rockbox/apps/plugins/iriver_flash.c
James Buren bee736f3ea iriver_flash: make cfi_read_id use FB directly
Change-Id: Id747b0846515443871a0df10d83e3b1fc4731e7c
2020-10-27 16:01:16 +00:00

758 lines
19 KiB
C

/***************************************************************************
* __________ __ ___.
* Open \______ \ ____ ____ | | _\_ |__ _______ ___
* Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ /
* Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < <
* Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \
* \/ \/ \/ \/ \/
* $Id$
*
* !!! DON'T MESS WITH THIS CODE UNLESS YOU'RE ABSOLUTELY SURE WHAT YOU DO !!!
*
* Copyright (C) 2006 by Miika Pekkarinen
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
****************************************************************************/
#include "plugin.h"
/* cfi_program_word() relies on writing to address 0, which normally is illegal.
So we need this to ensure we don't helpfully optimize it away into a TRAP
when compiled with -fdelete-null-pointer-checks, which is enabled by default
at -Os with our current gcc 4.9.x toolchain.
*/
#pragma GCC optimize "no-delete-null-pointer-checks"
/* All CFI flash routines are copied and ported from firmware_flash.c */
unsigned char *audiobuf;
ssize_t audiobuf_size;
#if !defined(IRIVER_H100_SERIES) && !defined(IRIVER_H300_SERIES)
#error this platform is not (yet) flashable
#endif
#if CONFIG_KEYPAD == IRIVER_H100_PAD
#define KEY1 BUTTON_OFF
#define KEY2 BUTTON_ON
#define KEY3 BUTTON_SELECT
#define KEYNAME1 "[Stop]"
#define KEYNAME2 "[On]"
#define KEYNAME3 "[Select]"
#endif
struct flash_info
{
uint8_t manufacturer;
uint8_t id;
int size;
char name[32];
};
#if defined(IRIVER_H100_SERIES) || defined(IRIVER_H300_SERIES)
#define SEC_SIZE 4096
#define BOOTLOADER_ERASEGUARD (BOOTLOADER_ENTRYPOINT / SEC_SIZE)
enum sections {
SECT_RAMIMAGE = 1,
SECT_ROMIMAGE = 2,
};
static volatile uint16_t* FB = (uint16_t*)0x00000000; /* Flash base address */
#endif
/* read the manufacturer and device ID */
bool cfi_read_id(uint8_t* pManufacturerID, uint8_t* pDeviceID)
{
uint8_t not_manu, not_id; /* read values before switching to ID mode */
uint8_t manu, id; /* read values when in ID mode */
/* read the normal content */
not_manu = FB[0]; /* should be 'A' (0x41) and 'R' (0x52) */
not_id = FB[1]; /* from the "ARCH" marker */
FB[0x5555] = 0xAA; /* enter command mode */
FB[0x2AAA] = 0x55;
FB[0x5555] = 0x90; /* ID command */
rb->sleep(HZ/50); /* Atmel wants 20ms pause here */
manu = FB[0];
id = FB[1];
FB[0] = 0xF0; /* reset flash (back to normal read mode) */
rb->sleep(HZ/50); /* Atmel wants 20ms pause here */
/* I assume success if the obtained values are different from
the normal flash content. This is not perfectly bulletproof, they
could theoretically be the same by chance, causing us to fail. */
if (not_manu != manu || not_id != id) /* a value has changed */
{
*pManufacturerID = manu; /* return the results */
*pDeviceID = id;
return true; /* success */
}
return false; /* fail */
}
/* erase the sector which contains the given address */
bool cfi_erase_sector(volatile uint16_t* pAddr)
{
unsigned timeout = 430000; /* the timeout loop should be no less than 25ms */
FB[0x5555] = 0xAA; /* enter command mode */
FB[0x2AAA] = 0x55;
FB[0x5555] = 0x80; /* erase command */
FB[0x5555] = 0xAA; /* enter command mode */
FB[0x2AAA] = 0x55;
*pAddr = 0x30; /* erase the sector */
/* I counted 7 instructions for this loop -> min. 0.58 us per round */
/* Plus memory waitstates it will be much more, gives margin */
while (*pAddr != 0xFFFF && --timeout); /* poll for erased */
return (timeout != 0);
}
