├── .gitignore ├── .gitmodules ├── README.md ├── agent ├── CMakeLists.txt ├── agent.bin ├── linker.ld └── src │ ├── CMakeLists.txt │ ├── ag.h │ ├── boot.S │ ├── bootinfo.c │ ├── bootinfo.h │ ├── bootkernel.c │ ├── bootrom.c │ ├── drivers │ ├── circbuf.c │ ├── circbuf.h │ ├── i2c.c │ ├── mt6755 │ │ ├── msdc_reg.h │ │ ├── mt_i2c.c │ │ ├── mt_i2c.h │ │ └── pmic │ │ │ ├── Makefile │ │ │ ├── mt6353_hw.h │ │ │ ├── mt_pmic_wrap.c │ │ │ ├── mt_pmic_wrap.h │ │ │ ├── pwrap_hal.c │ │ │ ├── pwrap_hal.h │ │ │ ├── pwrap_hal_d2.h │ │ │ └── pwrap_hal_v1.c │ ├── platform.h │ ├── simple │ │ ├── hacc.c │ │ ├── hacc.h │ │ ├── mmc.c │ │ ├── mmc.h │ │ └── reg.h │ ├── ssusb_sifslv_ippc_c_header.h │ ├── ssusb_usb3_mac_csr_c_header.h │ ├── sync_write.h │ ├── timer.c │ ├── timer.h │ ├── typedefs.h │ ├── usbd.c │ ├── usbd.h │ ├── usbdcore.h │ ├── usbphy.c │ ├── usbphy.h │ ├── usbtty.c │ └── usbtty.h │ ├── efuse.c │ ├── io.h │ ├── ltest.S │ ├── main.c │ ├── partition_rw.c │ ├── patchkernel.c │ ├── pt.c │ ├── ram_console.c │ ├── secpol.c │ ├── test.c │ ├── trustzone.c │ ├── trustzone.h │ ├── usb.h │ ├── usbproto.c │ ├── usbproto.h │ ├── util.S │ └── wdt.h ├── bin ├── agent.bin ├── lk_fastboot.bin ├── lk_payload.bin ├── microloader.bin ├── tee1_oreo.bin ├── tee2_oreo.bin ├── test_recovery_with_exploit.img ├── twrp.img ├── vcom │ ├── cdc-acm.cat │ ├── cdc-acm.inf │ └── x64 │ │ └── usb2ser.sys └── vuln_lk.img ├── cdalib ├── __init__.py ├── commands.py ├── packet.py └── status.py ├── common.py ├── config.py ├── download.py ├── dump-da.py ├── efi ├── BOOTLOG └── flash-uefi.py ├── flash_lk_payload.py ├── ftm.py ├── imginfo.py ├── microloader ├── Makefile ├── common │ └── def.h ├── efiboot │ ├── Makefile │ ├── def.h │ ├── efi.h │ ├── jump.S │ ├── linker.x │ ├── main.c │ ├── ops.S │ └── test.S ├── inject_microloader_nougat.py ├── inject_microloader_oreo.py ├── linker.x ├── linuxboot │ ├── Makefile │ ├── bootimg.h │ ├── drivers │ │ ├── clk │ │ │ ├── clk-gate-v1.h │ │ │ ├── clk-mt6755-pll.h │ │ │ ├── clk-mt6755.c │ │ │ ├── clk-mtk-v1.h │ │ │ ├── clk-mux.h │ │ │ ├── clk-pll-v1.h │ │ │ └── mt6755-clk.h │ │ ├── devbase.h │ │ ├── drivers.c │ │ ├── include │ │ │ ├── drivers.h │ │ │ ├── mach │ │ │ │ ├── mt6353_hw.h │ │ │ │ ├── mt6353_sw.h │ │ │ │ ├── upmu_hw.h │ │ │ │ └── upmu_sw.h │ │ │ └── mt-plat │ │ │ │ ├── mt_pmic_wrap.h │ │ │ │ ├── sync_write.h │ │ │ │ └── upmu_common.h │ │ ├── pmic │ │ │ ├── mt6311.h │ │ │ ├── mt6353 │ │ │ │ └── mt_pmic_info.h │ │ │ ├── mt_pmic_wrap.c │ │ │ ├── pmic.c │ │ │ ├── pmic.h │ │ │ ├── pmic_throttling_dlpt.h │ │ │ ├── pwrap_hal.h │ │ │ ├── pwrap_hal_v1.c │ │ │ └── upmu_common.c │ │ ├── u3hal │ │ │ ├── Makefile │ │ │ ├── mu3d_hal_comm.h │ │ │ ├── mu3d_hal_hw.h │ │ │ ├── mu3d_hal_osal.c │ │ │ ├── mu3d_hal_osal.h │ │ │ ├── mu3d_hal_phy.c │ │ │ ├── mu3d_hal_phy.h │ │ │ ├── mu3d_hal_qmu_drv.c │ │ │ ├── mu3d_hal_qmu_drv.h │ │ │ ├── mu3d_hal_usb_drv.c │ │ │ ├── mu3d_hal_usb_drv.h │ │ │ ├── ssusb_dev_c_header.h │ │ │ ├── ssusb_epctl_csr_c_header.h │ │ │ ├── ssusb_sifslv_ippc_c_header.h │ │ │ ├── ssusb_usb2_csr_c_header.h │ │ │ ├── ssusb_usb3_mac_csr_c_header.h │ │ │ └── ssusb_usb3_sys_csr_c_header.h │ │ └── usb │ │ │ ├── mtk-phy-ahb.c │ │ │ ├── mtk-phy-asic.c │ │ │ ├── mtk-phy-asic.h │ │ │ ├── mtk-phy.c │ │ │ └── mtk-phy.h │ ├── include │ │ ├── linuxboot │ │ │ ├── driverapi.h │ │ │ ├── io.h │ │ │ ├── libc.h │ │ │ ├── linuxcompat.h │ │ │ └── types.h │ │ └── lk │ │ │ └── api.h │ ├── jump.S │ ├── libc │ │ ├── atoi.c │ │ ├── atoi.h │ │ ├── ctype.c │ │ ├── ctype.h │ │ ├── memchr.c │ │ ├── memcmp.c │ │ ├── memcpy.c │ │ ├── memmove.c │ │ ├── memset.c │ │ ├── strchr.c │ │ ├── strnlen.c │ │ └── strrchr.c │ ├── linker.x │ ├── main.c │ ├── patchlk.c │ ├── start.S │ ├── u3phy.h │ └── uart.c ├── lkp │ ├── Makefile │ ├── circbuf.c │ ├── circbuf.h │ ├── libc.c │ ├── linker.x │ ├── lk_api.h │ ├── main.c │ ├── platform.h │ ├── ssusb_sifslv_ippc_c_header.h │ ├── ssusb_usb3_mac_csr_c_header.h │ ├── start.S │ ├── timer.c │ ├── timer.h │ ├── typedefs.h │ ├── usbd.c │ ├── usbd.h │ ├── usbdcore.h │ ├── usbphy.c │ ├── usbphy.h │ ├── usbtty.c │ └── usbtty.h ├── main.c └── start.S ├── partdump.py ├── partinfo.py ├── pl.py ├── plib ├── __init__.py ├── commands.py ├── errors.py └── mmc.py ├── read_boot0.py ├── requirements.txt ├── rominfo.py ├── sec ├── seccfg.py ├── secpol.py └── secro.py ├── utils.py └── write_boot0.py /.gitignore: -------------------------------------------------------------------------------- 1 | **/__pycache__ 2 | SOFT 3 | mediatek 4 | .vscode 5 | microloader/build 6 | microloader/linuxboot/build 7 | NOWY_SOFT 8 | agent/build 9 | agent/build-old 10 | .venv 11 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "agent/rtl"] 2 | path = agent/rtl 3 | url = git+ssh://git@github.com/arturkow2000/rtl 4 | -------------------------------------------------------------------------------- /agent/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required (VERSION 3.16) 2 | project (agent C CXX ASM) 3 | 4 | set (BUILD_SHARED_LIBS OFF) 5 | set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -march=armv7a -mfloat-abi=soft -O3") 6 | set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -march=armv7a -mfloat-abi=soft -O3") 7 | set (CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -march=armv7a -mfloat-abi=soft") 8 | 9 | include (n1build) 10 | N1SetupBuildEnvironment() 11 | 12 | add_subdirectory (rtl) 13 | 14 | add_subdirectory (src) 15 | -------------------------------------------------------------------------------- /agent/agent.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/arturkow2000/lgk10exploit/632cc086b5086dfdad5f3dd108fd088cfecbd132/agent/agent.bin -------------------------------------------------------------------------------- /agent/linker.ld: -------------------------------------------------------------------------------- 1 | ENTRY(_x_start) 2 | SECTIONS 3 | { 4 | /*. = 0x46000000;*/ 5 | . = 0x47000000; 6 | 7 | __executable_start = .; 8 | .text : 9 | { 10 | PROVIDE(__text_start = .); 11 | *(.cboot0) 12 | *(.cboot1) 13 | *(.boot0) 14 | *(.boot1) 15 | *(.text) 16 | *(.text.*) 17 | PROVIDE(__text_end = .); 18 | } 19 | .rodata : 20 | { 21 | PROVIDE(__rodata_start = .); 22 | *(.rodata) 23 | *(.rodata.*) 24 | *(.gnu.linkonce.r) 25 | PROVIDE(__rodata_end = .); 26 | } 27 | .data : 28 | { 29 | PROVIDE(__data_start = .); 30 | *(.data) 31 | *(.data.*) 32 | *(.gnu.linkonce.d) 33 | PROVIDE(__data_end = .); 34 | } 35 | .bss : 36 | { 37 | PROVIDE(__bss_start = .); 38 | *(COMMON) 39 | *(.bss) 40 | *(.bss.*) 41 | *(.gnu.linkonce.b) 42 | PROVIDE(__bss_end = .); 43 | } 44 | .ctors : ALIGN(4) { 45 | PROVIDE(__ctors_start = .); 46 | KEEP (*(SORT(.ctors.*))) 47 | KEEP (*(.ctors)) 48 | PROVIDE(__ctors_end = .); 49 | } 50 | .got : ALIGN(4) { 51 | PROVIDE(__got_start = .); 52 | *(.got) 53 | *(.got.*) 54 | PROVIDE(__got_end = .); 55 | } 56 | 57 | /DISCARD/ : { 58 | *(.note.*) 59 | } 60 | 61 | . = ALIGN(16); 62 | _end = .; 63 | } 64 | -------------------------------------------------------------------------------- /agent/src/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(agent C ASM) 2 | 3 | set(src 4 | drivers/usbd.c 5 | drivers/usbtty.c 6 | drivers/usbphy.c 7 | drivers/circbuf.c 8 | drivers/timer.c 9 | drivers/simple/mmc.c 10 | drivers/simple/hacc.c 11 | boot.S 12 | main.c 13 | usbproto.c 14 | efuse.c 15 | bootinfo.c 16 | bootkernel.c 17 | util.S 18 | pt.c 19 | secpol.c 20 | partition_rw.c 21 | test.c 22 | ltest.S 23 | patchkernel.c 24 | trustzone.c 25 | bootrom.c 26 | ram_console.c 27 | ) 28 | 29 | add_executable(agent ${src}) 30 | target_link_libraries(agent rtl rtl-kmode) 31 | target_include_directories(agent PRIVATE "${CMAKE_CURRENT_SOURCE_DIR}") 32 | target_link_options(agent PRIVATE -T ${CMAKE_SOURCE_DIR}/linker.ld -nostdlib) 33 | 34 | # temporary workaround 35 | target_link_libraries(agent ${N1_RTL_PATH}/clang-runtime/runtime-arm32.a) 36 | 37 | add_custom_command( 38 | TARGET agent 39 | POST_BUILD 40 | COMMAND arm-none-eabi-objcopy -O binary "${CMAKE_CURRENT_BINARY_DIR}/agent" "${CMAKE_BINARY_DIR}/agent.bin" 41 | ) 42 | -------------------------------------------------------------------------------- /agent/src/ag.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "usbproto.h" 4 | #include 5 | 6 | VOID AgpPrintEfuseState(); 7 | VOID AgpPrintBootInfo(); 8 | 9 | VOID AgpBootLk(PVOID LkBase, SIZE LkSize, UINTPTR Entry, PVOID AtfBase, SIZE AtfSize); 10 | VOID AgpBootMtkDa(UINTPTR DaStart, SIZE DaSize, UINTPTR LkEntry, BOOLEAN UseLk); 11 | VOID AgpBootPl(UINTPTR Entry); 12 | 13 | VOID AgpRetrieveRamConsole(UINT32 Flags); 14 | 15 | // lock access to some partitions by default (this can be disabled by using --dangerous flag) 16 | #define AG_P_SECPOL_ALLOW_READ (1) 17 | #define AG_P_SECPOL_ALLOW_WRITE (1 << 1) 18 | 19 | typedef struct _AG_PTE 20 | { 21 | UINT64 FirstLba; 22 | UINT64 LastLba; 23 | UINT64 Policy; 24 | RTL_LIST Node; 25 | CHAR Name[36]; 26 | } AG_PTE, *PAG_PTE; 27 | 28 | BOOLEAN AgpReadPartitionTable(INT MmcControllerIndex); 29 | PAG_PTE AgpLookupPartition(INT Mmc, CONST CHAR *Name); 30 | 31 | VOID AgpDumpSecpol(); 32 | VOID AgpUnlockDevice(); 33 | VOID AgpLockDevice(); 34 | 35 | BOOLEAN AgpRunTest(INT Test); 36 | 37 | VOID AgpPatchLk(PVOID Address, PVOID CodeStart, SIZE Size, UINT32 BootMode, UINT32 Flags); -------------------------------------------------------------------------------- /agent/src/boot.S: -------------------------------------------------------------------------------- 1 | #define RELOCATE 2 | 3 | .arch armv7-a 4 | .section .cboot0, "ax" 5 | .arm 6 | .global _x_start 7 | .type _x_start, #function 8 | _x_start: 9 | adr r3, _bootinfo 10 | str r4, [r3] 11 | adr r3, _bootinfo_length 12 | str r5, [r3] 13 | 14 | #ifdef RELOCATE 15 | adr r3, .L_r_executable_start 16 | ldr r2, .L_r_executable_start 17 | add r0, r2, r3 // # r0 holds executable start 18 | adr r3, .L_r_executable_end 19 | ldr r2, .L_r_executable_end 20 | add r1, r2, r3 // # r1 holds executable end 21 | 22 | sub r2, r1, r0 // # r2 hold executable size in bytes 23 | 24 | ldr r3, .L_a_loader_target 25 | 26 | sub r7, r3, r0 27 | 28 | 1: 29 | ldrb r1, [r0], #0 30 | strb r1, [r3], #0 31 | add r0, r0, #1 32 | add r3, r3, #1 33 | subs r2, r2, #1 34 | bne 1b 35 | 36 | adr r3, .L_r_N1Main 37 | ldr r2, .L_r_N1Main 38 | add r2, r2, r3 39 | add r2, r2, r7 40 | 41 | mov r0, r4 42 | mov r1, r5 43 | mov pc, r2 44 | #else 45 | adr r3, .L_r_N1Main 46 | ldr r2, .L_r_N1Main 47 | add r2, r2, r3 48 | mov pc, r2 49 | #endif 50 | .size _x_start, . - _x_start 51 | .L_a_args: .word 0x45FFFFF8 52 | .L_a_arg2: .word 0x45FFFFFC 53 | .L_r_executable_start: .word __executable_start - .L_r_executable_start 54 | .L_r_executable_end: .word _end - .L_r_executable_end 55 | # .L_r_N1Main: .word N1Main - .L_r_N1Main 56 | .L_r_N1Main: .word _start - .L_r_N1Main 57 | #ifdef RELOCATE 58 | .L_a_loader_target: .word 0x47000000 59 | #endif 60 | .global _bootinfo 61 | .type _bootinfo, #object 62 | _bootinfo: .word 0 63 | .size _bootinfo, 4 64 | 65 | .global _bootinfo_length 66 | .type _bootinfo_length, #object 67 | _bootinfo_length: .word 0 68 | .size _bootinfo_length, 4 69 | 70 | .type _boot_lk, #function 71 | _boot_lk: 72 | ldr r0, .L_a_lk_src_addr 73 | ldr r1, .L_a_lk_dst_addr 74 | ldr r2, .L_C_lk_size_4b 75 | 1: 76 | ldr r3, [r0], #0 77 | str r3, [r1], #0 78 | add r0, r0, #4 79 | add r1, r1, #4 80 | subs r2, r2, #1 81 | bne 1b 82 | 83 | dsb 84 | isb 85 | ldr r1, .L_a_lk_dst_addr 86 | mov pc, r1 87 | 88 | .size _boot_lk, . - _boot_lk 89 | .L_a_lk_src_addr: .word 0x46100008 90 | .L_a_lk_dst_addr: .word 0x46000000 91 | .L_C_lk_size_4b: .word (1024*1024*5 / 4) // 5 MiB 92 | 93 | .section .text, "ax" 94 | .global _jump 95 | .type _jump, #function 96 | _jump: 97 | mov r4, r1 98 | mov r5, r2 99 | mov pc, r0 100 | .size _jump, . - _jump 101 | 102 | .global _jump64 103 | .type _jump, #function 104 | // r0 - ATF entry 105 | // r1 - LK argument 1 106 | // r2 - LK argument 2 107 | // r3 - ATF argument pointer 108 | // [sp] - LK entry 109 | _jump64: 110 | mov r4, r1 111 | mov r5, r2 112 | ldr r6, [sp] // LK entry 113 | 114 | mov r7, r3 115 | 116 | //;# ldr r1, =0x10200038 // mcucfg + 0x38 117 | //;# ldr r1, .Lreset_vector_base 118 | //;# ldr r1, [r1] 119 | //;# str r0, [r1] 120 | 121 | mrc p15, 0, r0, c12, c0, 2 122 | orr r0, r0, #1 123 | mcr p15, 0, r0, c12, c0, 2 124 | dsb 125 | isb 126 | 127 | mrc p15, 0, r0, c12, c0, 2 128 | orr r0, r0, #2 129 | mcr p15, 0, r0, c12, c0, 2 130 | dsb 131 | isb 132 | 133 | mov r0, #0xC0000000 134 | 1: 135 | wfi 136 | b 1b 137 | .Lreset_vector_base: .long 0x10200038 138 | .size _jump64, . - _jump64 139 | -------------------------------------------------------------------------------- /agent/src/bootinfo.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | typedef enum 6 | { 7 | NORMAL_BOOT = 0, 8 | META_BOOT = 1, 9 | RECOVERY_BOOT = 2, 10 | SW_REBOOT = 3, 11 | FACTORY_BOOT = 4, 12 | ADVMETA_BOOT = 5, 13 | ATE_FACTORY_BOOT = 6, 14 | ALARM_BOOT = 7, 15 | FASTBOOT = 99, 16 | 17 | DOWNLOAD_BOOT = 100, 18 | UNKNOWN_BOOT 19 | } BOOT_MODE; 20 | 21 | typedef enum 22 | { 23 | BOOT_REASON_POWER_KEY = 0, 24 | BOOT_REASON_USB, 25 | BOOT_REASON_RTC, 26 | BOOT_REASON_WDT, 27 | BOOT_REASON_WDT_BY_PASS_PWK, 28 | BOOT_REASON_TOOL_BY_PASS_PWK, 29 | BOOT_REASON_2SEC_REBOOT, 30 | BOOT_REASON_UNKNOWN, 31 | BOOT_REASON_KERNEL_PANIC, 32 | BOOT_REASON_WDT_SW, 33 | BOOT_REASON_WDT_HW 34 | } BOOT_REASON; 35 | 36 | #define ATAG_TYPE_BOOT_REASON 0x88610001 37 | #define ATAG_TYPE_BOOT_MODE 0x88610002 38 | #define ATAG_TYPE_META_COM 0x88610003 39 | #define ATAG_TYPE_LOG_COM 0x88610004 40 | #define ATAG_TYPE_MEM 0x88610005 41 | #define ATAG_TYPE_MD_INFO 0x88610006 42 | #define ATAG_TYPE_BOOT_TIME 0x88610007 43 | #define ATAG_TYPE_DA_INFO 0x88610008 44 | #define ATAG_TYPE_SEC_INFO 0x88610009 45 | #define ATAG_TYPE_PART_NUM 0x8861000A 46 | #define ATAG_TYPE_PART_INFO 0x8861000B 47 | #define ATAG_TYPE_EFLAG 0x8861000C 48 | #define ATAG_TYPE_DDR_RESERVE 0x8861000D 49 | #define ATAG_TYPE_DRAM_BUF 0x8861000E 50 | #define ATAG_TYPE_PTP 0x88610010 51 | #define ATAG_TYPE_SRAM_INFO 0x88610012 52 | #define ATAG_TYPE_EXTBUCK_FAN53526 0x88610014 53 | 54 | typedef struct _ATAG_HEADER 55 | { 56 | UINT32 Size; 57 | UINT32 Tag; 58 | } ATAG_HEADER, *PATAG_HEADER; 59 | 60 | typedef struct _ATAG_BOOT_REASON 61 | { 62 | ATAG_HEADER Header; 63 | UINT32 BootReason; 64 | } ATAG_BOOT_REASON, *PATAG_BOOT_REASON; 65 | 66 | typedef struct _ATAG_BOOT_MODE 67 | { 68 | ATAG_HEADER Header; 69 | UINT32 BootMode; 70 | } ATAG_BOOT_MODE, *PATAG_BOOT_MODE; 71 | 72 | typedef struct _ATAG_META_COM 73 | { 74 | ATAG_HEADER Header; 75 | UINT32 MetaComType; 76 | UINT32 MetaComId; 77 | UINT32 MetaUartPort; 78 | } ATAG_META_COM, *PATAG_META_COM; 79 | 80 | typedef struct _ATAG_LOG_COM 81 | { 82 | ATAG_HEADER Header; 83 | UINT32 LogPort; 84 | UINT32 LogBaudrate; 85 | UINT32 LogEnable; 86 | } ATAG_LOG_COM, *PATAG_LOG_COM; 87 | 88 | typedef struct _MBLOCK 89 | { 90 | UINT64 Start; 91 | UINT64 Size; 92 | UINT32 Rank; 93 | } MBLOCK, *PMBLOCK; 94 | 95 | typedef struct _MBLOCK_INFO 96 | { 97 | UINT32 MBlockNum; 98 | MBLOCK MBlock[128]; 99 | } MBLOCK_INFO, *PMBLOCK_INFO; 100 | 101 | typedef struct _MEMORY_DESCRIPTOR 102 | { 103 | UINT64 Start; 104 | UINT64 Size; 105 | } MEMORY_DESCRIPTOR, *PMEMORY_DESCRIPTOR; 106 | 107 | typedef struct _DRAM_INFO 108 | { 109 | UINT32 RankNum; 110 | MEMORY_DESCRIPTOR RankInfo[4]; 111 | } DRAM_INFO, *PDRAM_INFO; 112 | 113 | typedef struct _ATAG_MEM 114 | { 115 | ATAG_HEADER Header; 116 | UINT32 DramRankNum; 117 | UINT32 DramRankSize[4]; 118 | MBLOCK_INFO MBlockInfo; 119 | DRAM_INFO DramInfo; 120 | MEMORY_DESCRIPTOR LcaReservedMemory; 121 | MEMORY_DESCRIPTOR TeeReservedMemory; 122 | } ATAG_MEM, *PATAG_MEM; 123 | 124 | typedef struct _ATAG_MD_INFO 125 | { 126 | ATAG_HEADER Header; 127 | UINT32 MdType[4]; 128 | } ATAG_MD_INFO, *PATAG_MD_INFO; 129 | 130 | typedef struct _ATAG_DA_INFO 131 | { 132 | ATAG_HEADER Header; 133 | UINT32 Address; 134 | UINT32 Arg1; 135 | UINT32 Arg2; 136 | UINT32 Size; 137 | UINT32 SignatureSize; 138 | } ATAG_DA_INFO, *PATAG_DA_INFO; 139 | 140 | PATAG_HEADER AgpGetAtag(UINT32 Tag); -------------------------------------------------------------------------------- /agent/src/bootkernel.c: -------------------------------------------------------------------------------- 1 | #include "bootinfo.h" 2 | #include 3 | #include "drivers/usbd.h" 4 | #include "drivers/usbtty.h" 5 | #include "drivers/timer.h" 6 | #include 7 | #include "trustzone.h" 8 | 9 | extern UINT32 _bootinfo; 10 | extern UINT32 _bootinfo_length; 11 | extern int g_usb_port_state; 12 | 13 | static BOOLEAN usb_port_down(UINT32 tmo_ms) 14 | { 15 | ULONG start_time = get_timer(0); 16 | 17 | /* check if usb comport close */ 18 | if (!(g_usb_port_state & 1)) 19 | return TRUE; 20 | 21 | while (1) 22 | { 23 | 24 | //if (get_timer(start_time) > tmo_ms) 25 | //return FALSE; 26 | 27 | /* kick watchdog to avoid cpu reset */ 28 | //platform_wdt_all_kick(); 29 | 30 | mt_usbtty_query_data_size(); 31 | 32 | /* check if usb comport close */ 33 | if (!(g_usb_port_state & 1)) 34 | break; 35 | 36 | udelay(20000); /* 20ms */ 37 | } 38 | 39 | return TRUE; 40 | } 41 | 42 | extern void apmcu_icache_invalidate(); 43 | extern void apmcu_isb(); 44 | extern void apmcu_disable_icache(); 45 | extern void apmcu_disable_smp(); 46 | VOID AgpPrepareToJump() 47 | { 48 | mt_usbtty_flush(); 49 | usb_port_down(0); 50 | udc_stop(); 51 | mt_usb_connect_internal(); 52 | 53 | apmcu_icache_invalidate(); 54 | apmcu_disable_icache(); 55 | apmcu_isb(); 56 | apmcu_disable_smp(); 57 | 58 | // Disable I-Cache D-Cache and branch prediction 59 | // RtlArmAndSctlr(~(ARM_SCTLR_C | ARM_SCTLR_I | ARM_SCTLR_Z)); 60 | } 61 | 62 | extern void _jump(UINTPTR Entry, UINTPTR Arg1, UINTPTR Arg2); 63 | VOID AgpBootLk(PVOID Base, SIZE Size, UINTPTR Entry, PVOID AtfBase, SIZE AtfSize) 64 | { 65 | PATAG_BOOT_MODE BootMode = (PATAG_BOOT_MODE)AgpGetAtag(ATAG_TYPE_BOOT_MODE); 66 | if (BootMode != NULL) 67 | { 68 | BootMode->BootMode = FASTBOOT; 69 | } 70 | else 71 | { 72 | // TODO: add new ATAG 73 | } 74 | PATAG_BOOT_REASON BootReason = (PATAG_BOOT_REASON)AgpGetAtag(ATAG_TYPE_BOOT_REASON); 75 | if (BootReason) 76 | { 77 | BootReason->BootReason = BOOT_REASON_POWER_KEY; 78 | } 79 | 80 | RtlPrintf("Booting LK at %p entry=%p size=%d arg1=%p arg2=%p ATF base %p size %d\n", 81 | (PVOID)Base, 82 | (PVOID)Entry, 83 | Size, 84 | (PVOID)_bootinfo, 85 | (PVOID)_bootinfo_length, 86 | AtfBase, 87 | AtfSize); 88 | if (AtfBase) 89 | { 90 | AgpBootAtf(AtfBase, AtfSize, AtfBase, NULL, 0, NULL, Base, Size, (PVOID)Entry); 91 | } 92 | else 93 | { 94 | AgpPrepareToJump(); 95 | _jump(Entry, _bootinfo, _bootinfo_length); 96 | } 97 | } 98 | 99 | VOID AgpBootPl(UINTPTR Entry) 100 | { 101 | AgpPrepareToJump(); 102 | _jump(Entry, 0, 0); 103 | } 104 | 105 | typedef struct _DA_ARG 106 | { 107 | UINT32 Magic; 108 | UINT32 Version; 109 | UINT32 Flags; 110 | } DA_ARG, *PDA_ARG; 111 | 112 | #define DA_ARG_MAGIC 0x58885168 113 | #define DA_ARG_VER 1 114 | 115 | #define DA_FLAG_SKIP_PLL_INIT 0x00000001 116 | #define DA_FLAG_SKIP_EMI_INIT 0x00000002 117 | 118 | VOID AgpBootMtkDa(UINTPTR DaStart, SIZE DaSize, UINTPTR LkEntry, BOOLEAN UseLk) 119 | { 120 | DA_ARG _Arg; 121 | PDA_ARG Arg = &_Arg; 122 | //PDA_ARG Arg = (PDA_ARG)(ALIGN_UP(DaStart + DaSize, 16)); 123 | Arg->Magic = DA_ARG_MAGIC; 124 | Arg->Version = DA_ARG_VER; 125 | // FIXME: currently we assume hardware has already been initialized 126 | Arg->Flags = DA_FLAG_SKIP_PLL_INIT | DA_FLAG_SKIP_EMI_INIT; 127 | 128 | if (UseLk) 129 | { 130 | PATAG_DA_INFO DaInfo = (PATAG_DA_INFO)AgpGetAtag(ATAG_TYPE_DA_INFO); 131 | if (DaInfo) 132 | { 133 | DaInfo->Address = DaStart; 134 | DaInfo->Size = 0x5A5B5A5B; 135 | DaInfo->SignatureSize = 0x5A5B5A5B; 136 | DaInfo->Arg1 = (UINT32)Arg; 137 | DaInfo->Arg2 = (UINT32)sizeof(DA_ARG); 138 | } 139 | else 140 | { 141 | // TODO: add new ATAG 142 | } 143 | 144 | PATAG_BOOT_REASON BootReason = (PATAG_BOOT_REASON)AgpGetAtag(ATAG_TYPE_BOOT_REASON); 145 | if (BootReason) 146 | { 147 | BootReason->BootReason = BOOT_REASON_POWER_KEY; 148 | } 149 | 150 | PATAG_BOOT_MODE BootMode = (PATAG_BOOT_MODE)AgpGetAtag(ATAG_TYPE_BOOT_MODE); 151 | if (BootMode != NULL) 152 | { 153 | BootMode->BootMode = DOWNLOAD_BOOT; 154 | } 155 | 156 | AgpPrepareToJump(); 157 | _jump(LkEntry, _bootinfo, _bootinfo_length); 158 | } 159 | else 160 | { 161 | AgpPrepareToJump(); 162 | _jump(DaStart, (UINTPTR)Arg, sizeof(DA_ARG)); 163 | } 164 | } -------------------------------------------------------------------------------- /agent/src/bootrom.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "io.h" 3 | 4 | #define TIMEOUT 0x3FFF 5 | 6 | VOID ResetBoard(); 7 | VOID AgEnterBootROM() 8 | { 9 | UINT32 Reg = ((TIMEOUT << 2) & 0xFFFC) | 1; 10 | 11 | WRITE32(0x10001838, 0xAD98); 12 | WRITE32(0x10001840, READ32(0x10001840) | 1); 13 | WRITE32(0x10001838, 0); 14 | WRITE32(0x10001818, Reg | 0x444C0000); 15 | 16 | WRITE32(0x10007008, 0x1971); 17 | WRITE32(0x10007000, (READ32(0x10007000) & 0xFFFFFFB7) | 0x22000004); 18 | for (int i = 0; i < 500; i++) 19 | { 20 | } 21 | WRITE32(0x10007014, 0x1209); 22 | 23 | while (1) 24 | ; 25 | } -------------------------------------------------------------------------------- /agent/src/drivers/circbuf.h: -------------------------------------------------------------------------------- 1 | /* Copyright Statement: 2 | * 3 | * This software/firmware and related documentation ("MediaTek Software") are 4 | * protected under relevant copyright laws. The information contained herein is 5 | * confidential and proprietary to MediaTek Inc. and/or its licensors. Without 6 | * the prior written permission of MediaTek inc. and/or its licensors, any 7 | * reproduction, modification, use or disclosure of MediaTek Software, and 8 | * information contained herein, in whole or in part, shall be strictly 9 | * prohibited. 