cros_ec: sandbox: Add Chrome OS EC emulation
Add a simple emulation of the Chrome OS EC for sandbox, so that it can
perform various EC tasks such as keyboard handling.
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile
index c77e40a..c25e92d 100644
--- a/drivers/misc/Makefile
+++ b/drivers/misc/Makefile
@@ -11,6 +11,7 @@
obj-$(CONFIG_CROS_EC) += cros_ec.o
obj-$(CONFIG_CROS_EC_LPC) += cros_ec_lpc.o
obj-$(CONFIG_CROS_EC_I2C) += cros_ec_i2c.o
+obj-$(CONFIG_CROS_EC_SANDBOX) += cros_ec_sandbox.o
obj-$(CONFIG_CROS_EC_SPI) += cros_ec_spi.o
obj-$(CONFIG_FSL_IIM) += fsl_iim.o
obj-$(CONFIG_GPIO_LED) += gpio_led.o
diff --git a/drivers/misc/cros_ec.c b/drivers/misc/cros_ec.c
index a4bdb23..7e8c58f 100644
--- a/drivers/misc/cros_ec.c
+++ b/drivers/misc/cros_ec.c
@@ -224,6 +224,11 @@
rv = cros_ec_spi_packet(dev, out_bytes, in_bytes);
break;
#endif
+#ifdef CONFIG_CROS_EC_SANDBOX
+ case CROS_EC_IF_SANDBOX:
+ rv = cros_ec_sandbox_packet(dev, out_bytes, in_bytes);
+ break;
+#endif
case CROS_EC_IF_NONE:
/* TODO: support protocol 3 for LPC, I2C; for now fall through */
default:
@@ -1033,6 +1038,11 @@
dev->interface = CROS_EC_IF_LPC;
break;
#endif
+#ifdef CONFIG_CROS_EC_SANDBOX
+ case COMPAT_SANDBOX_HOST_EMULATION:
+ dev->interface = CROS_EC_IF_SANDBOX;
+ break;
+#endif
default:
debug("%s: Unknown compat id %d\n", __func__, compat);
return -1;
@@ -1088,6 +1098,12 @@
return -CROS_EC_ERR_DEV_INIT;
break;
#endif
+#ifdef CONFIG_CROS_EC_SANDBOX
+ case CROS_EC_IF_SANDBOX:
+ if (cros_ec_sandbox_init(dev, blob))
+ return -CROS_EC_ERR_DEV_INIT;
+ break;
+#endif
case CROS_EC_IF_NONE:
default:
return 0;
diff --git a/drivers/misc/cros_ec_sandbox.c b/drivers/misc/cros_ec_sandbox.c
new file mode 100644
index 0000000..4bb1d60
--- /dev/null
+++ b/drivers/misc/cros_ec_sandbox.c
@@ -0,0 +1,559 @@
+/*
+ * Chromium OS cros_ec driver - sandbox emulation
+ *
+ * Copyright (c) 2013 The Chromium OS Authors.
+ *
+ * SPDX-License-Identifier: GPL-2.0+
+ */
+
+#include <common.h>
+#include <cros_ec.h>
+#include <ec_commands.h>
+#include <errno.h>
+#include <hash.h>
+#include <malloc.h>
+#include <os.h>
+#include <sha256.h>
+#include <spi.h>
+#include <asm/state.h>
+#include <asm/sdl.h>
+#include <linux/input.h>
+
+/*
+ * Ultimately it shold be possible to connect an Chrome OS EC emulation
+ * to U-Boot and remove all of this code. But this provides a test
+ * environment for bringing up chromeos_sandbox and demonstrating its
+ * utility.
+ *
+ * This emulation includes the following:
+ *
+ * 1. Emulation of the keyboard, by converting keypresses received from SDL
+ * into key scan data, passed back from the EC as key scan messages. The
+ * key layout is read from the device tree.
+ *
+ * 2. Emulation of vboot context - so this can be read/written as required.
+ *
+ * 3. Save/restore of EC state, so that the vboot context, flash memory
+ * contents and current image can be preserved across boots. This is important
+ * since the EC is supposed to continue running even if the AP resets.
+ *
+ * 4. Some event support, in particular allowing Escape to be pressed on boot
+ * to enter recovery mode. The EC passes this to U-Boot through the normal
+ * event message.
+ *
+ * 5. Flash read/write/erase support, so that software sync works. The
+ * protect messages are supported but no protection is implemented.
+ *
+ * 6. Hashing of the EC image, again to support software sync.
