2 * BOOTROM Greybus driver.
4 * Copyright 2016 Google Inc.
5 * Copyright 2016 Linaro Ltd.
7 * Released under the GPLv2 only.
10 #include <linux/firmware.h>
11 #include <linux/jiffies.h>
12 #include <linux/mutex.h>
13 #include <linux/workqueue.h>
17 /* Timeout, in jiffies, within which the next request must be received */
18 #define NEXT_REQ_TIMEOUT_MS 1000
20 enum next_request_type {
21 NEXT_REQ_FIRMWARE_SIZE,
22 NEXT_REQ_GET_FIRMWARE,
23 NEXT_REQ_READY_TO_BOOT,
28 struct gb_connection *connection;
29 const struct firmware *fw;
32 enum next_request_type next_request;
33 struct delayed_work dwork;
34 struct mutex mutex; /* Protects bootrom->fw */
37 static void free_firmware(struct gb_bootrom *bootrom)
42 release_firmware(bootrom->fw);
46 static void gb_bootrom_timedout(struct work_struct *work)
48 struct delayed_work *dwork = to_delayed_work(work);
49 struct gb_bootrom *bootrom = container_of(dwork, struct gb_bootrom, dwork);
50 struct device *dev = &bootrom->connection->bundle->dev;
53 switch (bootrom->next_request) {
54 case NEXT_REQ_FIRMWARE_SIZE:
55 reason = "Firmware Size Request";
57 case NEXT_REQ_GET_FIRMWARE:
58 reason = "Get Firmware Request";
60 case NEXT_REQ_READY_TO_BOOT:
61 reason = "Ready to Boot Request";
63 case NEXT_REQ_MODE_SWITCH:
64 reason = "Interface Mode Switch";
68 dev_err(dev, "Invalid next-request: %u", bootrom->next_request);
72 dev_err(dev, "Timed out waiting for %s from the Module\n", reason);
74 mutex_lock(&bootrom->mutex);
75 free_firmware(bootrom);
76 mutex_unlock(&bootrom->mutex);
78 /* TODO: Power-off Module ? */
81 static void gb_bootrom_set_timeout(struct gb_bootrom *bootrom,
82 enum next_request_type next, unsigned long timeout)
84 bootrom->next_request = next;
85 schedule_delayed_work(&bootrom->dwork, msecs_to_jiffies(timeout));
89 * The es2 chip doesn't have VID/PID programmed into the hardware and we need to
90 * hack that up to distinguish different modules and their firmware blobs.
92 * This fetches VID/PID (over bootrom protocol) for es2 chip only, when VID/PID
93 * already sent during hotplug are 0.
95 * Otherwise, we keep intf->vendor_id/product_id same as what's passed
98 static void bootrom_es2_fixup_vid_pid(struct gb_bootrom *bootrom)
100 struct gb_bootrom_get_vid_pid_response response;
101 struct gb_connection *connection = bootrom->connection;
102 struct gb_interface *intf = connection->bundle->intf;
105 if (!(intf->quirks & GB_INTERFACE_QUIRK_NO_ARA_IDS))
108 ret = gb_operation_sync(connection, GB_BOOTROM_TYPE_GET_VID_PID,
109 NULL, 0, &response, sizeof(response));
111 dev_err(&connection->bundle->dev,
112 "Bootrom get vid/pid operation failed (%d)\n", ret);
117 * NOTE: This is hacked, so that the same values of VID/PID can be used
118 * by next firmware level as well. The uevent for bootrom will still
119 * have VID/PID as 0, though after this point the sysfs files will start
120 * showing the updated values. But yeah, that's a bit racy as the same
121 * sysfs files would be showing 0 before this point.
123 intf->vendor_id = le32_to_cpu(response.vendor_id);
124 intf->product_id = le32_to_cpu(response.product_id);
126 dev_dbg(&connection->bundle->dev, "Bootrom got vid (0x%x)/pid (0x%x)\n",
127 intf->vendor_id, intf->product_id);
130 /* This returns path of the firmware blob on the disk */
131 static int download_firmware(struct gb_bootrom *bootrom, u8 stage)
133 struct gb_connection *connection = bootrom->connection;
134 struct gb_interface *intf = connection->bundle->intf;
135 char firmware_name[48];
138 /* Already have a firmware, free it */
139 free_firmware(bootrom);
142 * Create firmware name
144 * XXX Name it properly..
146 snprintf(firmware_name, sizeof(firmware_name),
147 "ara_%08x_%08x_%08x_%08x_%02x.tftf",
148 intf->ddbl1_manufacturer_id, intf->ddbl1_product_id,
149 intf->vendor_id, intf->product_id, stage);
152 // Turn to dev_dbg later after everyone has valid bootloaders with good
153 // ids, but leave this as dev_info for now to make it easier to track
154 // down "empty" vid/pid modules.