/* address must be in an erased location */
static inline bool cfi_program_word(volatile uint16_t* pAddr, uint16_t data)
{
unsigned timeout = 85; /* the timeout loop should be no less than 20us */
if (~*pAddr & data) /* just a safety feature, not really necessary */
return false; /* can't set any bit from 0 to 1 */
FB[0x5555] = 0xAA; /* enter command mode */
FB[0x2AAA] = 0x55;
FB[0x5555] = 0xA0; /* byte program command */
*pAddr = data;
/* I counted 7 instructions for this loop -> min. 0.58 us per round */
/* Plus memory waitstates it will be much more, gives margin */
while (*pAddr != data && --timeout); /* poll for programmed */
return (timeout != 0);
}
/* this returns true if supported and fills the info struct */
bool cfi_get_flash_info(struct flash_info* pInfo)
{
rb->memset(pInfo, 0, sizeof(struct flash_info));
if (!cfi_read_id(&pInfo->manufacturer, &pInfo->id))
return false;
if (pInfo->manufacturer == 0xBF) /* SST */
{
if (pInfo->id == 0xD6)
{
pInfo->size = 256* 1024; /* 256k */
rb->strcpy(pInfo->name, "SST39VF020");
return true;
}
else if (pInfo->id == 0xD7)
{
pInfo->size = 512* 1024; /* 512k */
rb->strcpy(pInfo->name, "SST39VF040");
return true;
}
else if (pInfo->id == 0x82)
{
pInfo->size = 2048* 1024; /* 2 MiB */
rb->strcpy(pInfo->name, "SST39VF160");
return true;
}
else if (pInfo->id == 0x5B)
{
pInfo->size = 4096* 1024; /* 4 MiB */
rb->strcpy(pInfo->name, "SST39VF3201");
return true;
}
else
return false;
}
return false;
}
/***************** User Interface Functions *****************/
int wait_for_button(void)
{
int button;
do
{
button = rb->button_get(true);
} while (IS_SYSEVENT(button) || (button & BUTTON_REL));
return button;
}
/* helper for DoUserDialog() */
void ShowFlashInfo(struct flash_info* pInfo)
{
if (!pInfo->manufacturer)
{
rb->lcd_puts(0, 0, "Flash: M=?? D=??");
rb->lcd_puts(0, 1, "Impossible to program");
}
else
{
rb->lcd_putsf(0, 0, "Flash: M=%02x D=%02x",
pInfo->manufacturer, pInfo->id);
if (pInfo->size)
{
rb->lcd_puts(0, 1, pInfo->name);
rb->lcd_putsf(0, 2, "Size: %d KB", pInfo->size / 1024);
}
else
{
rb->lcd_puts(0, 1, "Unsupported chip");
}
}
rb->lcd_update();
}
bool show_info(void)
{
struct flash_info fi;
rb->lcd_clear_display();
cfi_get_flash_info(&fi);
ShowFlashInfo(&fi);
if (fi.size == 0) /* no valid chip */
{
rb->splash(HZ*3, "Sorry!");
return false; /* exit */
}
return true;
}
bool confirm(const char *msg)
{
bool ret;
rb->splashf(0, "%s ([PLAY] to CONFIRM)", msg);
ret = (wait_for_button() == BUTTON_ON);
show_info();
return ret;
}
int load_firmware_file(const char *filename, uint32_t *checksum)
{
int fd;
int len, rc;
int i;
uint32_t sum;
fd = rb->open(filename, O_RDONLY);
if (fd < 0)
return -1;
len = rb->filesize(fd);
if (audiobuf_size < len)
{
rb->splash(HZ*3, "Aborting: Out of memory!");
rb->close(fd);
return -2;
}
rb->read(fd, checksum, 4);
rb->lseek(fd, FIRMWARE_OFFSET_FILE_DATA, SEEK_SET);
len -= FIRMWARE_OFFSET_FILE_DATA;
rc = rb->read(fd, audiobuf, len);
rb->close(fd);
if (rc != len)
{
rb->splash(HZ*3, "Aborting: Read failure");
return -3;
}
/* Verify the checksum */
sum = MODEL_NUMBER;
for (i = 0; i < len; i++)
sum += audiobuf[i];
if (sum != *checksum)
{
rb->splash(HZ*3, "Aborting: Checksums mismatch!");
return -4;
}
return len;
}
unsigned long valid_bootloaders[][2] = {
/* Size-8 CRC32 */
#ifdef IRIVER_H120 /* Iriver H120/H140 checksums */
{ 63788, 0x08ff01a9 }, /* 7-pre3, improved failsafe functions */
{ 48764, 0xc674323e }, /* 7-pre4. Fixed audio thump & remote bootup */
{ 56896, 0x167f5d25 }, /* 7-pre5, various ATA fixes */
#endif
#ifdef IRIVER_H100
{ 48760, 0x2efc3323 }, /* 7-pre4 */
{ 56896, 0x0cd8dad4 }, /* 7-pre5 */
#endif