+ *
+ * Other features can be added, although a better path is probably to link
+ * the EC image in with U-Boot (Vic has demonstrated a prototype for this).
+ */
+
+DECLARE_GLOBAL_DATA_PTR;
+
+#define KEYBOARD_ROWS 8
+#define KEYBOARD_COLS 13
+
+/* A single entry of the key matrix */
+struct ec_keymatrix_entry {
+ int row; /* key matrix row */
+ int col; /* key matrix column */
+ int keycode; /* corresponding linux key code */
+};
+
+/**
+ * struct ec_state - Information about the EC state
+ *
+ * @vbnv_context: Vboot context data stored by EC
+ * @ec_config: FDT config information about the EC (e.g. flashmap)
+ * @flash_data: Contents of flash memory
+ * @flash_data_len: Size of flash memory
+ * @current_image: Current image the EC is running
+ * @matrix_count: Number of keys to decode in matrix
+ * @matrix: Information about keyboard matrix
+ * @keyscan: Current keyscan information (bit set for each row/column pressed)
+ * @recovery_req: Keyboard recovery requested
+ */
+struct ec_state {
+ uint8_t vbnv_context[EC_VBNV_BLOCK_SIZE];
+ struct fdt_cros_ec ec_config;
+ uint8_t *flash_data;
+ int flash_data_len;
+ enum ec_current_image current_image;
+ int matrix_count;
+ struct ec_keymatrix_entry *matrix; /* the key matrix info */
+ uint8_t keyscan[KEYBOARD_COLS];
+ bool recovery_req;
+} s_state, *state;
+
+/**
+ * cros_ec_read_state() - read the sandbox EC state from the state file
+ *
+ * If data is available, then blob and node will provide access to it. If
+ * not this function sets up an empty EC.
+ *
+ * @param blob: Pointer to device tree blob, or NULL if no data to read
+ * @param node: Node offset to read from
+ */
+static int cros_ec_read_state(const void *blob, int node)
+{
+ struct ec_state *ec = &s_state;
+ const char *prop;
+ int len;
+
+ /* Set everything to defaults */
+ ec->current_image = EC_IMAGE_RO;
+ if (!blob)
+ return 0;
+
+ /* Read the data if available */
+ ec->current_image = fdtdec_get_int(blob, node, "current-image",
+ EC_IMAGE_RO);
+ prop = fdt_getprop(blob, node, "vbnv-context", &len);
+ if (prop && len == sizeof(ec->vbnv_context))
+ memcpy(ec->vbnv_context, prop, len);
+
+ prop = fdt_getprop(blob, node, "flash-data", &len);
+ if (prop) {
+ ec->flash_data_len = len;
+ ec->flash_data = os_malloc(len);
+ if (!ec->flash_data)
+ return -ENOMEM;
+ memcpy(ec->flash_data, prop, len);
+ debug("%s: Loaded EC flash data size %#x\n", __func__, len);
+ }
+
+ return 0;
+}
+
+/**
+ * cros_ec_write_state() - Write out our state to the state file
+ *
+ * The caller will ensure that there is a node ready for the state. The node
+ * may already contain the old state, in which case it is overridden.
+ *
+ * @param blob: Device tree blob holding state
+ * @param node: Node to write our state into
+ */
+static int cros_ec_write_state(void *blob, int node)
+{
+ struct ec_state *ec = &s_state;
+
+ /* We are guaranteed enough space to write basic properties */
+ fdt_setprop_u32(blob, node, "current-image", ec->current_image);
+ fdt_setprop(blob, node, "vbnv-context", ec->vbnv_context,
+ sizeof(ec->vbnv_context));
+ return state_setprop(node, "flash-data", ec->flash_data,
+ ec->ec_config.flash.length);
+}
+
+SANDBOX_STATE_IO(cros_ec, "google,cros-ec", cros_ec_read_state,
+ cros_ec_write_state);
+
+/**
+ * Return the number of bytes used in the specified image.
+ *
+ * This is the actual size of code+data in the image, as opposed to the
+ * amount of space reserved in flash for that image. This code is similar to
+ * that used by the real EC code base.
+ *
+ * @param ec Current emulated EC state
+ * @param entry Flash map entry containing the image to check
+ * @return actual image size in bytes, 0 if the image contains no content or
+ * error.
+ */
+static int get_image_used(struct ec_state *ec, struct fmap_entry *entry)
+{
+ int size;
+
+ /*
+ * Scan backwards looking for 0xea byte, which is by definition the
+ * last byte of the image. See ec.lds.S for how this is inserted at
+ * the end of the image.
