1 // SPDX-License-Identifier: GPL-2.0+
3 * Chromium OS cros_ec driver - sandbox emulation
5 * Copyright (c) 2013 The Chromium OS Authors.
11 #include <ec_commands.h>
16 #include <u-boot/sha256.h>
18 #include <asm/malloc.h>
19 #include <asm/state.h>
21 #include <linux/input.h>
24 * Ultimately it shold be possible to connect an Chrome OS EC emulation
25 * to U-Boot and remove all of this code. But this provides a test
26 * environment for bringing up chromeos_sandbox and demonstrating its
29 * This emulation includes the following:
31 * 1. Emulation of the keyboard, by converting keypresses received from SDL
32 * into key scan data, passed back from the EC as key scan messages. The
33 * key layout is read from the device tree.
35 * 2. Emulation of vboot context - so this can be read/written as required.
37 * 3. Save/restore of EC state, so that the vboot context, flash memory
38 * contents and current image can be preserved across boots. This is important
39 * since the EC is supposed to continue running even if the AP resets.
41 * 4. Some event support, in particular allowing Escape to be pressed on boot
42 * to enter recovery mode. The EC passes this to U-Boot through the normal
45 * 5. Flash read/write/erase support, so that software sync works. The
46 * protect messages are supported but no protection is implemented.
48 * 6. Hashing of the EC image, again to support software sync.
50 * Other features can be added, although a better path is probably to link
51 * the EC image in with U-Boot (Vic has demonstrated a prototype for this).
54 #define KEYBOARD_ROWS 8
55 #define KEYBOARD_COLS 13
57 /* A single entry of the key matrix */
58 struct ec_keymatrix_entry
{
59 int row
; /* key matrix row */
60 int col
; /* key matrix column */
61 int keycode
; /* corresponding linux key code */
65 * struct ec_state - Information about the EC state
67 * @vbnv_context: Vboot context data stored by EC
68 * @ec_config: FDT config information about the EC (e.g. flashmap)
69 * @flash_data: Contents of flash memory
70 * @flash_data_len: Size of flash memory
71 * @current_image: Current image the EC is running
72 * @matrix_count: Number of keys to decode in matrix
73 * @matrix: Information about keyboard matrix
74 * @keyscan: Current keyscan information (bit set for each row/column pressed)
75 * @recovery_req: Keyboard recovery requested
78 u8 vbnv_context
[EC_VBNV_BLOCK_SIZE_V2
];
79 struct fdt_cros_ec ec_config
;
82 enum ec_current_image current_image
;
84 struct ec_keymatrix_entry
*matrix
; /* the key matrix info */
85 uint8_t keyscan
[KEYBOARD_COLS
];
90 * cros_ec_read_state() - read the sandbox EC state from the state file
92 * If data is available, then blob and node will provide access to it. If
93 * not this function sets up an empty EC.
95 * @param blob: Pointer to device tree blob, or NULL if no data to read
96 * @param node: Node offset to read from
98 static int cros_ec_read_state(const void *blob
, int node
)
100 struct ec_state
*ec
= &s_state
;
104 /* Set everything to defaults */
105 ec
->current_image
= EC_IMAGE_RO
;
109 /* Read the data if available */
110 ec
->current_image
= fdtdec_get_int(blob
, node
, "current-image",
112 prop
= fdt_getprop(blob
, node
, "vbnv-context", &len
);
113 if (prop
&& len
== sizeof(ec
->vbnv_context
))
114 memcpy(ec
->vbnv_context
, prop
, len
);
116 prop
= fdt_getprop(blob
, node
, "flash-data", &len
);
118 ec
->flash_data_len
= len
;
119 ec
->flash_data
= malloc(len
);
122 memcpy(ec
->flash_data
, prop
, len
);
123 debug("%s: Loaded EC flash data size %#x\n", __func__
, len
);
130 * cros_ec_write_state() - Write out our state to the state file
132 * The caller will ensure that there is a node ready for the state. The node
133 * may already contain the old state, in which case it is overridden.
135 * @param blob: Device tree blob holding state
136 * @param node: Node to write our state into
138 static int cros_ec_write_state(void *blob
, int node
)
140 struct ec_state
*ec
= g_state
;
142 /* We are guaranteed enough space to write basic properties */
143 fdt_setprop_u32(blob
, node
, "current-image", ec
->current_image
);
144 fdt_setprop(blob
, node
, "vbnv-context", ec
->vbnv_context
,
145 sizeof(ec
->vbnv_context
));
146 return state_setprop(node
, "flash-data", ec
->flash_data
,
147 ec
->ec_config
.flash
.length
);
150 SANDBOX_STATE_IO(cros_ec
, "google,cros-ec", cros_ec_read_state
,
151 cros_ec_write_state
);
154 * Return the number of bytes used in the specified image.
