2 * This file is subject to the terms and conditions of the GNU General Public
3 * License. See the file "COPYING" in the main directory of this archive
6 * Copyright (C) 2008 Axel Gembe <ago@bastart.eu.org>
7 * Copyright (C) 2009-2010 Daniel Dickinson <openwrt@cshore.neomailbox.net>
17 #include <netinet/in.h>
20 #include "imagetag_cmdline.h"
22 #define DEADCODE 0xDEADC0DE
26 uint32_t loadaddr; /* Kernel load address */
27 uint32_t entry; /* Kernel entry point address */
28 uint32_t lzmalen; /* Compressed length of the LZMA data that follows */
31 static char pirellitab[NUM_PIRELLI][BOARDID_LEN] = PIRELLI_BOARDS;
33 static uint32_t crc32tab[256] = {
34 0x00000000, 0x77073096, 0xEE0E612C, 0x990951BA, 0x076DC419, 0x706AF48F, 0xE963A535, 0x9E6495A3,
35 0x0EDB8832, 0x79DCB8A4, 0xE0D5E91E, 0x97D2D988, 0x09B64C2B, 0x7EB17CBD, 0xE7B82D07, 0x90BF1D91,
36 0x1DB71064, 0x6AB020F2, 0xF3B97148, 0x84BE41DE, 0x1ADAD47D, 0x6DDDE4EB, 0xF4D4B551, 0x83D385C7,
37 0x136C9856, 0x646BA8C0, 0xFD62F97A, 0x8A65C9EC, 0x14015C4F, 0x63066CD9, 0xFA0F3D63, 0x8D080DF5,
38 0x3B6E20C8, 0x4C69105E, 0xD56041E4, 0xA2677172, 0x3C03E4D1, 0x4B04D447, 0xD20D85FD, 0xA50AB56B,
39 0x35B5A8FA, 0x42B2986C, 0xDBBBC9D6, 0xACBCF940, 0x32D86CE3, 0x45DF5C75, 0xDCD60DCF, 0xABD13D59,
40 0x26D930AC, 0x51DE003A, 0xC8D75180, 0xBFD06116, 0x21B4F4B5, 0x56B3C423, 0xCFBA9599, 0xB8BDA50F,
41 0x2802B89E, 0x5F058808, 0xC60CD9B2, 0xB10BE924, 0x2F6F7C87, 0x58684C11, 0xC1611DAB, 0xB6662D3D,
42 0x76DC4190, 0x01DB7106, 0x98D220BC, 0xEFD5102A, 0x71B18589, 0x06B6B51F, 0x9FBFE4A5, 0xE8B8D433,
43 0x7807C9A2, 0x0F00F934, 0x9609A88E, 0xE10E9818, 0x7F6A0DBB, 0x086D3D2D, 0x91646C97, 0xE6635C01,
44 0x6B6B51F4, 0x1C6C6162, 0x856530D8, 0xF262004E, 0x6C0695ED, 0x1B01A57B, 0x8208F4C1, 0xF50FC457,
45 0x65B0D9C6, 0x12B7E950, 0x8BBEB8EA, 0xFCB9887C, 0x62DD1DDF, 0x15DA2D49, 0x8CD37CF3, 0xFBD44C65,
46 0x4DB26158, 0x3AB551CE, 0xA3BC0074, 0xD4BB30E2, 0x4ADFA541, 0x3DD895D7, 0xA4D1C46D, 0xD3D6F4FB,
47 0x4369E96A, 0x346ED9FC, 0xAD678846, 0xDA60B8D0, 0x44042D73, 0x33031DE5, 0xAA0A4C5F, 0xDD0D7CC9,
48 0x5005713C, 0x270241AA, 0xBE0B1010, 0xC90C2086, 0x5768B525, 0x206F85B3, 0xB966D409, 0xCE61E49F,
49 0x5EDEF90E, 0x29D9C998, 0xB0D09822, 0xC7D7A8B4, 0x59B33D17, 0x2EB40D81, 0xB7BD5C3B, 0xC0BA6CAD,
50 0xEDB88320, 0x9ABFB3B6, 0x03B6E20C, 0x74B1D29A, 0xEAD54739, 0x9DD277AF, 0x04DB2615, 0x73DC1683,
51 0xE3630B12, 0x94643B84, 0x0D6D6A3E, 0x7A6A5AA8, 0xE40ECF0B, 0x9309FF9D, 0x0A00AE27, 0x7D079EB1,
52 0xF00F9344, 0x8708A3D2, 0x1E01F268, 0x6906C2FE, 0xF762575D, 0x806567CB, 0x196C3671, 0x6E6B06E7,
53 0xFED41B76, 0x89D32BE0, 0x10DA7A5A, 0x67DD4ACC, 0xF9B9DF6F, 0x8EBEEFF9, 0x17B7BE43, 0x60B08ED5,
54 0xD6D6A3E8, 0xA1D1937E, 0x38D8C2C4, 0x4FDFF252, 0xD1BB67F1, 0xA6BC5767, 0x3FB506DD, 0x48B2364B,
55 0xD80D2BDA, 0xAF0A1B4C, 0x36034AF6, 0x41047A60, 0xDF60EFC3, 0xA867DF55, 0x316E8EEF, 0x4669BE79,
56 0xCB61B38C, 0xBC66831A, 0x256FD2A0, 0x5268E236, 0xCC0C7795, 0xBB0B4703, 0x220216B9, 0x5505262F,
