1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (c) 2016, Zodiac Inflight Innovations 4 * Copyright (c) 2007-2016, Synaptics Incorporated 5 * Copyright (C) 2012 Alexandra Chin <alexandra.chin@tw.synaptics.com> 6 * Copyright (C) 2012 Scott Lin <scott.lin@tw.synaptics.com> 7 */ 8 9 #include <linux/bitops.h> 10 #include <linux/kernel.h> 11 #include <linux/rmi.h> 12 #include <linux/firmware.h> 13 #include <linux/delay.h> 14 #include <linux/slab.h> 15 #include <linux/jiffies.h> 16 #include <asm/unaligned.h> 17 18 #include "rmi_driver.h" 19 #include "rmi_f34.h" 20 21 static int rmi_f34v7_read_flash_status(struct f34_data *f34) 22 { 23 u8 status; 24 u8 command; 25 int ret; 26 27 ret = rmi_read_block(f34->fn->rmi_dev, 28 f34->fn->fd.data_base_addr + V7_FLASH_STATUS_OFFSET, 29 &status, 30 sizeof(status)); 31 if (ret < 0) { 32 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, 33 "%s: Error %d reading flash status\n", __func__, ret); 34 return ret; 35 } 36 37 f34->v7.in_bl_mode = status >> 7; 38 f34->v7.flash_status = status & 0x1f; 39 40 if (f34->v7.flash_status != 0x00) { 41 dev_err(&f34->fn->dev, "%s: status=%d, command=0x%02x\n", 42 __func__, f34->v7.flash_status, f34->v7.command); 43 } 44 45 ret = rmi_read_block(f34->fn->rmi_dev, 46 f34->fn->fd.data_base_addr + V7_COMMAND_OFFSET, 47 &command, 48 sizeof(command)); 49 if (ret < 0) { 50 dev_err(&f34->fn->dev, "%s: Failed to read flash command\n", 51 __func__); 52 return ret; 53 } 54 55 f34->v7.command = command; 56 57 return 0; 58 } 59 60 static int rmi_f34v7_wait_for_idle(struct f34_data *f34, int timeout_ms) 61 { 62 unsigned long timeout; 63 64 timeout = msecs_to_jiffies(timeout_ms); 65 66 if (!wait_for_completion_timeout(&f34->v7.cmd_done, timeout)) { 67 dev_warn(&f34->fn->dev, "%s: Timed out waiting for idle status\n", 68 __func__); 69 return -ETIMEDOUT; 70 } 71 72 return 0; 73 } 74 75 static int rmi_f34v7_check_command_status(struct f34_data *f34, int timeout_ms) 76 { 77 int ret; 78 79 ret = rmi_f34v7_wait_for_idle(f34, timeout_ms); 80 if (ret < 0) 81 return ret; 82 83 ret = rmi_f34v7_read_flash_status(f34); 84 if (ret < 0) 85 return ret; 86 87 if (f34->v7.flash_status != 0x00) 88 return -EIO; 89 90 return 0; 91 } 92 93 static int rmi_f34v7_write_command_single_transaction(struct f34_data *f34, 94 u8 cmd) 95 { 96 int ret; 97 u8 base; 98 struct f34v7_data_1_5 data_1_5; 99 100 base = f34->fn->fd.data_base_addr; 101 102 memset(&data_1_5, 0, sizeof(data_1_5)); 103 104 switch (cmd) { 105 case v7_CMD_ERASE_ALL: 106 data_1_5.partition_id = CORE_CODE_PARTITION; 107 data_1_5.command = CMD_V7_ERASE_AP; 108 break; 109 case v7_CMD_ERASE_UI_FIRMWARE: 110 data_1_5.partition_id = CORE_CODE_PARTITION; 111 data_1_5.command = CMD_V7_ERASE; 112 break; 113 case v7_CMD_ERASE_BL_CONFIG: 114 data_1_5.partition_id = GLOBAL_PARAMETERS_PARTITION; 115 data_1_5.command = CMD_V7_ERASE; 116 break; 117 case v7_CMD_ERASE_UI_CONFIG: 118 data_1_5.partition_id = CORE_CONFIG_PARTITION; 119 data_1_5.command = CMD_V7_ERASE; 120 break; 121 case v7_CMD_ERASE_DISP_CONFIG: 122 data_1_5.partition_id = DISPLAY_CONFIG_PARTITION; 123 data_1_5.command = CMD_V7_ERASE; 124 break; 125 case v7_CMD_ERASE_FLASH_CONFIG: 126 data_1_5.partition_id = FLASH_CONFIG_PARTITION; 127 data_1_5.command = CMD_V7_ERASE; 128 break; 129 case v7_CMD_ERASE_GUEST_CODE: 130 data_1_5.partition_id = GUEST_CODE_PARTITION; 131 data_1_5.command = CMD_V7_ERASE; 132 break; 133 case v7_CMD_ENABLE_FLASH_PROG: 134 data_1_5.partition_id = BOOTLOADER_PARTITION; 135 data_1_5.command = CMD_V7_ENTER_BL; 136 break; 137 } 138 139 data_1_5.payload[0] = f34->bootloader_id[0]; 140 data_1_5.payload[1] = f34->bootloader_id[1]; 141 142 ret = rmi_write_block(f34->fn->rmi_dev, 143 base + V7_PARTITION_ID_OFFSET, 144 &data_1_5, sizeof(data_1_5)); 145 if (ret < 0) { 146 dev_err(&f34->fn->dev, 147 "%s: Failed to write single transaction command\n", 148 __func__); 149 return ret; 150 } 151 152 return 0; 153 } 154 155 static int rmi_f34v7_write_command(struct f34_data *f34, u8 cmd) 156 { 157 int ret; 158 u8 base; 159 u8 command; 160 161 base = f34->fn->fd.data_base_addr; 162 163 switch (cmd) { 164 case v7_CMD_WRITE_FW: 165 case v7_CMD_WRITE_CONFIG: 166 case v7_CMD_WRITE_GUEST_CODE: 167 command = CMD_V7_WRITE; 168 break; 169 case v7_CMD_READ_CONFIG: 170 command = CMD_V7_READ; 171 break; 172 case v7_CMD_ERASE_ALL: 173 command = CMD_V7_ERASE_AP; 174 break; 175 case v7_CMD_ERASE_UI_FIRMWARE: 176 case v7_CMD_ERASE_BL_CONFIG: 177 case v7_CMD_ERASE_UI_CONFIG: 178 case v7_CMD_ERASE_DISP_CONFIG: 179 case v7_CMD_ERASE_FLASH_CONFIG: 180 case v7_CMD_ERASE_GUEST_CODE: 181 command = CMD_V7_ERASE; 182 break; 183 case v7_CMD_ENABLE_FLASH_PROG: 184 command = CMD_V7_ENTER_BL; 185 break; 186 default: 187 dev_err(&f34->fn->dev, "%s: Invalid command 0x%02x\n", 188 __func__, cmd); 189 return -EINVAL; 190 } 191 192 f34->v7.command = command; 193 194 switch (cmd) { 195 case v7_CMD_ERASE_ALL: 196 case v7_CMD_ERASE_UI_FIRMWARE: 197 case v7_CMD_ERASE_BL_CONFIG: 198 case v7_CMD_ERASE_UI_CONFIG: 199 case v7_CMD_ERASE_DISP_CONFIG: 200 case v7_CMD_ERASE_FLASH_CONFIG: 201 case v7_CMD_ERASE_GUEST_CODE: 202 case v7_CMD_ENABLE_FLASH_PROG: 203 ret = rmi_f34v7_write_command_single_transaction(f34, cmd); 204 if (ret < 0) 205 return ret; 206 else 207 return 0; 208 default: 209 break; 210 } 211 212 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, "%s: writing cmd %02X\n", 213 __func__, command); 214 215 ret = rmi_write_block(f34->fn->rmi_dev, 216 base + V7_COMMAND_OFFSET, 217 &command, sizeof(command)); 218 if (ret < 0) { 219 dev_err(&f34->fn->dev, "%s: Failed to write flash command\n", 220 __func__); 221 return ret; 222 } 223 224 return 0; 225 } 226 227 static int rmi_f34v7_write_partition_id(struct f34_data *f34, u8 cmd) 228 { 229 int ret; 230 u8 base; 231 u8 partition; 232 233 base = f34->fn->fd.data_base_addr; 234 235 switch (cmd) { 236 case v7_CMD_WRITE_FW: 237 partition = CORE_CODE_PARTITION; 238 break; 239 case v7_CMD_WRITE_CONFIG: 240 case v7_CMD_READ_CONFIG: 241 if (f34->v7.config_area == v7_UI_CONFIG_AREA) 242 partition = CORE_CONFIG_PARTITION; 243 else if (f34->v7.config_area == v7_DP_CONFIG_AREA) 244 partition = DISPLAY_CONFIG_PARTITION; 245 else if (f34->v7.config_area == v7_PM_CONFIG_AREA) 246 partition = GUEST_SERIALIZATION_PARTITION; 247 else if (f34->v7.config_area == v7_BL_CONFIG_AREA) 248 partition = GLOBAL_PARAMETERS_PARTITION; 249 else if (f34->v7.config_area == v7_FLASH_CONFIG_AREA) 250 partition = FLASH_CONFIG_PARTITION; 251 break; 252 case v7_CMD_WRITE_GUEST_CODE: 253 partition = GUEST_CODE_PARTITION; 254 break; 255 case v7_CMD_ERASE_ALL: 256 partition = CORE_CODE_PARTITION; 257 break; 258 case v7_CMD_ERASE_BL_CONFIG: 259 partition = GLOBAL_PARAMETERS_PARTITION; 260 break; 261 case v7_CMD_ERASE_UI_CONFIG: 262 partition = CORE_CONFIG_PARTITION; 263 break; 264 case v7_CMD_ERASE_DISP_CONFIG: 265 partition = DISPLAY_CONFIG_PARTITION; 266 break; 267 case v7_CMD_ERASE_FLASH_CONFIG: 268 partition = FLASH_CONFIG_PARTITION; 269 break; 270 case v7_CMD_ERASE_GUEST_CODE: 271 partition = GUEST_CODE_PARTITION; 272 break; 273 case v7_CMD_ENABLE_FLASH_PROG: 274 partition = BOOTLOADER_PARTITION; 275 break; 276 default: 277 dev_err(&f34->fn->dev, "%s: Invalid command 0x%02x\n", 278 __func__, cmd); 279 return -EINVAL; 280 } 281 282 ret = rmi_write_block(f34->fn->rmi_dev, 283 base + V7_PARTITION_ID_OFFSET, 284 &partition, sizeof(partition)); 285 if (ret < 0) { 286 dev_err(&f34->fn->dev, "%s: Failed to write partition ID\n", 287 __func__); 288 return ret; 289 } 290 291 return 0; 292 } 293 294 static int rmi_f34v7_read_partition_table(struct f34_data *f34) 295 { 296 int ret; 297 unsigned long timeout; 298 u8 base; 299 __le16 length; 300 u16 block_number = 0; 301 302 base = f34->fn->fd.data_base_addr; 303 304 f34->v7.config_area = v7_FLASH_CONFIG_AREA; 305 306 ret = rmi_f34v7_write_partition_id(f34, v7_CMD_READ_CONFIG); 307 if (ret < 0) 308 return ret; 309 310 ret = rmi_write_block(f34->fn->rmi_dev, 311 base + V7_BLOCK_NUMBER_OFFSET, 312 &block_number, sizeof(block_number)); 313 if (ret < 0) { 314 dev_err(&f34->fn->dev, "%s: Failed to write block number\n", 315 __func__); 316 return ret; 