byte of the image. See ec.lds.S for how this is inserted at
173 * the end of the image.
174 */
175 for (size = entry->length - 1;
176 size > 0 && ec->flash_data[entry->offset + size] != 0xea;
177 size--)
178 ;
179
180 return size ? size + 1 : 0; /* 0xea byte IS part of the image */
181}
182
183/**
184 * Read the key matrix from the device tree
185 *
186 * Keymap entries in the fdt take the form of 0xRRCCKKKK where
187 * RR=Row CC=Column KKKK=Key Code
188 *
189 * @param ec Current emulated EC state
190 * @param blob Device tree blob containing keyscan information
191 * @param node Keyboard node of device tree containing keyscan information
192 * @return 0 if ok, -1 on error
193 */
194static int keyscan_read_fdt_matrix(struct ec_state *ec, const void *blob,
195 int node)
196{
197 const u32 *cell;
198 int upto;
199 int len;
200
201 cell = fdt_getprop(blob, node, "linux,keymap", &len);
202 ec->matrix_count = len / 4;
203 ec->matrix = calloc(ec->matrix_count, sizeof(*ec->matrix));
204 if (!ec->matrix) {
205 debug("%s: Out of memory for key matrix\n", __func__);
206 return -1;
207 }
208
209 /* Now read the data */
210 for (upto = 0; upto < ec->matrix_count; upto++) {
211 struct ec_keymatrix_entry *matrix = &ec->matrix[upto];
212 u32 word;
213
214 word = fdt32_to_cpu(*cell++);
215 matrix->row = word >> 24;
216 matrix->col = (word >> 16) & 0xff;
217 matrix->keycode = word & 0xffff;
218
219 /* Hard-code some sanity limits for now */
220 if (matrix->row >= KEYBOARD_ROWS ||
221 matrix->col >= KEYBOARD_COLS) {
222 debug("%s: Matrix pos out of range (%d,%d)\n",
223 __func__, matrix->row, matrix->col);
224 return -1;
225 }
226 }
227
228 if (upto != ec->matrix_count) {
229 debug("%s: Read mismatch from key matrix\n", __func__);
230 return -1;
231 }
232
233 return 0;
234}
235
236/**
237 * Return the next keyscan message contents
238 *
239 * @param ec Current emulated EC state
240 * @param scan Place to put keyscan bytes for the keyscan message (must hold
241 * enough space for a full keyscan)
242 * @return number of bytes of valid scan data
243 */
244static int cros_ec_keyscan(struct ec_state *ec, uint8_t *scan)
245{
246 const struct ec_keymatrix_entry *matrix;
247 int bytes = KEYBOARD_COLS;
248 int key[8]; /* allow up to 8 keys to be pressed at once */
249 int count;
250 int i;
251
252 memset(ec->keyscan, '\0', bytes);
253 count = sandbox_sdl_scan_keys(key, ARRAY_SIZE(key));
254
255 /* Look up keycode in matrix */
256 for (i = 0, matrix = ec->matrix; i < ec->matrix_count; i++, matrix++) {
257 bool found;
258 int j;
259
260 for (found = false, j = 0; j < count; j++) {
261 if (matrix->keycode == key[j])
262 found = true;
263 }
264
265 if (found) {
266 debug("%d: %d,%d\n", matrix->keycode, matrix->row,
267 matrix->col);
268 ec->keyscan[matrix->col] |= 1 << matrix->row;
269 }
270 }
271
272 memcpy(scan, ec->keyscan, bytes);
273 return bytes;
274}
275
276/**
277 * Process an emulated EC command
278 *
279 * @param ec Current emulated EC state
280 * @param req_hdr Pointer to request header
281 * @param req_data Pointer to body of request
282 * @param resp_hdr Pointer to place to put response header
283 * @param resp_data Pointer to place to put response data, if any
284 * @return length of response data, or 0 for no response data, or -1 on error
285 */
286static int process_cmd(struct ec_state *ec,
287 struct ec_host_request *req_hdr, const void *req_data,
288 struct ec_host_response *resp_hdr, void *resp_data)
289{
290 int len;
291
292 /* TODO(sjg@chromium.org): Check checksums */
293 debug("EC command %#0x\n", req_hdr->command);
294