10 | * 11 | * MediaTek Inc. (C) 2010. All rights reserved. 12 | * 13 | * BY OPENING THIS FILE, RECEIVER HEREBY UNEQUIVOCALLY ACKNOWLEDGES AND AGREES 14 | * THAT THE SOFTWARE/FIRMWARE AND ITS DOCUMENTATIONS ("MEDIATEK SOFTWARE") 15 | * RECEIVED FROM MEDIATEK AND/OR ITS REPRESENTATIVES ARE PROVIDED TO RECEIVER 16 | * ON AN "AS-IS" BASIS ONLY. MEDIATEK EXPRESSLY DISCLAIMS ANY AND ALL 17 | * WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR 19 | * NONINFRINGEMENT. NEITHER DOES MEDIATEK PROVIDE ANY WARRANTY WHATSOEVER WITH 20 | * RESPECT TO THE SOFTWARE OF ANY THIRD PARTY WHICH MAY BE USED BY, 21 | * INCORPORATED IN, OR SUPPLIED WITH THE MEDIATEK SOFTWARE, AND RECEIVER AGREES 22 | * TO LOOK ONLY TO SUCH THIRD PARTY FOR ANY WARRANTY CLAIM RELATING THERETO. 23 | * RECEIVER EXPRESSLY ACKNOWLEDGES THAT IT IS RECEIVER'S SOLE RESPONSIBILITY TO 24 | * OBTAIN FROM ANY THIRD PARTY ALL PROPER LICENSES CONTAINED IN MEDIATEK 25 | * SOFTWARE. MEDIATEK SHALL ALSO NOT BE RESPONSIBLE FOR ANY MEDIATEK SOFTWARE 26 | * RELEASES MADE TO RECEIVER'S SPECIFICATION OR TO CONFORM TO A PARTICULAR 27 | * STANDARD OR OPEN FORUM. RECEIVER'S SOLE AND EXCLUSIVE REMEDY AND MEDIATEK'S 28 | * ENTIRE AND CUMULATIVE LIABILITY WITH RESPECT TO THE MEDIATEK SOFTWARE 29 | * RELEASED HEREUNDER WILL BE, AT MEDIATEK'S OPTION, TO REVISE OR REPLACE THE 30 | * MEDIATEK SOFTWARE AT ISSUE, OR REFUND ANY SOFTWARE LICENSE FEES OR SERVICE 31 | * CHARGE PAID BY RECEIVER TO MEDIATEK FOR SUCH MEDIATEK SOFTWARE AT ISSUE. 32 | * 33 | * The following software/firmware and/or related documentation ("MediaTek 34 | * Software") have been modified by MediaTek Inc. All revisions are subject to 35 | * any receiver's applicable license agreements with MediaTek Inc. 36 | */ 37 | 38 | #ifndef __CIRCBUF_H__ 39 | #define __CIRCBUF_H__ 40 | 41 | #define USB_BUFFER_VERIFY 1 42 | 43 | 44 | typedef struct circbuf 45 | { 46 | unsigned int size; 47 | unsigned int totalsize; 48 | 49 | char *top; 50 | char *tail; 51 | 52 | char *data; 53 | char *end; 54 | } circbuf_t; 55 | 56 | int buf_input_init (circbuf_t * buf, unsigned int size); 57 | int buf_output_init (circbuf_t * buf, unsigned int size); 58 | int buf_pop (circbuf_t * buf, char *dest, unsigned int len); 59 | int buf_push (circbuf_t * buf, const char *src, unsigned int len); 60 | 61 | #endif 62 | -------------------------------------------------------------------------------- /agent/src/drivers/mt6755/pmic/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2015 MediaTek Inc. 3 | # 4 | # This program is free software: you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License version 2 as 6 | # published by the Free Software Foundation. 7 | # 8 | # This program is distributed in the hope that it will be useful, 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | # GNU General Public License for more details. 12 | # 13 | 14 | 15 | ifeq ($(CONFIG_MTK_PMIC_NEW_ARCH),y) 16 | obj-$(CONFIG_MTK_PMIC_WRAP) += pwrap_hal_v1.o 17 | else 18 | obj-$(CONFIG_MTK_PMIC_WRAP) += pwrap_hal.o 19 | endif 20 | -------------------------------------------------------------------------------- /agent/src/drivers/mt6755/pmic/mt_pmic_wrap.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 MediaTek Inc. 3 | * 4 | * This program is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License version 2 as 6 | * published by the Free Software Foundation. 7 | * 8 | * This program is distributed in the hope that it will be useful, 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | * GNU General Public License for more details. 12 | */ 13 | 14 | /****************************************************************************** 15 | * pmic_wrapper.c - Linux pmic_wrapper Driver 16 | * 17 | * 18 | * DESCRIPTION: 19 | * This file provid the other drivers PMIC wrapper relative functions 20 | * 21 | ******************************************************************************/ 22 | 23 | #include "mt_pmic_wrap.h" 24 | 25 | #include 26 | #include 27 | 28 | #define PMIC_WRAP_DEVICE "pmic_wrap" 29 | #define VERSION "Revision" 30 | 31 | static struct mt_pmic_wrap_driver mt_wrp = {NULL}; 32 | 33 | struct mt_pmic_wrap_driver *get_mt_pmic_wrap_drv(void) 34 | { 35 | return &mt_wrp; 36 | } 37 | /*this function only used for ROME plus*/ 38 | int check_pmic_wrap_init(void) 39 | { 40 | if (mt_wrp.wacs2_hal == NULL) 41 | return -1; 42 | else 43 | return 0; 44 | } 45 | 46 | /* ****************************************************************************** */ 47 | /* --external API for pmic_wrap user------------------------------------------------- */ 48 | /* ****************************************************************************** */ 49 | INT32 pwrap_wacs2(UINT32 write, UINT32 adr, UINT32 wdata, UINT32 *rdata) 50 | { 51 | if (mt_wrp.wacs2_hal != NULL) 52 | return mt_wrp.wacs2_hal(write, adr, wdata, rdata); 53 | 54 | RtlPrintf("[WRAP]" "driver need registered!!"); 55 | return -5; 56 | 57 | } 58 | INT32 pwrap_read(UINT32 adr, UINT32 *rdata) 59 | { 60 | return pwrap_wacs2(PWRAP_READ, adr, 0, rdata); 61 | } 62 | 63 | INT32 pwrap_write(UINT32 adr, UINT32 wdata) 64 | { 65 | #if defined PWRAP_TRACE 66 | tracepwrap(adr, wdata); 67 | #endif 68 | return pwrap_wacs2(PWRAP_WRITE, adr, wdata, 0); 69 | } 70 | 71 | /********************************************************************/ 72 | /********************************************************************/ 73 | /* return value : EINT_STA: [0]: CPU IRQ status in PMIC1 */ 74 | /* [1]: MD32 IRQ status in PMIC1 */ 75 | /* [2]: CPU IRQ status in PMIC2 */ 76 | /* [3]: RESERVED */ 77 | /********************************************************************/ 78 | UINT32 pmic_wrap_eint_status(void) 79 | { 80 | return mt_pmic_wrap_eint_status(); 81 | } 82 | 83 | /********************************************************************/ 84 | /* set value(W1C) : EINT_CLR: [0]: CPU IRQ status in PMIC1 */ 85 | /* [1]: MD32 IRQ status in PMIC1 */ 86 | /* [2]: CPU IRQ status in PMIC2 */ 87 | /* [3]: RESERVED */ 88 | /* para: offset is shift of clear bit which needs to clear */ 89 | /********************************************************************/ 90 | void pmic_wrap_eint_clr(int offset) 91 | { 92 | mt_pmic_wrap_eint_clr(offset); 93 | } 94 | 95 | unsigned int gPWRAPHCK; 96 | unsigned int gPWRAPDBGADDR; -------------------------------------------------------------------------------- /agent/src/drivers/mt6755/pmic/mt_pmic_wrap.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 MediaTek Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License version 2 as 6 | * published by the Free Software Foundation. 7 | * 8 | * This program is distributed in the hope that it will be useful, 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 11 | * See http://www.gnu.org/licenses/gpl-2.0.html for more details. 12 | */ 13 | 14 | #ifndef __MT_PMIC_WRAP_H__ 15 | #define __MT_PMIC_WRAP_H__ 16 | 17 | //#include 18 | //#include 19 | #include 20 | 21 | #define PWRAP_READ 0 22 | #define PWRAP_WRITE 1 23 | 24 | struct mt_pmic_wrap_driver { 25 | INT32 (*wacs2_hal)(UINT32 write, UINT32 adr, UINT32 wdata, UINT32 *rdata); 26 | INT32 (*show_hal)(char *buf); 27 | INT32 (*store_hal)(const char *buf, SIZE count); 28 | INT32 (*suspend)(void); 29 | void (*resume)(void); 30 | }; 31 | 32 | /* ------external API for pmic_wrap user-------------------------------------------------- */ 33 | INT32 pwrap_read(UINT32 adr, UINT32 *rdata); 34 | INT32 pwrap_write(UINT32 adr, UINT32 wdata); 35 | INT32 pwrap_wacs2(UINT32 write, UINT32 adr, UINT32 wdata, UINT32 *rdata); 36 | /*_____________ROME only_____________________________________________*/ 37 | 38 | /********************************************************************/ 39 | #define PWRAP_TRACE 40 | 41 | extern unsigned int gPWRAPHCK; 42 | extern unsigned int gPWRAPDBGADDR; 43 | 44 | #define PWRAP_HCK_LEVEL 4 45 | 46 | #define tracepwrap(addr, wdata) do { \ 47 | if (gPWRAPHCK >= PWRAP_HCK_LEVEL) \ 48 | if (addr == gPWRAPDBGADDR) { \ 49 | unsigned int rdata; \ 50 | pwrap_read(addr, &rdata); \ 51 | RtlPrintf("pwrap addr = 0x%x wdata = 0x%x, rdata = 0x%x\n", addr, wdata, rdata); \ 52 | } \ 53 | } while (0) 54 | 55 | /********************************************************************/ 56 | 57 | /********************************************************************/ 58 | /* return value : EINT_STA: [0]: CPU IRQ status in MT6331 */ 59 | /* [1]: MD32 IRQ status in MT6331 */ 60 | /* [2]: CPU IRQ status in MT6332 */ 61 | /* [3]: RESERVED */ 62 | /********************************************************************/ 63 | UINT32 pmic_wrap_eint_status(void); 64 | /********************************************************************/ 65 | /* set value(W1C) : EINT_CLR: [0]: CPU IRQ status in MT6331 */ 66 | /* [1]: MD32 IRQ status in MT6331 */ 67 | /* [2]: CPU IRQ status in MT6332 */ 68 | /* [3]: RESERVED */ 69 | /* para: offset is shift of clear bit which needs to clear */ 70 | /********************************************************************/ 71 | void pmic_wrap_eint_clr(int offset); 72 | /*--------------------------------------------------------------------*/ 73 | UINT32 mt_pmic_wrap_eint_status(void); 74 | void mt_pmic_wrap_eint_clr(int offset); 75 | INT32 pwrap_init(void); 76 | struct mt_pmic_wrap_driver *get_mt_pmic_wrap_drv(void); 77 | 78 | #endif /* __MT_PMIC_WRAP_H__ */ 79 | -------------------------------------------------------------------------------- /agent/src/drivers/platform.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define READ8(a) *((volatile UINT8 *)(a)) 6 | #define WRITE8(a, v) *((volatile UINT8 *)(a)) = v 7 | 8 | #define READ16(a) *((volatile UINT16 *)(a)) 9 | #define WRITE16(a, v) *((volatile UINT16 *)(a)) = v 10 | 11 | #define READ32(a) *((volatile UINT32 *)(a)) 12 | #define WRITE32(a, v) *((volatile UINT32 *)(a)) = v 13 | 14 | #define IO_PHYS 0x10000000 15 | #define U3D_BASE (IO_PHYS + 0x01270000) 16 | //#define U3D_EP_RST (SSUSB_EPCTL_CSR_BASE + 0x0004) 17 | 18 | #define USB_SIF_BASE (IO_PHYS + 0x01280000) 19 | #define USB_SIF2_BASE (IO_PHYS + 0x01290000) 20 | 21 | #define SSUSB_DEV_BASE (U3D_BASE + 0x1000) 22 | #define SSUSB_EPCTL_CSR_BASE (U3D_BASE + 0x1800) 23 | #define SSUSB_USB3_MAC_CSR_BASE (U3D_BASE + 0x2400) 24 | #define SSUSB_USB3_SYS_CSR_BASE (U3D_BASE + 0x2400) 25 | #define SSUSB_USB2_CSR_BASE (U3D_BASE + 0x3400) 26 | 27 | #define SSUSB_SIFSLV_IPPC_BASE (USB_SIF_BASE + 0x700) /* FIXME do not list in MT6752 memory map*/ 28 | 29 | #define SSUSB_SIFSLV_SPLLC_BASE (USB_SIF2_BASE + 0x000) /* FIXME do not list in MT6752 memory map*/ 30 | #define SSUSB_SIFSLV_U2PHY_COM_BASE (USB_SIF2_BASE + 0x800) /* FIXME do not list in MT6752 memory map*/ 31 | #define SSUSB_SIFSLV_U3PHYD_BASE (USB_SIF2_BASE + 0x900) /* FIXME do not list in MT6752 memory map*/ 32 | #define SSUSB_SIFSLV_U2PHY_COM_SIV_B_BASE (USB_SIF2_BASE + 0x800) /* FIXME do not list in MT6752 memory map*/ 33 | #define SSUSB_USB30_PHYA_SIV_B_BASE (USB_SIF2_BASE + 0xB00) /* FIXME do not list in MT6752 memory map*/ 34 | #define SSUSB_SIFSLV_U3PHYA_DA_BASE (USB_SIF2_BASE + 0xC00) /* FIXME do not list in MT6752 memory map*/ 35 | 36 | #define GPT_BASE (IO_PHYS + 0x8000) 37 | 38 | #define MSDC0_BASE (IO_PHYS + 0x1230000) 39 | #define MSDC1_BASE (IO_PHYS + 0x1240000) 40 | #define MSDC2_BASE (IO_PHYS + 0x1250000) 41 | 42 | #define HACC_BASE (IO_PHYS + 0xA000) 43 | 44 | #define MCUCFG_BASE (IO_PHYS + 0x200000) 45 | -------------------------------------------------------------------------------- /agent/src/drivers/simple/hacc.c: -------------------------------------------------------------------------------- 1 | #include "hacc.h" 2 | #include "reg.h" 3 | #include "../../io.h" 4 | 5 | #include 6 | 7 | #define MODULE "HACC" 8 | 9 | VOID HaccHwInit() {} 10 | VOID HaccSetAesMode(AES_MODE Mode) {} 11 | VOID HaccUploadKey(AES_KEY_ID Id, AES_KEY_TYPE Length, PVOID Key) {} -------------------------------------------------------------------------------- /agent/src/drivers/simple/hacc.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | typedef enum 6 | { 7 | AES_SW_KEY = 0, 8 | AES_HW_KEY = 1, 9 | AES_HW_WRAP_KE = 2 10 | } AES_KEY_ID; 11 | 12 | typedef enum 13 | { 14 | AES_KEY_128 = 16, 15 | AES_KEY_192 = 24, 16 | AES_KEY_256 = 32 17 | } AES_KEY_TYPE; 18 | 19 | typedef enum 20 | { 21 | AES_DEC = 0, 22 | AES_ENC = 1 23 | } AES_OPS; 24 | 25 | typedef enum 26 | { 27 | AES_ECB_MODE = 0, 28 | AES_CBC_MODE = 1 29 | } AES_MODE; 30 | 31 | VOID HaccHwInit(); 32 | VOID HaccSetAesMode(AES_MODE Mode); 33 | VOID HaccUploadKey(AES_KEY_ID Id, AES_KEY_TYPE Length, PVOID Key); -------------------------------------------------------------------------------- /agent/src/drivers/simple/mmc.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define MMC_BLOCK_SIZE 512 6 | 7 | N1_STATUS MtkMmcInit(INT ControllerIndex); 8 | N1_STATUS MtkMmcRead(INT ControllerIndex, PVOID Buffer, SIZE NumBlocks, UINT32 BlockOffset); 9 | N1_STATUS MtkMmcWrite(INT ControllerIndex, PVOID Buffer, SIZE NumBlocks, UINT32 BlockOffset); 10 | 11 | UINT32 MtkGetMmcControllerCount(); -------------------------------------------------------------------------------- /agent/src/drivers/simple/reg.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "../platform.h" 4 | 5 | #define HACC_CON (HACC_BASE + 0x0000) 6 | #define HACC_ACON (HACC_BASE + 0x0004) 7 | #define HACC_ACON2 (HACC_BASE + 0x0008) 8 | #define HACC_ACONK (HACC_BASE + 0x000C) 9 | #define HACC_ASRC0 (HACC_BASE + 0x0010) 10 | #define HACC_ASRC1 (HACC_BASE + 0x0014) 11 | #define HACC_ASRC2 (HACC_BASE + 0x0018) 12 | #define HACC_ASRC3 (HACC_BASE + 0x001C) 13 | #define HACC_AKEY0 (HACC_BASE + 0x0020) 14 | #define HACC_AKEY1 (HACC_BASE + 0x0024) 15 | #define HACC_AKEY2 (HACC_BASE + 0x0028) 16 | #define HACC_AKEY3 (HACC_BASE + 0x002C) 17 | #define HACC_AKEY4 (HACC_BASE + 0x0030) 18 | #define HACC_AKEY5 (HACC_BASE + 0x0034) 19 | #define HACC_AKEY6 (HACC_BASE + 0x0038) 20 | #define HACC_AKEY7 (HACC_BASE + 0x003C) 21 | #define HACC_ACFG0 (HACC_BASE + 0x0040) 22 | #define HACC_AOUT0 (HACC_BASE + 0x0050) 23 | #define HACC_AOUT1 (HACC_BASE + 0x0054) 24 | #define HACC_AOUT2 (HACC_BASE + 0x0058) 25 | #define HACC_AOUT3 (HACC_BASE + 0x005C) 26 | #define HACC_SW_OTP0 (HACC_BASE + 0x0060) 27 | #define HACC_SW_OTP1 (HACC_BASE + 0x0064) 28 | #define HACC_SW_OTP2 (HACC_BASE + 0x0068) 29 | #define HACC_SW_OTP3 (HACC_BASE + 0x006c) 30 | #define HACC_SW_OTP4 (HACC_BASE + 0x0070) 31 | #define HACC_SW_OTP5 (HACC_BASE + 0x0074) 32 | #define HACC_SW_OTP6 (HACC_BASE + 0x0078) 33 | #define HACC_SW_OTP7 (HACC_BASE + 0x007c) 34 | #define HACC_SECINIT0 (HACC_BASE + 0x0080) 35 | #define HACC_SECINIT1 (HACC_BASE + 0x0084) 36 | #define HACC_SECINIT2 (HACC_BASE + 0x0088) 37 | #define HACC_MKJ (HACC_BASE + 0x00a0) 38 | 39 | #define HACC_AES_DEC 0x00000000 40 | #define HACC_AES_ENC 0x00000001 41 | #define HACC_AES_MODE_MASK 0x00000002 42 | #define HACC_AES_ECB 0x00000000 43 | #define HACC_AES_CBC 0x00000002 44 | #define HACC_AES_TYPE_MASK 0x00000030 45 | #define HACC_AES_128 0x00000000 46 | #define HACC_AES_192 0x00000010 47 | #define HACC_AES_256 0x00000020 48 | #define HACC_AES_CHG_BO_MASK 0x00001000 49 | #define HACC_AES_CHG_BO_OFF 0x00000000 50 | #define HACC_AES_CHG_BO_ON 0x00001000 51 | #define HACC_AES_START 0x00000001 52 | #define HACC_AES_CLR 0x00000002 53 | #define HACC_AES_RDY 0x00008000 54 | 55 | #define HACC_AES_BK2C 0x00000010 56 | #define HACC_AES_R2K 0x00000100 57 | 58 | #define HACC_SECINIT0_MAGIC 0xAE0ACBEA 59 | #define HACC_SECINIT1_MAGIC 0xCD957018 60 | #define HACC_SECINIT2_MAGIC 0x46293911 61 | -------------------------------------------------------------------------------- /agent/src/drivers/sync_write.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 MediaTek Inc. 3 | * 4 | * This program is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License version 2 as 6 | * published by the Free Software Foundation. 7 | * 8 | * This program is distributed in the hope that it will be useful, 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | * GNU General Public License for more details. 12 | */ 13 | 14 | #ifndef _MT_SYNC_WRITE_H 15 | #define _MT_SYNC_WRITE_H 16 | 17 | #define mt_reg_sync_writel(v, a) mt65xx_reg_sync_writel(v, a) 18 | #define mt_reg_sync_writew(v, a) mt65xx_reg_sync_writew(v, a) 19 | #define mt_reg_sync_writeb(v, a) mt65xx_reg_sync_writeb(v, a) 20 | 21 | #define mb() \ 22 | { \ 23 | __asm__ __volatile__ ("dsb" : : : "memory"); \ 24 | } 25 | 26 | #define mt65xx_reg_sync_writel(v, a) \ 27 | do { \ 28 | *(volatile unsigned int *)(a) = (v); \ 29 | mb(); \ 30 | } while (0) 31 | 32 | #define mt65xx_reg_sync_writew(v, a) \ 33 | do { \ 34 | *(volatile unsigned short *)(a) = (v); \ 35 | mb(); \ 36 | } while (0) 37 | 38 | #define mt65xx_reg_sync_writeb(v, a) \ 39 | do { \ 40 | *(volatile unsigned char *)(a) = (v); \ 41 | mb(); \ 42 | } while (0) 43 | 44 | #endif -------------------------------------------------------------------------------- /agent/src/drivers/timer.h: -------------------------------------------------------------------------------- 1 | /* Copyright Statement: 2 | * 3 | * This software/firmware and related documentation ("MediaTek Software") are 4 | * protected under relevant copyright laws. The information contained herein is 5 | * confidential and proprietary to MediaTek Inc. and/or its licensors. Without 6 | * the prior written permission of MediaTek inc. and/or its licensors, any 7 | * reproduction, modification, use or disclosure of MediaTek Software, and 8 | * information contained herein, in whole or in part, shall be strictly 9 | * prohibited. 10 | * 11 | * MediaTek Inc. (C) 2010. All rights reserved. 12 | * 13 | * BY OPENING THIS FILE, RECEIVER HEREBY UNEQUIVOCALLY ACKNOWLEDGES AND AGREES 14 | * THAT THE SOFTWARE/FIRMWARE AND ITS DOCUMENTATIONS ("MEDIATEK SOFTWARE") 15 | * RECEIVED FROM MEDIATEK AND/OR ITS REPRESENTATIVES ARE PROVIDED TO RECEIVER 16 | * ON AN "AS-IS" BASIS ONLY. MEDIATEK EXPRESSLY DISCLAIMS ANY AND ALL 17 | * WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR 19 | * NONINFRINGEMENT. NEITHER DOES MEDIATEK PROVIDE ANY WARRANTY WHATSOEVER WITH 20 | * RESPECT TO THE SOFTWARE OF ANY THIRD PARTY WHICH MAY BE USED BY, 21 | * INCORPORATED IN, OR SUPPLIED WITH THE MEDIATEK SOFTWARE, AND RECEIVER AGREES 22 | * TO LOOK ONLY TO SUCH THIRD PARTY FOR ANY WARRANTY CLAIM RELATING THERETO. 23 | * RECEIVER EXPRESSLY ACKNOWLEDGES THAT IT IS RECEIVER'S SOLE RESPONSIBILITY TO 24 | * OBTAIN FROM ANY THIRD PARTY ALL PROPER LICENSES CONTAINED IN MEDIATEK 25 | * SOFTWARE. MEDIATEK SHALL ALSO NOT BE RESPONSIBLE FOR ANY MEDIATEK SOFTWARE 26 | * RELEASES MADE TO RECEIVER'S SPECIFICATION OR TO CONFORM TO A PARTICULAR 27 | * STANDARD OR OPEN FORUM. RECEIVER'S SOLE AND EXCLUSIVE REMEDY AND MEDIATEK'S 28 | * ENTIRE AND CUMULATIVE LIABILITY WITH RESPECT TO THE MEDIATEK SOFTWARE 29 | * RELEASED HEREUNDER WILL BE, AT MEDIATEK'S OPTION, TO REVISE OR REPLACE THE 30 | * MEDIATEK SOFTWARE AT ISSUE, OR REFUND ANY SOFTWARE LICENSE FEES OR SERVICE 31 | * CHARGE PAID BY RECEIVER TO MEDIATEK FOR SUCH MEDIATEK SOFTWARE AT ISSUE. 32 | * 33 | * The following software/firmware and/or related documentation ("MediaTek 34 | * Software") have been modified by MediaTek Inc. All revisions are subject to 35 | * any receiver's applicable license agreements with MediaTek Inc. 36 | */ 37 | 38 | #ifndef __MTK_TIMER_H__ 39 | #define __MTK_TIMER_H__ 40 | 41 | #include "typedefs.h" 42 | 43 | extern void gpt_busy_wait_us(UINT32 timeout_us); 44 | extern void gpt_busy_wait_ms(UINT32 timeout_ms); 45 | 46 | extern ULONG get_timer(ULONG base); 47 | extern void mdelay(unsigned long msec); 48 | extern void udelay(unsigned long usec); 49 | extern void mtk_timer_init(void); 50 | 51 | UINT32 gpt4_get_current_tick (void); 52 | BOOLEAN gpt4_timeout_tick (UINT32 start_tick, UINT32 timeout_tick); 53 | UINT32 gpt4_time2tick_us (UINT32 time_us); 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /agent/src/drivers/typedefs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define print(...) \ 6 | { \ 7 | } -------------------------------------------------------------------------------- /agent/src/drivers/usbphy.c: -------------------------------------------------------------------------------- 1 | void mt_usb_phy_savecurrent(void) 2 | { 3 | } 4 | void mt_usb_phy_recover(void) 5 | { 6 | } 7 | -------------------------------------------------------------------------------- /agent/src/drivers/usbphy.h: -------------------------------------------------------------------------------- 1 | /* Copyright Statement: 2 | * 3 | * This software/firmware and related documentation ("MediaTek Software") are 4 | * protected under relevant copyright laws. The information contained herein is 5 | * confidential and proprietary to MediaTek Inc. and/or its licensors. Without 6 | * the prior written permission of MediaTek inc. and/or its licensors, any 7 | * reproduction, modification, use or disclosure of MediaTek Software, and 8 | * information contained herein, in whole or in part, shall be strictly 9 | * prohibited. 10 | * 11 | * MediaTek Inc. (C) 2010. All rights reserved. 