{ 0, 0 }
};
bool detect_valid_bootloader(const unsigned char *addr, int len)
{
int i;
unsigned long crc32;
/* Try to scan through all valid bootloaders. */
for (i = 0; valid_bootloaders[i][0]; i++)
{
if (len > 0 && len != (long)valid_bootloaders[i][0])
continue;
crc32 = rb->crc_32(addr, valid_bootloaders[i][0], 0xffffffff);
if (crc32 == valid_bootloaders[i][1])
return true;
}
return false;
}
static int get_section_address(int section)
{
if (section == SECT_RAMIMAGE)
return FLASH_RAMIMAGE_ENTRY;
else if (section == SECT_ROMIMAGE)
return FLASH_ROMIMAGE_ENTRY;
else
return -1;
}
int flash_rockbox(const char *filename, int section)
{
struct flash_header hdr;
int pos, i, len/*, rc */;
unsigned long checksum, sum;
unsigned char *p8;
uint16_t *p16;
if (get_section_address(section) < 0)
return -1;
p8 = (char *)BOOTLOADER_ENTRYPOINT;
if (!detect_valid_bootloader(p8, 0))
{
rb->splash(HZ*3, "Incompatible bootloader");
return -1;
}
if (!rb->detect_original_firmware())
{
if (!confirm("Update Rockbox flash image?"))
return -2;
}
else
{
if (!confirm("Erase original firmware?"))
return -3;
}
len = load_firmware_file(filename, &checksum);
if (len <= 0)
return len * 10;
pos = get_section_address(section);
/* Check if image relocation seems to be sane. */
if (section == SECT_ROMIMAGE)
{
uint32_t *p32 = (uint32_t *)audiobuf;
if (pos+sizeof(struct flash_header) != *p32)
{
rb->splashf(HZ*10, "Incorrect relocation: 0x%08lx/0x%08lx",
*p32, pos+sizeof(struct flash_header));
return -1;
}
}
/* Erase the program flash. */
for (i = 0; i + pos < BOOTLOADER_ENTRYPOINT && i < len + 32; i += SEC_SIZE)
{
/* Additional safety check. */
if (i + pos < SEC_SIZE)
return -1;
rb->lcd_putsf(0, 3, "Erasing... %d%%", (i+SEC_SIZE)*100/len);
rb->lcd_update();
/*rc = */cfi_erase_sector(FB + (i + pos)/2);
}
/* Write the magic and size. */
rb->memset(&hdr, 0, sizeof(struct flash_header));
hdr.magic = FLASH_MAGIC;
hdr.length = len;
// rb->strncpy(hdr.version, rb->rbversion , sizeof(hdr.version)-1);
p16 = (uint16_t *)&hdr;
rb->lcd_puts(0, 4, "Programming...");
rb->lcd_update();
pos = get_section_address(section)/2;
for (i = 0; i < (long)sizeof(struct flash_header)/2; i++)
{
cfi_program_word(FB + pos, p16[i]);
pos++;
}
p16 = (uint16_t *)audiobuf;
for (i = 0; i < len/2 && pos + i < (BOOTLOADER_ENTRYPOINT/2); i++)
{
if (i % SEC_SIZE == 0)
{
rb->lcd_putsf(0, 4, "Programming... %d%%", (i+1)*100/(len/2));
rb->lcd_update();
}
cfi_program_word(FB + pos + i, p16[i]);
}
/* Verify */
rb->lcd_puts(0, 5, "Verifying");
rb->lcd_update();
p8 = (char *)get_section_address(section);
p8 += sizeof(struct flash_header);
sum = MODEL_NUMBER;
for (i = 0; i < len; i++)
sum += p8[i];
if (sum != checksum)
{
rb->splash(HZ*3, "Verify failed!");
/* Erase the magic sector so bootloader does not try to load
* rockbox from flash and crash. */
if (section == SECT_RAMIMAGE)
cfi_erase_sector(FB + FLASH_RAMIMAGE_ENTRY/2);
else
cfi_erase_sector(FB + FLASH_ROMIMAGE_ENTRY/2);
return -5;
}
rb->splash(HZ*2, "Success");
return 0;
}
void show_fatal_error(void)
{
rb->splash(HZ*30, "Disable idle poweroff, connect AC power and DON'T TURN PLAYER OFF!!");
rb->splash(HZ*30, "Contact Rockbox developers as soon as possible!");
rb->splash(HZ*30, "Your device won't be bricked unless you turn off the power");
rb->splash(HZ*30, "Don't use the device before further instructions from Rockbox developers");
}
int flash_bootloader(const char *filename)
{
char *bootsector;
int pos, i, len/*, rc*/;
unsigned long checksum, sum;
unsigned char *p8;
uint16_t *p16;
bootsector = audiobuf;
audiobuf += SEC_SIZE;
audiobuf_size -= SEC_SIZE;
if (!confirm("Update bootloader?"))