+ */
+ for (size = entry->length - 1;
+ size > 0 && ec->flash_data[entry->offset + size] != 0xea;
+ size--)
+ ;
+
+ return size ? size + 1 : 0; /* 0xea byte IS part of the image */
+}
+
+/**
+ * Read the key matrix from the device tree
+ *
+ * Keymap entries in the fdt take the form of 0xRRCCKKKK where
+ * RR=Row CC=Column KKKK=Key Code
+ *
+ * @param ec Current emulated EC state
+ * @param blob Device tree blob containing keyscan information
+ * @param node Keyboard node of device tree containing keyscan information
+ * @return 0 if ok, -1 on error
+ */
+static int keyscan_read_fdt_matrix(struct ec_state *ec, const void *blob,
+ int node)
+{
+ const u32 *cell;
+ int upto;
+ int len;
+
+ cell = fdt_getprop(blob, node, "linux,keymap", &len);
+ ec->matrix_count = len / 4;
+ ec->matrix = calloc(ec->matrix_count, sizeof(*ec->matrix));
+ if (!ec->matrix) {
+ debug("%s: Out of memory for key matrix\n", __func__);
+ return -1;
+ }
+
+ /* Now read the data */
+ for (upto = 0; upto < ec->matrix_count; upto++) {
+ struct ec_keymatrix_entry *matrix = &ec->matrix[upto];
+ u32 word;
+
+ word = fdt32_to_cpu(*cell++);
+ matrix->row = word >> 24;
+ matrix->col = (word >> 16) & 0xff;
+ matrix->keycode = word & 0xffff;
+
+ /* Hard-code some sanity limits for now */
+ if (matrix->row >= KEYBOARD_ROWS ||
+ matrix->col >= KEYBOARD_COLS) {
+ debug("%s: Matrix pos out of range (%d,%d)\n",
+ __func__, matrix->row, matrix->col);
+ return -1;
+ }
+ }
+
+ if (upto != ec->matrix_count) {
+ debug("%s: Read mismatch from key matrix\n", __func__);
+ return -1;
+ }
+
+ return 0;
+}
+
+/**
+ * Return the next keyscan message contents
+ *
+ * @param ec Current emulated EC state
+ * @param scan Place to put keyscan bytes for the keyscan message (must hold
+ * enough space for a full keyscan)
+ * @return number of bytes of valid scan data
+ */
+static int cros_ec_keyscan(struct ec_state *ec, uint8_t *scan)
+{
+ const struct ec_keymatrix_entry *matrix;
+ int bytes = KEYBOARD_COLS;
+ int key[8]; /* allow up to 8 keys to be pressed at once */
+ int count;
+ int i;
+
+ memset(ec->keyscan, '\0', bytes);
+ count = sandbox_sdl_scan_keys(key, ARRAY_SIZE(key));
+
+ /* Look up keycode in matrix */
+ for (i = 0, matrix = ec->matrix; i < ec->matrix_count; i++, matrix++) {
+ bool found;
+ int j;
+
+ for (found = false, j = 0; j < count; j++) {
+ if (matrix->keycode == key[j])
+ found = true;
+ }
+
+ if (found) {
+ debug("%d: %d,%d\n", matrix->keycode, matrix->row,
+ matrix->col);
+ ec->keyscan[matrix->col] |= 1 << matrix->row;
+ }
+ }
+
+ memcpy(scan, ec->keyscan, bytes);
+ return bytes;
+}
+
+/**
+ * Process an emulated EC command
+ *
+ * @param ec Current emulated EC state
+ * @param req_hdr Pointer to request header
+ * @param req_data Pointer to body of request
+ * @param resp_hdr Pointer to place to put response header
+ * @param resp_data Pointer to place to put response data, if any
+ * @return length of response data, or 0 for no response data, or -1 on error
+ */
+static int process_cmd(struct ec_state *ec,
+ struct ec_host_request *req_hdr, const void *req_data,
+ struct ec_host_response *resp_hdr, void *resp_data)
+{
+ int len;
+
+ /* TODO(sjg@chromium.org): Check checksums */
+ debug("EC command %#0x\n", req_hdr->command);
+
+ switch (req_hdr->command) {
+ case EC_CMD_HELLO: {