295 switch (req_hdr->command) {
296 case EC_CMD_HELLO: {
297 const struct ec_params_hello *req = req_data;
298 struct ec_response_hello *resp = resp_data;
299
300 resp->out_data = req->in_data + 0x01020304;
301 len = sizeof(*resp);
302 break;
303 }
304 case EC_CMD_GET_VERSION: {
305 struct ec_response_get_version *resp = resp_data;
306
307 strcpy(resp->version_string_ro, "sandbox_ro");
308 strcpy(resp->version_string_rw, "sandbox_rw");
309 resp->current_image = ec->current_image;
310 debug("Current image %d\n", resp->current_image);
311 len = sizeof(*resp);
312 break;
313 }
314 case EC_CMD_VBNV_CONTEXT: {
315 const struct ec_params_vbnvcontext *req = req_data;
316 struct ec_response_vbnvcontext *resp = resp_data;
317
318 switch (req->op) {
319 case EC_VBNV_CONTEXT_OP_READ:
320 memcpy(resp->block, ec->vbnv_context,
321 sizeof(resp->block));
322 len = sizeof(*resp);
323 break;
324 case EC_VBNV_CONTEXT_OP_WRITE:
325 memcpy(ec->vbnv_context, resp->block,
326 sizeof(resp->block));
327 len = 0;
328 break;
329 default:
330 printf(" ** Unknown vbnv_context command %#02x\n",
331 req->op);
332 return -1;
333 }
334 break;
335 }
336 case EC_CMD_REBOOT_EC: {
337 const struct ec_params_reboot_ec *req = req_data;
338
339 printf("Request reboot type %d\n", req->cmd);
340 switch (req->cmd) {
341 case EC_REBOOT_DISABLE_JUMP:
342 len = 0;
343 break;
344 case EC_REBOOT_JUMP_RW:
345 ec->current_image = EC_IMAGE_RW;
346 len = 0;
347 break;
348 default:
349 puts(" ** Unknown type");
350 return -1;
351 }
352 break;
353 }
354 case EC_CMD_HOST_EVENT_GET_B: {
355 struct ec_response_host_event_mask *resp = resp_data;
356
357 resp->mask = 0;
358 if (ec->recovery_req) {
359 resp->mask |= EC_HOST_EVENT_MASK(
360 EC_HOST_EVENT_KEYBOARD_RECOVERY);
361 }
362
363 len = sizeof(*resp);
364 break;
365 }
366 case EC_CMD_VBOOT_HASH: {
367 const struct ec_params_vboot_hash *req = req_data;
368 struct ec_response_vboot_hash *resp = resp_data;
369 struct fmap_entry *entry;
370 int ret, size;
371
372 entry = &state->ec_config.region[EC_FLASH_REGION_RW];
373
374 switch (req->cmd) {
375 case EC_VBOOT_HASH_RECALC:
376 case EC_VBOOT_HASH_GET:
377 size = SHA256_SUM_LEN;
378 len = get_image_used(ec, entry);
379 ret = hash_block("sha256",
380 ec->flash_data + entry->offset,
381 len, resp->hash_digest, &size);
382 if (ret) {
383 printf(" ** hash_block() failed\n");
384 return -1;
385 }
386 resp->status = EC_VBOOT_HASH_STATUS_DONE;
387 resp->hash_type = EC_VBOOT_HASH_TYPE_SHA256;
388 resp->digest_size = size;
389 resp->reserved0 = 0;
390 resp->offset = entry->offset;
391 resp->size = len;
392 len = sizeof(*resp);
393 break;
394 default:
395 printf(" ** EC_CMD_VBOOT_HASH: Unknown command %d\n",
396 req->cmd);
397 return -1;
398 }
399 break;
400 }
401 case EC_CMD_FLASH_PROTECT: {
402 const struct ec_params_flash_protect *req = req_data;
403 struct ec_response_flash_protect *resp = resp_data;
404 uint32_t expect = EC_FLASH_PROTECT_ALL_NOW |
405 EC_FLASH_PROTECT_ALL_AT_BOOT;
406
407 printf("mask=%#x, flags=%#x\n", req->mask, req->flags);
408 if (req->flags == expect || req->flags == 0) {
409 resp->flags = req->flags ? EC_FLASH_PROTECT_ALL_NOW :
410 0;
411 resp->valid_flags = EC_FLASH_PROTECT_ALL_NOW;
412 resp->writable_flags = 0;
413 len = sizeof(*resp);
414 } else {
415 puts(" ** unexpected flash protect request\n");
416 return -1;
417 }
418 break;
419 }
420 case EC_CMD_FLASH_REGION_INFO: {
421 const struct ec_params_flash_region_info *req = req_data;
422 struct ec_response_flash_region_info *resp = resp_data;
423 struct fmap_entry *entry;
424
425 switch (req->region) {
426 case EC_FLASH_REGION_RO:
427 case EC_FLASH_REGION_RW:
428 case EC_FLASH_REGION_WP_RO:
429 entry = &state->ec_config.region[req->region];
430 resp->offset = entry->offset;
431 resp->size = entry->length;
432 len = sizeof(*resp);
433 printf("EC flash region %d: offset=%#x, size=%#x\n",
434 req->region, resp->offset, resp->size);
435 break;
436 default:
437 printf("** Unknown flash region %d\n", req->region);
438 return -1;
439 }
440 break;
441 }
442 case EC_CMD_FLASH_ERASE: {
443 const struct ec_params_flash_erase *req = req_data;
444
445 memset(ec->flash_data + req->offset,
446 ec->ec_config.flash_erase_value,
447 req->size);
448 len = 0;
449 break;
450 }
451 case EC_CMD_FLASH_WRITE: {
452 const struct ec_params_flash_write *req = req_data;
453
454 memcpy(ec->flash_data + req->offset, req + 1, req->size);
455 len = 0;
456 break;
457 }
458 case EC_CMD_MKBP_STATE:
459 len = cros_ec_keyscan(ec, resp_data);
460 break;
461 default:
462 printf(" ** Unknown EC command %#02x\n", req_hdr->command);
463 return -1;
464 }
465
466 return len;
467}
468
469int cros_ec_sandbox_packet(struct cros_ec_dev *dev, int out_bytes,
470 int in_bytes)
471{
472 struct ec_host_request *req_hdr = (struct ec_host_request *)dev->dout;
473 const void *req_data = req_hdr + 1;
474 struct ec_host_response *resp_hdr = (struct ec_host_response *)dev->din;
475 void *resp_data = resp_hdr + 1;
476 int len;
477
478 len = process_cmd(&s_state, req_hdr, req_data, resp_hdr, resp_data);
479 if (len < 0)
480 return len;
481
482 resp_hdr->struct_version = 3;
483 resp_hdr->result = EC_RES_SUCCESS;
484 resp_hdr->data_len = len;
485 resp_hdr->reserved = 0;
486 len += sizeof(*resp_hdr);
487 resp_hdr->checksum = 0;
488 resp_hdr->checksum = (uint8_t)
489 -cros_ec_calc_checksum((const uint8_t *)resp_hdr, len);
490
491 return in_bytes;
492}
493
494int cros_ec_sandbox_decode_fdt(struct cros_ec_dev *dev, const void *blob)
495{
496 return 0;
497}
498
499void cros_ec_check_keyboard(struct cros_ec_dev *dev)
500{
501 struct ec_state *ec = &s_state;
502 ulong start;
503
504 printf("Press keys for EC to detect on reset (ESC=recovery)...");
505 start = get_timer(0);
506 while (get_timer(start) < 1000)
507 ;
508 putc('\n');
509 if (!sandbox_sdl_key_pressed(KEY_ESC)) {
510 ec->recovery_req = true;
511 printf(" - EC requests recovery\n");
512 }
513}
514
515/**
516 * Initialize sandbox EC emulation.
517 *
518 * @param dev CROS_EC device
519 * @param blob Device tree blob
520 * @return 0 if ok, -1 on error
521 */
522int cros_ec_sandbox_init(struct cros_ec_dev *dev, const void *blob)
523{
524 struct ec_state *ec = &s_state;
525 int node;
526 int err;
527
528 state = &s_state;
529 err = cros_ec_decode_ec_flash(blob, &ec->ec_config);
530 if (err)
531 return err;
532
533 node = fdtdec_next_compatible(blob, 0, COMPAT_GOOGLE_CROS_EC_KEYB);
534 if (node < 0) {
535 debug("%s: No cros_ec keyboard found\n", __func__);
536 } else if (keyscan_read_fdt_matrix(ec, blob, node)) {
537 debug("%s: Could not read key matrix\n", __func__);
538 return -1;
539 }
540
541 /* If we loaded EC data, check that the length matches */
542 if (ec->flash_data &&
543 ec->flash_data_len != ec->ec_config.flash.length) {
544 printf("EC data length is %x, expected %x, discarding data\n",
545 ec->flash_data_len, ec->ec_config.flash.length);
546 os_free(ec->flash_data);
547 ec->flash_data = NULL;
548 }
549
550 /* Otherwise allocate the memory */
551 if (!ec->flash_data) {
552 ec->flash_data_len = ec->ec_config.flash.length;
553 ec->flash_data = os_malloc(ec->flash_data_len);
554 if (!ec->flash_data)
555 return -ENOMEM;
556 }
557
558 return 0;
559}