return -2;
len = load_firmware_file(filename, &checksum);
if (len <= 0)
return len * 10;
if (len > 0xFFFF)
{
rb->splash(HZ*3, "Too big bootloader");
return -1;
}
/* Verify the crc32 checksum also. */
if (!detect_valid_bootloader(audiobuf, len))
{
rb->splash(HZ*3, "Incompatible/Untested bootloader");
return -1;
}
rb->lcd_puts(0, 3, "Flashing...");
rb->lcd_update();
/* Backup the bootloader sector first. */
p8 = (char *)FB;
rb->memcpy(bootsector, p8, SEC_SIZE);
/* Erase the boot sector and write a proper reset vector. */
cfi_erase_sector(FB);
p16 = (uint16_t *)audiobuf;
for (i = 0; i < 8/2; i++)
cfi_program_word(FB + i, p16[i]);
/* And restore original content for original FW to function. */
p16 = (uint16_t *)bootsector;
for (i = 8/2; i < SEC_SIZE/2; i++)
cfi_program_word(FB + i, p16[i]);
/* Erase the bootloader flash section. */
for (i = BOOTLOADER_ERASEGUARD; i < BOOTLOADER_ERASEGUARD+16; i++)
/*rc =*/ cfi_erase_sector(FB + (SEC_SIZE/2) * i);
pos = BOOTLOADER_ENTRYPOINT/2;
p16 = (uint16_t *)audiobuf;
for (i = 0; i < len/2; i++)
cfi_program_word(FB + pos + i, p16[i]);
/* Verify */
p8 = (char *)BOOTLOADER_ENTRYPOINT;
sum = MODEL_NUMBER;
for (i = 0; i < len; i++)
sum += p8[i];
if (sum != checksum)
{
rb->splash(HZ*3, "Verify failed!");
show_fatal_error();
return -5;
}
p8 = (char *)FB;
for (i = 0; i < 8; i++)
{
if (p8[i] != audiobuf[i])
{
rb->splash(HZ*3, "Bootvector corrupt!");
show_fatal_error();
return -6;
}
}
rb->splash(HZ*2, "Success");
return 0;
}
int flash_original_fw(int len)
{
unsigned char reset_vector[8];
int pos, i, rc;
unsigned char *p8;
uint16_t *p16;
rb->lcd_puts(0, 3, "Critical section...");
rb->lcd_update();
p8 = (char *)FB;
rb->memcpy(reset_vector, p8, sizeof reset_vector);
/* Erase the boot sector and write back the reset vector. */
cfi_erase_sector(FB);
p16 = (uint16_t *)reset_vector;
for (i = 0; i < (long)sizeof(reset_vector)/2; i++)
cfi_program_word(FB + i, p16[i]);
rb->lcd_puts(0, 4, "Flashing orig. FW");
rb->lcd_update();
/* Erase the program flash. */
for (i = 1; i < BOOTLOADER_ERASEGUARD && (i-1)*4096 < len; i++)
{
rc = cfi_erase_sector(FB + (SEC_SIZE/2) * i);
rb->lcd_putsf(0, 5, "Erase: 0x%03x (%d)", i, rc);
rb->lcd_update();
}
rb->lcd_puts(0, 6, "Programming");
rb->lcd_update();
pos = 0x00000008/2;
p16 = (uint16_t *)audiobuf;
for (i = 0; i < len/2 && pos + i < (BOOTLOADER_ENTRYPOINT/2); i++)
cfi_program_word(FB + pos + i, p16[i]);
rb->lcd_puts(0, 7, "Verifying");
rb->lcd_update();
/* Verify reset vectors. */
p8 = (char *)FB;
for (i = 0; i < 8; i++)
{
if (p8[i] != reset_vector[i])
{
rb->splash(HZ*3, "Bootvector corrupt!");
show_fatal_error();
break;
}
}
/* Verify */
p8 = (char *)0x00000008;
for (i = 0; i < len; i++)
{
if (p8[i] != audiobuf[i])
{
rb->splash(HZ*3, "Verify failed!");
rb->splashf(HZ*10, "at: 0x%08x", i);
return -5;
}
}
rb->splash(HZ*2, "Success");
return 0;
}
int load_original_bin(const char *filename)
{
unsigned long magic[2];
int len, rc;
int fd;
if (!confirm("Restore original firmware (bootloader will be kept)?"))