156 * This is the actual size of code+data in the image, as opposed to the
157 * amount of space reserved in flash for that image. This code is similar to
158 * that used by the real EC code base.
160 * @param ec Current emulated EC state
161 * @param entry Flash map entry containing the image to check
162 * @return actual image size in bytes, 0 if the image contains no content or
165 static int get_image_used(struct ec_state
*ec
, struct fmap_entry
*entry
)
170 * Scan backwards looking for 0xea byte, which is by definition the
171 * last byte of the image. See ec.lds.S for how this is inserted at
172 * the end of the image.
174 for (size
= entry
->length
- 1;
175 size
> 0 && ec
->flash_data
[entry
->offset
+ size
] != 0xea;
179 return size
? size
+ 1 : 0; /* 0xea byte IS part of the image */
183 * Read the key matrix from the device tree
185 * Keymap entries in the fdt take the form of 0xRRCCKKKK where
186 * RR=Row CC=Column KKKK=Key Code
188 * @param ec Current emulated EC state
189 * @param node Keyboard node of device tree containing keyscan information
190 * @return 0 if ok, -1 on error
192 static int keyscan_read_fdt_matrix(struct ec_state
*ec
, ofnode node
)
198 cell
= ofnode_get_property(node
, "linux,keymap", &len
);
199 ec
->matrix_count
= len
/ 4;
200 ec
->matrix
= calloc(ec
->matrix_count
, sizeof(*ec
->matrix
));
202 debug("%s: Out of memory for key matrix\n", __func__
);
206 /* Now read the data */
207 for (upto
= 0; upto
< ec
->matrix_count
; upto
++) {
208 struct ec_keymatrix_entry
*matrix
= &ec
->matrix
[upto
];
211 word
= fdt32_to_cpu(*cell
++);
212 matrix
->row
= word
>> 24;
213 matrix
->col
= (word
>> 16) & 0xff;
214 matrix
->keycode
= word
& 0xffff;
216 /* Hard-code some sanity limits for now */
217 if (matrix
->row
>= KEYBOARD_ROWS
||
218 matrix
->col
>= KEYBOARD_COLS
) {
219 debug("%s: Matrix pos out of range (%d,%d)\n",
220 __func__
, matrix
->row
, matrix
->col
);
225 if (upto
!= ec
->matrix_count
) {
226 debug("%s: Read mismatch from key matrix\n", __func__
);
234 * Return the next keyscan message contents
236 * @param ec Current emulated EC state
237 * @param scan Place to put keyscan bytes for the keyscan message (must hold
238 * enough space for a full keyscan)
239 * @return number of bytes of valid scan data
241 static int cros_ec_keyscan(struct ec_state
*ec
, uint8_t *scan
)
243 const struct ec_keymatrix_entry
*matrix
;
244 int bytes
= KEYBOARD_COLS
;
245 int key
[8]; /* allow up to 8 keys to be pressed at once */
249 memset(ec
->keyscan
, '\0', bytes
);
250 count
= sandbox_sdl_scan_keys(key
, ARRAY_SIZE(key
));
252 /* Look up keycode in matrix */
253 for (i
= 0, matrix
= ec
->matrix
; i
< ec
->matrix_count
; i
++, matrix
++) {
257 for (found
= false, j
= 0; j
< count
; j
++) {
258 if (matrix
->keycode
== key
[j
])
263 debug("%d: %d,%d\n", matrix
->keycode
, matrix
->row
,
265 ec
->keyscan
[matrix
->col
] |= 1 << matrix
->row
;
269 memcpy(scan
, ec
->keyscan
, bytes
);
274 * Process an emulated EC command
276 * @param ec Current emulated EC state
277 * @param req_hdr Pointer to request header
278 * @param req_data Pointer to body of request
279 * @param resp_hdr Pointer to place to put response header
280 * @param resp_data Pointer to place to put response data, if any
281 * @return length of response data, or 0 for no response data, or -1 on error
283 static int process_cmd(struct ec_state
*ec
,
284 struct ec_host_request
*req_hdr
, const void *req_data
,
285 struct ec_host_response
*resp_hdr