12 | * 13 | * BY OPENING THIS FILE, RECEIVER HEREBY UNEQUIVOCALLY ACKNOWLEDGES AND AGREES 14 | * THAT THE SOFTWARE/FIRMWARE AND ITS DOCUMENTATIONS ("MEDIATEK SOFTWARE") 15 | * RECEIVED FROM MEDIATEK AND/OR ITS REPRESENTATIVES ARE PROVIDED TO RECEIVER 16 | * ON AN "AS-IS" BASIS ONLY. MEDIATEK EXPRESSLY DISCLAIMS ANY AND ALL 17 | * WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR 19 | * NONINFRINGEMENT. NEITHER DOES MEDIATEK PROVIDE ANY WARRANTY WHATSOEVER WITH 20 | * RESPECT TO THE SOFTWARE OF ANY THIRD PARTY WHICH MAY BE USED BY, 21 | * INCORPORATED IN, OR SUPPLIED WITH THE MEDIATEK SOFTWARE, AND RECEIVER AGREES 22 | * TO LOOK ONLY TO SUCH THIRD PARTY FOR ANY WARRANTY CLAIM RELATING THERETO. 23 | * RECEIVER EXPRESSLY ACKNOWLEDGES THAT IT IS RECEIVER'S SOLE RESPONSIBILITY TO 24 | * OBTAIN FROM ANY THIRD PARTY ALL PROPER LICENSES CONTAINED IN MEDIATEK 25 | * SOFTWARE. MEDIATEK SHALL ALSO NOT BE RESPONSIBLE FOR ANY MEDIATEK SOFTWARE 26 | * RELEASES MADE TO RECEIVER'S SPECIFICATION OR TO CONFORM TO A PARTICULAR 27 | * STANDARD OR OPEN FORUM. RECEIVER'S SOLE AND EXCLUSIVE REMEDY AND MEDIATEK'S 28 | * ENTIRE AND CUMULATIVE LIABILITY WITH RESPECT TO THE MEDIATEK SOFTWARE 29 | * RELEASED HEREUNDER WILL BE, AT MEDIATEK'S OPTION, TO REVISE OR REPLACE THE 30 | * MEDIATEK SOFTWARE AT ISSUE, OR REFUND ANY SOFTWARE LICENSE FEES OR SERVICE 31 | * CHARGE PAID BY RECEIVER TO MEDIATEK FOR SUCH MEDIATEK SOFTWARE AT ISSUE. 32 | * 33 | * The following software/firmware and/or related documentation ("MediaTek 34 | * Software") have been modified by MediaTek Inc. All revisions are subject to 35 | * any receiver's applicable license agreements with MediaTek Inc. 36 | */ 37 | 38 | #ifndef USBPHY_H_ 39 | #define USBPHY_H_ 40 | 41 | #if CFG_FPGA_PLATFORM 42 | #include "i2c.h" 43 | #endif 44 | 45 | #define SSUSB_PHY_BASE (SSUSB_SIFSLV_IPPC_BASE) 46 | #define USB20_PHY_BASE (SSUSB_SIFSLV_U2PHY_COM_BASE) 47 | #define USB11_PHY_BASE (USBSIF_BASE + 0x0800) 48 | #define PERI_GLOBALCON_PDN0_SET (PERICFG_BASE+0x008) 49 | #define USB0_PDN 1 << 10 50 | 51 | #if CFG_FPGA_PLATFORM 52 | #define USB_I2C_ID I2C2 /* 0 - 6 */ 53 | #define PATH_NORMAL 0 54 | #define PATH_PMIC 1 55 | 56 | #define USBPHY_I2C_READ8(addr, buffer) usb_i2c_read8(addr, buffer) 57 | #define USBPHY_I2C_WRITE8(addr, value) usb_i2c_write8(addr, value) 58 | #endif 59 | 60 | #define USBPHY_READ8(offset) __raw_readb(SSUSB_PHY_BASE+offset) 61 | #define USBPHY_WRITE8(offset, value) __raw_writeb(value, SSUSB_PHY_BASE+offset) 62 | #define USBPHY_SET8(offset, mask) USBPHY_WRITE8(offset, USBPHY_READ8(offset) | mask) 63 | #define USBPHY_CLR8(offset, mask) USBPHY_WRITE8(offset, USBPHY_READ8(offset) & ~mask) 64 | 65 | #define USB_SET_BIT(BS,REG) mt_reg_sync_writel((__raw_readl(REG) | (U32)(BS)), (REG)) 66 | #define USB_CLR_BIT(BS,REG) mt_reg_sync_writel((__raw_readl(REG) & (~(U32)(BS))), (REG)) 67 | 68 | //USB20 PHY registers 69 | #define USB20PHY_READ8(offset) __raw_readb(USB20_PHY_BASE+offset) 70 | #define USB20PHY_WRITE8(offset, value) __raw_writeb(value, USB20_PHY_BASE+offset) 71 | //USB11 PHY registers: 72 | #define USB11PHY_READ32(offset) __raw_readl((void *)(USB11_PHY_BASE+(offset))) 73 | #define USB11PHY_READ8(offset) __raw_readb((void *)(USB11_PHY_BASE+(offset))) 74 | #define USB11PHY_WRITE8(offset, value) __raw_writeb((u8)value, (void *)(USB11_PHY_BASE+(offset))) 75 | #define USB11PHY_SET8(offset, mask) USB11PHY_WRITE8((offset), USB11PHY_READ8(offset) | (mask)) 76 | #define USB11PHY_CLR8(offset, mask) USB11PHY_WRITE8((offset), USB11PHY_READ8(offset) & (~(mask))) 77 | 78 | 79 | #endif 80 | 81 | -------------------------------------------------------------------------------- /agent/src/efuse.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "io.h" 3 | 4 | #define EFUSE_SECCFG (0x10206060) 5 | 6 | #define EFUSE_SECCFG_HW_JTAG_DISABLED (1) 7 | #define EFUSE_SECCFG_SBC (1 << 1) 8 | #define EFUSE_SECCFG_DAA (1 << 2) 9 | #define EFUSE_SECCFG_SLA (1 << 3) 10 | #define EFUSE_SECCFG_SW_JTAG_ENABLED (1 << 6) 11 | #define EFUSE_SECCFG_BROM_LOCK_DISABLED (1 << 9) 12 | 13 | VOID AgpPrintEfuseState() 14 | { 15 | UINT32 Reg = READ32(EFUSE_SECCFG); 16 | 17 | RtlPrintf("[EFUSE] HW JTAG: %s %s\n", (Reg & EFUSE_SECCFG_HW_JTAG_DISABLED) ? "Disabled" : "Enabled ", (Reg & EFUSE_SECCFG_HW_JTAG_DISABLED) ? "BLOWN" : ""); 18 | RtlPrintf("[EFUSE] SW JTAG: %s %s\n", (Reg & EFUSE_SECCFG_SW_JTAG_ENABLED) ? "Enabled " : "Disabled", (Reg & EFUSE_SECCFG_SW_JTAG_ENABLED) ? "BLOWN" : ""); 19 | RtlPrintf("[EFUSE] SBC: %s %s\n", (Reg & EFUSE_SECCFG_SBC) ? "Enabled " : "Disabled", (Reg & EFUSE_SECCFG_SBC) ? "BLOWN" : ""); 20 | RtlPrintf("[EFUSE] DAA: %s %s\n", (Reg & EFUSE_SECCFG_DAA) ? "Enabled " : "Disabled", (Reg & EFUSE_SECCFG_DAA) ? "BLOWN" : ""); 21 | RtlPrintf("[EFUSE] SLA: %s %s\n", (Reg & EFUSE_SECCFG_SLA) ? "Enabled " : "Disabled", (Reg & EFUSE_SECCFG_SLA) ? "BLOWN" : ""); 22 | RtlPrintf("[EFUSE] JTAG BROM LOCK: %s %s\n", (Reg & EFUSE_SECCFG_BROM_LOCK_DISABLED) ? "Disabled" : "Enabled ", (Reg & EFUSE_SECCFG_BROM_LOCK_DISABLED) ? "BLOWN" : ""); 23 | RtlPrintf("[EFUSE] Public key hash:\n"); 24 | for (INT I = 0; I < 8; I++) { 25 | RtlPrintf("[EFUSE] 0x%08x\n", READ32(0x10206090 + (I * 4))); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /agent/src/io.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define WRITE8(a, v) *((volatile UINT8 *)(a)) = v 4 | 5 | #define READ32(a) *((volatile UINT32 *)(a)) 6 | #define WRITE32(a, v) *((volatile UINT32 *)(a)) = v -------------------------------------------------------------------------------- /agent/src/ltest.S: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/arturkow2000/lgk10exploit/632cc086b5086dfdad5f3dd108fd088cfecbd132/agent/src/ltest.S -------------------------------------------------------------------------------- /agent/src/partition_rw.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/arturkow2000/lgk10exploit/632cc086b5086dfdad5f3dd108fd088cfecbd132/agent/src/partition_rw.c -------------------------------------------------------------------------------- /agent/src/patchkernel.c: -------------------------------------------------------------------------------- 1 | #include "ag.h" 2 | #include 3 | #include 4 | #include 5 | 6 | #include "bootinfo.h" 7 | 8 | #define MOD "PATCH" 9 | 10 | VOID AgpLkPanicHandler() 11 | { 12 | // disable watchdog to prevent reboot 13 | *((VOLATILE UINT32 *)0x10007000) = 0x22000000; 14 | for (;;) 15 | ; 16 | } 17 | 18 | VOID AgpPatchLgK102017M20ENougatLk(PVOID Base, SIZE Size, UINT32 BootMode, UINT32 Flags) 19 | { 20 | if (BootMode == FASTBOOT) 21 | { 22 | ((VOLATILE UINT16 *)Base)[0x24BB0 / 2] = 0xe023; 23 | RtlPrintf("[%s] Forced fastboot mode\n", MOD); 24 | } 25 | 26 | /* 27 | // Jump on panic 28 | ((VOLATILE UINT16 *)Base)[0x2DC6 / 2] = 0x4770; 29 | ((VOLATILE UINT16 *)Base)[0x2D3BA / 2] = 0xbf00; 30 | ((VOLATILE UINT32 *)Base)[0x2D3BC / 4] = 0xf000f8df; 31 | ((VOLATILE UINT16 *)Base)[0x2D3B4 / 2] = 0xbf00; 32 | ((VOLATILE UINT16 *)Base)[0x2D3B2 / 2] = 0xbf00; 33 | 34 | // JUMP VECTOR 35 | ((VOLATILE UINT32 *)Base)[0x2D3C0 / 4] = (UINT32)AgpLkPanicHandler; 36 | 37 | RtlPrintf("[%s] LK will return to agent on panic (jump to %p).\n", MOD, AgpLkPanicHandler);*/ 38 | } 39 | 40 | typedef struct _MAP 41 | { 42 | UINT8 Sha256Sum[SHA256_DIGEST_SIZE]; 43 | VOID(*P) 44 | (PVOID Base, SIZE Size, UINT32 BootMode, UINT32 Flags); 45 | } MAP, *PMAP; 46 | 47 | STATIC MAP Patches[] = { 48 | {{0x95, 0xa7, 0xc6, 0xb1, 0xe7, 0x44, 0x5c, 0xb8, 0x65, 0xb0, 0xde, 0xd9, 0xe3, 0xe3, 0x04, 0xbf, 0xd5, 0x94, 0x58, 0x39, 0xb1, 0xdb, 0xf7, 0xdc, 0x8a, 0x6f, 0xaf, 0x42, 0xea, 0xbf, 0xd3, 0xc2}, 49 | AgpPatchLgK102017M20ENougatLk}, // LK K10 2017 M250E with nougat 50 | 51 | /*// Null terminate 52 | {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 53 | NULL}*/ 54 | }; 55 | 56 | VOID AgpPatchLk(PVOID Base, PVOID CodeStart, SIZE Size, UINT32 BootMode, UINT32 Flags) 57 | { 58 | CHAR Digest[SHA256_DIGEST_SIZE]; 59 | RTL_SHA256_CONTEXT Sha; 60 | RtlSha256Initialize(&Sha); 61 | RtlSha256Update(&Sha, Base, Size); 62 | RtlSha256Finish(&Sha, Digest); 63 | 64 | RtlPrintf( 65 | "[%s] LK size=0x%08x SHA256=", 66 | MOD, 67 | Size); 68 | for (int i = 0; i < SHA256_DIGEST_SIZE; i++) 69 | RtlPrintf("%02x", Digest[i]); 70 | RtlPrintf("\n"); 71 | 72 | BOOLEAN PatchFound = FALSE; 73 | for (INT I = 0; I < ARRAY_SIZE(Patches); I++) 74 | { 75 | if (RtlCompareMemory(Digest, Patches[I].Sha256Sum, SHA256_DIGEST_SIZE) == 0) 76 | { 77 | if (!Patches[I].P) 78 | continue; 79 | Patches[I].P(CodeStart, Size, BootMode, Flags); 80 | PatchFound = TRUE; 81 | break; 82 | } 83 | } 84 | 85 | if (!PatchFound) 86 | RtlPrintf("[%s] No patch found.\n", MOD); 87 | } -------------------------------------------------------------------------------- /agent/src/ram_console.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define SIG 0x43474244 4 | 5 | typedef struct _RC_HEADER { 6 | UINT32 Sig; 7 | UINT32 OffPl; 8 | UINT32 OffPpl; 9 | UINT32 SzPl; 10 | UINT32 OffLk; 11 | UINT32 OffPlk; 12 | UINT32 SzLk; 13 | UINT32 U[9]; 14 | } RC_HEADER, *PRC_HEADER; 15 | 16 | #define SRAM_ADDR 0x11D000 17 | #define DRAM_ADDR 0x44400000 18 | 19 | VOID Try(UINT32 Addr) { 20 | PRC_HEADER Header = (PRC_HEADER)Addr; 21 | 22 | if (Header->Sig == SIG) { 23 | RtlPrintf("rc@%x signature valid\n", Addr); 24 | RtlPrintf("rc@%x off_pl = %u\n", Addr, Header->OffPl); 25 | RtlPrintf("rc@%x off_ppl = %u\n", Addr, Header->OffPpl); 26 | RtlPrintf("rc@%x sz_pl = %u\n", Addr, Header->SzPl); 27 | RtlPrintf("rc@%x off_lk = %u\n", Addr, Header->OffLk); 28 | RtlPrintf("rc@%x off_plk = %u\n", Addr, Header->OffPlk); 29 | RtlPrintf("rc@%x sz_lk = %u\n", Addr, Header->SzLk); 30 | } else { 31 | RtlPrintf("rc@%x signature invalid\n", Addr); 32 | } 33 | } 34 | 35 | VOID AgpRetrieveRamConsole() { 36 | Try(SRAM_ADDR); 37 | Try(DRAM_ADDR); 38 | } -------------------------------------------------------------------------------- /agent/src/secpol.c: -------------------------------------------------------------------------------- 1 | #include "ag.h" 2 | #include 3 | #include "drivers/simple/mmc.h" 4 | 5 | #define MODULE "SECPOL" 6 | 7 | VOID AgpDumpSecpol() 8 | { 9 | N1_STATUS Status; 10 | PAG_PTE Pt = AgpLookupPartition(0, "seccfg"); 11 | if (!Pt) 12 | { 13 | RtlPrintf("[%s] seccfg partition not found (try using mmc init 0)\n", MODULE); 14 | return; 15 | } 16 | 17 | RtlPrintf("[%s] found seccfg partition\n", MODULE); 18 | UINT8 Buffer[MMC_BLOCK_SIZE] ALIGNED(16); 19 | Status = MtkMmcRead(0, Buffer, 1, Pt->FirstLba); 20 | if (!N1_SUCCESS(Status)) 21 | { 22 | RtlPrintf("[%s] read failed", MODULE); 23 | return; 24 | } 25 | 26 | UINT32 *Data32 = (UINT32 *)Buffer; 27 | if (Data32[0] != 0x4d4d4d4d) 28 | { 29 | RtlPrintf("[%s] invalid signature", MODULE); 30 | return; 31 | } 32 | 33 | RtlPrintf("[%s] SECCFG v%d found\n", MODULE, Data32[1]); 34 | RtlPrintf("[%s] Lock state is %d\n", MODULE, Data32[3]); 35 | } 36 | VOID AgpUnlockDevice() 37 | { 38 | RtlPrintf("[%s] Currently unimplemented, sorry.\n", MODULE); 39 | } 40 | VOID AgpLockDevice() 41 | { 42 | RtlPrintf("[%s] Currently unimplemented, sorry.\n", MODULE); 43 | } -------------------------------------------------------------------------------- /agent/src/test.c: -------------------------------------------------------------------------------- 1 | #include "ag.h" 2 | #include "io.h" 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | #include "io.h" 10 | 11 | #define MODULE "TEST" 12 | 13 | typedef struct _AG_TEST 14 | { 15 | BOOLEAN(*Entry) 16 | (); 17 | } AG_TEST, *PAG_TEST; 18 | 19 | AG_TEST AgpTests[] = {}; 20 | 21 | BOOLEAN AgpRunTest(INT I) 22 | { 23 | if (I >= ARRAY_SIZE(AgpTests)) 24 | { 25 | RtlPrintf("[%s] No such test %d\n", MODULE, I); 26 | return FALSE; 27 | } 28 | 29 | PAG_TEST Test = &AgpTests[I]; 30 | if (!Test->Entry()) 31 | { 32 | RtlPrintf("[%s] Test %d FAILED\n", MODULE, I); 33 | return FALSE; 34 | } 35 | 36 | RtlPrintf("[%s] Test %d SUCCEEDED\n", MODULE, I); 37 | return TRUE; 38 | } 39 | -------------------------------------------------------------------------------- /agent/src/trustzone.c: -------------------------------------------------------------------------------- 1 | #include "ag.h" 2 | #include "trustzone.h" 3 | 4 | extern void _jump64(UINT32 AtfEntry, UINT32 Argument1, UINT32 Argument2, UINT32 AtfArgPtr, UINT32 LkEntry) NO_RETURN; 5 | extern VOID AgpPrepareToJump(); 6 | extern UINT32 _bootinfo; 7 | extern UINT32 _bootinfo_length; 8 | 9 | VOID AgpBootAtf( 10 | PVOID AtfBase UNUSED, 11 | SIZE AtfSize UNUSED, 12 | PVOID AtfEntry, 13 | PVOID TeeBase, 14 | SIZE TeeSize, 15 | PVOID TeeEntry, 16 | PVOID LkBase, 17 | SIZE LkSize, 18 | PVOID LkEntry) 19 | { 20 | // currently we skip any hardware initialization as preloader has already done that 21 | // at least if we have been booted using BOOT_IMAGE command 22 | // currently we assume so 23 | 24 | // FIXME: Currently we do not support TEE 25 | ASSERT(TeeBase == NULL); 26 | ASSERT(TeeSize = 0); 27 | ASSERT(TeeEntry == NULL); 28 | 29 | ATF_BOOTARG Arg; 30 | Arg.Magic = ATF_BOOTCFG_MAGIC; 31 | Arg.TeeSupport = 0; 32 | Arg.TeeEntry = 0; 33 | Arg.TeeBootArgumentAddress = 0; 34 | 35 | // FIXME: hardcoded fake values 36 | Arg.HwUniqueId[0] = 0x4d0102d4; 37 | Arg.HwUniqueId[1] = 0x0102d44d; 38 | Arg.HwUniqueId[2] = 0xf0000f0f; 39 | Arg.HwUniqueId[3] = 0xf0f0000f; 40 | Arg.HwRandomId[0] = 0x00ff00ff; 41 | Arg.HwRandomId[1] = 0xff00ff00; 42 | Arg.AtfIrqNumber = 293 + 32; 43 | 44 | // FIXME: hardcoded fake values 45 | Arg.DeviceInfo[0] = 0; 46 | Arg.DeviceInfo[1] = 0; 47 | Arg.DeviceInfo[2] = 0; 48 | Arg.DeviceInfo[3] = 0; 49 | 50 | // TODO: allow user to set these during runtime 51 | Arg.AtfLogPort = 0x11003000; // UART 1 52 | Arg.AtfLogBaudrate = 921600; 53 | Arg.AtfLogBufferBase = 0; 54 | Arg.AtfLogBufferSize = 0; 55 | Arg.AtfAeeDebugBufferBase = 0; 56 | Arg.AtfAeeDebugBufferSize = 0; 57 | 58 | AgpPrepareToJump(); 59 | _jump64((UINT32)AtfEntry, _bootinfo, _bootinfo_length, (UINT32)&Arg, (UINT32)LkEntry); 60 | } 61 | -------------------------------------------------------------------------------- /agent/src/trustzone.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define ATF_BOOTCFG_MAGIC (0x4D415446) 4 | 5 | typedef struct 6 | { 7 | UINT32 Magic; 8 | UINT32 TeeSupport; 9 | UINT32 TeeEntry; 10 | UINT32 TeeBootArgumentAddress; 11 | UINT32 HwUniqueId[4]; 12 | UINT32 HwRandomId[2]; 13 | UINT32 AtfLogPort; 14 | UINT32 AtfLogBaudrate; 15 | UINT32 AtfLogBufferBase; 16 | UINT32 AtfLogBufferSize; 17 | UINT32 AtfIrqNumber; 18 | UINT32 DeviceInfo[4]; 19 | UINT32 AtfAeeDebugBufferBase; 20 | UINT32 AtfAeeDebugBufferSize; 21 | //UINT32 RpmbSize; 22 | } ATF_BOOTARG, *PATF_BOOTARG; 23 | 24 | VOID AgpBootAtf(PVOID AtfBase, SIZE AtfSize, PVOID AtfEntry, PVOID TeeBase, SIZE TeeSize, PVOID TeeEntry, PVOID LkBase, SIZE LkSize, PVOID LkEntry); 25 | -------------------------------------------------------------------------------- /agent/src/usb.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "io.h" 4 | 5 | #define U3D_FIFO_OFFSET (SSUSB_DEV_BASE + 0x0300) 6 | #define U3D_FIFO(x) (U3D_FIFO_OFFSET + ((x) * 0x10)) 7 | #define USB_FIFO(x) (U3D_FIFO(x)) 8 | 9 | #define IO_PHYS 0x10000000 10 | #define U3D_BASE (IO_PHYS + 0x01270000) 11 | #define SSUSB_DEV_BASE (U3D_BASE + 0x1000) 12 | #define SSUSB_EPCTL_CSR_BASE (U3D_BASE + 0x1800) 13 | #define U3D_EP_RST (SSUSB_EPCTL_CSR_BASE+0x0004) 14 | #define EP0_RST (0x1 << 0) 15 | 16 | #define U3D_EP0CSR (SSUSB_DEV_BASE+0x0100) 17 | #define U3D_TX1CSR0 (SSUSB_DEV_BASE+0x0110) 18 | 19 | #define EP0_RXPKTRDY (0x1 << 16) 20 | #define EP0_SETUPPKTRDY (0x1 << 17) 21 | #define EP0_TXPKTRDY (0x1 << 18) 22 | #define EP0_DATAEND (0x1 << 19) 23 | #define EP0_SENTSTALL (0x1 << 22) 24 | #define EP0_W1C_BITS (~(EP0_RXPKTRDY | EP0_SETUPPKTRDY | EP0_SENTSTALL)) 25 | 26 | #define TX_TXPKTRDY (0x1 << 16) 27 | 28 | 29 | #define USB_SETMASK(addr, mask) \ 30 | do { \ 31 | WRITE32(addr, READ32(addr) | mask); \ 32 | } while (0) 33 | #define USB_CLRMASK(addr, mask)\ 34 | do { \ 35 | WRITE32(addr, READ32(addr) &~mask);\ 36 | } while (0) 37 | 38 | #define USB_EP0CSR_SETMASK(mask) \ 39 | do { \ 40 | UINT32 _temp = READ32(U3D_EP0CSR); \ 41 | WRITE32(U3D_EP0CSR, (_temp & EP0_W1C_BITS) | (mask)); \ 42 | } while (0); 43 | 44 | 45 | #define USB_END_OFFSET(_bEnd, _bOffset) ((0x10*(_bEnd-1)) + _bOffset) 46 | #define USB_WRITECSR32( _bOffset, _bEnd, _bData) \ 47 | WRITE32(USB_END_OFFSET(_bEnd, _bOffset), _bData) 48 | #define USB_READCSR32(_bOffset, _bEnd) \ 49 | READ32(USB_END_OFFSET(_bEnd, _bOffset)) 50 | 51 | #define USB_DIR_OUT 0 52 | #define USB_DIR_IN 0x80 53 | 54 | 55 | #define USB_SR_OUT_EP 4 -------------------------------------------------------------------------------- /agent/src/usbproto.c: -------------------------------------------------------------------------------- 1 | #include "usbproto.h" 2 | 3 | VOID UsbSendStatus(UINT32 Status, PVOID Data, SIZE DataLength) 4 | { 5 | PACKET_HEADER Header; 6 | Header.Magic = PACKET_HEADER_MAGIC; 7 | Header.Type = DataLength > 0 ? PT_STATUS_DATA : PT_STATUS; 8 | Header.DataLength = sizeof(Status) + DataLength; 9 | Header.Serial = 0; 10 | 11 | mt_usbtty_putcn(PACKET_HEADER_SIZE, (char *)&Header, 1 /* 0 */); 12 | mt_usbtty_putcn(sizeof(Status), (char *)&Status, 1 /* DataLength > 0 ? 1 : 0 */); 13 | if (DataLength > 0) 14 | mt_usbtty_putcn(DataLength, (char *)Data, 1); 15 | } -------------------------------------------------------------------------------- /agent/src/usbproto.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #include "drivers/usbtty.h" 6 | 7 | #define PACKET_HEADER_SIZE 16 8 | #define PACKET_HEADER_MAGIC 0x239a 9 | 10 | #define PT_COMMAND 1 11 | #define PT_DATA 2 12 | #define PT_CONSOLE 3 13 | #define PT_STATUS 4 14 | #define PT_STATUS_DATA 5 15 | #define PT_SETUP 6 16 | #define PT_ABORT 7 17 | 18 | typedef struct _PACKET_HEADER 19 | { 20 | UINT16 Magic; 21 | UINT16 Type; 22 | UINT32 DataLength; 23 | UINT64 Serial; 24 | } PACKED PACKET_HEADER, *PPACKET_HEADER; 25 | 26 | #define AG_STATUS_OK 0 27 | #define AG_STATUS_UNKNOWN_ERROR 1 28 | #define AG_STATUS_SETUP_REQUIRED 2 29 | #define AG_STATUS_UNSUPPORTED_COMMAND 3 30 | #define AG_STATUS_INVALID_ARGUMENT 4 31 | #define AG_STATUS_TOO_MUCH_DATA 5 32 | #define AG_STATUS_INVALID_TRANSFER_SIZE 6 33 | #define AG_STATUS_NO_SUCH_PARTITION 7 34 | #define AG_STATUS_ACCESS_DENIED 8 35 | #define AG_STATUS_TOO_SMALL 9 36 | #define AG_STATUS_TOO_BIG 10 37 | 38 | #define AG_CMD_REBOOT 1 39 | #define AG_CMD_ENABLE_CONSOLE 2 40 | #define AG_CMD_DISABLE_CONSOLE 3 41 | #define AG_CMD_PRINT_EFUSE_CFG 4 42 | #define AG_CMD_PRINT_BOOTINFO 5 43 | #define AG_CMD_BOOT_LK 6 44 | #define AG_CMD_SEND_TEE 7 45 | #define AG_CMD_GET_LOGS 8 46 | #define AG_CMD_SEND_LK 9 47 | #define AG_CMD_SEND_MTK_DA 10 48 | #define AG_CMD_BOOT_MTK_DA 11 49 | #define AG_CMD_MMC_INIT 12 50 | #define AG_CMD_MMC_READ 13 51 | #define AG_CMD_MMC_WRITE 14 52 | #define AG_CMD_READ_PT 15 53 | #define AG_CMD_WRITE_PT 16 54 | #define AG_CMD_READ_P 17 55 | #define AG_CMD_WRITE_P 18 56 | #define AG_CMD_MMC_INFO 19 57 | #define AG_CMD_SECPOL_DUMP 20 58 | #define AG_CMD_SECPOL_LOCK 21 59 | #define AG_CMD_SECPOL_UNLOCK 22 60 | #define AG_CMD_RUN_TEST 23 61 | #define AG_CMD_SEND_PL 24 62 | #define AG_CMD_BOOT_PL 25 63 | #define AG_CMD_SEND_ATF 26 64 | #define AG_CMD_ENTER_BOOTROM 29 65 | 66 | #define AG_BOOT_MTK_DA_USE_LK (1) 67 | 68 | VOID UsbSendStatus(UINT32 Status, PVOID Data, SIZE DataLength); -------------------------------------------------------------------------------- /agent/src/util.S: -------------------------------------------------------------------------------- 1 | .section .text, "a" 2 | .global apmcu_icache_invalidate 3 | .type apmcu_icache_invalidate, #function 4 | apmcu_icache_invalidate: 5 | MOV r0, #0 6 | MCR p15, 0, r0, c7, c5, 0 /* CHECKME: c5 or c1 */ 7 | BX lr 8 | .size apmcu_icache_invalidate, . - apmcu_icache_invalidate 9 | 10 | .global apmcu_isb 11 | .type apmcu_isb, #function 12 | apmcu_isb: 13 | ISB 14 | BX lr 15 | .size apmcu_isb, . - apmcu_isb 16 | 17 | .global apmcu_disable_icache 18 | .type apmcu_disable_icache, #function 19 | apmcu_disable_icache: 20 | MOV r0,#0 21 | MCR p15,0,r0,c7,c5,6 /* Flush entire branch target cache */ 22 | MRC p15,0,r0,c1,c0,0 23 | BIC r0,r0,#0x1800 /* I+Z bits */ 24 | MCR p15,0,r0,c1,c0,0 25 | BX lr 26 | .size apmcu_disable_icache, . - apmcu_disable_icache 27 | 28 | .global apmcu_disable_smp 29 | .type apmcu_disable_smp, #function 30 | apmcu_disable_smp: 31 | MRC p15,0,r0,c1,c0,1 32 | BIC r0,r0,#0x040 /* SMP bit */ 33 | MCR p15,0,r0,c1,c0,1 34 | BX lr 35 | .size apmcu_disable_smp, . - apmcu_disable_smp -------------------------------------------------------------------------------- /agent/src/wdt.