return -2;
fd = rb->open(filename, O_RDONLY);
if (fd < 0)
return -1;
len = rb->filesize(fd) - 0x228;
rb->lseek(fd, 0x220, SEEK_SET);
rb->read(fd, magic, 8);
if (magic[1] != 0x00000008 || len <= 0 || len > audiobuf_size)
{
rb->splash(HZ*2, "Not an original firmware file");
rb->close(fd);
return -1;
}
rc = rb->read(fd, audiobuf, len);
rb->close(fd);
if (rc != len)
{
rb->splash(HZ*2, "Read error");
return -2;
}
if (len % 2)
len++;
return flash_original_fw(len);
}
int load_romdump(const char *filename)
{
int len, rc;
int fd;
if (!confirm("Restore firmware section (bootloader will be kept)?"))
return -2;
fd = rb->open(filename, O_RDONLY);
if (fd < 0)
return -1;
len = rb->filesize(fd) - 8;
if (len <= 0)
return -1;
rb->lseek(fd, 8, SEEK_SET);
rc = rb->read(fd, audiobuf, len);
rb->close(fd);
if (rc != len)
{
rb->splash(HZ*2, "Read error");
return -2;
}
if (len % 2)
len++;
if (len > BOOTLOADER_ENTRYPOINT - 8)
len = BOOTLOADER_ENTRYPOINT - 8;
return flash_original_fw(len);
}
/* Kind of our main function, defines the application flow. */
void DoUserDialog(char* filename)
{
/* this can only work if Rockbox runs in DRAM, not flash ROM */
if ((uint16_t*)rb >= FB && (uint16_t*)rb < FB + 4096*1024) /* 4 MB max */
{ /* we're running from flash */
rb->splash(HZ*3, "Not from ROM");
return; /* exit */
}
/* refuse to work if the power may fail meanwhile */
if (!rb->battery_level_safe())
{
rb->splash(HZ*3, "Battery too low!");
return; /* exit */
}
rb->lcd_setfont(FONT_SYSFIXED);
if (!show_info())
return ;
if (filename == NULL)
{
rb->splash(HZ*3, "Please use this plugin with \"Open with...\"");
return ;
}
audiobuf = rb->plugin_get_audio_buffer((size_t *)&audiobuf_size);
if (rb->strcasestr(filename, "/rockbox.iriver"))
flash_rockbox(filename, SECT_RAMIMAGE);
else if (rb->strcasestr(filename, "/rombox.iriver"))
flash_rockbox(filename, SECT_ROMIMAGE);
else if (rb->strcasestr(filename, "/bootloader.iriver"))
flash_bootloader(filename);
else if (rb->strcasestr(filename, "/ihp_120.bin"))
load_original_bin(filename);
else if (rb->strcasestr(filename, "/internal_rom_000000-1FFFFF.bin"))
load_romdump(filename);
else
rb->splash(HZ*3, "Unknown file type");
}
/***************** Plugin Entry Point *****************/
enum plugin_status plugin_start(const void* parameter)
{
int oldmode;
/* now go ahead and have fun! */
oldmode = rb->system_memory_guard(MEMGUARD_NONE); /*disable memory guard */
DoUserDialog((char*) parameter);
rb->system_memory_guard(oldmode); /* re-enable memory guard */
return PLUGIN_OK;
}