317 } 318 319 put_unaligned_le16(f34->v7.flash_config_length, &length); 320 321 ret = rmi_write_block(f34->fn->rmi_dev, 322 base + V7_TRANSFER_LENGTH_OFFSET, 323 &length, sizeof(length)); 324 if (ret < 0) { 325 dev_err(&f34->fn->dev, "%s: Failed to write transfer length\n", 326 __func__); 327 return ret; 328 } 329 330 init_completion(&f34->v7.cmd_done); 331 332 ret = rmi_f34v7_write_command(f34, v7_CMD_READ_CONFIG); 333 if (ret < 0) { 334 dev_err(&f34->fn->dev, "%s: Failed to write command\n", 335 __func__); 336 return ret; 337 } 338 339 /* 340 * rmi_f34v7_check_command_status() can't be used here, as this 341 * function is called before IRQs are available 342 */ 343 timeout = msecs_to_jiffies(F34_WRITE_WAIT_MS); 344 while (time_before(jiffies, timeout)) { 345 usleep_range(5000, 6000); 346 rmi_f34v7_read_flash_status(f34); 347 348 if (f34->v7.command == v7_CMD_IDLE && 349 f34->v7.flash_status == 0x00) { 350 break; 351 } 352 } 353 354 ret = rmi_read_block(f34->fn->rmi_dev, 355 base + V7_PAYLOAD_OFFSET, 356 f34->v7.read_config_buf, 357 f34->v7.partition_table_bytes); 358 if (ret < 0) { 359 dev_err(&f34->fn->dev, "%s: Failed to read block data\n", 360 __func__); 361 return ret; 362 } 363 364 return 0; 365 } 366 367 static void rmi_f34v7_parse_partition_table(struct f34_data *f34, 368 const void *partition_table, 369 struct block_count *blkcount, 370 struct physical_address *phyaddr) 371 { 372 int i; 373 int index; 374 u16 partition_length; 375 u16 physical_address; 376 const struct partition_table *ptable; 377 378 for (i = 0; i < f34->v7.partitions; i++) { 379 index = i * 8 + 2; 380 ptable = partition_table + index; 381 partition_length = le16_to_cpu(ptable->partition_length); 382 physical_address = le16_to_cpu(ptable->start_physical_address); 383 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, 384 "%s: Partition entry %d: %*ph\n", 385 __func__, i, sizeof(struct partition_table), ptable); 386 switch (ptable->partition_id & 0x1f) { 387 case CORE_CODE_PARTITION: 388 blkcount->ui_firmware = partition_length; 389 phyaddr->ui_firmware = physical_address; 390 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, 391 "%s: Core code block count: %d\n", 392 __func__, blkcount->ui_firmware); 393 break; 394 case CORE_CONFIG_PARTITION: 395 blkcount->ui_config = partition_length; 396 phyaddr->ui_config = physical_address; 397 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, 398 "%s: Core config block count: %d\n", 399 __func__, blkcount->ui_config); 400 break; 401 case DISPLAY_CONFIG_PARTITION: 402 blkcount->dp_config = partition_length; 403 phyaddr->dp_config = physical_address; 404 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, 405 "%s: Display config block count: %d\n", 406 __func__, blkcount->dp_config); 407 break; 408 case FLASH_CONFIG_PARTITION: 409 blkcount->fl_config = partition_length; 410 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, 411 "%s: Flash config block count: %d\n", 412 __func__, blkcount->fl_config); 413 break; 414 case GUEST_CODE_PARTITION: 415 blkcount->guest_code = partition_length; 416 phyaddr->guest_code = physical_address; 417 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, 418 "%s: Guest code block count: %d\n", 419 __func__, blkcount->guest_code); 420 break; 421 case GUEST_SERIALIZATION_PARTITION: 422 blkcount->pm_config = partition_length; 423 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, 424 "%s: Guest serialization block count: %d\n", 425 __func__, blkcount->pm_config); 426 break; 427 case GLOBAL_PARAMETERS_PARTITION: 428 blkcount->bl_config = partition_length; 429 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, 430 "%s: Global parameters block count: %d\n", 431 __func__, blkcount->bl_config); 432 break; 433 case DEVICE_CONFIG_PARTITION: 434 blkcount->lockdown = partition_length; 435 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, 436 "%s: Device config block count: %d\n", 437 __func__, blkcount->lockdown); 438 break; 439 } 440 } 441 } 442 443 static int rmi_f34v7_read_queries_bl_version(struct f34_data *f34) 444 { 445 int ret; 446 