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define MTK_WDT_BASE 0x10007000 4 | 5 | #define MTK_WDT_MODE (MTK_WDT_BASE+0x0000) 6 | #define MTK_WDT_LENGTH (MTK_WDT_BASE+0x0004) 7 | #define MTK_WDT_RESTART (MTK_WDT_BASE+0x0008) 8 | #define MTK_WDT_STATUS (MTK_WDT_BASE+0x000C) 9 | #define MTK_WDT_INTERVAL (MTK_WDT_BASE+0x0010) 10 | #define MTK_WDT_SWRST (MTK_WDT_BASE+0x0014) 11 | #define MTK_WDT_SWSYSRST (MTK_WDT_BASE+0x0018) 12 | #define MTK_WDT_NONRST_REG (MTK_WDT_BASE+0x0020) 13 | #define MTK_WDT_NONRST_REG2 (MTK_WDT_BASE+0x0024) 14 | #define MTK_WDT_REQ_MODE (MTK_WDT_BASE+0x0030) 15 | #define MTK_WDT_REQ_IRQ_EN (MTK_WDT_BASE+0x0034) 16 | #define MTK_WDT_EXT_REQ_CON (MTK_WDT_BASE+0x0038) 17 | #define MTK_WDT_DRAMC_CTL (MTK_WDT_BASE+0x0040) 18 | 19 | #define MTK_WDT_RSTDEG_EN1 (MTK_WDT_BASE+0x0080) 20 | #define MTK_WDT_RSTDEG_EN2 (MTK_WDT_BASE+0x0084) 21 | #define MTK_WDT_SYSDBG_DEG_EN1 (MTK_WDT_BASE+0x0088) 22 | #define MTK_WDT_SYSDBG_DEG_EN2 (MTK_WDT_BASE+0x008C) 23 | 24 | /*WDT_MODE*/ 25 | #define MTK_WDT_MODE_KEYMASK (0xff00) 26 | #define MTK_WDT_MODE_KEY (0x22000000) 27 | 28 | #define MTK_WDT_MODE_DDR_RESERVE (0x0080) 29 | #define MTK_WDT_MODE_DUAL_MODE (0x0040) 30 | #define MTK_WDT_MODE_IN_DIS (0x0020) /* Reserved */ 31 | #define MTK_WDT_MODE_AUTO_RESTART (0x0010) /* Reserved */ 32 | #define MTK_WDT_MODE_IRQ (0x0008) 33 | #define MTK_WDT_MODE_EXTEN (0x0004) 34 | #define MTK_WDT_MODE_EXT_POL (0x0002) 35 | #define MTK_WDT_MODE_ENABLE (0x0001) 36 | 37 | 38 | /*WDT_LENGTH*/ 39 | #define MTK_WDT_LENGTH_TIME_OUT (0xffe0) 40 | #define MTK_WDT_LENGTH_KEYMASK (0x001f) 41 | #define MTK_WDT_LENGTH_KEY (0x0008) 42 | 43 | /*WDT_RESTART*/ 44 | #define MTK_WDT_RESTART_KEY (0x1971) 45 | 46 | /*WDT_STATUS*/ 47 | #define MTK_WDT_STATUS_HWWDT_RST (0x80000000) 48 | #define MTK_WDT_STATUS_SWWDT_RST (0x40000000) 49 | #define MTK_WDT_STATUS_IRQWDT_RST (0x20000000) 50 | #define MTK_WDT_STATUS_DEBUGWDT_RST (0x00080000) 51 | #define MTK_WDT_STATUS_SPMWDT_RST (0x0002) 52 | #define MTK_WDT_STATUS_SPM_THERMAL_RST (0x0001) 53 | #define MTK_WDT_STATUS_THERMAL_DIRECT_RST (1<<18) 54 | #define MTK_WDT_STATUS_SECURITY_RST (1<<28) 55 | 56 | /*WDT_INTERVAL*/ 57 | #define MTK_WDT_INTERVAL_MASK (0x0fff) 58 | 59 | /*WDT_SWRST*/ 60 | #define MTK_WDT_SWRST_KEY (0x1209) 61 | 62 | /*WDT_SWSYSRST*/ 63 | #define MTK_WDT_SWSYS_RST_PWRAP_SPI_CTL_RST (0x0800) 64 | #define MTK_WDT_SWSYS_RST_APMIXED_RST (0x0400) 65 | #define MTK_WDT_SWSYS_RST_MD_LITE_RST (0x0200) 66 | #define MTK_WDT_SWSYS_RST_INFRA_AO_RST (0x0100) 67 | #define MTK_WDT_SWSYS_RST_MD_RST (0x0080) 68 | #define MTK_WDT_SWSYS_RST_DDRPHY_RST (0x0040) 69 | #define MTK_WDT_SWSYS_RST_IMG_RST (0x0020) 70 | #define MTK_WDT_SWSYS_RST_VDEC_RST (0x0010) 71 | #define MTK_WDT_SWSYS_RST_VENC_RST (0x0008) 72 | #define MTK_WDT_SWSYS_RST_MFG_RST (0x0004) 73 | #define MTK_WDT_SWSYS_RST_DISP_RST (0x0002) 74 | #define MTK_WDT_SWSYS_RST_INFRA_RST (0x0001) 75 | 76 | 77 | /* #define MTK_WDT_SWSYS_RST_KEY (0x1500) */ 78 | #define MTK_WDT_SWSYS_RST_KEY (0x88000000) 79 | 80 | /*MTK_WDT_REQ_IRQ*/ 81 | #define MTK_WDT_REQ_IRQ_KEY (0x44000000) 82 | #define MTK_WDT_REQ_IRQ_DEBUG_EN (0x80000) 83 | #define MTK_WDT_REQ_IRQ_SPM_THERMAL_EN (0x0001) 84 | #define MTK_WDT_REQ_IRQ_SPM_SCPSYS_EN (0x0002) 85 | #define MTK_WDT_REQ_IRQ_EINT_EN (1<<2) 86 | #define MTK_WDT_REQ_IRQ_SYSRST_EN (1<<3) 87 | #define MTK_WDT_REQ_IRQ_THERMAL_EN (1<<18) 88 | 89 | 90 | /*MTK_WDT_REQ_MODE*/ 91 | #define MTK_WDT_REQ_MODE_KEY (0x33000000) 92 | #define MTK_WDT_REQ_MODE_DEBUG_EN (0x80000) 93 | #define MTK_WDT_REQ_MODE_SPM_THERMAL (0x0001) 94 | #define MTK_WDT_REQ_MODE_SPM_SCPSYS (0x0002) 95 | #define MTK_WDT_REQ_MODE_EINT (1<<2) 96 | #define MTK_WDT_REQ_MODE_SYSRST (1<<3) 97 | #define MTK_WDT_REQ_MODE_THERMAL (1<<18) 98 | 99 | /*MTK_WDT_RSTDEG_EN*/ 100 | #define MTK_WDT_RSTDEG_EN1_KEY (0xa357) 101 | #define MTK_WDT_RSTDEG_EN2_KEY (0x67d2) 102 | 103 | /*MTK_WDT_SYSDBG_DEG_EN*/ 104 | #define MTK_WDT_SYSDBG_DEG_EN1_KEY (0x1b2a) 105 | #define MTK_WDT_SYSDBG_DEG_EN2_KEY (0x4f59) 106 | -------------------------------------------------------------------------------- /bin/agent.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/arturkow2000/lgk10exploit/632cc086b5086dfdad5f3dd108fd088cfecbd132/bin/agent.bin -------------------------------------------------------------------------------- /bin/lk_fastboot.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/arturkow2000/lgk10exploit/632cc086b5086dfdad5f3dd108fd088cfecbd132/bin/lk_fastboot.bin -------------------------------------------------------------------------------- /bin/lk_payload.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/arturkow2000/lgk10exploit/632cc086b5086dfdad5f3dd108fd088cfecbd132/bin/lk_payload.bin -------------------------------------------------------------------------------- /bin/microloader.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/arturkow2000/lgk10exploit/632cc086b5086dfdad5f3dd108fd088cfecbd132/bin/microloader.bin -------------------------------------------------------------------------------- /bin/tee1_oreo.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/arturkow2000/lgk10exploit/632cc086b5086dfdad5f3dd108fd088cfecbd132/bin/tee1_oreo.bin -------------------------------------------------------------------------------- /bin/tee2_oreo.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/arturkow2000/lgk10exploit/632cc086b5086dfdad5f3dd108fd088cfecbd132/bin/tee2_oreo.bin -------------------------------------------------------------------------------- /bin/test_recovery_with_exploit.img: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/arturkow2000/lgk10exploit/632cc086b5086dfdad5f3dd108fd088cfecbd132/bin/test_recovery_with_exploit.img -------------------------------------------------------------------------------- /bin/twrp.img: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/arturkow2000/lgk10exploit/632cc086b5086dfdad5f3dd108fd088cfecbd132/bin/twrp.img -------------------------------------------------------------------------------- /bin/vcom/cdc-acm.cat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/arturkow2000/lgk10exploit/632cc086b5086dfdad5f3dd108fd088cfecbd132/bin/vcom/cdc-acm.cat -------------------------------------------------------------------------------- /bin/vcom/x64/usb2ser.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/arturkow2000/lgk10exploit/632cc086b5086dfdad5f3dd108fd088cfecbd132/bin/vcom/x64/usb2ser.sys -------------------------------------------------------------------------------- /bin/vuln_lk.img: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/arturkow2000/lgk10exploit/632cc086b5086dfdad5f3dd108fd088cfecbd132/bin/vuln_lk.img -------------------------------------------------------------------------------- /cdalib/commands.py: -------------------------------------------------------------------------------- 1 | from enum import Enum 2 | 3 | 4 | class Command(Enum): 5 | CMD_REBOOT = 1 6 | CMD_ENABLE_CONSOLE = 2 7 | CMD_DISABLE_CONSOLE = 3 8 | CMD_PRINT_EFUSE_CFG = 4 9 | CMD_PRINT_BOOTINFO = 5 10 | CMD_BOOT_LK = 6 11 | CMD_SEND_TEE = 7 12 | CMD_GET_LOGS = 8 13 | CMD_SEND_LK = 9 14 | CMD_SEND_MTK_DA = 10 15 | CMD_BOOT_MTK_DA = 11 16 | CMD_MMC_INIT = 12 17 | CMD_MMC_READ = 13 18 | CMD_MMC_WRITE = 14 19 | CMD_READ_PT = 15 20 | CMD_WRITE_PT = 16 21 | CMD_READ_P = 17 22 | CMD_WRITE_P = 18 23 | CMD_MMC_INFO = 19 24 | CMD_SECPOL_DUMP = 20 25 | CMD_SECPOL_LOCK = 21 26 | CMD_SECPOL_UNLOCK = 22 27 | CMD_RUN_TEST = 23 28 | CMD_SEND_PL = 24 29 | CMD_BOOT_PL = 25 30 | CMD_SEND_ATF = 26 31 | CMD_READ_MEMORY = 27 32 | CMD_WRITE_MEMORY = 28 33 | CMD_ENTER_BOOTROM = 29 -------------------------------------------------------------------------------- /cdalib/packet.py: -------------------------------------------------------------------------------- 1 | from enum import Enum 2 | from struct import pack, unpack 3 | import os 4 | 5 | # Packet header: 6 | # u16 magic 0x239a 7 | # u16 type 8 | # u32 data length 9 | # u64 serial 10 | 11 | 12 | class PacketType(Enum): 13 | PT_COMMAND = 1 14 | PT_DATA = 2 15 | PT_CONSOLE = 3 16 | PT_STATUS = 4 17 | PT_STATUS_DATA = 5 18 | PT_SETUP = 6 19 | PT_ABORT = 7 20 | 21 | 22 | class PacketDirection(Enum): 23 | PT_DIR_OUT = 1, # from host to device 24 | PT_DIR_IN = 2, # from device to host 25 | 26 | 27 | class Packet: 28 | HEADER_SIZE = 16 29 | PACKET_MAGIC = 0x239a 30 | next_serial = 0 31 | 32 | def __init__(self, type, data: bytes = None): 33 | if isinstance(type, PacketType): 34 | self.direction = PacketDirection.PT_DIR_OUT 35 | self.type = type 36 | if data is not None: 37 | self.data = data 38 | else: 39 | self.data = b'' 40 | 41 | self.serial = Packet.next_serial 42 | Packet.next_serial += 1 43 | else: 44 | if data is not None: 45 | raise ValueError() 46 | 47 | self.direction = PacketDirection.PT_DIR_IN 48 | 49 | def write(self, ch): 50 | if self.direction != PacketDirection.PT_DIR_OUT: 51 | raise RuntimeError('self.direction != PacketDirection.PT_DIR_OUT') 52 | 53 | header = pack( 54 | " 0: 74 | data = ch.read(data_length) 75 | else: 76 | data = b'' 77 | else: 78 | magic, type, data_length, serial = unpack( 79 | "D1, guid->D2, guid->D3, 15 | guid->D4[0], guid->D4[1], guid->D4[2], 16 | guid->D4[3], guid->D4[4], guid->D4[5], 17 | guid->D4[6], guid->D4[7]); 18 | } 19 | 20 | __attribute__((noreturn)) void jump(uint32_t); 21 | __attribute__((noreturn)) void jump64(uint32_t addr, uint32_t arg1, uint32_t arg2, uint32_t arg3); 22 | __attribute__((noreturn)) void jumparch64(uint32_t addr, uint32_t arg1, uint32_t arg2); 23 | void arch_disable_ints(void); 24 | void test64(); 25 | uint32_t arm_read_cr1(); 26 | void arm_write_cr1(uint32_t); 27 | extern char _agp_test_a64_code[]; 28 | 29 | void (*arch_disable_cache)(uint32_t) = (void (*)(uint32_t))0x4601AC34; 30 | 31 | void test32() 32 | { 33 | //video_printf("+++++++++++++++++++++++\n"); 34 | for (;;) 35 | ; 36 | } 37 | 38 | __attribute__((section(".text.start"))) __attribute__((noreturn)) void start(void) 39 | { 40 | part_dev_t *boot_dev = mt_part_get_device(); 41 | // TODO: support booting from recovery partition 42 | part_t *part = mt_part_get_partition("boot"); 43 | 44 | if (boot_dev == NULL || part == NULL) 45 | { 46 | video_printf("ERROR"); 47 | for (;;) 48 | ; 49 | } 50 | 51 | #if 0 52 | EFI_VOLUME_HEADER Header; 53 | boot_dev->read(boot_dev, part->start_sect * BLOCK_SIZE + BOOTIMG_OFFSET * BLOCK_SIZE, (uint8_t *)&Header, sizeof(EFI_VOLUME_HEADER), part->part_id); 54 | uint8_t *signature_u8 = (uint8_t *)&Header.Signature; 55 | if (signature_u8[0] != '_' || signature_u8[1] != 'F' || 56 | signature_u8[2] != 'V' || signature_u8[3] != 'H') 57 | { 58 | video_printf("Invalid signature\n"); 59 | for (;;) 60 | ; 61 | } 62 | print_guid(&Header.FileSystemGuid); 63 | #endif 64 | 65 | boot_dev->read(boot_dev, part->start_sect * BLOCK_SIZE + BOOTIMG_OFFSET * BLOCK_SIZE, (uint8_t *)0x41000000, 0x00200000, part->part_id); 66 | 67 | video_printf("\nBooting UEFI ...\n"); 68 | arch_disable_ints(); 69 | // TODO: disable interrupts in controller 70 | arch_disable_cache(3); 71 | // disable mmu 72 | arm_write_cr1(arm_read_cr1() & ~1); 73 | // disable watchdog 74 | *((volatile uint32_t *)0x10007000) = (*((volatile uint32_t *)0x10007000) & 0xFFFFFFFE) | 0x22000000; 75 | 76 | jump64(0x41000000, 0x43000000, 0, 1); 77 | for (;;) 78 | ; 79 | } -------------------------------------------------------------------------------- /microloader/efiboot/ops.S: -------------------------------------------------------------------------------- 1 | .section .test, "ax" 2 | .global arch_disable_ints 3 | .type arch_disable_ints, #function 4 | arch_disable_ints: 5 | mrs r0, cpsr 6 | orr r0, r0, #(1<<7) 7 | msr cpsr_c, r0 8 | bx lr 9 | .size arch_disable_ints, . - arch_disable_ints 10 | 11 | /* uint32_t arm_read_cr1(void) */ 12 | .global arm_read_cr1 13 | .type arm_read_cr1, #function 14 | arm_read_cr1: 15 | mrc p15, 0, r0, c1, c0, 0 16 | bx lr 17 | .size arm_read_cr1, . - arm_read_cr1 18 | 19 | .global arm_write_cr1 20 | .type arm_write_cr1, #function 21 | arm_write_cr1: 22 | mcr p15, 0, r0, c1, c0, 0 23 | bx lr 24 | .size arm_write_cr1, . - arm_write_cr1 25 | -------------------------------------------------------------------------------- /microloader/efiboot/test.S: -------------------------------------------------------------------------------- 1 | .section .rodata, "a" 2 | .global _agp_test_a64_code 3 | .type _agp_test_a64_code, #object 4 | // AARCH64 test code doing board reset using watchdog, for MT6755 5 | .align 8 6 | _agp_test_a64_code: 7 | .long 0x528e0008 // mov w8, #0x7000 // #28672 8 | .long 0x72a20008 // movk w8, #0x1000, lsl #16 9 | .long 0x52832e29 // mov w9, #0x1971 // #6513 10 | .long 0xb9000909 // str w9, [x8, #8] 11 | .long 0xb9400109 // ldr w9, [x8] 12 | .long 0x529ff46a // mov w10, #0xffa3 // #65443 13 | .long 0x72bbbfea // movk w10, #0xddff, lsl #16 14 | .long 0x5280028b // mov w11, #0x14 // #20 15 | .long 0x72a4400b // movk w11, #0x2200, lsl #16 16 | .long 0x0a0a0129 // and w9, w9, w10 17 | .long 0x5282412c // mov w12, #0x1209 // #4617 18 | .long 0x2a0b0129 // orr w9, w9, w11 19 | .long 0xb9000109 // str w9, [x8] 20 | .long 0xb900150c // str w12, [x8, #20] 21 | .long 0x14000000 // b 38 <_start+0x38> 22 | 23 | 24 | .size _agp_test_a64_code, . - _agp_test_a64_code 25 | -------------------------------------------------------------------------------- /microloader/inject_microloader_nougat.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys 3 | import struct 4 | from argparse import ArgumentParser 5 | 6 | base = 0x46000000 7 | 8 | crafted_hdr_sz = 0x70 9 | page_size = 4 # at least 4 for alignment 10 | # NOTE: crafted_hdr_sz bytes before inject_addr become corrupt 11 | # 2 * page_size bytes after inject_addr+inject_sz become corrupt 12 | inject_addr = 0x460a9758-32 # for nougat bootloader 13 | inject_sz = 0x200 - crafted_hdr_sz 14 | 15 | # 4600A542 LDMIA R1, {R1-R3} 16 | # 4601ABD0 LDMIA R1, {R4-LR}^ 17 | 18 | # 4601B028 LDMFD SP!, {R0-R3,R12,LR,PC}^ ## ARM 19 | 20 | cache_disable_func = 0x4601AC34 21 | arch_clean_invalidate_cache_range = 0x4601AE00 22 | 23 | fastboot_init = 0x46024BFA | 1 24 | 25 | 26 | def main(): 27 | parser = ArgumentParser() 28 | parser.add_argument('payload') 29 | parser.add_argument('-b', '--bootimg') 30 | parser.add_argument('output') 31 | args = parser.parse_args() 32 | 33 | orig = b"" 34 | 35 | if args.bootimg: 36 | with open(args.bootimg, "rb") as fin: 37 | #orig = fin.read(0x400) 38 | # fin.seek(0x800) 39 | #orig += fin.read() 40 | orig = fin.read() 41 | orig = orig[:-0x400] 42 | 43 | hdr = b"ANDROID!" # magic 44 | hdr += struct.pack(" no second) 70 | ** 3. load each element (kernel, ramdisk, second) at 71 | ** the specified physical address (kernel_addr, etc) 72 | ** 4. prepare tags at tag_addr. kernel_args[] is 73 | ** appended to the kernel commandline in the tags. 74 | ** 5. r0 = 0, r1 = MACHINE_TYPE, r2 = tags_addr 75 | ** 6. if second_size != 0: jump to second_addr 76 | ** else: jump to kernel_addr 77 | */ 78 | 79 | #if 0 80 | typedef struct ptentry ptentry; 81 | 82 | struct ptentry { 83 | char name[16]; /* asciiz partition name */ 84 | unsigned start; /* starting block number */ 85 | unsigned length; /* length in blocks */ 86 | unsigned flags; /* set to zero */ 87 | }; 88 | 89 | /* MSM Partition Table ATAG 90 | ** 91 | ** length: 2 + 7 * n 92 | ** atag: 0x4d534d70 93 | ** x n 94 | */ 95 | #endif 96 | 97 | #endif 98 | -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/clk/clk-gate-v1.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2014 MediaTek Inc. 3 | * Author: James Liao 4 | * 5 | * This program is free software; you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License version 2 as 7 | * published by the Free Software Foundation. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | */ 14 | 15 | #ifndef __DRV_CLK_GATE_H 16 | #define __DRV_CLK_GATE_H 17 | 18 | /* 19 | * This is a private header file. DO NOT include it except clk-*.c. 20 | */ 21 | 22 | #include 23 | #include 24 | 25 | struct mtk_clk_gate { 26 | struct clk_hw hw; 27 | void __iomem *set_addr; 28 | void __iomem *clr_addr; 29 | void __iomem *sta_addr; 30 | u8 bit; 31 | u32 flags; 32 | }; 33 | 34 | #define to_clk_gate(_hw) container_of(_hw, struct mtk_clk_gate, hw) 35 | 36 | #define CLK_GATE_INVERSE BIT(0) 37 | #define CLK_GATE_NO_SETCLR_REG BIT(1) 38 | 39 | struct clk *mtk_clk_register_gate( 40 | const char *name, 41 | const char *parent_name, 42 | void __iomem *set_addr, 43 | void __iomem *clr_addr, 44 | void __iomem *sta_addr, 45 | u8 bit, 46 | u32 flags); 47 | 48 | #endif /* __DRV_CLK_GATE_H */ 49 | -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/clk/clk-mt6755-pll.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 MediaTek Inc. 3 | * 4 | * This program is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License version 2 as 6 | * published by the Free Software Foundation. 7 | * 8 | * This program is distributed in the hope that it will be useful, 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | * GNU General Public License for more details. 12 | */ 13 | 14 | #ifndef __DRV_CLK_MT6755_PLL_H 15 | #define __DRV_CLK_MT6755_PLL_H 16 | 17 | /* 18 | * This is a private header file. DO NOT include it except clk-*.c. 19 | */ 20 | 21 | extern const struct clk_ops mt_clk_sdm_pll_ops; 22 | extern const struct clk_ops mt_clk_arm_pll_ops; 23 | extern const struct clk_ops mt_clk_mm_pll_ops; 24 | extern const struct clk_ops mt_clk_univ_pll_ops; 25 | extern const struct clk_ops mt_clk_aud_pll_ops; 26 | extern const struct clk_ops mt_clk_spm_pll_ops; 27 | #endif /* __DRV_CLK_MT6755_PLL_H */ 28 | -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/clk/clk-mtk-v1.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2014 MediaTek Inc. 3 | * Author: James Liao 4 | * 5 | * This program is free software; you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License version 2 as 7 | * published by the Free Software Foundation. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | */ 14 | 15 | #ifndef __DRV_CLK_MTK_H 16 | #define __DRV_CLK_MTK_H 17 | 18 | /* 19 | * This is a private header file. DO NOT include it except clk-*.c. 20 | */ 21 | 22 | #include 23 | #include 24 | #include 25 | 26 | #define CLK_DEBUG 0 27 | #define DUMMY_REG_TEST 0 28 | /* #define Bring_Up */ 29 | #ifdef Bring_Up 30 | #ifdef pr_debug 31 | #undef pr_debug 32 | #define pr_debug pr_warn 33 | #endif 34 | #define MT_CCF_DEBUG 1 35 | #define MT_CCF_BRINGUP 0 /* 1: only for bring up */ 36 | #endif /* Bring_Up */ 37 | 38 | extern spinlock_t *get_mtk_clk_lock(void); 39 | 40 | #define mtk_clk_lock(flags) spin_lock_irqsave(get_mtk_clk_lock(), flags) 41 | #define mtk_clk_unlock(flags) \ 42 | spin_unlock_irqrestore(get_mtk_clk_lock(), flags) 43 | 44 | #define MAX_MUX_GATE_BIT 31 45 | #define INVALID_MUX_GATE_BIT (MAX_MUX_GATE_BIT + 1) 46 | 47 | struct clk *mtk_clk_register_mux( 48 | const char *name, 49 | const char **parent_names, 50 | u8 num_parents, 51 | void __iomem *base_addr, 52 | u8 shift, 53 | u8 width, 54 | u8 gate_bit); 55 | 56 | #endif /* __DRV_CLK_MTK_H */ 57 | -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/clk/clk-mux.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2015 MediaTek Inc. 3 | * Author: James Liao 4 | * 5 | * This program is free software; you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License version 2 as 7 | * published by the Free Software Foundation. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | */ 14 | 15 | #ifndef __DRV_CLK_MUX_H 16 | #define __DRV_CLK_MUX_H 17 | 18 | #include 19 | 20 | struct mtk_mux_upd { 21 | int id; 22 | const char *name; 23 | const char * const *parent_names; 24 | 25 | u32 mux_ofs; 26 | u32 upd_ofs; 27 | 28 | s8 mux_shift; 29 | s8 mux_width; 30 | s8 gate_shift; 31 | s8 upd_shift; 32 | 33 | s8 num_parents; 34 | }; 35 | 36 | #define MUX_UPD(_id, _name, _parents, _mux_ofs, _shift, _width, _gate, \ 37 | _upd_ofs, _upd) { \ 38 | .id = _id, \ 39 | .name = _name, \ 40 | .mux_ofs = _mux_ofs, \ 41 | .upd_ofs = _upd_ofs, \ 42 | .mux_shift = _shift, \ 43 | .mux_width = _width, \ 44 | .gate_shift = _gate, \ 45 | .upd_shift = _upd, \ 46 | .parent_names = _parents, \ 47 | .num_parents = ARRAY_SIZE(_parents), \ 48 | } 49 | 50 | struct mtk_mux_clr_set_upd { 51 | int id; 52 | const char *name; 53 | const char * const *parent_names; 54 | 55 | u32 mux_ofs; 56 | u32 mux_set_ofs; 57 | u32 mux_clr_ofs; 58 | u32 upd_ofs; 59 | 60 | s8 mux_shift; 61 | s8 mux_width; 62 | s8 gate_shift; 63 | s8 upd_shift; 64 | 65 | s8 num_parents; 66 | }; 67 | 68 | #define MUX_CLR_SET_UPD(_id, _name, _parents, _mux_ofs, _mux_set_ofs, _mux_clr_ofs, _shift, _width, _gate, \ 69 | _upd_ofs, _upd) { \ 70 | .id = _id, \ 71 | .name = _name, \ 72 | .mux_ofs = _mux_ofs, \ 73 | .mux_set_ofs = _mux_set_ofs, \ 74 | .mux_clr_ofs = _mux_clr_ofs, \ 75 | .upd_ofs = _upd_ofs, \ 76 | .mux_shift = _shift, \ 77 | .mux_width = _width, \ 78 | .gate_shift = _gate, \ 79 | .upd_shift = _upd, \ 80 | .parent_names = _parents, \ 81 | .num_parents = ARRAY_SIZE(_parents), \ 82 | } 83 | 84 | 85 | struct clk *mtk_clk_register_mux_upd(const struct mtk_mux_upd *tm, 86 | void __iomem *base, spinlock_t *lock); 87 | 88 | struct clk *mtk_clk_register_mux_clr_set_upd(const struct mtk_mux_clr_set_upd *tm, 89 | void __iomem *base, spinlock_t *lock); 90 | 91 | void mtk_clk_register_mux_upds(const struct mtk_mux_upd *tms, 92 | int num, void __iomem *base, spinlock_t *lock, 93 | struct clk_onecell_data *clk_data); 94 | 95 | void mtk_clk_register_mux_clr_set_upds(const struct mtk_mux_clr_set_upd *tms, 96 | int num, void __iomem *base, spinlock_t *lock, 97 | struct clk_onecell_data *clk_data); 98 | 99 | #endif /* __DRV_CLK_MUX_H */ 100 | -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/clk/clk-pll-v1.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2014 MediaTek Inc. 3 | * Author: James Liao 4 | * 5 | * This program is free software; you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License version 2 as 7 | * published by the Free Software Foundation. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | */ 14 | 15 | #ifndef __DRV_CLK_PLL_H 16 | #define __DRV_CLK_PLL_H 17 | 18 | /* 19 | * This is a private header file. DO NOT include it except clk-*.c. 20 | */ 21 | 22 | #include 23 | #include 24 | #include 25 | 26 | struct mtk_clk_pll { 27 | struct clk_hw hw; 28 | void __iomem *base_addr; 29 | void __iomem *pwr_addr; 30 | u32 en_mask; 31 | u32 flags; 32 | }; 33 | 34 | #define to_mtk_clk_pll(_hw) container_of(_hw, struct mtk_clk_pll, hw) 35 | 36 | #define HAVE_RST_BAR BIT(0) 37 | #define HAVE_PLL_HP BIT(1) 38 | #define HAVE_FIX_FRQ BIT(2) 39 | #define PLL_AO BIT(3) 40 | 41 | struct clk *mtk_clk_register_pll( 42 | const char *name, 43 | const char *parent_name, 44 | u32 *base_addr, 45 | u32 *pwr_addr, 46 | u32 en_mask, 47 | u32 flags, 48 | const struct clk_ops *ops); 49 | 50 | #endif /* __DRV_CLK_PLL_H */ 51 | -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/devbase.