, void *resp_data
)
289 /* TODO(sjg@chromium.org): Check checksums */
290 debug("EC command %#0x\n", req_hdr
->command
);
292 switch (req_hdr
->command
) {
294 const struct ec_params_hello
*req
= req_data
;
295 struct ec_response_hello
*resp
= resp_data
;
297 resp
->out_data
= req
->in_data
+ 0x01020304;
301 case EC_CMD_GET_VERSION
: {
302 struct ec_response_get_version
*resp
= resp_data
;
304 strcpy(resp
->version_string_ro
, "sandbox_ro");
305 strcpy(resp
->version_string_rw
, "sandbox_rw");
306 resp
->current_image
= ec
->current_image
;
307 debug("Current image %d\n", resp
->current_image
);
311 case EC_CMD_VBNV_CONTEXT
: {
312 const struct ec_params_vbnvcontext
*req
= req_data
;
313 struct ec_response_vbnvcontext
*resp
= resp_data
;
316 case EC_VBNV_CONTEXT_OP_READ
:
317 /* TODO(sjg@chromium.org): Support full-size context */
318 memcpy(resp
->block
, ec
->vbnv_context
,
322 case EC_VBNV_CONTEXT_OP_WRITE
:
323 /* TODO(sjg@chromium.org): Support full-size context */
324 memcpy(ec
->vbnv_context
, req
->block
,
329 printf(" ** Unknown vbnv_context command %#02x\n",
335 case EC_CMD_REBOOT_EC
: {
336 const struct ec_params_reboot_ec
*req
= req_data
;
338 printf("Request reboot type %d\n", req
->cmd
);
340 case EC_REBOOT_DISABLE_JUMP
:
343 case EC_REBOOT_JUMP_RW
:
344 ec
->current_image
= EC_IMAGE_RW
;
348 puts(" ** Unknown type");
353 case EC_CMD_HOST_EVENT_GET_B
: {
354 struct ec_response_host_event_mask
*resp
= resp_data
;
357 if (ec
->recovery_req
) {
358 resp
->mask
|= EC_HOST_EVENT_MASK(
359 EC_HOST_EVENT_KEYBOARD_RECOVERY
);
365 case EC_CMD_VBOOT_HASH
: {
366 const struct ec_params_vboot_hash
*req
= req_data
;
367 struct ec_response_vboot_hash
*resp
= resp_data
;
368 struct fmap_entry
*entry
;
371 entry
= &ec
->ec_config
.region
[EC_FLASH_REGION_ACTIVE
];
374 case EC_VBOOT_HASH_RECALC
:
375 case EC_VBOOT_HASH_GET
:
376 size
= SHA256_SUM_LEN
;
377 len
= get_image_used(ec
, entry
);
378 ret
= hash_block("sha256",
379 ec
->flash_data
+ entry
->offset
,
380 len
, resp
->hash_digest
, &size
);
382 printf(" ** hash_block() failed\n");
385 resp
->status
= EC_VBOOT_HASH_STATUS_DONE
;
386 resp
->hash_type
= EC_VBOOT_HASH_TYPE_SHA256
;
387 resp
->digest_size
= size
;
389 resp
->offset
= entry
->offset
;
394 printf(" ** EC_CMD_VBOOT_HASH: Unknown command %d\n",
400 case EC_CMD_FLASH_PROTECT
: {
401 const struct ec_params_flash_protect
*req
= req_data
;
402 struct ec_response_flash_protect
*resp
= resp_data
;
403 uint32_t expect
= EC_FLASH_PROTECT_ALL_NOW
|
404 EC_FLASH_PROTECT_ALL_AT_BOOT
;
406 printf("mask=%#x, flags=%#x\n", req
->mask
, req
->flags
);
407 if (req
->flags
== expect
|| req
->flags
== 0) {
408 resp
->flags
= req
->flags
? EC_FLASH_PROTECT_ALL_NOW
:
410 resp
->valid_flags
= EC_FLASH_PROTECT_ALL_NOW
;
411 resp
->writable_flags
= 0;
414 puts(" ** unexpected flash protect request\n");
419 case EC_CMD_FLASH_REGION_INFO
: {
420 const struct ec_params_flash_region_info
*req
= req_data
;
421 struct ec_response_flash_region_info
*resp
= resp_data
;
422 struct fmap_entry
*entry
;
424 switch (req
->region
) {
425 case EC_FLASH_REGION_RO
:
426 case EC_FLASH_REGION_ACTIVE
:
427 case EC_FLASH_REGION_WP_RO
:
428 entry
= &ec
->ec_config
.region
[req
->region
];
429 resp
->offset
= entry
->offset
;
430 resp
->size
= entry
->length
;
432 printf("EC flash region %d: offset=%#x, size=%#x\n",
433 req
->region
, resp
->offset
, resp
->size
);
436 printf("** Unknown flash region %d\n", req
->region
);
441 case EC_CMD_FLASH_ERASE
: {