155 dev_info(&connection->bundle->dev, "Firmware file '%s' requested\n",
158 rc = request_firmware(&bootrom->fw, firmware_name,
159 &connection->bundle->dev);
161 dev_err(&connection->bundle->dev,
162 "Firmware request for %s has failed : %d",
167 static int gb_bootrom_firmware_size_request(struct gb_operation *op)
169 struct gb_bootrom *bootrom = gb_connection_get_data(op->connection);
170 struct gb_bootrom_firmware_size_request *size_request = op->request->payload;
171 struct gb_bootrom_firmware_size_response *size_response;
172 struct device *dev = &op->connection->bundle->dev;
175 /* Disable timeouts */
176 cancel_delayed_work_sync(&bootrom->dwork);
178 if (op->request->payload_size != sizeof(*size_request)) {
179 dev_err(dev, "%s: illegal size of firmware size request (%zu != %zu)\n",
180 __func__, op->request->payload_size,
181 sizeof(*size_request));
186 mutex_lock(&bootrom->mutex);
188 ret = download_firmware(bootrom, size_request->stage);
190 dev_err(dev, "%s: failed to download firmware (%d)\n", __func__,
195 if (!gb_operation_response_alloc(op, sizeof(*size_response),
197 dev_err(dev, "%s: error allocating response\n", __func__);
198 free_firmware(bootrom);
203 size_response = op->response->payload;
204 size_response->size = cpu_to_le32(bootrom->fw->size);
206 dev_dbg(dev, "%s: firmware size %d bytes\n", __func__, size_response->size);
209 mutex_unlock(&bootrom->mutex);
212 /* Refresh timeout */
213 gb_bootrom_set_timeout(bootrom, NEXT_REQ_GET_FIRMWARE,
214 NEXT_REQ_TIMEOUT_MS);
219 static int gb_bootrom_get_firmware(struct gb_operation *op)
221 struct gb_bootrom *bootrom = gb_connection_get_data(op->connection);
222 const struct firmware *fw;
223 struct gb_bootrom_get_firmware_request *firmware_request;
224 struct gb_bootrom_get_firmware_response *firmware_response;
225 struct device *dev = &op->connection->bundle->dev;
226 unsigned int offset, size;
227 enum next_request_type next_request;
230 /* Disable timeouts */
231 cancel_delayed_work_sync(&bootrom->dwork);
233 if (op->request->payload_size != sizeof(*firmware_request)) {
234 dev_err(dev, "%s: Illegal size of get firmware request (%zu %zu)\n",
235 __func__, op->request->payload_size,
236 sizeof(*firmware_request));
241 mutex_lock(&bootrom->mutex);
245 dev_err(dev, "%s: firmware not available\n", __func__);
250 firmware_request = op->request->payload;
251 offset = le32_to_cpu(firmware_request->offset);
252 size = le32_to_cpu(firmware_request->size);
254 if (offset >= fw->size || size > fw->size - offset) {
255 dev_warn(dev, "bad firmware request (offs = %u, size = %u)\n",
261 if (!gb_operation_response_alloc(op, sizeof(*firmware_response) + size,
263 dev_err(dev, "%s: error allocating response\n", __func__);
268 firmware_response = op->response->payload;
269 memcpy(firmware_response->data, fw->data + offset, size);
271 dev_dbg(dev, "responding with firmware (offs = %u, size = %u)\n", offset,
275 mutex_unlock(&bootrom->mutex);
278 /* Refresh timeout */
279 if (!ret && (offset + size == fw->size))
280 next_request = NEXT_REQ_READY_TO_BOOT;
282 next_request = NEXT_REQ_GET_FIRMWARE;
284 gb_bootrom_set_timeout(bootrom, next_request, NEXT_REQ_TIMEOUT_MS);
289 static int gb_bootrom_ready_to_boot(struct gb_operation *op)
291 struct gb_connection *connection = op->connection;
292 struct gb_bootrom *bootrom = gb_connection_get_data(connection);
293 struct gb_bootrom_ready_to_boot_request *rtb_request;
294 struct device *dev = &connection->bundle->dev;
298 /* Disable timeouts */
299 cancel_delayed_work_sync(&bootrom->dwork);
301 if (op->request->payload_size != sizeof(*rtb_request)) {
302 dev_err(dev, "%s: Illegal size of ready to boot request (%zu %zu)\n",
303 __func__, op->request->payload_size,
304 sizeof(*rtb_request));
309 rtb_request = op->request->payload;
310 status = rtb_request->status;
312 /* Return error if the blob was invalid */
313 if (status == GB_BOOTROM_BOOT_STATUS_INVALID) {
319 * XXX Should we return error for insecure firmware?
321 dev_dbg(dev, "ready to boot: 0x%x, 0\n", status);
325 * Refresh timeout, the Interface shall load the new personality and
326 * send a new hotplug request, which shall get rid of the bootrom
327 * connection. As that can take some time, increase the timeout a bit.