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define U3_SIF2_BASE (0x11290000) 4 | #define TOPCKGEN_REG_BASE 0x10000000 5 | #define INFRACFG_AO_REG_BASE 0x10001000 6 | #define GPIO_REG_BASE 0x10005000 7 | #define SLEEP_REG_BASE 0x10006000 8 | #define PMIC_WRAP_BASE 0x1000d000 9 | 10 | #define AP_UART0_BASE 0x11002000 11 | #define AP_UART1_BASE 0x11003000 12 | 13 | #define APMIXED_BASE_1 0x1000c000 14 | #define APMIXED_BASE_2 0x10006000 15 | 16 | #define INFRASYS_BASE 0x10001000 17 | #define AUDIOSYS_BASE 0x11220000 18 | #define MFGSYS_BASE 0x13000000 19 | #define IMGSYS_BASE 0x15000000 20 | #define MMSYS_BASE 0x14000000 21 | #define VDECSYS_BASE 0x16000000 22 | #define VENCSYS_BASE 0x17000000 23 | 24 | #define SSUSB_SIFSLV_SPLLC_BASE (U3_SIF2_BASE+0x000) 25 | #define SSUSB_SIFSLV_U2PHY_COM_BASE (U3_SIF2_BASE+0x800) 26 | #define SSUSB_SIFSLV_U2PHY_COM_SIV_B_BASE (U3_SIF2_BASE+0x800) 27 | #define SSUSB_SIFSLV_U3PHYD_BASE (U3_SIF2_BASE+0x900) 28 | #define SSUSB_USB30_PHYA_SIV_B_BASE (U3_SIF2_BASE+0xB00) 29 | #define SSUSB_SIFSLV_U3PHYA_DA_BASE (U3_SIF2_BASE+0xC00) 30 | -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/drivers.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | int pwrap_hal_init(void); 7 | 8 | void linuxboot_pmic_init() { 9 | s32 s; 10 | 11 | s = pwrap_hal_init(); 12 | if (s!=0) { 13 | video_printf("Failed to initialize PMIC, HANG"); 14 | for(;;); 15 | } 16 | video_printf("PMIC initialization successful."); 17 | } -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/include/drivers.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | void linuxboot_pmic_init(); -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/include/mt-plat/mt_pmic_wrap.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 MediaTek Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License version 2 as 6 | * published by the Free Software Foundation. 7 | * 8 | * This program is distributed in the hope that it will be useful, 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 11 | * See http://www.gnu.org/licenses/gpl-2.0.html for more details. 12 | */ 13 | 14 | #ifndef __MT_PMIC_WRAP_H__ 15 | #define __MT_PMIC_WRAP_H__ 16 | 17 | #include 18 | 19 | #define PWRAP_READ 0 20 | #define PWRAP_WRITE 1 21 | 22 | s32 pwrap_read(u32 adr, u32 *rdata); 23 | s32 pwrap_write(u32 adr, u32 wdata); 24 | s32 pwrap_wacs2(u32 write, u32 adr, u32 wdata, u32 *rdata); 25 | u32 pmic_wrap_eint_status(void); 26 | void pmic_wrap_eint_clr(int offset); 27 | u32 mt_pmic_wrap_eint_status(void); 28 | void mt_pmic_wrap_eint_clr(int offset); 29 | s32 pwrap_init(void); 30 | 31 | #endif -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/include/mt-plat/sync_write.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 MediaTek Inc. 3 | * 4 | * This program is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License version 2 as 6 | * published by the Free Software Foundation. 7 | * 8 | * This program is distributed in the hope that it will be useful, 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | * GNU General Public License for more details. 12 | */ 13 | 14 | #ifndef _MT_SYNC_WRITE_H 15 | #define _MT_SYNC_WRITE_H 16 | 17 | #include 18 | #include 19 | 20 | /* 21 | * Define macros. 22 | */ 23 | 24 | #define mt_reg_sync_writel(v, a) \ 25 | do { \ 26 | *((volatile uint32_t*)(a)) = (v); \ 27 | mb(); \ 28 | } while (0) 29 | 30 | #define mt_reg_sync_writew(v, a) \ 31 | do { \ 32 | *((volatile uint16_t*)(a)) = (v); \ 33 | mb(); \ 34 | } while (0) 35 | 36 | #define mt_reg_sync_writeb(v, a) \ 37 | do { \ 38 | *((volatile uint8_t*)(a)) = (v); \ 39 | mb(); \ 40 | } while (0) 41 | 42 | #endif -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/pmic/mt6353/mt_pmic_info.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 MediaTek Inc. 3 | 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License version 2 as 6 | * published by the Free Software Foundation. 7 | 8 | * This program is distributed in the hope that it will be useful, 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 11 | * See http://www.gnu.org/licenses/gpl-2.0.html for more details. 12 | */ 13 | 14 | #ifndef _MT_PMIC_INFO_H_ 15 | #define _MT_PMIC_INFO_H_ 16 | 17 | /* 18 | * The CHIP INFO 19 | */ 20 | #define PMIC6353_E1_CID_CODE 0x5310 21 | #define PMIC6353_E2_CID_CODE 0x5320 22 | #define PMIC6353_E3_CID_CODE 0x5330 23 | 24 | /* 25 | * Debugfs 26 | */ 27 | #define PMICTAG "[PMIC] " 28 | #ifdef PMIC_DEBUG 29 | #define PMICDEB(fmt, arg...) pr_debug(PMICTAG "cpuid=%d, " fmt, raw_smp_processor_id(), ##arg) 30 | #define PMICFUC(fmt, arg...) pr_debug(PMICTAG "cpuid=%d, %s\n", raw_smp_processor_id(), __func__) 31 | #endif /*-- defined PMIC_DEBUG --*/ 32 | #if defined PMIC_DEBUG_PR_DBG 33 | #define PMICLOG(fmt, arg...) pr_err(PMICTAG fmt, ##arg) 34 | #else 35 | #define PMICLOG(fmt, arg...) 36 | #endif /*-- defined PMIC_DEBUG_PR_DBG --*/ 37 | #define PMICERR(fmt, arg...) pr_debug(PMICTAG "ERROR,line=%d " fmt, __LINE__, ##arg) 38 | #define PMICREG(fmt, arg...) pr_debug(PMICTAG fmt, ##arg) 39 | 40 | 41 | #endif /* _MT_PMIC_INFO_H_ */ 42 | -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/pmic/mt_pmic_wrap.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 MediaTek Inc. 3 | * 4 | * This program is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License version 2 as 6 | * published by the Free Software Foundation. 7 | * 8 | * This program is distributed in the hope that it will be useful, 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | * GNU General Public License for more details. 12 | */ 13 | 14 | /****************************************************************************** 15 | * pmic_wrapper.c - Linux pmic_wrapper Driver 16 | * 17 | * 18 | * DESCRIPTION: 19 | * This file provid the other drivers PMIC wrapper relative functions 20 | * 21 | ******************************************************************************/ 22 | 23 | #include 24 | #include 25 | 26 | #define PMIC_WRAP_DEVICE "pmic_wrap" 27 | #define VERSION "Revision" 28 | 29 | s32 pwrap_wacs2_hal(u32 write, u32 adr, u32 wdata, u32 *rdata); 30 | 31 | /* ****************************************************************************** */ 32 | /* --external API for pmic_wrap user------------------------------------------------- */ 33 | /* ****************************************************************************** */ 34 | s32 pwrap_wacs2(u32 write, u32 adr, u32 wdata, u32 *rdata) 35 | { 36 | return pwrap_wacs2_hal(write, adr, wdata, rdata); 37 | } 38 | 39 | s32 pwrap_read(u32 adr, u32 *rdata) 40 | { 41 | return pwrap_wacs2(PWRAP_READ, adr, 0, rdata); 42 | } 43 | 44 | s32 pwrap_write(u32 adr, u32 wdata) 45 | { 46 | return pwrap_wacs2(PWRAP_WRITE, adr, wdata, 0); 47 | } 48 | 49 | /********************************************************************/ 50 | /********************************************************************/ 51 | /* return value : EINT_STA: [0]: CPU IRQ status in PMIC1 */ 52 | /* [1]: MD32 IRQ status in PMIC1 */ 53 | /* [2]: CPU IRQ status in PMIC2 */ 54 | /* [3]: RESERVED */ 55 | /********************************************************************/ 56 | u32 pmic_wrap_eint_status(void) 57 | { 58 | return mt_pmic_wrap_eint_status(); 59 | } 60 | 61 | /********************************************************************/ 62 | /* set value(W1C) : EINT_CLR: [0]: CPU IRQ status in PMIC1 */ 63 | /* [1]: MD32 IRQ status in PMIC1 */ 64 | /* [2]: CPU IRQ status in PMIC2 */ 65 | /* [3]: RESERVED */ 66 | /* para: offset is shift of clear bit which needs to clear */ 67 | /********************************************************************/ 68 | void pmic_wrap_eint_clr(int offset) 69 | { 70 | mt_pmic_wrap_eint_clr(offset); 71 | } 72 | -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/pmic/pmic_throttling_dlpt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 MediaTek Inc. 3 | 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License version 2 as 6 | * published by the Free Software Foundation. 7 | 8 | * This program is distributed in the hope that it will be useful, 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 11 | * See http://www.gnu.org/licenses/gpl-2.0.html for more details. 12 | */ 13 | 14 | #ifndef _PMIC_THROTTLING_DLPT_H_ 15 | #define _PMIC_THROTTLING_DLPT_H_ 16 | 17 | #define pmic_emerg(fmt, args...) pr_emerg("[SPM-PMIC] " fmt, ##args) 18 | #define pmic_alert(fmt, args...) pr_alert("[SPM-PMIC] " fmt, ##args) 19 | #define pmic_crit(fmt, args...) pr_crit("[SPM-PMIC] " fmt, ##args) 20 | #define pmic_err(fmt, args...) pr_err("[SPM-PMIC] " fmt, ##args) 21 | #define pmic_warn(fmt, args...) pr_warn("[SPM-PMIC] " fmt, ##args) 22 | #define pmic_notice(fmt, args...) pr_notice("[SPM-PMIC] " fmt, ##args) 23 | #define pmic_info(fmt, args...) pr_info("[SPM-PMIC] " fmt, ##args) 24 | #define pmic_debug(fmt, args...) pr_info("[SPM-PMIC] " fmt, ##args) /* pr_debug show nothing */ 25 | 26 | /* just use in suspend flow for important log due to console suspend */ 27 | #if defined PMIC_DEBUG_PR_DBG 28 | #define pmic_spm_crit2(fmt, args...) \ 29 | do { \ 30 | aee_sram_printk(fmt, ##args); \ 31 | pmic_crit(fmt, ##args); \ 32 | } while (0) 33 | #else 34 | #define pmic_spm_crit2(fmt, args...) \ 35 | do { \ 36 | aee_sram_printk(fmt, ##args); \ 37 | pmic_debug(fmt, ##args); \ 38 | } while (0) 39 | #endif 40 | 41 | extern int pmic_throttling_dlpt_init(void); 42 | extern void low_battery_protect_init(void); 43 | extern void battery_oc_protect_init(void); 44 | extern void bat_percent_notify_init(void); 45 | extern void dlpt_notify_init(void); 46 | //extern void pmic_throttling_dlpt_suspend(void); 47 | //extern void pmic_throttling_dlpt_resume(void); 48 | //extern void pmic_throttling_dlpt_debug_init(struct platform_device *dev, struct dentry *debug_dir); 49 | extern void bat_h_int_handler(void); 50 | extern void bat_l_int_handler(void); 51 | extern void fg_cur_h_int_handler(void); 52 | extern void fg_cur_l_int_handler(void); 53 | #endif /* _PMIC_THROTTLING_DLPT_H_ */ 54 | -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/u3hal/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2015 MediaTek Inc. 3 | # 4 | # This program is free software: you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License version 2 as 6 | # published by the Free Software Foundation. 7 | # 8 | # This program is distributed in the hope that it will be useful, 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | # GNU General Public License for more details. 12 | # 13 | 14 | ccflags-y += -I$(srctree)/drivers/misc/mediatek/mu3d/drv \ 15 | -I$(srctree)/drivers/misc/mediatek/mu3d/hal \ 16 | -I$(srctree)/drivers/misc/mediatek/mu3phy 17 | ifeq (,$(filter $(CONFIG_MTK_PLATFORM) , "elbrus")) 18 | ccflags-y += -DUSE_SSUSB_QMU 19 | else 20 | ccflags-y += -DUSB_ELBRUS 21 | endif 22 | 23 | obj-y := mu3d_hal.o 24 | 25 | mu3d_hal-y := mu3d_hal_osal.o \ 26 | mu3d_hal_qmu_drv.o \ 27 | mu3d_hal_usb_drv.o \ 28 | mu3d_hal_phy.o 29 | -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/u3hal/mu3d_hal_osal.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 MediaTek Inc. 3 | * 4 | * This program is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License version 2 as 6 | * published by the Free Software Foundation. 7 | * 8 | * This program is distributed in the hope that it will be useful, 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | * GNU General Public License for more details. 12 | */ 13 | 14 | #define _USB_OSAI_EXT_ 15 | #include "mu3d_hal_osal.h" 16 | #undef _USB_OSAI_EXT_ 17 | 18 | void os_ms_delay(unsigned int ui4_delay) 19 | { 20 | mdelay(ui4_delay); 21 | } 22 | 23 | void os_us_delay(unsigned int ui4_delay) 24 | { 25 | udelay(ui4_delay); 26 | } 27 | 28 | void os_ms_sleep(unsigned int ui4_sleep) 29 | { 30 | msleep(ui4_sleep); 31 | } 32 | 33 | 34 | #ifdef NEVER 35 | void os_spin_lock(spinlock_t *lock) 36 | { 37 | /* spin_lock(lock); */ 38 | } 39 | 40 | void os_spin_unlock(spinlock_t *lock) 41 | { 42 | /* spin_unlock(lock); */ 43 | } 44 | #endif /* NEVER */ 45 | 46 | void os_memcpy(DEV_INT8 *pv_to, DEV_INT8 *pv_from, size_t z_l) 47 | { 48 | /*FIXME: just use memcpy(), why use this???? */ 49 | DEV_INT32 i; 50 | 51 | if ((pv_to != NULL) || (z_l == 0)) { 52 | for (i = 0; i < z_l; i++) 53 | *(pv_to + i) = *(pv_from + i); 54 | } else { 55 | BUG_ON(1); 56 | } 57 | } 58 | 59 | #ifdef NEVER 60 | void *os_virt_to_phys(void *vaddr) 61 | { 62 | 63 | return virt_to_phys(vaddr); 64 | } 65 | #endif /* NEVER */ 66 | 67 | void *os_phys_to_virt(void *paddr) 68 | { 69 | 70 | /* return phys_to_virt((phys_addr_t)paddr); */ 71 | return phys_to_virt((phys_addr_t) (long)paddr); 72 | } 73 | 74 | #ifdef NEVER 75 | void *os_ioremap(void *paddr, DEV_UINT32 t_size) 76 | { 77 | 78 | /* return ioremap(paddr,t_size); */ 79 | return ioremap_nocache(paddr, t_size); 80 | } 81 | 82 | void os_iounmap(void *vaddr) 83 | { 84 | iounmap(vaddr); 85 | vaddr = NULL; 86 | } 87 | #endif /* NEVER */ 88 | 89 | 90 | void *os_memset(void *pv_to, DEV_UINT8 ui1_c, size_t z_l) 91 | { 92 | 93 | if ((pv_to != NULL) || (z_l == 0)) 94 | return memset(pv_to, ui1_c, z_l); 95 | /* else */ 96 | BUG_ON(1); 97 | 98 | return pv_to; 99 | } 100 | 101 | void *os_mem_alloc(size_t z_size) 102 | { 103 | void *pv_mem = NULL; 104 | 105 | pv_mem = kmalloc(z_size, GFP_NOIO); 106 | 107 | if (pv_mem == NULL) { 108 | /*WARNING:OOM_MESSAGE: Possible unnecessary 'out of memory' message*/ 109 | /*pr_err("kmalloc fail!!\n");*/ 110 | BUG_ON(1); 111 | } 112 | 113 | return pv_mem; 114 | } 115 | 116 | void os_mem_free(void *pv_mem) 117 | { 118 | 119 | kfree(pv_mem); 120 | pv_mem = NULL; 121 | } 122 | 123 | void os_disableIrq(DEV_UINT32 irq) 124 | { 125 | disable_irq(irq); 126 | os_ms_delay(20); 127 | } 128 | 129 | void os_enableIrq(DEV_UINT32 irq) 130 | { 131 | enable_irq(irq); 132 | } 133 | 134 | void os_clearIrq(DEV_UINT32 irq) 135 | { 136 | os_writel(U3D_LV1IECR, os_readl(U3D_LV1ISR)); 137 | } 138 | 139 | 140 | void os_get_random_bytes(void *buf, DEV_INT32 nbytes) 141 | { 142 | get_random_bytes(buf, nbytes); 143 | } 144 | 145 | void os_disableDcache(void) 146 | { 147 | /* HalDisableDCache(); */ 148 | } 149 | 150 | void os_flushinvalidateDcache(void) 151 | { 152 | /* HalFlushInvalidateDCache(); */ 153 | } 154 | 155 | /*---------------------------------------------------------------------------- 156 | * Function: os_reg_isr() 157 | * 158 | * Description: 159 | * this API registers an ISR with its vector id. it performs 160 | * 1. parse argument. 161 | * 2. guard isr. 162 | * 3. call OS driver reg isr API. 163 | * 164 | * Inputs: 165 | * ui2_vec_id: an vector id to register an ISR. 166 | * pf_isr: pointer to a ISR to set. 167 | * ppf_old_isr: pointer to hold the current ISR setting. 168 | * 169 | * Outputs: 170 | * None 171 | *---------------------------------------------------------------------------*/ 172 | 173 | int os_reg_isr(DEV_UINT32 irq, irq_handler_t handler, void *isrbuffer) 174 | { 175 | DEV_INT32 i4_ret; 176 | 177 | i4_ret = request_irq(irq, handler, /* our handler */ 178 | IRQF_TRIGGER_LOW, "usb device handler", isrbuffer); 179 | 180 | return i4_ret; 181 | } 182 | 183 | 184 | 185 | void os_free_isr(DEV_UINT32 irq, void *isrbuffer) 186 | { 187 | 188 | free_irq(irq, isrbuffer); 189 | } 190 | -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/u3hal/mu3d_hal_osal.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 MediaTek Inc. 3 | * 4 | * This program is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License version 2 as 6 | * published by the Free Software Foundation. 7 | * 8 | * This program is distributed in the hope that it will be useful, 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | * GNU General Public License for more details. 12 | */ 13 | 14 | #ifndef _USB_OSAI_H_ 15 | #define _USB_OSAI_H_ 16 | #if 0 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #endif 26 | 27 | #include "mu3d_hal_comm.h" 28 | #include "mu3d_hal_hw.h" 29 | 30 | #undef EXTERN 31 | 32 | #ifdef _USB_OSAI_EXT_ 33 | #define EXTERN 34 | #else 35 | #define EXTERN \ 36 | extern 37 | #endif 38 | 39 | #define K_EMERG (1<<7) 40 | #define K_QMU (1<<7) 41 | #define K_ALET (1<<6) 42 | #define K_CRIT (1<<5) 43 | #define K_ERR (1<<4) 44 | #define K_WARNIN (1<<3) 45 | #define K_NOTICE (1<<2) 46 | //#define K_INFO (1<<1) 47 | //#define K_DEBUG (1<<0) 48 | 49 | /*Set the debug level at musb_core.c*/ 50 | extern int debug_level; 51 | 52 | #ifdef USE_SSUSB_QMU 53 | #define qmu_printk(level, fmt, args...) do { \ 54 | if (debug_level & (level|K_QMU)) { \ 55 | pr_notice("[U3D][Q]" fmt, ## args); \ 56 | } \ 57 | } while (0) 58 | #endif 59 | 60 | /*#define os_printk(level, fmt, args...) do { \ 61 | if (debug_level & level) { \ 62 | pr_notice("[U3D]" fmt, ## args); \ 63 | } \ 64 | } while (0)*/ 65 | 66 | #define OS_R_OK ((DEV_INT32) 0) 67 | 68 | //EXTERN spinlock_t _lock; 69 | //EXTERN DEV_INT32 os_reg_isr(DEV_UINT32 irq, irq_handler_t handler, void *isrbuffer); 70 | /* USBIF */ 71 | EXTERN void os_free_isr(DEV_UINT32 irq, void *isrbuffer); 72 | EXTERN void os_ms_delay(DEV_UINT32 ui4_delay); 73 | EXTERN void os_us_delay(DEV_UINT32 ui4_delay); 74 | EXTERN void os_ms_sleep(DEV_UINT32 ui4_sleep); 75 | 76 | void os_memcpy(DEV_INT8 *pv_to, DEV_INT8 *pv_from, size_t z_l); 77 | EXTERN void *os_memset(void *pv_to, DEV_UINT8 ui1_c, size_t z_l); 78 | EXTERN void *os_mem_alloc(size_t z_size); 79 | 80 | EXTERN void *os_phys_to_virt(void *paddr); 81 | 82 | EXTERN void os_mem_free(void *pv_mem); 83 | EXTERN void os_disableIrq(DEV_UINT32 irq); 84 | EXTERN void os_disableIrq(DEV_UINT32 irq); 85 | EXTERN void os_enableIrq(DEV_UINT32 irq); 86 | EXTERN void os_clearIrq(DEV_UINT32 irq); 87 | EXTERN void os_get_random_bytes(void *buf, DEV_INT32 nbytes); 88 | EXTERN void os_disableDcache(void); 89 | EXTERN void os_flushinvalidateDcache(void); 90 | extern DEV_INT32 rand(void); 91 | extern void HalFlushInvalidateDCache(void); 92 | 93 | 94 | #undef EXTERN 95 | 96 | #endif 97 | -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/u3hal/mu3d_hal_phy.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 MediaTek Inc. 3 | * 4 | * This program is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License version 2 as 6 | * published by the Free Software Foundation. 7 | * 8 | * This program is distributed in the hope that it will be useful, 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | * GNU General Public License for more details. 12 | */ 13 | 14 | #include "mu3d_hal_osal.h" 15 | #include "mu3d_hal_phy.h" 16 | #include "mu3d_hal_usb_drv.h" 17 | #include "mtk-phy.h" 18 | 19 | /** 20 | * mu3d_hal_phy_scan - u3 phy clock phase scan 21 | * 22 | */ 23 | DEV_INT32 mu3d_hal_phy_scan(DEV_INT32 latch_val, DEV_UINT8 driving) 24 | { 25 | #ifdef CONFIG_U3_PHY_GPIO_SUPPORT 26 | DEV_INT32 count, fset_phase_val, recov_cnt, link_error_count, U0_count; 27 | DEV_UINT8 phase_val; 28 | /* DEV_UINT8 driving; */ 29 | 30 | /* disable ip power down,disable U2/U3 ip power down. */ 31 | mu3d_hal_ssusb_en(); 32 | /* mu3d_hal_pdn_dis(); */ 33 | u3phy_ops->change_pipe_phase(u3phy, 0, 0); 34 | os_writel(U3D_PIPE_LATCH_SELECT, latch_val); /* set tx/rx latch sel */ 35 | 36 | /* driving = 2; */ 37 | u3phy_ops->change_pipe_phase(u3phy, driving, 0); 38 | phase_val = 0; 39 | count = 0; 40 | fset_phase_val = TRUE; 41 | 42 | while (TRUE) { 43 | 44 | if (fset_phase_val) { 45 | u3phy_ops->change_pipe_phase(u3phy, driving, phase_val); 46 | mu3d_hal_rst_dev(); 47 | os_ms_delay(50); 48 | os_writel(U3D_USB3_CONFIG, USB3_EN); 49 | os_writel(U3D_PIPE_LATCH_SELECT, latch_val); /* set tx/rx latch sel */ 50 | fset_phase_val = FALSE; 51 | U0_count = 0; 52 | link_error_count = 0; 53 | recov_cnt = 0; 54 | count = 0; 55 | } 56 | os_ms_delay(50); 57 | count++; 58 | recov_cnt = os_readl(U3D_RECOVERY_COUNT); /* read U0 recovery count */ 59 | link_error_count = os_readl(U3D_LINK_ERR_COUNT); /* read link error count */ 60 | if ((os_readl(U3D_LINK_STATE_MACHINE) & LTSSM) == STATE_U0_STATE) { /* enter U0 state */ 61 | U0_count++; 62 | } 63 | if (U0_count > ENTER_U0_TH) { /* link up */ 64 | os_ms_delay(1000); /* 1s */ 65 | recov_cnt = os_readl(U3D_RECOVERY_COUNT); 66 | link_error_count = os_readl(U3D_LINK_ERR_COUNT); 67 | os_writel(U3D_RECOVERY_COUNT, CLR_RECOV_CNT); /* clear recovery count */ 68 | os_writel(U3D_LINK_ERR_COUNT, CLR_LINK_ERR_CNT); /* clear link error count */ 69 | pr_debug("[PASS] Link Error Count=%d, Recovery Count=%d\n", 70 | link_error_count, recov_cnt); 71 | pr_debug("I2C(0x%02x) : [0x%02x], I2C(0x%02x) : [0x%02x]\n", 72 | U3_PHY_I2C_PCLK_DRV_REG, 73 | _U3Read_Reg(U3_PHY_I2C_PCLK_DRV_REG), 74 | U3_PHY_I2C_PCLK_PHASE_REG, 75 | _U3Read_Reg(U3_PHY_I2C_PCLK_PHASE_REG)); 76 | pr_debug("Reg(0x130) : [0x%02x], PhaseDelay[0x%02x], Driving[0x%02x], Latch[0x%02x]\n", 77 | os_readl(U3D_PIPE_LATCH_SELECT), phase_val, driving, latch_val); 78 | 79 | phase_val++; 80 | fset_phase_val = TRUE; 81 | } else if ((os_readl(U3D_LINK_STATE_MACHINE) & LTSSM) == STATE_DISABLE) { /* link fail */ 82 | pr_debug("[FAIL] STATE_DISABLE, PhaseDelay[0x%02x]\n", phase_val); 83 | phase_val++; 84 | fset_phase_val = TRUE; 85 | } else if (count > MAX_TIMEOUT_COUNT) { /* link timeout */ 86 | pr_debug("[FAIL] TIMEOUT, PhaseDelay[0x%02x]\n", phase_val); 87 | phase_val++; 88 | fset_phase_val = TRUE; 89 | } 90 | if (phase_val > MAX_PHASE_RANGE) { 91 | /* reset device */ 92 | mu3d_hal_rst_dev(); 93 | os_ms_delay(50); 94 | /* disable ip power down,disable U2/U3 ip power down. */ 95 | mu3d_hal_ssusb_en(); 96 | /* mu3d_hal_pdn_dis(); */ 97 | os_ms_delay(10); 98 | 99 | break; 100 | } 101 | } 102 | #endif 103 | 104 | return 0; 105 | } 106 | -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/u3hal/mu3d_hal_phy.