57 0xC5BA3BBE, 0xB2BD0B28, 0x2BB45A92, 0x5CB36A04, 0xC2D7FFA7, 0xB5D0CF31, 0x2CD99E8B, 0x5BDEAE1D,
58 0x9B64C2B0, 0xEC63F226, 0x756AA39C, 0x026D930A, 0x9C0906A9, 0xEB0E363F, 0x72076785, 0x05005713,
59 0x95BF4A82, 0xE2B87A14, 0x7BB12BAE, 0x0CB61B38, 0x92D28E9B, 0xE5D5BE0D, 0x7CDCEFB7, 0x0BDBDF21,
60 0x86D3D2D4, 0xF1D4E242, 0x68DDB3F8, 0x1FDA836E, 0x81BE16CD, 0xF6B9265B, 0x6FB077E1, 0x18B74777,
61 0x88085AE6, 0xFF0F6A70, 0x66063BCA, 0x11010B5C, 0x8F659EFF, 0xF862AE69, 0x616BFFD3, 0x166CCF45,
62 0xA00AE278, 0xD70DD2EE, 0x4E048354, 0x3903B3C2, 0xA7672661, 0xD06016F7, 0x4969474D, 0x3E6E77DB,
63 0xAED16A4A, 0xD9D65ADC, 0x40DF0B66, 0x37D83BF0, 0xA9BCAE53, 0xDEBB9EC5, 0x47B2CF7F, 0x30B5FFE9,
64 0xBDBDF21C, 0xCABAC28A, 0x53B39330, 0x24B4A3A6, 0xBAD03605, 0xCDD70693, 0x54DE5729, 0x23D967BF,
65 0xB3667A2E, 0xC4614AB8, 0x5D681B02, 0x2A6F2B94, 0xB40BBE37, 0xC30C8EA1, 0x5A05DF1B, 0x2D02EF8D
68 void int2tag(char *tag, uint32_t value) {
69 uint32_t network = htonl(value);
70 memcpy(tag, (char *)(&network), 4);
73 uint32_t crc32(uint32_t crc, uint8_t *data, size_t len)
76 crc = (crc >> 8) ^ crc32tab[(crc ^ *data++) & 0xFF];
81 uint32_t compute_crc32(uint32_t crc, FILE *binfile, size_t compute_start, size_t compute_len)
83 uint8_t readbuf[1024];
86 fseek(binfile, compute_start, SEEK_SET);
88 /* read block of 1024 bytes */
89 while (binfile && !feof(binfile) && !ferror(binfile) && (compute_len >= sizeof(readbuf))) {
90 read = fread(readbuf, sizeof(uint8_t), sizeof(readbuf), binfile);
91 crc = crc32(crc, readbuf, read);
92 compute_len = compute_len - read;
95 /* Less than 1024 bytes remains, read compute_len bytes */
96 if (binfile && !feof(binfile) && !ferror(binfile) && (compute_len > 0)) {
97 read = fread(readbuf, sizeof(uint8_t), compute_len, binfile);
98 crc = crc32(crc, readbuf, read);
104 size_t getlen(FILE *fp)
106 size_t retval, curpos;
112 fseek(fp, 0, SEEK_END);
114 fseek(fp, curpos, SEEK_SET);
119 int tagfile(const char *kernel, const char *rootfs, const char *bin, \
120 const struct gengetopt_args_info *args, \
121 uint32_t flash_start, uint32_t image_offset, \
122 uint32_t block_size, uint32_t load_address, uint32_t entry)
125 struct kernelhdr khdr;
126 FILE *kernelfile = NULL, *rootfsfile = NULL, *binfile = NULL, *cfefile = NULL;
127 size_t cfeoff, cfelen, kerneloff, kernellen, rootfsoff, rootfslen, \
128 read, imagelen, rootfsoffpadlen = 0, kernelfslen, kerneloffpadlen = 0, oldrootfslen;
129 uint8_t readbuf[1024];
130 uint32_t imagecrc = IMAGETAG_CRC_START;
131 uint32_t kernelcrc = IMAGETAG_CRC_START;
132 uint32_t rootfscrc = IMAGETAG_CRC_START;
133 uint32_t kernelfscrc = IMAGETAG_CRC_START;
136 const uint32_t deadcode = htonl(DEADCODE);
141 memset(&tag, 0, sizeof(struct bcm_tag));
143 if (!kernel || !rootfs) {
144 fprintf(stderr, "imagetag can't create an image without both kernel and rootfs\n");
147 if (kernel && !(kernelfile = fopen(kernel, "rb"))) {
148 fprintf(stderr, "Unable to open kernel \"%s\"\n", kernel);