329 gb_bootrom_set_timeout(bootrom, NEXT_REQ_MODE_SWITCH,
330 5 * NEXT_REQ_TIMEOUT_MS);
335 static int gb_bootrom_request_handler(struct gb_operation *op)
340 case GB_BOOTROM_TYPE_FIRMWARE_SIZE:
341 return gb_bootrom_firmware_size_request(op);
342 case GB_BOOTROM_TYPE_GET_FIRMWARE:
343 return gb_bootrom_get_firmware(op);
344 case GB_BOOTROM_TYPE_READY_TO_BOOT:
345 return gb_bootrom_ready_to_boot(op);
347 dev_err(&op->connection->bundle->dev,
348 "unsupported request: %u\n", type);
353 static int gb_bootrom_get_version(struct gb_bootrom *bootrom)
355 struct gb_bundle *bundle = bootrom->connection->bundle;
356 struct gb_bootrom_version_request request;
357 struct gb_bootrom_version_response response;
360 request.major = GB_BOOTROM_VERSION_MAJOR;
361 request.minor = GB_BOOTROM_VERSION_MINOR;
363 ret = gb_operation_sync(bootrom->connection,
364 GB_BOOTROM_TYPE_VERSION,
365 &request, sizeof(request), &response,
368 dev_err(&bundle->dev,
369 "failed to get protocol version: %d\n",
374 if (response.major > request.major) {
375 dev_err(&bundle->dev,
376 "unsupported major protocol version (%u > %u)\n",
377 response.major, request.major);
381 bootrom->protocol_major = response.major;
382 bootrom->protocol_minor = response.minor;
384 dev_dbg(&bundle->dev, "%s - %u.%u\n", __func__, response.major,
390 static int gb_bootrom_probe(struct gb_bundle *bundle,
391 const struct greybus_bundle_id *id)
393 struct greybus_descriptor_cport *cport_desc;
394 struct gb_connection *connection;
395 struct gb_bootrom *bootrom;
398 if (bundle->num_cports != 1)
401 cport_desc = &bundle->cport_desc[0];
402 if (cport_desc->protocol_id != GREYBUS_PROTOCOL_BOOTROM)
405 bootrom = kzalloc(sizeof(*bootrom), GFP_KERNEL);
409 connection = gb_connection_create(bundle,
410 le16_to_cpu(cport_desc->id),
411 gb_bootrom_request_handler);
412 if (IS_ERR(connection)) {
413 ret = PTR_ERR(connection);
414 goto err_free_bootrom;
417 gb_connection_set_data(connection, bootrom);
419 bootrom->connection = connection;
421 mutex_init(&bootrom->mutex);
422 INIT_DELAYED_WORK(&bootrom->dwork, gb_bootrom_timedout);
423 greybus_set_drvdata(bundle, bootrom);
425 ret = gb_connection_enable_tx(connection);
427 goto err_connection_destroy;
429 ret = gb_bootrom_get_version(bootrom);
431 goto err_connection_disable;
433 bootrom_es2_fixup_vid_pid(bootrom);
435 ret = gb_connection_enable(connection);
437 goto err_connection_disable;
439 /* Tell bootrom we're ready. */
440 ret = gb_operation_sync(connection, GB_BOOTROM_TYPE_AP_READY, NULL, 0,
443 dev_err(&connection->bundle->dev,
444 "failed to send AP READY: %d\n", ret);
445 goto err_connection_disable;
448 /* Refresh timeout */
449 gb_bootrom_set_timeout(bootrom, NEXT_REQ_FIRMWARE_SIZE,
450 NEXT_REQ_TIMEOUT_MS);
452 dev_dbg(&bundle->dev, "AP_READY sent\n");
456 err_connection_disable:
457 gb_connection_disable(connection);
458 err_connection_destroy:
459 gb_connection_destroy(connection);
466 static void gb_bootrom_disconnect(struct gb_bundle *bundle)
468 struct gb_bootrom *bootrom = greybus_get_drvdata(bundle);
470 dev_dbg(&bundle->dev, "%s\n", __func__);
472 gb_connection_disable(bootrom->connection);
474 /* Disable timeouts */
475 cancel_delayed_work_sync(&bootrom->dwork);
480 * As the connection and the delayed work are already disabled, we don't
481 * need to lock access to bootrom->fw here.
483 free_firmware(bootrom);
485 gb_connection_destroy(bootrom->connection);
489 static const struct greybus_bundle_id gb_bootrom_id_table[] = {
490 { GREYBUS_DEVICE_CLASS(GREYBUS_CLASS_BOOTROM) },
494 static struct greybus_driver gb_bootrom_driver = {
496 .probe = gb_bootrom_probe,
497 .disconnect = gb_bootrom_disconnect,
498 .id_table = gb_bootrom_id_table,
501 module_greybus_driver(gb_bootrom_driver);
503 MODULE_LICENSE("GPL v2");