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 MediaTek Inc. 3 | * 4 | * This program is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License version 2 as 6 | * published by the Free Software Foundation. 7 | * 8 | * This program is distributed in the hope that it will be useful, 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | * GNU General Public License for more details. 12 | */ 13 | 14 | #ifndef MTK_PHY_H 15 | #define MTK_PHY_H 16 | 17 | #include "mu3d_hal_comm.h" 18 | #include "mtk-phy.h" 19 | 20 | #undef EXTERN 21 | 22 | #define ENTER_U0_TH 10 23 | #define MAX_PHASE_RANGE 31 24 | #define MAX_TIMEOUT_COUNT 100 25 | 26 | #ifdef _MTK_PHY_EXT_ 27 | #define EXTERN 28 | #else 29 | #define EXTERN \ 30 | extern 31 | #endif 32 | 33 | #define U3_PHY_I2C_PCLK_DRV_REG 0x0A 34 | #define U3_PHY_I2C_PCLK_PHASE_REG 0x0B 35 | 36 | EXTERN DEV_INT32 mu3d_hal_phy_scan(DEV_INT32 latch_val, DEV_UINT8 driving); 37 | EXTERN PHY_INT32 _U3Read_Reg(PHY_INT32 address); 38 | EXTERN PHY_INT32 _U3Write_Reg(PHY_INT32 address, PHY_INT32 value); 39 | 40 | #undef EXTERN 41 | 42 | #endif 43 | -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/usb/mtk-phy-ahb.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 MediaTek Inc. 3 | * 4 | * This program is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License version 2 as 6 | * published by the Free Software Foundation. 7 | * 8 | * This program is distributed in the hope that it will be useful, 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | * GNU General Public License for more details. 12 | */ 13 | 14 | #include "mtk-phy.h" 15 | #ifdef CONFIG_U3D_HAL_SUPPORT 16 | #include "mu3d_hal_osal.h" 17 | #endif 18 | 19 | #include 20 | 21 | #define os_readl(addr) (*((volatile uint32_t *)(addr))) 22 | 23 | #define os_writel(addr, data) {\ 24 | (*((volatile uint32_t*)(addr)) = (uint32_t)data); } 25 | #if 0 26 | if (0) \ 27 | pr_debug("****** os_writel [0x%08x] = 0x%08x (%s#%d)\n", (unsigned int)addr, data, __func__, __LINE__);\ 28 | } 29 | #endif 30 | 31 | #define os_writelmsk(addr, data, msk) \ 32 | { os_writel(addr, ((os_readl(addr) & ~(msk)) | ((data) & (msk)))); \ 33 | } 34 | 35 | PHY_INT32 U3PhyWriteReg32(u3phy_addr_t addr, PHY_UINT32 data) 36 | { 37 | #if 0 38 | os_printk(K_DEBUG, "%s addr=%llx, data=%x\n", __func__, (unsigned long long)addr, data); 39 | #endif 40 | 41 | video_printf("USB: WRITE32 0x%08x = 0x%08x\n", addr,data); 42 | 43 | *((volatile uint32_t*)addr) = data; 44 | return 0; 45 | } 46 | 47 | PHY_INT32 U3PhyReadReg32(u3phy_addr_t addr) 48 | { 49 | return *((volatile uint32_t*)addr); 50 | } 51 | 52 | PHY_INT32 U3PhyWriteReg8(u3phy_addr_t addr, PHY_UINT8 data) 53 | { 54 | os_writelmsk((addr & ALIGN_MASK), data << ((addr % 4) * 8), 0xff << ((addr % 4) * 8)); 55 | __asm__ __volatile__("dsb":::"memory"); 56 | 57 | return 0; 58 | } 59 | 60 | PHY_INT8 U3PhyReadReg8(u3phy_addr_t addr) 61 | { 62 | return ((*(volatile uint32_t*)(addr & ALIGN_MASK)) >> ((addr % 4) * 8)) & 0xff; 63 | } 64 | -------------------------------------------------------------------------------- /microloader/linuxboot/drivers/usb/mtk-phy.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 MediaTek Inc. 3 | * 4 | * This program is free software: you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License version 2 as 6 | * published by the Free Software Foundation. 7 | * 8 | * This program is distributed in the hope that it will be useful, 9 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | * GNU General Public License for more details. 12 | */ 13 | 14 | #define U3_PHY_LIB 15 | #include "mtk-phy.h" 16 | #undef U3_PHY_LIB 17 | #ifndef CONFIG_PROJECT_PHY 18 | #error ? 19 | #endif 20 | 21 | #include 22 | #include "mtk-phy-asic.h" 23 | 24 | /*static struct u3phy_operator project_operators = { 25 | .init = phy_init_soc, 26 | .u2_slew_rate_calibration = u2_slew_rate_calibration, 27 | };*/ 28 | 29 | PHY_INT32 u3phy_init(void) 30 | { 31 | #if 0 32 | if (u3phy != NULL) 33 | return PHY_TRUE; 34 | 35 | u3phy = kmalloc(sizeof(struct u3phy_info), GFP_NOIO); 36 | u3phy->phyd_version_addr = U3_PHYD_B2_BASE + 0xe4; 37 | u3phy_ops = NULL; 38 | 39 | u3phy->u2phy_regs_e = (struct u2phy_reg_e *)U2_PHY_BASE; 40 | u3phy->u3phyd_regs_e = (struct u3phyd_reg_e *)U3_PHYD_BASE; 41 | u3phy->u3phyd_bank2_regs_e = (struct u3phyd_bank2_reg_e *)U3_PHYD_B2_BASE; 42 | u3phy->u3phya_regs_e = (struct u3phya_reg_e *)U3_PHYA_BASE; 43 | u3phy->u3phya_da_regs_e = (struct u3phya_da_reg_e *)U3_PHYA_DA_BASE; 44 | u3phy->sifslv_chip_regs_e = (struct sifslv_chip_reg_e *)SIFSLV_CHIP_BASE; 45 | u3phy->spllc_regs_e = (struct spllc_reg_e *)SIFSLV_SPLLC_BASE; 46 | u3phy->sifslv_fm_regs_e = (struct sifslv_fm_feg_e *)SIFSLV_FM_FEG_BASE; 47 | u3phy_ops = (struct u3phy_operator *)&project_operators; 48 | #endif 49 | 50 | return PHY_TRUE; 51 | } 52 | 53 | PHY_INT32 U3PhyWriteField8(phys_addr_t addr, PHY_INT32 offset, PHY_INT32 mask, PHY_INT32 value) 54 | { 55 | PHY_INT8 cur_value; 56 | PHY_INT8 new_value; 57 | 58 | cur_value = U3PhyReadReg8((u3phy_addr_t) addr); 59 | new_value = (cur_value & (~mask)) | ((value << offset) & mask); 60 | 61 | __asm__ __volatile__("dsb":::"memory"); 62 | U3PhyWriteReg8((u3phy_addr_t) addr, new_value); 63 | 64 | __asm__ __volatile__("dsb":::"memory"); 65 | return PHY_TRUE; 66 | } 67 | 68 | PHY_INT32 U3PhyWriteField32(phys_addr_t addr, PHY_INT32 offset, PHY_INT32 mask, PHY_INT32 value) 69 | { 70 | PHY_INT32 cur_value; 71 | PHY_INT32 new_value; 72 | 73 | cur_value = U3PhyReadReg32((u3phy_addr_t) addr); 74 | new_value = (cur_value & (~mask)) | ((value << offset) & mask); 75 | 76 | __asm__ __volatile__("dsb":::"memory"); 77 | U3PhyWriteReg32((u3phy_addr_t) addr, new_value); 78 | 79 | __asm__ __volatile__("dsb":::"memory"); 80 | return PHY_TRUE; 81 | } 82 | 83 | PHY_INT32 U3PhyReadField8(phys_addr_t addr, PHY_INT32 offset, PHY_INT32 mask) 84 | { 85 | return (U3PhyReadReg8((u3phy_addr_t) addr) & mask) >> offset; 86 | } 87 | 88 | PHY_INT32 U3PhyReadField32(phys_addr_t addr, PHY_INT32 offset, PHY_INT32 mask) 89 | { 90 | return (U3PhyReadReg32((u3phy_addr_t) addr) & mask) >> offset; 91 | } 92 | 93 | void phy_hsrx_set(void) 94 | { 95 | } 96 | 97 | void phy_hsrx_reset(void) 98 | { 99 | } -------------------------------------------------------------------------------- /microloader/linuxboot/include/linuxboot/driverapi.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define pr_debug video_printf 6 | #define pr_notice video_printf 7 | #define pr_err video_printf 8 | #define printf video_printf 9 | 10 | #define mb() \ 11 | { \ 12 | __asm__ __volatile__ ("dsb" : : : "memory"); \ 13 | } 14 | 15 | static inline uint32_t raw_smp_processor_id() { return 0; } -------------------------------------------------------------------------------- /microloader/linuxboot/include/linuxboot/io.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | -------------------------------------------------------------------------------- /microloader/linuxboot/include/linuxboot/libc.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | void *memset(void *dst, int c, uint32_t n); 4 | void *memcpy(void *dest, const void *src, uint32_t n); -------------------------------------------------------------------------------- /microloader/linuxboot/include/linuxboot/linuxcompat.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | typedef uint8_t u8; 6 | typedef uint16_t u16; 7 | typedef uint32_t u32; 8 | typedef uint64_t u64; 9 | 10 | typedef int8_t s8; 11 | typedef int16_t s16; 12 | typedef int32_t s32; 13 | typedef int64_t s64; 14 | 15 | #define K_DEBUG 0 16 | #define K_INFO 1 17 | 18 | #define os_printk(x,...) video_printf(#__VA_ARGS__) 19 | 20 | #define __initdata 21 | #define __initconst 22 | #define __init 23 | #define CLK_OF_DECLARE(...) 24 | 25 | //#define PHY_INT32 int32_t -------------------------------------------------------------------------------- /microloader/linuxboot/include/linuxboot/types.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define NULL ((void *)0) 4 | #define BLOCK_SIZE 512 5 | #define true ((bool)1) 6 | #define false ((bool)0) 7 | 8 | typedef char bool; 9 | typedef char int8_t; 10 | typedef short int16_t; 11 | typedef int int32_t; 12 | typedef long long int64_t; 13 | 14 | typedef unsigned char uint8_t; 15 | typedef unsigned short uint16_t; 16 | typedef unsigned int uint32_t; 17 | typedef unsigned long long uint64_t; 18 | 19 | typedef uint32_t size_t; 20 | 21 | typedef uint32_t uintptr_t; 22 | typedef uint32_t phys_addr_t; -------------------------------------------------------------------------------- /microloader/linuxboot/include/lk/api.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | typedef struct __part_dev part_dev_t; 6 | typedef struct __part part_t; 7 | 8 | struct __part_dev 9 | { 10 | uint32_t init; 11 | uint32_t id; 12 | void *blkdev; 13 | void *init_dev; 14 | int (*read)(part_dev_t *dev, uint64_t src, void *dst, int size, unsigned int part_id); 15 | void *write; 16 | }; 17 | struct __part 18 | { 19 | uint32_t start_sect; 20 | uint32_t nr_sects; 21 | uint32_t part_attr; 22 | uint32_t part_id; 23 | const char *name; 24 | void *info; 25 | }; 26 | 27 | #define BOOTIMG_OFFSET 2 // in blocks 28 | 29 | static void (*video_printf)(const char *fmt, ...) = (void *)(0x46032DAC | 1); 30 | static void (*dprintf)(const char *fmt, ...) = (void *)(0x460333B8 | 1); 31 | static part_dev_t *(*mt_part_get_device)() = (void *)(0x46053740 | 1); 32 | static part_t *(*mt_part_get_partition)(const char *name) = (void *)(0x46004C30 | 1); 33 | static void (*arch_clean_invalidate_cache_range)(uint32_t start, uint32_t size) = (void *)(0x4601C5A0); 34 | static void (*bldr_load_dtb)(const char *n) = (void *)(0x460276E8 | 1); 35 | 36 | static void (*mt_boot_init)(void) = (void *)(0x4602A1C0 | 1); 37 | static void (*mdelay)(uint32_t n) = (void*)(0x460050CC | 1); 38 | static void (*udelay)(uint32_t n) = (void*)(0x460050D0 | 1); 39 | static uint32_t (*get_devinfo_with_index)(uint32_t i) = (void*)(0x4605BF48 | 1); -------------------------------------------------------------------------------- /microloader/linuxboot/jump.S: -------------------------------------------------------------------------------- 1 | .section .text, "ax" 2 | .arm 3 | .global jump 4 | .type jump, #function 5 | jump: 6 | mov pc, r0 7 | .size jump, . - jump 8 | 9 | .global jump64 10 | .type jump64, #function 11 | 12 | jump64: 13 | mov r4, r3 14 | mov r3, r2 15 | mov r2, r1 16 | mov r1, r0 17 | ldr r0, =0x82000200 18 | smc #0 19 | b . 20 | .size jump64, . - jump64 21 | 22 | .global jumparch64 23 | .type jumparch64, #function 24 | jumparch64: 25 | MOV r4, r1 /* r4 argument */ 26 | MOV r5, r2 /* r5 argument */ 27 | MOV r6, r0 /* keep Kernel jump addr */ 28 | 29 | /* setup the reset vector base address after warm reset to Aarch64 */ 30 | /* ldr r1,=RVBADDRESS_CPU0 */ 31 | /* ldr r1,[r1] */ 32 | /* LDR r0, =0x4000C000 */ 33 | //LDR r0, =0x00001000 34 | LDR r0, =0x40000000 35 | LDR r1, =0x10200038 36 | str r0,[r1] 37 | 38 | /* setup the excution state after warm reset: 1:Aarch64, 0:Aarch32 */ 39 | MRC p15,0,r0,c12,c0,2 40 | orr r0, r0, #1 41 | MCR p15,0,r0,c12,c0,2 42 | DSB 43 | ISB 44 | 45 | /* do warm reset:reset request */ 46 | MRC p15,0,r0,c12,c0,2 47 | orr r0, r0, #2 48 | MCR p15,0,r0,c12,c0,2 49 | DSB 50 | ISB 51 | 52 | /* set r0 as 0xC000_0000 for ATF OP code check */ 53 | MOV r0, r4 54 | MOV r1, r5 55 | MOV r2, r0 56 | 57 | 1: 58 | /* enter WFI to request a warm reset */ 59 | WFI 60 | B 1b 61 | .size jumparch64, . - jumparch64 62 | 63 | .align 8 64 | .type test64, #function 65 | .global test64 66 | test64: 67 | .long 0x14000000 68 | .size test64, . - test64 69 | -------------------------------------------------------------------------------- /microloader/linuxboot/libc/atoi.c: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright 2001, Travis Geiselbrecht. All rights reserved. 3 | ** Distributed under the terms of the NewOS License. 4 | */ 5 | /* 6 | * Copyright (c) 2008 Travis Geiselbrecht 7 | * 8 | * Use of this source code is governed by a MIT-style 9 | * license that can be found in the LICENSE file or at 10 | * https://opensource.org/licenses/MIT 11 | */ 12 | 13 | #include "../../common/def.h" 14 | #include "ctype.h" 15 | #include "atoi.h" 16 | 17 | #define LONG_IS_INT 1 18 | 19 | static int hexval(char c) 20 | { 21 | if (c >= '0' && c <= '9') 22 | return c - '0'; 23 | else if (c >= 'a' && c <= 'f') 24 | return c - 'a' + 10; 25 | else if (c >= 'A' && c <= 'F') 26 | return c - 'A' + 10; 27 | 28 | return 0; 29 | } 30 | 31 | int atoi(const char *num) 32 | { 33 | #if !LONG_IS_INT 34 | // XXX fail 35 | #else 36 | return atol(num); 37 | #endif 38 | } 39 | 40 | unsigned int atoui(const char *num) 41 | { 42 | #if !LONG_IS_INT 43 | // XXX fail 44 | #else 45 | return atoul(num); 46 | #endif 47 | } 48 | 49 | long atol(const char *num) 50 | { 51 | long value = 0; 52 | int neg = 0; 53 | 54 | if (num[0] == '0' && num[1] == 'x') 55 | { 56 | // hex 57 | num += 2; 58 | while (*num && isxdigit(*num)) 59 | value = value * 16 + hexval(*num++); 60 | } 61 | else 62 | { 63 | // decimal 64 | if (num[0] == '-') 65 | { 66 | neg = 1; 67 | num++; 68 | } 69 | while (*num && isdigit(*num)) 70 | value = value * 10 + *num++ - '0'; 71 | } 72 | 73 | if (neg) 74 | value = -value; 75 | 76 | return value; 77 | } 78 | 79 | unsigned long atoul(const char *num) 80 | { 81 | unsigned long value = 0; 82 | if (num[0] == '0' && num[1] == 'x') 83 | { 84 | // hex 85 | num += 2; 86 | while (*num && isxdigit(*num)) 87 | value = value * 16 + hexval(*num++); 88 | } 89 | else 90 | { 91 | // decimal 92 | while (*num && isdigit(*num)) 93 | value = value * 10 + *num++ - '0'; 94 | } 95 | 96 | return value; 97 | } 98 | 99 | unsigned long long atoull(const char *num) 100 | { 101 | unsigned long long value = 0; 102 | if (num[0] == '0' && num[1] == 'x') 103 | { 104 | // hex 105 | num += 2; 106 | while (*num && isxdigit(*num)) 107 | value = value * 16 + hexval(*num++); 108 | } 109 | else 110 | { 111 | // decimal 112 | while (*num && isdigit(*num)) 113 | value = value * 10 + *num++ - '0'; 114 | } 115 | 116 | return value; 117 | } 118 | 119 | unsigned long strtoul(const char *nptr, char **endptr, int base) 120 | { 121 | int neg = 0; 122 | unsigned long ret = 0; 123 | 124 | unsigned long ULONG_MAX = 0xffffffff; 125 | 126 | if (base < 0 || base == 1 || base > 36) 127 | { 128 | return 0; 129 | } 130 | 131 | while (isspace(*nptr)) 132 | { 133 | nptr++; 134 | } 135 | 136 | if (*nptr == '+') 137 | { 138 | nptr++; 139 | } 140 | else if (*nptr == '-') 141 | { 142 | neg = 1; 143 | nptr++; 144 | } 145 | 146 | if ((base == 0 || base == 16) && nptr[0] == '0' && nptr[1] == 'x') 147 | { 148 | base = 16; 149 | nptr += 2; 150 | } 151 | else if (base == 0 && nptr[0] == '0') 152 | { 153 | base = 8; 154 | nptr++; 155 | } 156 | else if (base == 0) 157 | { 158 | base = 10; 159 | } 160 | 161 | for (;;) 162 | { 163 | char c = *nptr; 164 | int v = -1; 165 | unsigned long new_ret; 166 | 167 | if (c >= 'A' && c <= 'Z') 168 | { 169 | v = c - 'A' + 10; 170 | } 171 | else if (c >= 'a' && c <= 'z') 172 | { 173 | v = c - 'a' + 10; 174 | } 175 | else if (c >= '0' && c <= '9') 176 | { 177 | v = c - '0'; 178 | } 179 | 180 | if (v < 0 || v >= base) 181 | { 182 | if (endptr) 183 | { 184 | *endptr = (char *)nptr; 185 | } 186 | break; 187 | } 188 | 189 | new_ret = ret * base; 190 | if (new_ret / base != ret || 191 | new_ret + v < new_ret || 192 | ret == ULONG_MAX) 193 | { 194 | ret = ULONG_MAX; 195 | } 196 | else 197 | { 198 | ret = new_ret + v; 199 | } 200 | 201 | nptr++; 202 | } 203 | 204 | if (neg && ret != ULONG_MAX) 205 | { 206 | ret = -ret; 207 | } 208 | 209 | return ret; 210 | } -------------------------------------------------------------------------------- /microloader/linuxboot/libc/atoi.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | int atoi(const char *num); 4 | unsigned int atoui(const char *num); 5 | long atol(const char *num); 6 | unsigned long atoul(const char *num); 7 | unsigned long long atoull(const char *num); 8 | 9 | long strtol(const char *nptr, char **endptr, int base); 10 | long long strtoll(const char *nptr, char **endptr, int base); -------------------------------------------------------------------------------- /microloader/linuxboot/libc/ctype.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2008 Travis Geiselbrecht 3 | * 4 | * Use of this source code is governed by a MIT-style 5 | * license that can be found in the LICENSE file or at 6 | * https://opensource.org/licenses/MIT 7 | */ 8 | #include "ctype.h" 9 | 10 | int isblank(int c) 11 | { 12 | return (c == ' ' || c == '\t'); 13 | } 14 | 15 | int isspace(int c) 16 | { 17 | return (c == ' ' || c == '\f' || c == '\n' || c == '\r' || c == '\t' || c == '\v'); 18 | } 19 | 20 | int islower(int c) 21 | { 22 | return ((c >= 'a') && (c <= 'z')); 23 | } 24 | 25 | int isupper(int c) 26 | { 27 | return ((c >= 'A') && (c <= 'Z')); 28 | } 29 | 30 | int isdigit(int c) 31 | { 32 | return ((c >= '0') && (c <= '9')); 33 | } 34 | 35 | int isalpha(int c) 36 | { 37 | return isupper(c) || islower(c); 38 | } 39 | 40 | int isalnum(int c) 41 | { 42 | return isalpha(c) || isdigit(c); 43 | } 44 | 45 | int isxdigit(int c) 46 | { 47 | return isdigit(c) || ((c >= 'a') && (c <= 'f')) || ((c >= 'A') && (c <= 'F')); 48 | } 49 | 50 | int isgraph(int c) 51 | { 52 | return ((c > ' ') && (c < 0x7f)); 53 | } 54 | 55 | int iscntrl(int c) 56 | { 57 | return ((c < ' ') || (c == 0x7f)); 58 | } 59 | 60 | int isprint(int c) 61 | { 62 | return ((c >= 0x20) && (c < 0x7f)); 63 | } 64 | 65 | int ispunct(int c) 66 | { 67 | return isgraph(c) && (!isalnum(c)); 68 | } 69 | 70 | int tolower(int c) 71 | { 72 | if ((c >= 'A') && (c <= 'Z')) 73 | return c + ('a' - 'A'); 74 | return c; 75 | } 76 | 77 | int toupper(int c) 78 | { 79 | if ((c >= 'a') && (c <= 'z')) 80 | return c + ('A' - 'a'); 81 | return c; 82 | } -------------------------------------------------------------------------------- /microloader/linuxboot/libc/ctype.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2008 Travis Geiselbrecht 3 | * 4 | * Use of this source code is governed by a MIT-style 5 | * license that can be found in the LICENSE file or at 6 | * https://opensource.org/licenses/MIT 7 | */ 8 | #pragma once 9 | 10 | int isalnum(int c); 11 | int isalpha(int c); 12 | int isblank(int c); 13 | int iscntrl(int c); 14 | int isdigit(int c); 15 | int isgraph(int c); 16 | int islower(int c); 17 | int isprint(int c); 18 | int ispunct(int c); 19 | int isspace(int c); 20 | int isupper(int c); 21 | int isxdigit(int c); 22 | 23 | int tolower(int c); 24 | int toupper(int c); 25 | -------------------------------------------------------------------------------- /microloader/linuxboot/libc/memchr.c: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright 2001, Manuel J. Petit. All rights reserved. 3 | ** Distributed under the terms of the NewOS License. 4 | */ 5 | /* 6 | * Copyright (c) 2008 Travis Geiselbrecht 7 | * 8 | * Permission is hereby granted, free of charge, to any person obtaining 9 | * a copy of this software and associated documentation files 10 | * (the "Software"), to deal in the Software without restriction, 11 | * including without limitation the rights to use, copy, modify, merge, 12 | * publish, distribute, sublicense, and/or sell copies of the Software, 13 | * and to permit persons to whom the Software is furnished to do so, 14 | * subject to the following conditions: 15 | * 16 | * The above copyright notice and this permission notice shall be 17 | * included in all copies or substantial portions of the Software. 18 | * 19 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 20 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 21 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 22 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 23 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 24 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 25 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 26 | */ 27 | #include "../../common/def.h" 28 | 29 | void * 30 | memchr(void const *buf, int c, size_t len) 31 | { 32 | size_t i; 33 | unsigned char const *b = buf; 34 | unsigned char x = (c & 0xff); 35 | 36 | for (i = 0; i < len; i++) 37 | { 38 | if (b[i] == x) 39 | { 40 | return (void *)(b + i); 41 | } 42 | } 43 | 44 | return NULL; 45 | } -------------------------------------------------------------------------------- /microloader/linuxboot/libc/memcmp.c: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright 2001, Travis Geiselbrecht. All rights reserved. 3 | ** Distributed under the terms of the NewOS License. 4 | */ 5 | /* 6 | * Copyright (c) 2008 Travis Geiselbrecht 7 | * 8 | * Permission is hereby granted, free of charge, to any person obtaining 9 | * a copy of this software and associated documentation files 10 | * (the "Software"), to deal in the Software without restriction, 11 | * including without limitation the rights to use, copy, modify, merge, 12 | * publish, distribute, sublicense, and/or sell copies of the Software, 13 | * and to permit persons to whom the Software is furnished to do so, 14 | * subject to the following conditions: 15 | * 16 | * The above copyright notice and this permission notice shall be 17 | * included in all copies or substantial portions of the Software. 