u8 base; 447 int offset; 448 u8 query_0; 449 struct f34v7_query_1_7 query_1_7; 450 451 base = f34->fn->fd.query_base_addr; 452 453 ret = rmi_read_block(f34->fn->rmi_dev, 454 base, 455 &query_0, 456 sizeof(query_0)); 457 if (ret < 0) { 458 dev_err(&f34->fn->dev, 459 "%s: Failed to read query 0\n", __func__); 460 return ret; 461 } 462 463 offset = (query_0 & 0x7) + 1; 464 465 ret = rmi_read_block(f34->fn->rmi_dev, 466 base + offset, 467 &query_1_7, 468 sizeof(query_1_7)); 469 if (ret < 0) { 470 dev_err(&f34->fn->dev, "%s: Failed to read queries 1 to 7\n", 471 __func__); 472 return ret; 473 } 474 475 f34->bootloader_id[0] = query_1_7.bl_minor_revision; 476 f34->bootloader_id[1] = query_1_7.bl_major_revision; 477 478 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, "Bootloader V%d.%d\n", 479 f34->bootloader_id[1], f34->bootloader_id[0]); 480 481 return 0; 482 } 483 484 static int rmi_f34v7_read_queries(struct f34_data *f34) 485 { 486 int ret; 487 int i; 488 u8 base; 489 int offset; 490 u8 *ptable; 491 u8 query_0; 492 struct f34v7_query_1_7 query_1_7; 493 494 base = f34->fn->fd.query_base_addr; 495 496 ret = rmi_read_block(f34->fn->rmi_dev, 497 base, 498 &query_0, 499 sizeof(query_0)); 500 if (ret < 0) { 501 dev_err(&f34->fn->dev, 502 "%s: Failed to read query 0\n", __func__); 503 return ret; 504 } 505 506 offset = (query_0 & 0x07) + 1; 507 508 ret = rmi_read_block(f34->fn->rmi_dev, 509 base + offset, 510 &query_1_7, 511 sizeof(query_1_7)); 512 if (ret < 0) { 513 dev_err(&f34->fn->dev, "%s: Failed to read queries 1 to 7\n", 514 __func__); 515 return ret; 516 } 517 518 f34->bootloader_id[0] = query_1_7.bl_minor_revision; 519 f34->bootloader_id[1] = query_1_7.bl_major_revision; 520 521 f34->v7.block_size = le16_to_cpu(query_1_7.block_size); 522 f34->v7.flash_config_length = 523 le16_to_cpu(query_1_7.flash_config_length); 524 f34->v7.payload_length = le16_to_cpu(query_1_7.payload_length); 525 526 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, "%s: f34->v7.block_size = %d\n", 527 __func__, f34->v7.block_size); 528 529 f34->v7.has_display_cfg = query_1_7.partition_support[1] & HAS_DISP_CFG; 530 f34->v7.has_guest_code = 531 query_1_7.partition_support[1] & HAS_GUEST_CODE; 532 533 if (query_0 & HAS_CONFIG_ID) { 534 u8 f34_ctrl[CONFIG_ID_SIZE]; 535 536 ret = rmi_read_block(f34->fn->rmi_dev, 537 f34->fn->fd.control_base_addr, 538 f34_ctrl, 539 sizeof(f34_ctrl)); 540 if (ret) 541 return ret; 542 543 /* Eat leading zeros */ 544 for (i = 0; i < sizeof(f34_ctrl) - 1 && !f34_ctrl[i]; i++) 545 /* Empty */; 546 547 snprintf(f34->configuration_id, sizeof(f34->configuration_id), 548 "%*phN", (int)sizeof(f34_ctrl) - i, f34_ctrl + i); 549 550 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, "Configuration ID: %s\n", 551 f34->configuration_id); 552 } 553 554 f34->v7.partitions = 0; 555 for (i = 0; i < sizeof(query_1_7.partition_support); i++) 556 f34->v7.partitions += hweight8(query_1_7.partition_support[i]); 557 558 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, "%s: Supported partitions: %*ph\n", 559 __func__, sizeof(query_1_7.partition_support), 560 query_1_7.partition_support); 561 562 563 f34->v7.partition_table_bytes = f34->v7.partitions * 8 + 2; 564 565 f34->v7.read_config_buf = devm_kzalloc(&f34->fn->dev, 566 f34->v7.partition_table_bytes, 567 GFP_KERNEL); 568 if (!f34->v7.read_config_buf) { 569 f34->v7.read_config_buf_size = 0; 570 return -ENOMEM; 571 } 572 573 f34->v7.read_config_buf_size = f34->v7.partition_table_bytes; 574 ptable = f34->v7.read_config_buf; 575 576 ret = rmi_f34v7_read_partition_table(f34); 577 if (ret < 0) { 578 dev_err(&f34->fn->dev, "%s: Failed to read partition table\n", 579 __func__); 580 return ret; 581 } 582 583 rmi_f34v7_parse_partition_table(f34, ptable, 584 &f34->v7.blkcount, &f34->v7.phyaddr); 585 586 return 0; 587 } 588 589 static int rmi_f34v7_check_bl_config_size(struct f34_data *f34) 590 { 591 u16 block_count; 592 593 block_count = f34->v7.img.bl_config.size / f34->v7.block_size; 594 f34->update_size += block_count; 595 596 if (block_count != f34->v7.blkcount.bl_config) { 597 dev_err(&f34->fn->dev, "Bootloader config size mismatch\n"); 598 return -EINVAL; 599 } 600 601 return 0; 602 } 603 604 static int rmi_f34v7_erase_all(struct f34_data *f34) 605 { 606 int ret; 607 608 dev_info(&f34->fn->dev, "Erasing firmware...