152 if (rootfs && !(rootfsfile = fopen(rootfs, "rb"))) {
153 fprintf(stderr, "Unable to open rootfs \"%s\"\n", rootfs);
157 if (!bin || !(binfile = fopen(bin, "wb+"))) {
158 fprintf(stderr, "Unable to open output file \"%s\"\n", bin);
162 if ((args->cfe_given) && (args->cfe_arg)) {
163 if (!(cfefile = fopen(args->cfe_arg, "rb"))) {
164 fprintf(stderr, "Unable to open CFE file \"%s\"\n", args->cfe_arg);
168 fwaddr = flash_start + image_offset;
170 cfeoff = flash_start;
171 cfelen = getlen(cfefile);
172 /* Seek to the start of the file after tag */
173 fseek(binfile, sizeof(tag), SEEK_SET);
176 while (cfefile && !feof(cfefile) && !ferror(cfefile)) {
177 read = fread(readbuf, sizeof(uint8_t), sizeof(readbuf), cfefile);
178 fwrite(readbuf, sizeof(uint8_t), read, binfile);
186 if (!args->root_first_flag) {
187 /* Build the kernel address and length (doesn't need to be aligned, read only) */
188 kerneloff = fwaddr + sizeof(tag);
190 kernellen = getlen(kernelfile);
192 if (!args->kernel_file_has_header_flag) {
193 /* Build the kernel header */
194 khdr.loadaddr = htonl(load_address);
195 khdr.entry = htonl(entry);
196 khdr.lzmalen = htonl(kernellen);
198 /* Increase the kernel size by the header size */
199 kernellen += sizeof(khdr);
202 /* Build the rootfs address and length (start and end do need to be aligned on flash erase block boundaries */
203 rootfsoff = kerneloff + kernellen;
204 rootfsoff = (rootfsoff % block_size) > 0 ? (((rootfsoff / block_size) + 1) * block_size) : rootfsoff;
205 rootfslen = getlen(rootfsfile);
206 rootfslen = ( (rootfslen % block_size) > 0 ? (((rootfslen / block_size) + 1) * block_size) : rootfslen );
207 imagelen = rootfsoff + rootfslen - kerneloff + sizeof(deadcode);
208 rootfsoffpadlen = rootfsoff - (kerneloff + kernellen);
210 /* Seek to the start of the kernel */
211 fseek(binfile, kerneloff - fwaddr + cfelen, SEEK_SET);
213 /* Write the kernel header */
214 fwrite(&khdr, sizeof(khdr), 1, binfile);
216 /* Write the kernel */
217 while (kernelfile && !feof(kernelfile) && !ferror(kernelfile)) {
218 read = fread(readbuf, sizeof(uint8_t), sizeof(readbuf), kernelfile);
219 fwrite(readbuf, sizeof(uint8_t), read, binfile);
222 /* Write the RootFS */
223 fseek(binfile, rootfsoff - fwaddr + cfelen, SEEK_SET);
224 while (rootfsfile && !feof(rootfsfile) && !ferror(rootfsfile)) {
225 read = fread(readbuf, sizeof(uint8_t), sizeof(readbuf), rootfsfile);
226 fwrite(readbuf, sizeof(uint8_t), read, binfile);
229 /* Align image to specified erase block size and append deadc0de */
230 printf("Data alignment to %dk with 'deadc0de' appended\n", block_size/1024);
231 fseek(binfile, rootfsoff + rootfslen - fwaddr + cfelen, SEEK_SET);
232 fwrite(&deadcode, sizeof(uint32_t), 1, binfile);
234 oldrootfslen = rootfslen;
235 if (args->pad_given) {
236 uint32_t allfs = 0xffffffff;
237 uint32_t pad_size = args->pad_arg * 1024 * 1024;
239 printf("Padding image to %d bytes ...\n", pad_size);
240 while (imagelen < pad_size) {