442 const struct ec_params_flash_erase
*req
= req_data
;
444 memset(ec
->flash_data
+ req
->offset
,
445 ec
->ec_config
.flash_erase_value
,
450 case EC_CMD_FLASH_WRITE
: {
451 const struct ec_params_flash_write
*req
= req_data
;
453 memcpy(ec
->flash_data
+ req
->offset
, req
+ 1, req
->size
);
457 case EC_CMD_MKBP_STATE
:
458 len
= cros_ec_keyscan(ec
, resp_data
);
460 case EC_CMD_ENTERING_MODE
:
463 case EC_CMD_GET_NEXT_EVENT
: {
464 struct ec_response_get_next_event
*resp
= resp_data
;
466 resp
->event_type
= EC_MKBP_EVENT_KEY_MATRIX
;
467 cros_ec_keyscan(ec
, resp
->data
.key_matrix
);
472 printf(" ** Unknown EC command %#02x\n", req_hdr
->command
);
479 int cros_ec_sandbox_packet(struct udevice
*udev
, int out_bytes
, int in_bytes
)
481 struct cros_ec_dev
*dev
= dev_get_uclass_priv(udev
);
482 struct ec_state
*ec
= dev_get_priv(dev
->dev
);
483 struct ec_host_request
*req_hdr
= (struct ec_host_request
*)dev
->dout
;
484 const void *req_data
= req_hdr
+ 1;
485 struct ec_host_response
*resp_hdr
= (struct ec_host_response
*)dev
->din
;
486 void *resp_data
= resp_hdr
+ 1;
489 len
= process_cmd(ec
, req_hdr
, req_data
, resp_hdr
, resp_data
);
493 resp_hdr
->struct_version
= 3;
494 resp_hdr
->result
= EC_RES_SUCCESS
;
495 resp_hdr
->data_len
= len
;
496 resp_hdr
->reserved
= 0;
497 len
+= sizeof(*resp_hdr
);
498 resp_hdr
->checksum
= 0;
499 resp_hdr
->checksum
= (uint8_t)
500 -cros_ec_calc_checksum((const uint8_t *)resp_hdr
, len
);
505 void cros_ec_check_keyboard(struct udevice
*dev
)
507 struct ec_state
*ec
= dev_get_priv(dev
);
510 printf("Press keys for EC to detect on reset (ESC=recovery)...");
511 start
= get_timer(0);
512 while (get_timer(start
) < 1000)
515 if (!sandbox_sdl_key_pressed(KEY_ESC
)) {
516 ec
->recovery_req
= true;
517 printf(" - EC requests recovery\n");
521 int cros_ec_probe(struct udevice
*dev
)
523 struct ec_state
*ec
= dev_get_priv(dev
);
524 struct cros_ec_dev
*cdev
= dev_get_uclass_priv(dev
);
525 struct udevice
*keyb_dev
;
529 memcpy(ec
, &s_state
, sizeof(*ec
));
530 err
= cros_ec_decode_ec_flash(dev
, &ec
->ec_config
);
532 debug("%s: Cannot device EC flash\n", __func__
);
536 node
= ofnode_null();
537 for (device_find_first_child(dev
, &keyb_dev
);
539 device_find_next_child(&keyb_dev
)) {
540 if (device_get_uclass_id(keyb_dev
) == UCLASS_KEYBOARD
) {
541 node
= dev_ofnode(keyb_dev
);
545 if (!ofnode_valid(node
)) {
546 debug("%s: No cros_ec keyboard found\n", __func__
);
547 } else if (keyscan_read_fdt_matrix(ec
, node
)) {
548 debug("%s: Could not read key matrix\n", __func__
);
552 /* If we loaded EC data, check that the length matches */
553 if (ec
->flash_data
&&
554 ec
->flash_data_len
!= ec
->ec_config
.flash
.length
) {
555 printf("EC data length is %x, expected %x, discarding data\n",
556 ec
->flash_data_len
, ec
->ec_config
.flash
.length
);
557 free(ec
->flash_data
);
558 ec
->flash_data
= NULL
;
561 /* Otherwise allocate the memory */
562 if (!ec
->flash_data
) {
563 ec
->flash_data_len
= ec
->ec_config
.flash
.length
;
564 ec
->flash_data
= malloc(ec
->flash_data_len
);
571 return cros_ec_register(dev
);
574 struct dm_cros_ec_ops cros_ec_ops
= {
575 .packet
= cros_ec_sandbox_packet
,
578 static const struct udevice_id cros_ec_ids
[] = {
579 { .compatible
= "google,cros-ec-sandbox" },
583 U_BOOT_DRIVER(google_cros_ec_sandbox
) = {
584 .name
= "google_cros_ec_sandbox",
585 .id
= UCLASS_CROS_EC
,
586 .of_match
= cros_ec_ids
,
587 .probe
= cros_ec_probe
,
588 .priv_auto
= sizeof(struct ec_state
),