\n"); 609 610 init_completion(&f34->v7.cmd_done); 611 612 ret = rmi_f34v7_write_command(f34, v7_CMD_ERASE_ALL); 613 if (ret < 0) 614 return ret; 615 616 ret = rmi_f34v7_check_command_status(f34, F34_ERASE_WAIT_MS); 617 if (ret < 0) 618 return ret; 619 620 return 0; 621 } 622 623 static int rmi_f34v7_read_blocks(struct f34_data *f34, 624 u16 block_cnt, u8 command) 625 { 626 int ret; 627 u8 base; 628 __le16 length; 629 u16 transfer; 630 u16 max_transfer; 631 u16 remaining = block_cnt; 632 u16 block_number = 0; 633 u16 index = 0; 634 635 base = f34->fn->fd.data_base_addr; 636 637 ret = rmi_f34v7_write_partition_id(f34, command); 638 if (ret < 0) 639 return ret; 640 641 ret = rmi_write_block(f34->fn->rmi_dev, 642 base + V7_BLOCK_NUMBER_OFFSET, 643 &block_number, sizeof(block_number)); 644 if (ret < 0) { 645 dev_err(&f34->fn->dev, "%s: Failed to write block number\n", 646 __func__); 647 return ret; 648 } 649 650 max_transfer = min(f34->v7.payload_length, 651 (u16)(PAGE_SIZE / f34->v7.block_size)); 652 653 do { 654 transfer = min(remaining, max_transfer); 655 put_unaligned_le16(transfer, &length); 656 657 ret = rmi_write_block(f34->fn->rmi_dev, 658 base + V7_TRANSFER_LENGTH_OFFSET, 659 &length, sizeof(length)); 660 if (ret < 0) { 661 dev_err(&f34->fn->dev, 662 "%s: Write transfer length fail (%d remaining)\n", 663 __func__, remaining); 664 return ret; 665 } 666 667 init_completion(&f34->v7.cmd_done); 668 669 ret = rmi_f34v7_write_command(f34, command); 670 if (ret < 0) 671 return ret; 672 673 ret = rmi_f34v7_check_command_status(f34, F34_ENABLE_WAIT_MS); 674 if (ret < 0) 675 return ret; 676 677 ret = rmi_read_block(f34->fn->rmi_dev, 678 base + V7_PAYLOAD_OFFSET, 679 &f34->v7.read_config_buf[index], 680 transfer * f34->v7.block_size); 681 if (ret < 0) { 682 dev_err(&f34->fn->dev, 683 "%s: Read block failed (%d blks remaining)\n", 684 __func__, remaining); 685 return ret; 686 } 687 688 index += (transfer * f34->v7.block_size); 689 remaining -= transfer; 690 } while (remaining); 691 692 return 0; 693 } 694 695 static int rmi_f34v7_write_f34v7_blocks(struct f34_data *f34, 696 const void *block_ptr, u16 block_cnt, 697 u8 command) 698 { 699 int ret; 700 u8 base; 701 __le16 length; 702 u16 transfer; 703 u16 max_transfer; 704 u16 remaining = block_cnt; 705 u16 block_number = 0; 706 707 base = f34->fn->fd.data_base_addr; 708 709 ret = rmi_f34v7_write_partition_id(f34, command); 710 if (ret < 0) 711 return ret; 712 713 ret = rmi_write_block(f34->fn->rmi_dev, 714 base + V7_BLOCK_NUMBER_OFFSET, 715 &block_number, sizeof(block_number)); 716 if (ret < 0) { 717 dev_err(&f34->fn->dev, "%s: Failed to write block number\n", 718 __func__); 719 return ret; 720 } 721 722 if (f34->v7.payload_length > (PAGE_SIZE / f34->v7.block_size)) 723 max_transfer = PAGE_SIZE / f34->v7.block_size; 724 else 725 max_transfer = f34->v7.payload_length; 726 727 do { 728 transfer = min(remaining, max_transfer); 729 put_unaligned_le16(transfer, &length); 730 731 init_completion(&f34->v7.cmd_done); 732 733 ret = rmi_write_block(f34->fn->rmi_dev, 734 base + V7_TRANSFER_LENGTH_OFFSET, 735 &length, sizeof(length)); 736 if (ret < 0) { 737 dev_err(&f34->fn->dev, 738 "%s: Write transfer length fail (%d remaining)\n", 739 __func__, remaining); 740 return ret; 741 } 742 743 ret = rmi_f34v7_write_command(f34, command); 744 if (ret < 0) 745 return ret; 746 747 ret = rmi_write_block(f34->fn->rmi_dev, 748 base + V7_PAYLOAD_OFFSET, 749 block_ptr, transfer * f34->v7.block_size); 750 if (ret < 0) { 751 dev_err(&f34->fn->dev, 752 "%s: Failed writing data (%d blks remaining)\n", 753 __func__, remaining); 754 return ret; 755 } 756 757 ret = rmi_f34v7_check_command_status(f34, F34_ENABLE_WAIT_MS); 758 if (ret < 0) 759 return ret; 760 761 block_ptr += (transfer * f34->v7.block_size); 762 remaining -= transfer; 763 