241 fwrite(&allfs, sizeof(uint32_t), 1, binfile);
247 /* Flush the binfile buffer so that when we read from file, it contains
248 * everything in the buffer
252 /* Compute the crc32 of the entire image (deadC0de included) */
253 imagecrc = compute_crc32(imagecrc, binfile, kerneloff - fwaddr + cfelen, imagelen);
254 /* Compute the crc32 of the kernel and padding between kernel and rootfs) */
255 kernelcrc = compute_crc32(kernelcrc, binfile, kerneloff - fwaddr + cfelen, kernellen + rootfsoffpadlen);
256 /* Compute the crc32 of the kernel and padding between kernel and rootfs) */
257 kernelfscrc = compute_crc32(kernelfscrc, binfile, kerneloff - fwaddr + cfelen, kernellen + rootfsoffpadlen + rootfslen + sizeof(deadcode));
258 /* Compute the crc32 of the flashImageStart to rootLength.
259 * The broadcom firmware assumes the rootfs starts the image,
260 * therefore uses the rootfs start to determine where to flash
261 * the image. Since we have the kernel first we have to give
262 * it the kernel address, but the crc uses the length
263 * associated with this address, which is added to the kernel
264 * length to determine the length of image to flash and thus
265 * needs to be rootfs + deadcode
267 rootfscrc = compute_crc32(rootfscrc, binfile, kerneloff - fwaddr + cfelen, rootfslen + sizeof(deadcode));
270 /* Build the kernel address and length (doesn't need to be aligned, read only) */
271 rootfsoff = fwaddr + sizeof(tag);
272 oldrootfslen = getlen(rootfsfile);
273 rootfslen = oldrootfslen;
274 rootfslen = ( (rootfslen % block_size) > 0 ? (((rootfslen / block_size) + 1) * block_size) : rootfslen );
275 kerneloffpadlen = rootfslen - oldrootfslen;
276 oldrootfslen = rootfslen;
278 kerneloff = rootfsoff + rootfslen;
279 kernellen = getlen(kernelfile);
281 imagelen = cfelen + rootfslen + kernellen;
283 /* Seek to the start of the kernel */
284 fseek(binfile, kerneloff - fwaddr + cfelen, SEEK_SET);
286 if (!args->kernel_file_has_header_flag) {
287 /* Build the kernel header */
288 khdr.loadaddr = htonl(load_address);
289 khdr.entry = htonl(entry);
290 khdr.lzmalen = htonl(kernellen);
292 /* Write the kernel header */
293 fwrite(&khdr, sizeof(khdr), 1, binfile);
295 /* Increase the kernel size by the header size */
296 kernellen += sizeof(khdr);
299 /* Write the kernel */
300 while (kernelfile && !feof(kernelfile) && !ferror(kernelfile)) {
301 read = fread(readbuf, sizeof(uint8_t), sizeof(readbuf), kernelfile);
302 fwrite(readbuf, sizeof(uint8_t), read, binfile);
305 /* Write the RootFS */
306 fseek(binfile, rootfsoff - fwaddr + cfelen, SEEK_SET);
307 while (rootfsfile && !feof(rootfsfile) && !ferror(rootfsfile)) {
308 read = fread(readbuf, sizeof(uint8_t), sizeof(readbuf), rootfsfile);
309 fwrite(readbuf, sizeof(uint8_t), read, binfile);
312 /* Flush the binfile buffer so that when we read from file, it contains
313 * everything in the buffer
317 /* Compute the crc32 of the entire image (deadC0de included) */