18 | * 19 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 20 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 21 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 22 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 23 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 24 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 25 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 26 | */ 27 | #include "../../common/def.h" 28 | int memcmp(const void *cs, const void *ct, size_t count) 29 | { 30 | const unsigned char *su1, *su2; 31 | signed char res = 0; 32 | 33 | for (su1 = cs, su2 = ct; 0 < count; ++su1, ++su2, count--) 34 | if ((res = *su1 - *su2) != 0) 35 | break; 36 | return res; 37 | } -------------------------------------------------------------------------------- /microloader/linuxboot/libc/memcpy.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void *memcpy(void *dest, const void *src, uint32_t n) 4 | { 5 | char *dp = dest; 6 | const char *sp = src; 7 | while (n--) 8 | *dp++ = *sp++; 9 | return dest; 10 | } -------------------------------------------------------------------------------- /microloader/linuxboot/libc/memmove.c: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright 2001, Travis Geiselbrecht. All rights reserved. 3 | ** Distributed under the terms of the NewOS License. 4 | */ 5 | /* 6 | * Copyright (c) 2008 Travis Geiselbrecht 7 | * 8 | * Permission is hereby granted, free of charge, to any person obtaining 9 | * a copy of this software and associated documentation files 10 | * (the "Software"), to deal in the Software without restriction, 11 | * including without limitation the rights to use, copy, modify, merge, 12 | * publish, distribute, sublicense, and/or sell copies of the Software, 13 | * and to permit persons to whom the Software is furnished to do so, 14 | * subject to the following conditions: 15 | * 16 | * The above copyright notice and this permission notice shall be 17 | * included in all copies or substantial portions of the Software. 18 | * 19 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 20 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 21 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 22 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 23 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 24 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 25 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 26 | */ 27 | //#include 28 | //#include 29 | 30 | #include "../../common/def.h" 31 | 32 | typedef long word; 33 | 34 | #define lsize sizeof(word) 35 | #define lmask (lsize - 1) 36 | 37 | void * 38 | memmove(void *dest, void const *src, size_t count) 39 | { 40 | char *d = (char *)dest; 41 | const char *s = (const char *)src; 42 | int len; 43 | 44 | if (count == 0 || dest == src) 45 | return dest; 46 | 47 | if ((long)d < (long)s) 48 | { 49 | if (((long)d | (long)s) & lmask) 50 | { 51 | // src and/or dest do not align on word boundary 52 | if ((((long)d ^ (long)s) & lmask) || (count < lsize)) 53 | len = count; // copy the rest of the buffer with the byte mover 54 | else 55 | len = lsize - ((long)d & lmask); // move the ptrs up to a word boundary 56 | 57 | count -= len; 58 | for (; len > 0; len--) 59 | *d++ = *s++; 60 | } 61 | for (len = count / lsize; len > 0; len--) 62 | { 63 | *(word *)d = *(word *)s; 64 | d += lsize; 65 | s += lsize; 66 | } 67 | for (len = count & lmask; len > 0; len--) 68 | *d++ = *s++; 69 | } 70 | else 71 | { 72 | d += count; 73 | s += count; 74 | if (((long)d | (long)s) & lmask) 75 | { 76 | // src and/or dest do not align on word boundary 77 | if ((((long)d ^ (long)s) & lmask) || (count <= lsize)) 78 | len = count; 79 | else 80 | len = ((long)d & lmask); 81 | 82 | count -= len; 83 | for (; len > 0; len--) 84 | *--d = *--s; 85 | } 86 | for (len = count / lsize; len > 0; len--) 87 | { 88 | d -= lsize; 89 | s -= lsize; 90 | *(word *)d = *(word *)s; 91 | } 92 | for (len = count & lmask; len > 0; len--) 93 | *--d = *--s; 94 | } 95 | 96 | return dest; 97 | } 98 | -------------------------------------------------------------------------------- /microloader/linuxboot/libc/memset.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void *memset(void *dst, int c, uint32_t n) 4 | { 5 | char *q = dst; 6 | char *end = q + n; 7 | 8 | for (;;) 9 | { 10 | if (q >= end) 11 | break; 12 | *q++ = (char)c; 13 | if (q >= end) 14 | break; 15 | *q++ = (char)c; 16 | if (q >= end) 17 | break; 18 | *q++ = (char)c; 19 | if (q >= end) 20 | break; 21 | *q++ = (char)c; 22 | } 23 | 24 | return dst; 25 | } -------------------------------------------------------------------------------- /microloader/linuxboot/libc/strchr.c: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright 2001, Travis Geiselbrecht. All rights reserved. 3 | ** Distributed under the terms of the NewOS License. 4 | */ 5 | /* 6 | * Copyright (c) 2008 Travis Geiselbrecht 7 | * 8 | * Permission is hereby granted, free of charge, to any person obtaining 9 | * a copy of this software and associated documentation files 10 | * (the "Software"), to deal in the Software without restriction, 11 | * including without limitation the rights to use, copy, modify, merge, 12 | * publish, distribute, sublicense, and/or sell copies of the Software, 13 | * and to permit persons to whom the Software is furnished to do so, 14 | * subject to the following conditions: 15 | * 16 | * The above copyright notice and this permission notice shall be 17 | * included in all copies or substantial portions of the Software. 18 | * 19 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 20 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 21 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 22 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 23 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 24 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 25 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 26 | */ 27 | #include "../../common/def.h" 28 | 29 | char * 30 | strchr(const char *s, int c) 31 | { 32 | for (; *s != (char)c; ++s) 33 | if (*s == '\0') 34 | return NULL; 35 | return (char *)s; 36 | } -------------------------------------------------------------------------------- /microloader/linuxboot/libc/strnlen.c: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright 2001, Travis Geiselbrecht. All rights reserved. 3 | ** Distributed under the terms of the NewOS License. 4 | */ 5 | /* 6 | * Copyright (c) 2008 Travis Geiselbrecht 7 | * 8 | * Permission is hereby granted, free of charge, to any person obtaining 9 | * a copy of this software and associated documentation files 10 | * (the "Software"), to deal in the Software without restriction, 11 | * including without limitation the rights to use, copy, modify, merge, 12 | * publish, distribute, sublicense, and/or sell copies of the Software, 13 | * and to permit persons to whom the Software is furnished to do so, 14 | * subject to the following conditions: 15 | * 16 | * The above copyright notice and this permission notice shall be 17 | * included in all copies or substantial portions of the Software. 18 | * 19 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 20 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 21 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 22 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 23 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 24 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 25 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 26 | */ 27 | #include "../../common/def.h" 28 | 29 | size_t 30 | strnlen(char const *s, size_t count) 31 | { 32 | const char *sc; 33 | 34 | for (sc = s; count-- && *sc != '\0'; ++sc) 35 | ; 36 | return sc - s; 37 | } -------------------------------------------------------------------------------- /microloader/linuxboot/libc/strrchr.c: -------------------------------------------------------------------------------- 1 | /* 2 | ** Copyright 2001, Manuel J. Petit. All rights reserved. 3 | ** Distributed under the terms of the NewOS License. 4 | */ 5 | /* 6 | * Copyright (c) 2008 Travis Geiselbrecht 7 | * 8 | * Permission is hereby granted, free of charge, to any person obtaining 9 | * a copy of this software and associated documentation files 10 | * (the "Software"), to deal in the Software without restriction, 11 | * including without limitation the rights to use, copy, modify, merge, 12 | * publish, distribute, sublicense, and/or sell copies of the Software, 13 | * and to permit persons to whom the Software is furnished to do so, 14 | * subject to the following conditions: 15 | * 16 | * The above copyright notice and this permission notice shall be 17 | * included in all copies or substantial portions of the Software. 18 | * 19 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 20 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 21 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 22 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 23 | * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 24 | * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 25 | * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 26 | */ 27 | #include "../../common/def.h" 28 | 29 | char * 30 | strrchr(char const *s, int c) 31 | { 32 | char const *last = c ? 0 : s; 33 | 34 | while (*s) 35 | { 36 | if (*s == c) 37 | { 38 | last = s; 39 | } 40 | 41 | s += 1; 42 | } 43 | 44 | return (char *)last; 45 | } -------------------------------------------------------------------------------- /microloader/linuxboot/linker.x: -------------------------------------------------------------------------------- 1 | OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm") 2 | OUTPUT_ARCH(arm) 3 | 4 | ENTRY(start) 5 | 6 | SECTIONS 7 | { 8 | . = 0x42000000; 9 | 10 | .text : { *(.text.start) *(.text .text.* .gnu.linkonce.t.*) } 11 | .rodata : { *(.rodata .rodata.* .gnu.linkonce.r.*) } 12 | .data : { *(.data .data.* .gnu.linkonce.d.*) } 13 | .bss : { *(.bss .bss.* .gnu.linkonce.b.*) *(COMMON) } 14 | /DISCARD/ : { *(.interp) *(.dynsym) *(.dynstr) *(.hash) *(.dynamic) *(.comment) } 15 | } 16 | -------------------------------------------------------------------------------- /microloader/linuxboot/main.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "bootimg.h" 5 | 6 | #include 7 | 8 | // 0x46900000 9 | 10 | uint32_t g_boot, g_recovery; 11 | int (*read_org)(part_dev_t *dev, uint64_t src, void *dst, int size, unsigned int part_id); 12 | 13 | int read(part_dev_t *dev, uint64_t block_off, void *dst, int sz, unsigned int part_id) 14 | { 15 | dprintf("read_hook 0x%08X from 0x%08X\n", read_org, __builtin_return_address(0)); 16 | #ifndef LINUXBOOT_QUIET 17 | video_printf("read_hook 0x%08X from 0x%08X\n", read_org, __builtin_return_address(0)); 18 | #endif 19 | 20 | int ret = 0; 21 | if (block_off == g_boot * 0x200 || block_off == g_recovery * 0x200) 22 | { 23 | #ifndef LINUXBOOT_QUIET 24 | video_printf("demangle boot image - from 0x%08X\n", __builtin_return_address(0)); 25 | #endif 26 | 27 | if (sz < 0x400) 28 | { 29 | ret = read_org(dev, block_off + 0x400, dst, sz, part_id); 30 | } 31 | else 32 | { 33 | void *second_copy = (char *)dst + 0x400; 34 | ret = read_org(dev, block_off, dst, sz, part_id); 35 | memcpy(dst, second_copy, 0x400); 36 | memset(second_copy, 0, 0x400); 37 | } 38 | } 39 | else 40 | { 41 | ret = read_org(dev, block_off, dst, sz, part_id); 42 | } 43 | 44 | return ret; 45 | } 46 | 47 | void patch_lk(void); 48 | void enable_uart(void); 49 | void main(void) 50 | { 51 | patch_lk(); 52 | 53 | #ifdef LINUXBOOT_ENABLE_UART 54 | enable_uart(); 55 | #endif 56 | 57 | #ifndef LINUXBOOT_QUIET 58 | video_printf("hello from linuxboot\n"); 59 | #endif 60 | dprintf("hello from linuxboot\n"); 61 | 62 | part_dev_t *dev = mt_part_get_device(); 63 | read_org = dev->read; 64 | dev->read = read; 65 | 66 | part_t *boot = mt_part_get_partition("boot"); 67 | if (boot) 68 | { 69 | g_boot = boot->start_sect; 70 | } 71 | else 72 | { 73 | #ifndef LINUXBOOT_QUIET 74 | video_printf("boot partition not found\n"); 75 | #endif 76 | g_boot = 0xFFFFFFFF; 77 | } 78 | 79 | part_t *recovery = mt_part_get_partition("recovery"); 80 | if (recovery) 81 | { 82 | g_recovery = boot->start_sect; 83 | } 84 | else 85 | { 86 | #ifndef LINUXBOOT_QUIET 87 | video_printf("recovery partition not found\n"); 88 | g_recovery = 0xFFFFFFFF; 89 | #endif 90 | } 91 | 92 | uint32_t *g_boot_mode = (uint32_t *)0x4609D120; 93 | #ifndef LINUXBOOT_QUIET 94 | video_printf("boot mode = %d\n", *g_boot_mode); 95 | #endif 96 | 97 | //((uint32_t*)0x4609D120)[0] = 2; // force recovery boot 98 | 99 | uint32_t *g_boot_hdr = (uint32_t *)0x46120A9C; 100 | *g_boot_hdr = 0; 101 | 102 | #ifndef LINUXBOOT_QUIET 103 | video_printf("Loading DTB ... "); 104 | #endif 105 | switch (*g_boot_mode) 106 | { 107 | case 0: 108 | bldr_load_dtb("boot"); 109 | break; 110 | case 2: 111 | bldr_load_dtb("recovery"); 112 | break; 113 | 114 | default: 115 | video_printf("Unknown boot mode (%d): doing normal boot", *g_boot_mode); 116 | *g_boot_mode = 0; 117 | bldr_load_dtb("boot"); 118 | break; 119 | } 120 | #ifndef LINUXBOOT_QUIET 121 | video_printf("DONE\n"); 122 | #endif 123 | 124 | mt_boot_init(); 125 | for (;;) 126 | ; 127 | } 128 | -------------------------------------------------------------------------------- /microloader/linuxboot/patchlk.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | void secure_boot_disable(void) 5 | { 6 | /**((uint16_t*)0x46026B1E) = 0xBF00; 7 | *((uint16_t*)0x46026B28) = 0xBF00; 8 | *((uint16_t*)0x46026AFA) = 0xBF00; 9 | *((uint16_t*)0x46026B04) = 0xBF00; 10 | *((uint16_t*)0x46026B0E) = 0xBF00; 11 | *((uint16_t*)0x46026B1E) = 0xBF00;*/ 12 | 13 | *((uint16_t *)0x4605B8EC) = 0xF04F; 14 | *((uint16_t *)0x4605B8EC + 2) = 0x0; 15 | *((uint16_t *)0x4605B8EC + 4) = 0x4770; 16 | } 17 | 18 | void patch_lk(void) 19 | { 20 | secure_boot_disable(); 21 | 22 | // patches to aid in debugging 23 | 24 | // trap at infinite loop after "decompress kernel image fail ..." 25 | *((uint16_t *)0x46027EFC) = 0xFFFF; 26 | // trap at infinite loop after "can't find device tree ..." 27 | *((uint16_t *)0x46027ED2) = 0xFFFF; 28 | // trap at infinite loop after "root node search failed ..." 29 | *((uint16_t *)0x460290A0) = 0xFFFF; 30 | // trap at infinite loop after "add subnode memory failed ..." 31 | *((uint16_t *)0x46029096) = 0xFFFF; 32 | // trap at infinite loop after "/memory node does not exist ..." 33 | *((uint16_t *)0x46029030) = 0xFFFF; 34 | // trap at infinite loop after "64 bit kernel can't boot at ..." 35 | *((uint16_t *)0x46027F28) = 0xFFFF; 36 | 37 | // trap after "booting linux @ %p ..." (for debugging) 38 | // *((uint16_t*)0x46028720) = 0xFFFF; 39 | 40 | // 0x46000000 - LK start 41 | // 0x4605C1D8 - approximate end of LK code segment 42 | arch_clean_invalidate_cache_range(0x46000000, 0x4605C1D8 - 0x46000000); 43 | // invalidate ICACHE 44 | // TODO: verify if is that correct 45 | __asm__ __volatile__("mcr p15, 0, r12, c7, c5, 0" :: 46 | : "r12"); 47 | } -------------------------------------------------------------------------------- /microloader/linuxboot/start.S: -------------------------------------------------------------------------------- 1 | .thumb 2 | .syntax unified 3 | .section .text.start, "ax" 4 | .global start 5 | .type start, #function 6 | start: 7 | .cfi_startproc 8 | b 1f 9 | # magic fields verified by microloader 10 | .short 0xaa55 11 | .short 0xaabb 12 | .short 0xccdd 13 | 1: 14 | # mov r0, #0x42000000 15 | mov r0, #0x49000000 16 | 17 | mov sp, r0 18 | b main 19 | .cfi_endproc 20 | .size start, . - start 21 | .Lstack_pointer: .long 0x49000000 22 | 23 | .global disable_interrupts 24 | .type disable_interrupts, #function 25 | disable_interrupts: 26 | mrs r0, cpsr 27 | orr r0, r0, #(1<<7) 28 | msr cpsr_c, r0 29 | bx lr 30 | .size disable_interrupts, . - disable_interrupts -------------------------------------------------------------------------------- /microloader/linuxboot/uart.c: -------------------------------------------------------------------------------- 1 | #include "u3phy.h" 2 | #include 3 | #include 4 | 5 | #define ACR4 0x11290810 6 | #define ACR6 0x11290818 7 | #define DTM0 0x11290868 8 | #define DTM1 0x1129086C 9 | 10 | #define INFRASYS_BASE 0x10001000 11 | 12 | uint32_t mmio_read32(uint32_t addr) 13 | { 14 | __asm__ __volatile__("dsb" :: 15 | : "memory"); 16 | uint32_t x = *((volatile uint32_t *)addr); 17 | return x; 18 | } 19 | 20 | void mmio_write32(uint32_t addr, uint32_t value) 21 | { 22 | *((volatile uint32_t *)addr) = value; 23 | __asm__ __volatile__("dsb\nisb" :: 24 | : "memory"); 25 | } 26 | 27 | void enable_uart(void) 28 | { 29 | // switch usb to uart 30 | mmio_write32(ACR6, mmio_read32(ACR6) & ~RG_USB20_BC11_SW_EN); 31 | mmio_write32(DTM0, mmio_read32(DTM0) | FORCE_UART_EN | FORCE_UART_TX_OE | FORCE_UART_BIAS_EN | (1 << RG_UART_MODE_OFST)); 32 | mmio_write32(DTM1, mmio_read32(DTM1) | RG_UART_EN | RG_UART_TX_OE | RG_UART_BIAS_EN); 33 | mmio_write32(ACR4, mmio_read32(ACR4) | RG_USB20_DM_100K_EN); 34 | mmio_write32(DTM0, mmio_read32(DTM0) | RG_SUSPENDM); 35 | mmio_write32(DTM0, mmio_read32(DTM0) | FORCE_SUSPENDM); 36 | 37 | // GPIO Selection 38 | // 0x10005000 = gpio base 39 | mmio_write32(0x10005000 + 0x6E0, mmio_read32(0x10005000 + 0x6E0) | 0x80000); 40 | // that's all thats required on hw side 41 | // it assumes that usb clock is on 42 | // code for MT6755/MT6750 43 | // probably could be ported to other platforms with very little effort 44 | // see mu3phy driver for your SOC in linux source code 45 | // ------------------------------------------------- 46 | 47 | // enable printk to uart 48 | *((volatile uint8_t *)(0x46074228 + 20)) = '0'; 49 | 50 | // patch LK to make it write output to uart 51 | *((volatile uint16_t *)0x46002E70) = 0x4b03; 52 | *((volatile uint16_t *)0x46002E72) = 0x695a; 53 | *((volatile uint16_t *)0x46002E74) = 0xf012; 54 | *((volatile uint16_t *)0x46002E76) = 0x0f20; 55 | *((volatile uint16_t *)0x46002E78) = 0xd0fb; 56 | *((volatile uint16_t *)0x46002E7A) = 0x6018; 57 | *((volatile uint16_t *)0x46002E7C) = 0x4770; 58 | // output to apuart0 59 | *((volatile uint32_t *)0x46002E80) = 0x11002000; 60 | 61 | __asm__ __volatile__("dsb\nisb"); 62 | // move data from DCACHE to RAM 63 | arch_clean_invalidate_cache_range(0x46002E70, 0x46002E80 - 0x46002E70 + 8); 64 | // invalidate ICACHE 65 | // TODO: verify if is that correct 66 | __asm__ __volatile__("mcr p15, 0, r12, c7, c5, 0" :: 67 | : "r12"); 68 | } 69 | 70 | /*bool is_ssusb_top_on(bool print) 71 | { 72 | uint32_t status = *((volatile uint32_t *)(INFRASYS_BASE + 0xac)); 73 | video_printf("status = 0x%x\n", status & 2); 74 | 75 | bool is_on = (status & 2) == 0; 76 | if (print) 77 | video_printf("SSUSB_TOP status: %s\n", is_on ? "ON" : "OFF"); 78 | return is_on; 79 | } 80 | 81 | void ssusb_top_off() 82 | { 83 | *((volatile uint32_t *)(INFRASYS_BASE + 0xa4)) = 2; 84 | } 85 | 86 | void ssusb_top_on() 87 | { 88 | *((volatile uint32_t *)(INFRASYS_BASE + 0xa8)) = 2; 89 | }*/ -------------------------------------------------------------------------------- /microloader/lkp/Makefile: -------------------------------------------------------------------------------- 1 | CC := arm-none-eabi-gcc 2 | AS := arm-none-eabi-as 3 | LD := arm-none-eabi-gcc 4 | OBJCOPY := arm-none-eabi-objcopy 5 | 6 | CFLAGS := -std=gnu99 -Os -mthumb -mcpu=cortex-a9 -fno-builtin-printf -fno-strict-aliasing -fno-builtin-memcpy -mno-unaligned-access -DPRINTF_DISABLE_SUPPORT_FLOAT=1 7 | LDFLAGS := -T linker.x -nodefaultlibs -nostdlib 8 | 9 | BUILD_DIR := ./build 10 | 11 | TARGET := payload 12 | 13 | C_SRC = main.c circbuf.c usbd.c usbphy.c usbtty.c timer.c libc.c 14 | ASM_SRC = start.S 15 | 16 | OBJ = $(C_SRC:%.c=$(BUILD_DIR)/%.o) $(ASM_SRC:%.S=$(BUILD_DIR)/%.o) 17 | DEP = $(OBJ:%.o=%.d) 18 | 19 | $(BUILD_DIR)/$(TARGET).bin: $(BUILD_DIR)/$(TARGET).elf 20 | $(OBJCOPY) -O binary $^ $@ 21 | 22 | $(BUILD_DIR)/$(TARGET).elf: $(OBJ) 23 | $(LD) -o $@ $^ $(LDFLAGS) 24 | 25 | -include $(DEP) 26 | 27 | $(BUILD_DIR)/%.o: %.c 28 | mkdir -p $(@D) 29 | $(CC) -MMD -c -o $@ $< $(CFLAGS) 30 | 31 | $(BUILD_DIR)/%.o: %.S 32 | mkdir -p $(@D) 33 | $(AS) -o $@ $< 34 | 35 | clean: 36 | -rm -rf $(BUILD_DIR) 37 | -------------------------------------------------------------------------------- /microloader/lkp/circbuf.h: -------------------------------------------------------------------------------- 1 | /* Copyright Statement: 2 | * 3 | * This software/firmware and related documentation ("MediaTek Software") are 4 | * protected under relevant copyright laws. The information contained herein is 5 | * confidential and proprietary to MediaTek Inc. and/or its licensors. Without 6 | * the prior written permission of MediaTek inc. and/or its licensors, any 7 | * reproduction, modification, use or disclosure of MediaTek Software, and 8 | * information contained herein, in whole or in part, shall be strictly 9 | * prohibited. 10 | * 11 | * MediaTek Inc. (C) 2010. All rights reserved. 