f34->update_progress += transfer; 764 f34->update_status = (f34->update_progress * 100) / 765 f34->update_size; 766 } while (remaining); 767 768 return 0; 769 } 770 771 static int rmi_f34v7_write_config(struct f34_data *f34) 772 { 773 return rmi_f34v7_write_f34v7_blocks(f34, f34->v7.config_data, 774 f34->v7.config_block_count, 775 v7_CMD_WRITE_CONFIG); 776 } 777 778 static int rmi_f34v7_write_ui_config(struct f34_data *f34) 779 { 780 f34->v7.config_area = v7_UI_CONFIG_AREA; 781 f34->v7.config_data = f34->v7.img.ui_config.data; 782 f34->v7.config_size = f34->v7.img.ui_config.size; 783 f34->v7.config_block_count = f34->v7.config_size / f34->v7.block_size; 784 785 return rmi_f34v7_write_config(f34); 786 } 787 788 static int rmi_f34v7_write_dp_config(struct f34_data *f34) 789 { 790 f34->v7.config_area = v7_DP_CONFIG_AREA; 791 f34->v7.config_data = f34->v7.img.dp_config.data; 792 f34->v7.config_size = f34->v7.img.dp_config.size; 793 f34->v7.config_block_count = f34->v7.config_size / f34->v7.block_size; 794 795 return rmi_f34v7_write_config(f34); 796 } 797 798 static int rmi_f34v7_write_guest_code(struct f34_data *f34) 799 { 800 return rmi_f34v7_write_f34v7_blocks(f34, f34->v7.img.guest_code.data, 801 f34->v7.img.guest_code.size / 802 f34->v7.block_size, 803 v7_CMD_WRITE_GUEST_CODE); 804 } 805 806 static int rmi_f34v7_write_flash_config(struct f34_data *f34) 807 { 808 int ret; 809 810 f34->v7.config_area = v7_FLASH_CONFIG_AREA; 811 f34->v7.config_data = f34->v7.img.fl_config.data; 812 f34->v7.config_size = f34->v7.img.fl_config.size; 813 f34->v7.config_block_count = f34->v7.config_size / f34->v7.block_size; 814 815 if (f34->v7.config_block_count != f34->v7.blkcount.fl_config) { 816 dev_err(&f34->fn->dev, "%s: Flash config size mismatch\n", 817 __func__); 818 return -EINVAL; 819 } 820 821 init_completion(&f34->v7.cmd_done); 822 823 ret = rmi_f34v7_write_config(f34); 824 if (ret < 0) 825 return ret; 826 827 return 0; 828 } 829 830 static int rmi_f34v7_write_partition_table(struct f34_data *f34) 831 { 832 u16 block_count; 833 int ret; 834 835 block_count = f34->v7.blkcount.bl_config; 836 f34->v7.config_area = v7_BL_CONFIG_AREA; 837 f34->v7.config_size = f34->v7.block_size * block_count; 838 devm_kfree(&f34->fn->dev, f34->v7.read_config_buf); 839 f34->v7.read_config_buf = devm_kzalloc(&f34->fn->dev, 840 f34->v7.config_size, GFP_KERNEL); 841 if (!f34->v7.read_config_buf) { 842 f34->v7.read_config_buf_size = 0; 843 return -ENOMEM; 844 } 845 846 f34->v7.read_config_buf_size = f34->v7.config_size; 847 848 ret = rmi_f34v7_read_blocks(f34, block_count, v7_CMD_READ_CONFIG); 849 if (ret < 0) 850 return ret; 851 852 ret = rmi_f34v7_write_flash_config(f34); 853 if (ret < 0) 854 return ret; 855 856 f34->v7.config_area = v7_BL_CONFIG_AREA; 857 f34->v7.config_data = f34->v7.read_config_buf; 858 f34->v7.config_size = f34->v7.img.bl_config.size; 859 f34->v7.config_block_count = f34->v7.config_size / f34->v7.block_size; 860 861 ret = rmi_f34v7_write_config(f34); 862 if (ret < 0) 863 return ret; 864 865 return 0; 866 } 867 868 static int rmi_f34v7_write_firmware(struct f34_data *f34) 869 { 870 u16 blk_count; 871 872 blk_count = f34->v7.img.ui_firmware.size / f34->v7.block_size; 873 874 return rmi_f34v7_write_f34v7_blocks(f34, f34->v7.img.ui_firmware.data, 875 blk_count, v7_CMD_WRITE_FW); 876 } 877 878 static void rmi_f34v7_parse_img_header_10_bl_container(struct f34_data *f34, 879 const void *image) 880 { 881 int i; 882 int num_of_containers; 883 unsigned int addr; 884 unsigned int container_id; 885 unsigned int length; 886 const void *content; 887 const struct container_descriptor *descriptor; 888 889 num_of_containers = f34->v7.img.bootloader.size / 4 - 1; 890 891 for (i = 1; i <= num_of_containers; i++) { 892 addr = get_unaligned_le32(f34->v7.img.bootloader.data + i * 4); 893 descriptor = image + addr; 894 container_id = le16_to_cpu(descriptor->container_id); 895 content = image + le32_to_cpu(descriptor->content_address); 896 length = le32_to_cpu(descriptor->content_length); 897 switch (container_id) { 898 case BL_CONFIG_CONTAINER: 899 case