318 imagecrc = compute_crc32(imagecrc, binfile, sizeof(tag), imagelen);
319 /* Compute the crc32 of the kernel and padding between kernel and rootfs) */
320 kernelcrc = compute_crc32(kernelcrc, binfile, kerneloff - fwaddr + cfelen, kernellen + rootfsoffpadlen);
321 kernelfscrc = compute_crc32(kernelfscrc, binfile, rootfsoff - fwaddr + cfelen, kernellen + rootfslen);
322 rootfscrc = compute_crc32(rootfscrc, binfile, rootfsoff - fwaddr + cfelen, rootfslen);
325 /* Close the files */
333 strncpy(tag.tagVersion, args->tag_version_arg, sizeof(tag.tagVersion) - 1);
334 strncpy(tag.sig_1, args->signature_arg, sizeof(tag.sig_1) - 1);
335 strncpy(tag.sig_2, args->signature2_arg, sizeof(tag.sig_2) - 1);
336 strncpy(tag.chipid, args->chipid_arg, sizeof(tag.chipid) - 1);
337 strncpy(tag.boardid, args->boardid_arg, sizeof(tag.boardid) - 1);
338 strcpy(tag.big_endian, "1");
339 sprintf(tag.totalLength, "%lu", imagelen);
341 if (args->cfe_given) {
342 sprintf(tag.cfeAddress, "%lu", flash_start);
343 sprintf(tag.cfeLength, "%lu", cfelen);
345 /* We don't include CFE */
346 strcpy(tag.cfeAddress, "0");
347 strcpy(tag.cfeLength, "0");
350 sprintf(tag.kernelAddress, "%lu", kerneloff);
351 sprintf(tag.kernelLength, "%lu", kernellen + rootfsoffpadlen);
353 if (args->root_first_flag) {
354 sprintf(tag.flashImageStart, "%lu", rootfsoff);
355 sprintf(tag.flashRootLength, "%lu", rootfslen);
357 sprintf(tag.flashImageStart, "%lu", kerneloff);
358 sprintf(tag.flashRootLength, "%lu", rootfslen + sizeof(deadcode));
360 int2tag(tag.rootLength, oldrootfslen + sizeof(deadcode));
362 if (args->rsa_signature_given) {
363 strncpy(tag.rsa_signature, args->rsa_signature_arg, RSASIG_LEN);
366 if (args->layoutver_given) {
367 strncpy(tag.flashLayoutVer, args->layoutver_arg, TAGLAYOUT_LEN);
370 if (args->info1_given) {
371 strncpy(tag.information1, args->info1_arg, TAGINFO1_LEN);
374 if (args->info2_given) {
375 strncpy(tag.information2, args->info2_arg, TAGINFO2_LEN);
378 if (args->reserved2_given) {
379 strncpy(tag.reserved2, args->reserved2_arg, 16);
382 if (args->altinfo_given) {
383 strncpy(&tag.information1[0], args->altinfo_arg, ALTTAGINFO_LEN);
386 if (args->second_image_flag_given) {
387 if (strncmp(args->second_image_flag_arg, "2", DUALFLAG_LEN) != 0) {
388 strncpy(tag.dualImage, args->second_image_flag_arg, DUALFLAG_LEN);
392 if (args->inactive_given) {
393 if (strncmp(args->inactive_arg, "2", INACTIVEFLAG_LEN) != 0) {
394 strncpy(tag.inactiveFlag, args->second_image_flag_arg, INACTIVEFLAG_LEN);
398 for (i = 0; i < NUM_PIRELLI; i++) {
399 if (strncmp(args->boardid_arg, pirellitab[i], BOARDID_LEN) == 0) {
406 int2tag(tag.imageCRC, kernelfscrc);
408 int2tag(tag.imageCRC, kernelcrc);
411 int2tag(&(tag.rootfsCRC[0]), rootfscrc);
412 int2tag(tag.kernelCRC, kernelcrc);
413 int2tag(tag.fskernelCRC, kernelfscrc);
414 int2tag(tag.headerCRC, crc32(IMAGETAG_CRC_START, (uint8_t*)&tag, sizeof(tag) - 20));
416 fseek(binfile, 0L, SEEK_SET);
417 fwrite(&tag, sizeof(uint8_t), sizeof(tag), binfile);