+ const struct ec_params_hello *req = req_data;
+ struct ec_response_hello *resp = resp_data;
+
+ resp->out_data = req->in_data + 0x01020304;
+ len = sizeof(*resp);
+ break;
+ }
+ case EC_CMD_GET_VERSION: {
+ struct ec_response_get_version *resp = resp_data;
+
+ strcpy(resp->version_string_ro, "sandbox_ro");
+ strcpy(resp->version_string_rw, "sandbox_rw");
+ resp->current_image = ec->current_image;
+ debug("Current image %d\n", resp->current_image);
+ len = sizeof(*resp);
+ break;
+ }
+ case EC_CMD_VBNV_CONTEXT: {
+ const struct ec_params_vbnvcontext *req = req_data;
+ struct ec_response_vbnvcontext *resp = resp_data;
+
+ switch (req->op) {
+ case EC_VBNV_CONTEXT_OP_READ:
+ memcpy(resp->block, ec->vbnv_context,
+ sizeof(resp->block));
+ len = sizeof(*resp);
+ break;
+ case EC_VBNV_CONTEXT_OP_WRITE:
+ memcpy(ec->vbnv_context, resp->block,
+ sizeof(resp->block));
+ len = 0;
+ break;
+ default:
+ printf(" ** Unknown vbnv_context command %#02x\n",
+ req->op);
+ return -1;
+ }
+ break;
+ }
+ case EC_CMD_REBOOT_EC: {
+ const struct ec_params_reboot_ec *req = req_data;
+
+ printf("Request reboot type %d\n", req->cmd);
+ switch (req->cmd) {
+ case EC_REBOOT_DISABLE_JUMP:
+ len = 0;
+ break;
+ case EC_REBOOT_JUMP_RW:
+ ec->current_image = EC_IMAGE_RW;
+ len = 0;
+ break;
+ default:
+ puts(" ** Unknown type");
+ return -1;
+ }
+ break;
+ }
+ case EC_CMD_HOST_EVENT_GET_B: {
+ struct ec_response_host_event_mask *resp = resp_data;
+
+ resp->mask = 0;
+ if (ec->recovery_req) {
+ resp->mask |= EC_HOST_EVENT_MASK(
+ EC_HOST_EVENT_KEYBOARD_RECOVERY);
+ }
+
+ len = sizeof(*resp);
+ break;
+ }
+ case EC_CMD_VBOOT_HASH: {
+ const struct ec_params_vboot_hash *req = req_data;
+ struct ec_response_vboot_hash *resp = resp_data;
+ struct fmap_entry *entry;
+ int ret, size;
+
+ entry = &state->ec_config.region[EC_FLASH_REGION_RW];
+
+ switch (req->cmd) {
+ case EC_VBOOT_HASH_RECALC:
+ case EC_VBOOT_HASH_GET:
+ size = SHA256_SUM_LEN;
+ len = get_image_used(ec, entry);
+ ret = hash_block("sha256",
+ ec->flash_data + entry->offset,
+ len, resp->hash_digest, &size);
+ if (ret) {
+ printf(" ** hash_block() failed\n");
+ return -1;
+ }
+ resp->status = EC_VBOOT_HASH_STATUS_DONE;
+ resp->hash_type = EC_VBOOT_HASH_TYPE_SHA256;
+ resp->digest_size = size;
+ resp->reserved0 = 0;
+ resp->offset = entry->offset;
+ resp->size = len;
+ len = sizeof(*resp);
+ break;
+ default:
+ printf(" ** EC_CMD_VBOOT_HASH: Unknown command %d\n",
+ req->cmd);
+ return -1;
+ }
+ break;
+ }
+ case EC_CMD_FLASH_PROTECT: {
+ const struct ec_params_flash_protect *req = req_data;
+ struct ec_response_flash_protect *resp = resp_data;
+ uint32_t expect = EC_FLASH_PROTECT_ALL_NOW |
+ EC_FLASH_PROTECT_ALL_AT_BOOT;
+
+ printf("mask=%#x, flags=%#x\n", req->mask, req->flags);
+ if (req->flags == expect || req->flags == 0) {
+ resp->flags = req->flags ? EC_FLASH_PROTECT_ALL_NOW :
+ 0;
+ resp->valid_flags = EC_FLASH_PROTECT_ALL_NOW;
+ resp->writable_flags = 0;
+ len = sizeof(*resp);
+ } else {
+ puts(" ** unexpected flash protect request\n");
+ return -1;
+ }
+ break;
+ }
+ case EC_CMD_FLASH_REGION_INFO: {
+ const struct ec_params_flash_region_info *req = req_data;
+ struct ec_response_flash_region_info *resp = resp_data;
+ struct fmap_entry *entry;
+
+ switch (req->region) {
+ case EC_FLASH_REGION_RO:
+ case EC_FLASH_REGION_RW:
+ case EC_FLASH_REGION_WP_RO:
+ entry = &state->ec_config.region[req->region];
+ resp->offset = entry->offset;
+ resp->size = entry->length;
+ len = sizeof(*resp);
+ printf("EC flash region %d: offset=%#x, size=%#x\n",
+ req->region, resp->offset, resp->size);
+ break;
+ default:
+ printf("** Unknown flash region %d\n", req->region);
+ return -1;
+ }
+ break;
+ }
+ case EC_CMD_FLASH_ERASE: {
+ const struct ec_params_flash_erase *req = req_data;
+
+ memset(ec->flash_data + req->offset,
+ ec->ec_config.flash_erase_value,
+ req->size);
+ len = 0;
+ break;
+ }
+ case EC_CMD_FLASH_WRITE: {
+ const struct ec_params_flash_write *req = req_data;
+
+ memcpy(ec->flash_data + req->offset, req + 1, req->size);
+ len = 0;
+ break;
+ }
+ case EC_CMD_MKBP_STATE:
+ len = cros_ec_keyscan(ec, resp_data);
+ break;
+ default:
+ printf(" ** Unknown EC command %#02x\n", req_hdr->command);
+ return -1;
+ }
+
+ return len;
+}
+
+int cros_ec_sandbox_packet(struct cros_ec_dev *dev, int out_bytes,
+ int in_bytes)
+{
+ struct ec_host_request *req_hdr = (struct ec_host_request *)dev->dout;
+ const void *req_data = req_hdr + 1;
+ struct ec_host_response *resp_hdr = (struct ec_host_response *)dev->din;
+ void *resp_data = resp_hdr + 1;
+ int len;
+
+ len = process_cmd(&s_state, req_hdr, req_data, resp_hdr, resp_data);
+ if (len < 0)
+ return len;
+
+ resp_hdr->struct_version = 3;
+ resp_hdr->result = EC_RES_SUCCESS;
+ resp_hdr->data_len = len;
+ resp_hdr->reserved = 0;
+ len += sizeof(*resp_hdr);
+ resp_hdr->checksum = 0;
+ resp_hdr->checksum = (uint8_t)
+ -cros_ec_calc_checksum((const uint8_t *)resp_hdr, len);
+
+ return in_bytes;
+}
+
+int cros_ec_sandbox_decode_fdt(struct cros_ec_dev *dev, const void *blob)
+{
+ return 0;
+}
+
+void cros_ec_check_keyboard(struct cros_ec_dev *dev)
+{
+ struct ec_state *ec = &s_state;
+ ulong start;
+
+ printf("Press keys for EC to detect on reset (ESC=recovery)...");
+ start = get_timer(0);
+ while (get_timer(start) < 1000)
+ ;
+ putc('\n');
+ if (!sandbox_sdl_key_pressed(KEY_ESC)) {
+ ec->recovery_req = true;
+ printf(" - EC requests recovery\n");
+ }
+}
+
+/**
+ * Initialize sandbox EC emulation.
+ *
+ * @param dev CROS_EC device
+ * @param blob Device tree blob
+ * @return 0 if ok, -1 on error
+ */
+int cros_ec_sandbox_init(struct cros_ec_dev *dev, const void *blob)
+{
+ struct ec_state *ec = &s_state;
+ int node;
+ int err;
+
+ state = &s_state;
+ err = cros_ec_decode_ec_flash(blob, &ec->ec_config);
+ if (err)
+ return err;
+
+ node = fdtdec_next_compatible(blob, 0, COMPAT_GOOGLE_CROS_EC_KEYB);
+ if (node < 0) {
+ debug("%s: No cros_ec keyboard found\n", __func__);
+ } else if (keyscan_read_fdt_matrix(ec, blob, node)) {
+ debug("%s: Could not read key matrix\n", __func__);
+ return -1;
+ }
+
+ /* If we loaded EC data, check that the length matches */
+ if (ec->flash_data &&
+ ec->flash_data_len != ec->ec_config.flash.length) {
+ printf("EC data length is %x, expected %x, discarding data\n",
+ ec->flash_data_len, ec->ec_config.flash.length);
+ os_free(ec->flash_data);
+ ec->flash_data = NULL;
+ }
+
+ /* Otherwise allocate the memory */
+ if (!ec->flash_data) {
+ ec->flash_data_len = ec->ec_config.flash.length;
+ ec->flash_data = os_malloc(ec->flash_data_len);
+ if (!ec->flash_data)
+ return -ENOMEM;
+ }
+
+ return 0;
+}