GLOBAL_PARAMETERS_CONTAINER: 900 f34->v7.img.bl_config.data = content; 901 f34->v7.img.bl_config.size = length; 902 break; 903 case BL_LOCKDOWN_INFO_CONTAINER: 904 case DEVICE_CONFIG_CONTAINER: 905 f34->v7.img.lockdown.data = content; 906 f34->v7.img.lockdown.size = length; 907 break; 908 default: 909 break; 910 } 911 } 912 } 913 914 static void rmi_f34v7_parse_image_header_10(struct f34_data *f34) 915 { 916 unsigned int i; 917 unsigned int num_of_containers; 918 unsigned int addr; 919 unsigned int offset; 920 unsigned int container_id; 921 unsigned int length; 922 const void *image = f34->v7.image; 923 const u8 *content; 924 const struct container_descriptor *descriptor; 925 const struct image_header_10 *header = image; 926 927 f34->v7.img.checksum = le32_to_cpu(header->checksum); 928 929 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, "%s: f34->v7.img.checksum=%X\n", 930 __func__, f34->v7.img.checksum); 931 932 /* address of top level container */ 933 offset = le32_to_cpu(header->top_level_container_start_addr); 934 descriptor = image + offset; 935 936 /* address of top level container content */ 937 offset = le32_to_cpu(descriptor->content_address); 938 num_of_containers = le32_to_cpu(descriptor->content_length) / 4; 939 940 for (i = 0; i < num_of_containers; i++) { 941 addr = get_unaligned_le32(image + offset); 942 offset += 4; 943 descriptor = image + addr; 944 container_id = le16_to_cpu(descriptor->container_id); 945 content = image + le32_to_cpu(descriptor->content_address); 946 length = le32_to_cpu(descriptor->content_length); 947 948 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, 949 "%s: container_id=%d, length=%d\n", __func__, 950 container_id, length); 951 952 switch (container_id) { 953 case UI_CONTAINER: 954 case CORE_CODE_CONTAINER: 955 f34->v7.img.ui_firmware.data = content; 956 f34->v7.img.ui_firmware.size = length; 957 break; 958 case UI_CONFIG_CONTAINER: 959 case CORE_CONFIG_CONTAINER: 960 f34->v7.img.ui_config.data = content; 961 f34->v7.img.ui_config.size = length; 962 break; 963 case BL_CONTAINER: 964 f34->v7.img.bl_version = *content; 965 f34->v7.img.bootloader.data = content; 966 f34->v7.img.bootloader.size = length; 967 rmi_f34v7_parse_img_header_10_bl_container(f34, image); 968 break; 969 case GUEST_CODE_CONTAINER: 970 f34->v7.img.contains_guest_code = true; 971 f34->v7.img.guest_code.data = content; 972 f34->v7.img.guest_code.size = length; 973 break; 974 case DISPLAY_CONFIG_CONTAINER: 975 f34->v7.img.contains_display_cfg = true; 976 f34->v7.img.dp_config.data = content; 977 f34->v7.img.dp_config.size = length; 978 break; 979 case FLASH_CONFIG_CONTAINER: 980 f34->v7.img.contains_flash_config = true; 981 f34->v7.img.fl_config.data = content; 982 f34->v7.img.fl_config.size = length; 983 break; 984 case GENERAL_INFORMATION_CONTAINER: 985 f34->v7.img.contains_firmware_id = true; 986 f34->v7.img.firmware_id = 987 get_unaligned_le32(content + 4); 988 break; 989 default: 990 break; 991 } 992 } 993 } 994 995 static int rmi_f34v7_parse_image_info(struct f34_data *f34) 996 { 997 const struct image_header_10 *header = f34->v7.image; 998 999 memset(&f34->v7.img, 0x00, sizeof(f34->v7.img)); 1000 1001 rmi_dbg(RMI_DEBUG_FN, &f34->fn->dev, 1002 "%s: header->major_header_version = %d\n", 1003 __func__, header->major_header_version); 1004 1005 switch (header->major_header_version) { 1006 case IMAGE_HEADER_VERSION_10: 1007 rmi_f34v7_parse_image_header_10(f34); 1008 break; 1009 default: 1010 dev_err(&f34->fn->dev, "Unsupported image file format %02X\n", 1011 header->major_header_version); 1012 return -EINVAL; 1013 } 1014 1015 if (!f34->v7.img.contains_flash_config) { 1016 dev_err(&f34->fn->dev, "%s: No flash config in fw image\n", 1017 __func__); 1018 return -EINVAL; 1019 } 1020 1021 rmi_f34v7_parse_partition_table(f34, f34->v7.img.fl_config.data, 1022 &f34->v7.img.blkcount, &f34->v7.img.phyaddr); 1023 1024 return 0; 1025 } 1026 1027 int rmi_f34v7_do_reflash(struct f34_data *f34, const struct firmware *fw) 1028 { 1029 int ret; 1030 1031 f34->fn->rmi_dev->driver->set_irq_bits(f34->fn->rmi_dev, 