12 | * 13 | * BY OPENING THIS FILE, RECEIVER HEREBY UNEQUIVOCALLY ACKNOWLEDGES AND AGREES 14 | * THAT THE SOFTWARE/FIRMWARE AND ITS DOCUMENTATIONS ("MEDIATEK SOFTWARE") 15 | * RECEIVED FROM MEDIATEK AND/OR ITS REPRESENTATIVES ARE PROVIDED TO RECEIVER 16 | * ON AN "AS-IS" BASIS ONLY. MEDIATEK EXPRESSLY DISCLAIMS ANY AND ALL 17 | * WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR 19 | * NONINFRINGEMENT. NEITHER DOES MEDIATEK PROVIDE ANY WARRANTY WHATSOEVER WITH 20 | * RESPECT TO THE SOFTWARE OF ANY THIRD PARTY WHICH MAY BE USED BY, 21 | * INCORPORATED IN, OR SUPPLIED WITH THE MEDIATEK SOFTWARE, AND RECEIVER AGREES 22 | * TO LOOK ONLY TO SUCH THIRD PARTY FOR ANY WARRANTY CLAIM RELATING THERETO. 23 | * RECEIVER EXPRESSLY ACKNOWLEDGES THAT IT IS RECEIVER'S SOLE RESPONSIBILITY TO 24 | * OBTAIN FROM ANY THIRD PARTY ALL PROPER LICENSES CONTAINED IN MEDIATEK 25 | * SOFTWARE. MEDIATEK SHALL ALSO NOT BE RESPONSIBLE FOR ANY MEDIATEK SOFTWARE 26 | * RELEASES MADE TO RECEIVER'S SPECIFICATION OR TO CONFORM TO A PARTICULAR 27 | * STANDARD OR OPEN FORUM. RECEIVER'S SOLE AND EXCLUSIVE REMEDY AND MEDIATEK'S 28 | * ENTIRE AND CUMULATIVE LIABILITY WITH RESPECT TO THE MEDIATEK SOFTWARE 29 | * RELEASED HEREUNDER WILL BE, AT MEDIATEK'S OPTION, TO REVISE OR REPLACE THE 30 | * MEDIATEK SOFTWARE AT ISSUE, OR REFUND ANY SOFTWARE LICENSE FEES OR SERVICE 31 | * CHARGE PAID BY RECEIVER TO MEDIATEK FOR SUCH MEDIATEK SOFTWARE AT ISSUE. 32 | * 33 | * The following software/firmware and/or related documentation ("MediaTek 34 | * Software") have been modified by MediaTek Inc. All revisions are subject to 35 | * any receiver's applicable license agreements with MediaTek Inc. 36 | */ 37 | 38 | #ifndef __CIRCBUF_H__ 39 | #define __CIRCBUF_H__ 40 | 41 | #define USB_BUFFER_VERIFY 1 42 | 43 | 44 | typedef struct circbuf 45 | { 46 | unsigned int size; 47 | unsigned int totalsize; 48 | 49 | char *top; 50 | char *tail; 51 | 52 | char *data; 53 | char *end; 54 | } circbuf_t; 55 | 56 | int buf_input_init (circbuf_t * buf, unsigned int size); 57 | int buf_output_init (circbuf_t * buf, unsigned int size); 58 | int buf_pop (circbuf_t * buf, char *dest, unsigned int len); 59 | int buf_push (circbuf_t * buf, const char *src, unsigned int len); 60 | 61 | #endif 62 | -------------------------------------------------------------------------------- /microloader/lkp/libc.c: -------------------------------------------------------------------------------- 1 | #include "typedefs.h" 2 | 3 | void *memset(void *dst, int c, UINT32 n) { 4 | char *q = dst; 5 | char *end = q + n; 6 | 7 | for (;;) { 8 | if (q >= end) 9 | break; 10 | *q++ = (char)c; 11 | if (q >= end) 12 | break; 13 | *q++ = (char)c; 14 | if (q >= end) 15 | break; 16 | *q++ = (char)c; 17 | if (q >= end) 18 | break; 19 | *q++ = (char)c; 20 | } 21 | 22 | return dst; 23 | } 24 | 25 | void *memcpy(void *dest, const void *src, UINT32 n) { 26 | char *dp = dest; 27 | const char *sp = src; 28 | while (n--) 29 | *dp++ = *sp++; 30 | return dest; 31 | } 32 | 33 | SIZE strlen(const char *str) { 34 | SIZE i; 35 | for (i = 0; str[i] != '\0'; i++) 36 | ; 37 | return i; 38 | } -------------------------------------------------------------------------------- /microloader/lkp/linker.x: -------------------------------------------------------------------------------- 1 | OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm") 2 | OUTPUT_ARCH(arm) 3 | 4 | ENTRY(start) 5 | 6 | SECTIONS 7 | { 8 | . = 0x42000000; 9 | 10 | .text : { *(.text.start) *(.text .text.* .gnu.linkonce.t.*) } 11 | .rodata : { *(.rodata .rodata.* .gnu.linkonce.r.*) } 12 | .data : { *(.data .data.* .gnu.linkonce.d.*) } 13 | .bss : { *(.bss .bss.* .gnu.linkonce.b.*) *(COMMON) } 14 | /DISCARD/ : { *(.interp) *(.dynsym) *(.dynstr) *(.hash) *(.dynamic) *(.comment) } 15 | } 16 | -------------------------------------------------------------------------------- /microloader/lkp/lk_api.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "../bm/def.h" 4 | 5 | void (*video_printf)(const char *fmt, ...) = (void (*)(const char *fmt, ...))(0x4602CDF0 | 1); 6 | part_dev_t *(*mt_part_get_device)() = (part_dev_t * (*)())(0x4601AB58 | 1); 7 | part_t *(*mt_part_get_partition)(const char *name) = (part_t * (*)(const char *name))(0x460045DC | 1); 8 | void (*arch_clean_invalidate_cache_range)(uint32_t start, uint32_t size) = (void (*)(uint32_t, uint32_t))0x4601AE00; 9 | 10 | typedef struct udc_device { 11 | uint16_t vendor_id; 12 | uint16_t product_id; 13 | uint16_t version_id; 14 | 15 | const char *manufacturer; 16 | const char *product; 17 | const char *serialno; 18 | } udc_device_t; 19 | 20 | struct udc_endpoint; 21 | 22 | #define UDC_EVENT_ONLINE 1 23 | #define UDC_EVENT_OFFLINE 2 24 | 25 | typedef struct udc_gadget udc_gadget_t; 26 | struct udc_gadget { 27 | void (*notify)(udc_gadget_t *gadget, unsigned event); 28 | void *context; 29 | 30 | unsigned char ifc_class; 31 | unsigned char ifc_subclass; 32 | unsigned char ifc_protocol; 33 | unsigned char ifc_endpoints; 34 | const char *ifc_string; 35 | unsigned flags; 36 | 37 | struct udc_endpoint **ept; 38 | }; 39 | 40 | int (*udc_init)(udc_device_t*dev) = (int(*)(udc_device_t*))(0x4600E5DC | 1); 41 | int (*udc_register_gadget)(udc_gadget_t* g) = (int(*)(udc_gadget_t*))(0x4600E76C | 1); 42 | int (*udc_start)(void) = (int(*)(void))(0x4600E790 | 1); 43 | 44 | #define UDC_TYPE_BULK_IN 1 45 | #define UDC_TYPE_BULK_OUT 2 46 | 47 | struct udc_endpoint *(*udc_endpoint_alloc)(unsigned type, unsigned maxpkt) = (struct udc_endpoint*(*)(unsigned,unsigned))(0x4600DC28 | 1); 48 | 49 | typedef struct udc_request udc_request_t; 50 | struct udc_request { 51 | void *buf; 52 | unsigned length; 53 | void (*complete)(udc_request_t *req, unsigned actual, int status); 54 | void *context; 55 | }; 56 | 57 | //udc_request_t *udc_request_alloc(void); 58 | 59 | int (*udc_request_queue)(struct udc_endpoint*ept, struct udc_request*req) = (int(*)(struct udc_endpoint*,struct udc_request*))(0x4600E678 | 1); 60 | -------------------------------------------------------------------------------- /microloader/lkp/platform.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | //#include 4 | 5 | #define READ8(a) *((volatile UINT8 *)(a)) 6 | #define WRITE8(a, v) *((volatile UINT8 *)(a)) = v 7 | 8 | #define READ16(a) *((volatile UINT16 *)(a)) 9 | #define WRITE16(a, v) *((volatile UINT16 *)(a)) = v 10 | 11 | #define READ32(a) *((volatile UINT32 *)(a)) 12 | #define WRITE32(a, v) *((volatile UINT32 *)(a)) = v 13 | 14 | #define IO_PHYS 0x10000000 15 | #define U3D_BASE (IO_PHYS + 0x01270000) 16 | //#define U3D_EP_RST (SSUSB_EPCTL_CSR_BASE + 0x0004) 17 | 18 | #define USB_SIF_BASE (IO_PHYS + 0x01280000) 19 | #define USB_SIF2_BASE (IO_PHYS + 0x01290000) 20 | 21 | #define SSUSB_DEV_BASE (U3D_BASE + 0x1000) 22 | #define SSUSB_EPCTL_CSR_BASE (U3D_BASE + 0x1800) 23 | #define SSUSB_USB3_MAC_CSR_BASE (U3D_BASE + 0x2400) 24 | #define SSUSB_USB3_SYS_CSR_BASE (U3D_BASE + 0x2400) 25 | #define SSUSB_USB2_CSR_BASE (U3D_BASE + 0x3400) 26 | 27 | #define SSUSB_SIFSLV_IPPC_BASE (USB_SIF_BASE + 0x700) /* FIXME do not list in MT6752 memory map*/ 28 | 29 | #define SSUSB_SIFSLV_SPLLC_BASE (USB_SIF2_BASE + 0x000) /* FIXME do not list in MT6752 memory map*/ 30 | #define SSUSB_SIFSLV_U2PHY_COM_BASE (USB_SIF2_BASE + 0x800) /* FIXME do not list in MT6752 memory map*/ 31 | #define SSUSB_SIFSLV_U3PHYD_BASE (USB_SIF2_BASE + 0x900) /* FIXME do not list in MT6752 memory map*/ 32 | #define SSUSB_SIFSLV_U2PHY_COM_SIV_B_BASE (USB_SIF2_BASE + 0x800) /* FIXME do not list in MT6752 memory map*/ 33 | #define SSUSB_USB30_PHYA_SIV_B_BASE (USB_SIF2_BASE + 0xB00) /* FIXME do not list in MT6752 memory map*/ 34 | #define SSUSB_SIFSLV_U3PHYA_DA_BASE (USB_SIF2_BASE + 0xC00) /* FIXME do not list in MT6752 memory map*/ 35 | 36 | #define GPT_BASE (IO_PHYS + 0x8000) 37 | 38 | #define MSDC0_BASE (IO_PHYS + 0x1230000) 39 | #define MSDC1_BASE (IO_PHYS + 0x1240000) 40 | #define MSDC2_BASE (IO_PHYS + 0x1250000) 41 | 42 | #define HACC_BASE (IO_PHYS + 0xA000) 43 | 44 | #define MCUCFG_BASE (IO_PHYS + 0x200000) 45 | -------------------------------------------------------------------------------- /microloader/lkp/start.S: -------------------------------------------------------------------------------- 1 | .thumb 2 | .syntax unified 3 | .section .text.start, "ax" 4 | .global start 5 | .type start, #function 6 | start: 7 | .cfi_startproc 8 | b 1f 9 | # magic fields verified by microloader 10 | .short 0xaa55 11 | .short 0xaabb 12 | .short 0xccdd 13 | 1: 14 | # mov sp, #0x42000000 15 | mov sp, #0x49000000 16 | b main 17 | .cfi_endproc 18 | .size start, . - start 19 | -------------------------------------------------------------------------------- /microloader/lkp/timer.h: -------------------------------------------------------------------------------- 1 | /* Copyright Statement: 2 | * 3 | * This software/firmware and related documentation ("MediaTek Software") are 4 | * protected under relevant copyright laws. The information contained herein is 5 | * confidential and proprietary to MediaTek Inc. and/or its licensors. Without 6 | * the prior written permission of MediaTek inc. and/or its licensors, any 7 | * reproduction, modification, use or disclosure of MediaTek Software, and 8 | * information contained herein, in whole or in part, shall be strictly 9 | * prohibited. 10 | * 11 | * MediaTek Inc. (C) 2010. All rights reserved. 12 | * 13 | * BY OPENING THIS FILE, RECEIVER HEREBY UNEQUIVOCALLY ACKNOWLEDGES AND AGREES 14 | * THAT THE SOFTWARE/FIRMWARE AND ITS DOCUMENTATIONS ("MEDIATEK SOFTWARE") 15 | * RECEIVED FROM MEDIATEK AND/OR ITS REPRESENTATIVES ARE PROVIDED TO RECEIVER 16 | * ON AN "AS-IS" BASIS ONLY. MEDIATEK EXPRESSLY DISCLAIMS ANY AND ALL 17 | * WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR 19 | * NONINFRINGEMENT. NEITHER DOES MEDIATEK PROVIDE ANY WARRANTY WHATSOEVER WITH 20 | * RESPECT TO THE SOFTWARE OF ANY THIRD PARTY WHICH MAY BE USED BY, 21 | * INCORPORATED IN, OR SUPPLIED WITH THE MEDIATEK SOFTWARE, AND RECEIVER AGREES 22 | * TO LOOK ONLY TO SUCH THIRD PARTY FOR ANY WARRANTY CLAIM RELATING THERETO. 23 | * RECEIVER EXPRESSLY ACKNOWLEDGES THAT IT IS RECEIVER'S SOLE RESPONSIBILITY TO 24 | * OBTAIN FROM ANY THIRD PARTY ALL PROPER LICENSES CONTAINED IN MEDIATEK 25 | * SOFTWARE. MEDIATEK SHALL ALSO NOT BE RESPONSIBLE FOR ANY MEDIATEK SOFTWARE 26 | * RELEASES MADE TO RECEIVER'S SPECIFICATION OR TO CONFORM TO A PARTICULAR 27 | * STANDARD OR OPEN FORUM. RECEIVER'S SOLE AND EXCLUSIVE REMEDY AND MEDIATEK'S 28 | * ENTIRE AND CUMULATIVE LIABILITY WITH RESPECT TO THE MEDIATEK SOFTWARE 29 | * RELEASED HEREUNDER WILL BE, AT MEDIATEK'S OPTION, TO REVISE OR REPLACE THE 30 | * MEDIATEK SOFTWARE AT ISSUE, OR REFUND ANY SOFTWARE LICENSE FEES OR SERVICE 31 | * CHARGE PAID BY RECEIVER TO MEDIATEK FOR SUCH MEDIATEK SOFTWARE AT ISSUE. 32 | * 33 | * The following software/firmware and/or related documentation ("MediaTek 34 | * Software") have been modified by MediaTek Inc. All revisions are subject to 35 | * any receiver's applicable license agreements with MediaTek Inc. 36 | */ 37 | 38 | #ifndef __MTK_TIMER_H__ 39 | #define __MTK_TIMER_H__ 40 | 41 | #include "typedefs.h" 42 | 43 | extern void gpt_busy_wait_us(UINT32 timeout_us); 44 | extern void gpt_busy_wait_ms(UINT32 timeout_ms); 45 | 46 | extern ULONG get_timer(ULONG base); 47 | extern void mdelay(unsigned long msec); 48 | extern void udelay(unsigned long usec); 49 | extern void mtk_timer_init(void); 50 | 51 | UINT32 gpt4_get_current_tick (void); 52 | BOOLEAN gpt4_timeout_tick (UINT32 start_tick, UINT32 timeout_tick); 53 | UINT32 gpt4_time2tick_us (UINT32 time_us); 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /microloader/lkp/typedefs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define print(...) \ 4 | {} 5 | 6 | #define ASSERT(x) \ 7 | {} 8 | 9 | #ifndef NULL 10 | #define NULL ((PVOID)0) 11 | #endif 12 | #define TRUE ((BOOLEAN)1) 13 | #define FALSE ((BOOLEAN)0) 14 | 15 | #define CONST const 16 | #define INLINE inline 17 | #define STATIC static 18 | #define VOLATILE volatile 19 | 20 | typedef signed char INT8; 21 | typedef signed short int INT16; 22 | typedef signed int INT32; 23 | __extension__ typedef signed long long int INT64; 24 | 25 | typedef unsigned char UINT8; 26 | typedef unsigned short int UINT16; 27 | typedef unsigned int UINT32; 28 | __extension__ typedef unsigned long long int UINT64; 29 | 30 | typedef UINT32 WORD; 31 | typedef INT32 SWORD; 32 | typedef WORD SIZE; 33 | __extension__ typedef INT64 INTMAX; 34 | __extension__ typedef UINT64 UINTMAX; 35 | typedef WORD PTRDIFF; 36 | typedef WORD UINTPTR; 37 | typedef WORD INTPTR; 38 | 39 | typedef INT8 BOOLEAN; 40 | typedef char CHAR; 41 | typedef short SHORT; 42 | typedef int INT; 43 | typedef long LONG; 44 | typedef long long LLONG; 45 | typedef void VOID; 46 | typedef unsigned char UCHAR; 47 | typedef unsigned short USHORT; 48 | typedef unsigned int UINT; 49 | typedef unsigned long ULONG; 50 | typedef unsigned long long ULLONG; 51 | 52 | typedef CHAR *PCHAR; 53 | typedef UCHAR *PUCHAR; 54 | typedef VOID *PVOID; 55 | typedef WORD *PWORD; 56 | typedef SWORD *PSWORD; 57 | typedef SIZE *PSIZE; 58 | 59 | typedef CONST CHAR *PCCHAR; 60 | typedef CONST UCHAR *PCUCHAR; 61 | typedef CONST VOID *PCVOID; 62 | typedef CONST WORD *PCWORD; 63 | typedef CONST SWORD *PCSWORD; 64 | typedef CONST SIZE *PCSIZE; 65 | 66 | typedef WORD N1_STATUS; 67 | 68 | void *memcpy(void *dest, const void *src, UINT32 n); 69 | void *memset(void *dst, int c, UINT32 n); 70 | SIZE strlen(const char *str); -------------------------------------------------------------------------------- /microloader/lkp/usbphy.c: -------------------------------------------------------------------------------- 1 | void mt_usb_phy_savecurrent(void) 2 | { 3 | } 4 | void mt_usb_phy_recover(void) 5 | { 6 | } 7 | -------------------------------------------------------------------------------- /microloader/lkp/usbphy.h: -------------------------------------------------------------------------------- 1 | /* Copyright Statement: 2 | * 3 | * This software/firmware and related documentation ("MediaTek Software") are 4 | * protected under relevant copyright laws. The information contained herein is 5 | * confidential and proprietary to MediaTek Inc. and/or its licensors. Without 6 | * the prior written permission of MediaTek inc. and/or its licensors, any 7 | * reproduction, modification, use or disclosure of MediaTek Software, and 8 | * information contained herein, in whole or in part, shall be strictly 9 | * prohibited. 10 | * 11 | * MediaTek Inc. (C) 2010. All rights reserved. 12 | * 13 | * BY OPENING THIS FILE, RECEIVER HEREBY UNEQUIVOCALLY ACKNOWLEDGES AND AGREES 14 | * THAT THE SOFTWARE/FIRMWARE AND ITS DOCUMENTATIONS ("MEDIATEK SOFTWARE") 15 | * RECEIVED FROM MEDIATEK AND/OR ITS REPRESENTATIVES ARE PROVIDED TO RECEIVER 16 | * ON AN "AS-IS" BASIS ONLY. MEDIATEK EXPRESSLY DISCLAIMS ANY AND ALL 17 | * WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED 18 | * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR 19 | * NONINFRINGEMENT. NEITHER DOES MEDIATEK PROVIDE ANY WARRANTY WHATSOEVER WITH 20 | * RESPECT TO THE SOFTWARE OF ANY THIRD PARTY WHICH MAY BE USED BY, 21 | * INCORPORATED IN, OR SUPPLIED WITH THE MEDIATEK SOFTWARE, AND RECEIVER AGREES 22 | * TO LOOK ONLY TO SUCH THIRD PARTY FOR ANY WARRANTY CLAIM RELATING THERETO. 23 | * RECEIVER EXPRESSLY ACKNOWLEDGES THAT IT IS RECEIVER'S SOLE RESPONSIBILITY TO 24 | * OBTAIN FROM ANY THIRD PARTY ALL PROPER LICENSES CONTAINED IN MEDIATEK 25 | * SOFTWARE. MEDIATEK SHALL ALSO NOT BE RESPONSIBLE FOR ANY MEDIATEK SOFTWARE 26 | * RELEASES MADE TO RECEIVER'S SPECIFICATION OR TO CONFORM TO A PARTICULAR 27 | * STANDARD OR OPEN FORUM. RECEIVER'S SOLE AND EXCLUSIVE REMEDY AND MEDIATEK'S 28 | * ENTIRE AND CUMULATIVE LIABILITY WITH RESPECT TO THE MEDIATEK SOFTWARE 29 | * RELEASED HEREUNDER WILL BE, AT MEDIATEK'S OPTION, TO REVISE OR REPLACE THE 30 | * MEDIATEK SOFTWARE AT ISSUE, OR REFUND ANY SOFTWARE LICENSE FEES OR SERVICE 31 | * CHARGE PAID BY RECEIVER TO MEDIATEK FOR SUCH MEDIATEK SOFTWARE AT ISSUE. 32 | * 33 | * The following software/firmware and/or related documentation ("MediaTek 34 | * Software") have been modified by MediaTek Inc. All revisions are subject to 35 | * any receiver's applicable license agreements with MediaTek Inc. 36 | */ 37 | 38 | #ifndef USBPHY_H_ 39 | #define USBPHY_H_ 40 | 41 | #if CFG_FPGA_PLATFORM 42 | #include "i2c.h" 43 | #endif 44 | 45 | #define SSUSB_PHY_BASE (SSUSB_SIFSLV_IPPC_BASE) 46 | #define USB20_PHY_BASE (SSUSB_SIFSLV_U2PHY_COM_BASE) 47 | #define USB11_PHY_BASE (USBSIF_BASE + 0x0800) 48 | #define PERI_GLOBALCON_PDN0_SET (PERICFG_BASE+0x008) 49 | #define USB0_PDN 1 << 10 50 | 51 | #if CFG_FPGA_PLATFORM 52 | #define USB_I2C_ID I2C2 /* 0 - 6 */ 53 | #define PATH_NORMAL 0 54 | #define PATH_PMIC 1 55 | 56 | #define USBPHY_I2C_READ8(addr, buffer) usb_i2c_read8(addr, buffer) 57 | #define USBPHY_I2C_WRITE8(addr, value) usb_i2c_write8(addr, value) 58 | #endif 59 | 60 | #define USBPHY_READ8(offset) __raw_readb(SSUSB_PHY_BASE+offset) 61 | #define USBPHY_WRITE8(offset, value) __raw_writeb(value, SSUSB_PHY_BASE+offset) 62 | #define USBPHY_SET8(offset, mask) USBPHY_WRITE8(offset, USBPHY_READ8(offset) | mask) 63 | #define USBPHY_CLR8(offset, mask) USBPHY_WRITE8(offset, USBPHY_READ8(offset) & ~mask) 64 | 65 | #define USB_SET_BIT(BS,REG) mt_reg_sync_writel((__raw_readl(REG) | (U32)(BS)), (REG)) 66 | #define USB_CLR_BIT(BS,REG) mt_reg_sync_writel((__raw_readl(REG) & (~(U32)(BS))), (REG)) 67 | 68 | //USB20 PHY registers 69 | #define USB20PHY_READ8(offset) __raw_readb(USB20_PHY_BASE+offset) 70 | #define USB20PHY_WRITE8(offset, value) __raw_writeb(value, USB20_PHY_BASE+offset) 71 | //USB11 PHY registers: 72 | #define USB11PHY_READ32(offset) __raw_readl((void *)(USB11_PHY_BASE+(offset))) 73 | #define USB11PHY_READ8(offset) __raw_readb((void *)(USB11_PHY_BASE+(offset))) 74 | #define USB11PHY_WRITE8(offset, value) __raw_writeb((u8)value, (void *)(USB11_PHY_BASE+(offset))) 75 | #define USB11PHY_SET8(offset, mask) USB11PHY_WRITE8((offset), USB11PHY_READ8(offset) | (mask)) 76 | #define USB11PHY_CLR8(offset, mask) USB11PHY_WRITE8((offset), USB11PHY_READ8(offset) & (~(mask))) 77 | 78 | 79 | #endif 80 | 81 | -------------------------------------------------------------------------------- /microloader/main.c: -------------------------------------------------------------------------------- 1 | #include "common/def.h" 2 | 3 | typedef struct __part_dev part_dev_t; 4 | typedef struct __part part_t; 5 | 6 | void (*video_printf)(const char *fmt, ...) = (void (*)(const char *fmt, ...))(0x46032DAC | 1); 7 | void (*dprintf)(const char *fmt, ...) = (void (*)(const char* fmt, ...))(0x460333B8 | 1); 8 | part_dev_t *(*mt_part_get_device)() = (part_dev_t * (*)())(0x46053740 | 1); 9 | part_t *(*mt_part_get_partition)(const char *name) = (part_t * (*)(const char *name))(0x46004C30 | 1); 10 | 11 | #define PAYLOAD_OFFSET 2097152 // keep in sync with LK_PAYLOAD_OFFSET in flash_lk_payload.py 12 | #define PAYLOAD_ADDR 0x42000000 // keep in sync with lkp/linker.x 13 | #define PAYLOAD_SIZE (16384*3) // keep in sync with MAX_PAYLOAD_LEN in flash_lk_payload.py 14 | 15 | /*uint32_t g_boot,g_recovery; 16 | int (*read_org)(part_dev_t *dev, uint64_t src, void *dst, int size, unsigned int part_id); 17 | 18 | int read(part_dev_t *dev, uint64_t src, void *dst, int size, unsigned int part_id) { 19 | dprintf("read_hook 0x%08X\n",read_org); 20 | return read_org(dev,src,dst,size,part_id); 21 | }*/ 22 | 23 | int main() 24 | { 25 | part_dev_t *dev = mt_part_get_device(); 26 | part_t *part = mt_part_get_partition("boot"); 27 | dev->read(dev, PAYLOAD_OFFSET, (uint8_t *)PAYLOAD_ADDR, PAYLOAD_SIZE, 1); 28 | // dev->read(dev, PAYLOAD_OFFSET, (uint8_t *)(PAYLOAD_ADDR + PAYLOAD_SIZE), 512, part->part_id); 29 | volatile uint16_t *p = (volatile uint16_t *)PAYLOAD_ADDR; 30 | if (p[0] != 0xe002 || p[1] != 0xaa55 || p[2] != 0xaabb || p[3] != 0xccdd) 31 | { 32 | video_printf("payload missing 0x%x 0x%x 0x%x 0x%x\n", p[0], p[1], p[2], p[3]); 33 | for (;;) 34 | ; 35 | } 36 | 37 | void (*entry)() = (void (*)())(PAYLOAD_ADDR | 1); 38 | entry(); 39 | for (;;) 40 | ; 41 | } 42 | -------------------------------------------------------------------------------- /microloader/start.S: -------------------------------------------------------------------------------- 1 | .syntax unified 2 | 3 | .code 32 4 | .global start 5 | .section .text.start 6 | start: 7 | mov sp, #0x42000000 8 | blx main 9 | -------------------------------------------------------------------------------- /partdump.py: -------------------------------------------------------------------------------- 1 | from argparse import ArgumentParser 2 | import mmap 3 | from struct import unpack 4 | 5 | MAGIC = 0x58881688 6 | EXT_MAGIC = 0x58891689 7 | 8 | 9 | def get_next_partition(buffer, offset): 10 | magic = unpack('= len(data) or addr < 0: 23 | continue 24 | 25 | try: 26 | t = data[addr:-1].find(b'\x00') 27 | if t <= 0: 28 | continue 29 | 30 | print('%08x' % addr, data[addr:addr+t].decode('utf-8')) 31 | #print('%08x' % addr, data[addr:addr+12]) 32 | except: 33 | pass 34 | 35 | 36 | if __name__ == '__main__': 37 | main() 38 | -------------------------------------------------------------------------------- /sec/secro.py: -------------------------------------------------------------------------------- 1 | from argparse import ArgumentParser 2 | import mmap 3 | from struct import pack, unpack 4 | 5 | 6 | def main(): 7 | parser = ArgumentParser() 8 | parser.add_argument('file') 9 | args = parser.parse_args() 10 | 11 | file = open(args.file, 'rb') 12 | data = mmap.mmap(file.fileno(), 0, access=mmap.ACCESS_READ) 13 | 14 | and_ac_andro_offset = data.find(pack('