425 int main(int argc, char **argv)
428 char *kernel, *rootfs, *bin;
429 uint32_t flash_start, image_offset, block_size, load_address, entry;
430 flash_start = image_offset = block_size = load_address = entry = 0;
431 struct gengetopt_args_info parsed_args;
433 kernel = rootfs = bin = NULL;
435 if (cmdline_parser(argc, argv, &parsed_args)) {
439 printf("Broadcom 63xx image tagger - v2.0.0\n");
440 printf("Copyright (C) 2008 Axel Gembe\n");
441 printf("Copyright (C) 2009-2010 Daniel Dickinson\n");
442 printf("Licensed under the terms of the Gnu General Public License\n");
444 kernel = parsed_args.kernel_arg;
445 rootfs = parsed_args.rootfs_arg;
446 bin = parsed_args.output_arg;
447 if (strlen(parsed_args.tag_version_arg) >= TAGVER_LEN) {
448 fprintf(stderr, "Error: Tag Version (tag_version,v) too long.\n");
451 if (strlen(parsed_args.boardid_arg) >= BOARDID_LEN) {
452 fprintf(stderr, "Error: Board ID (boardid,b) too long.\n");
455 if (strlen(parsed_args.chipid_arg) >= CHIPID_LEN) {
456 fprintf(stderr, "Error: Chip ID (chipid,c) too long.\n");
459 if (strlen(parsed_args.signature_arg) >= SIG1_LEN) {
460 fprintf(stderr, "Error: Magic string (signature,a) too long.\n");
463 if (strlen(parsed_args.signature2_arg) >= SIG2_LEN) {
464 fprintf(stderr, "Error: Second magic string (signature2,m) too long.\n");
467 if (parsed_args.layoutver_given) {
468 if (strlen(parsed_args.layoutver_arg) > FLASHLAYOUTVER_LEN) {
469 fprintf(stderr, "Error: Flash layout version (layoutver,y) too long.\n");
473 if (parsed_args.rsa_signature_given) {
474 if (strlen(parsed_args.rsa_signature_arg) > RSASIG_LEN) {
475 fprintf(stderr, "Error: RSA Signature (rsa_signature,r) too long.\n");
480 if (parsed_args.info1_given) {
481 if (strlen(parsed_args.info1_arg) >= TAGINFO1_LEN) {
482 fprintf(stderr, "Error: Vendor Information 1 (info1) too long.\n");
487 if (parsed_args.info2_given) {
488 if (strlen(parsed_args.info2_arg) >= TAGINFO2_LEN) {
489 fprintf(stderr, "Error: Vendor Information 2 (info2) too long.\n");
494 if (parsed_args.altinfo_given) {
495 if (strlen(parsed_args.altinfo_arg) >= ALTTAGINFO_LEN) {
496 fprintf(stderr, "Error: Vendor Information 1 (info1) too long.\n");
501 if (parsed_args.pad_given) {
502 if (parsed_args.pad_arg < 0) {
503 fprintf(stderr, "Error: pad size must be positive.\r");
508 flash_start = strtoul(parsed_args.flash_start_arg, NULL, 16);
509 image_offset = strtoul(parsed_args.image_offset_arg, NULL, 16);
510 block_size = strtoul(parsed_args.block_size_arg, NULL, 16);
512 if (!parsed_args.kernel_file_has_header_flag) {
513 load_address = strtoul(parsed_args.load_addr_arg, NULL, 16);
514 entry = strtoul(parsed_args.entry_arg, NULL, 16);
515 if (load_address == 0) {
516 fprintf(stderr, "Error: Invalid value for load address\n");
519 fprintf(stderr, "Error: Invalid value for entry\n");
523 return tagfile(kernel, rootfs, bin, &parsed_args, flash_start, image_offset, block_size, load_address, entry);