1032 f34->fn->irq_mask); 1033 1034 rmi_f34v7_read_queries_bl_version(f34); 1035 1036 f34->v7.image = fw->data; 1037 f34->update_progress = 0; 1038 f34->update_size = 0; 1039 1040 ret = rmi_f34v7_parse_image_info(f34); 1041 if (ret < 0) 1042 return ret; 1043 1044 ret = rmi_f34v7_check_bl_config_size(f34); 1045 if (ret < 0) 1046 return ret; 1047 1048 ret = rmi_f34v7_erase_all(f34); 1049 if (ret < 0) 1050 return ret; 1051 1052 ret = rmi_f34v7_write_partition_table(f34); 1053 if (ret < 0) 1054 return ret; 1055 dev_info(&f34->fn->dev, "%s: Partition table programmed\n", __func__); 1056 1057 /* 1058 * Reset to reload partition table - as the previous firmware has been 1059 * erased, we remain in bootloader mode. 1060 */ 1061 ret = rmi_scan_pdt(f34->fn->rmi_dev, NULL, rmi_initial_reset); 1062 if (ret < 0) 1063 dev_warn(&f34->fn->dev, "RMI reset failed!\n"); 1064 1065 dev_info(&f34->fn->dev, "Writing firmware (%d bytes)...\n", 1066 f34->v7.img.ui_firmware.size); 1067 1068 ret = rmi_f34v7_write_firmware(f34); 1069 if (ret < 0) 1070 return ret; 1071 1072 dev_info(&f34->fn->dev, "Writing config (%d bytes)...\n", 1073 f34->v7.img.ui_config.size); 1074 1075 f34->v7.config_area = v7_UI_CONFIG_AREA; 1076 ret = rmi_f34v7_write_ui_config(f34); 1077 if (ret < 0) 1078 return ret; 1079 1080 if (f34->v7.has_display_cfg && f34->v7.img.contains_display_cfg) { 1081 dev_info(&f34->fn->dev, "Writing display config...\n"); 1082 1083 ret = rmi_f34v7_write_dp_config(f34); 1084 if (ret < 0) 1085 return ret; 1086 } 1087 1088 if (f34->v7.has_guest_code && f34->v7.img.contains_guest_code) { 1089 dev_info(&f34->fn->dev, "Writing guest code...\n"); 1090 1091 ret = rmi_f34v7_write_guest_code(f34); 1092 if (ret < 0) 1093 return ret; 1094 } 1095 1096 return 0; 1097 } 1098 1099 static int rmi_f34v7_enter_flash_prog(struct f34_data *f34) 1100 { 1101 int ret; 1102 1103 f34->fn->rmi_dev->driver->set_irq_bits(f34->fn->rmi_dev, f34->fn->irq_mask); 1104 1105 ret = rmi_f34v7_read_flash_status(f34); 1106 if (ret < 0) 1107 return ret; 1108 1109 if (f34->v7.in_bl_mode) { 1110 dev_info(&f34->fn->dev, "%s: Device in bootloader mode\n", 1111 __func__); 1112 return 0; 1113 } 1114 1115 init_completion(&f34->v7.cmd_done); 1116 1117 ret = rmi_f34v7_write_command(f34, v7_CMD_ENABLE_FLASH_PROG); 1118 if (ret < 0) 1119 return ret; 1120 1121 ret = rmi_f34v7_check_command_status(f34, F34_ENABLE_WAIT_MS); 1122 if (ret < 0) 1123 return ret; 1124 1125 return 0; 1126 } 1127 1128 int rmi_f34v7_start_reflash(struct f34_data *f34, const struct firmware *fw) 1129 { 1130 int ret = 0; 1131 1132 f34->v7.config_area = v7_UI_CONFIG_AREA; 1133 f34->v7.image = fw->data; 1134 1135 ret = rmi_f34v7_parse_image_info(f34); 1136 if (ret < 0) 1137 return ret; 1138 1139 dev_info(&f34->fn->dev, "Firmware image OK\n"); 1140 1141 return rmi_f34v7_enter_flash_prog(f34); 1142 } 1143 1144 int rmi_f34v7_probe(struct f34_data *f34) 1145 { 1146 int ret; 1147 1148 /* Read bootloader version */ 1149 ret = rmi_read_block(f34->fn->rmi_dev, 1150 f34->fn->fd.query_base_addr + V7_BOOTLOADER_ID_OFFSET, 1151 f34->bootloader_id, 1152 sizeof(f34->bootloader_id)); 1153 if (ret < 0) { 1154 dev_err(&f34->fn->dev, "%s: Failed to read bootloader ID\n", 1155 __func__); 1156 return ret; 1157 } 1158 1159 if (f34->bootloader_id[1] == '5') { 1160 f34->bl_version = 5; 1161 } else if (f34->bootloader_id[1] == '6') { 1162 f34->bl_version = 6; 1163 } else if (f34->bootloader_id[1] == 7) { 1164 f34->bl_version = 7; 1165 } else if (f34->bootloader_id[1] == 8) { 1166 f34->bl_version = 8; 1167 } else { 1168 dev_err(&f34->fn->dev, 1169 "%s: Unrecognized bootloader version: %d (%c) %d (%c)\n", 1170 __func__, 1171 f34->bootloader_id[0], f34->bootloader_id[0], 1172 f34->bootloader_id[1], f34->bootloader_id[1]); 1173 return -EINVAL; 1174 } 1175 1176 memset(&f34->v7.blkcount, 0x00, sizeof(f34->v7.blkcount)); 1177 memset(&f34->v7.phyaddr, 0x00, sizeof(f34->v7.phyaddr)); 1178 1179 init_completion(&f34->v7.cmd_done); 1180 1181 ret = rmi_f34v7_read_queries(f34); 1182 if (ret < 0) 1183 return ret; 1184 1185 return 0; 1186 } 1187