diff options
| author | Damien Zammit <damien@zamaudio.com> | 2016-09-11 21:12:26 +1000 |
|---|---|---|
| committer | Damien Zammit <damien@zamaudio.com> | 2016-09-11 21:12:26 +1000 |
| commit | ee6d67565039f0269cc63b93f5ef853d40623b54 (patch) | |
| tree | a2929ca2b1ca73b1e91a6f261d7964df14a04e01 | |
| parent | d2d9fa720858b4738c229cf53712c05a99d0eab5 (diff) | |
Fix endianness of firmware signing and bypass service requests for now
Signed-off-by: Damien Zammit <damien@zamaudio.com>
| -rwxr-xr-x | firmware/makefirmware.sh | 33 | ||||
| -rw-r--r-- | firmware/servicereq.c | 4 | ||||
| -rw-r--r-- | firmware/smu.c | 2 | ||||
| -rw-r--r-- | firmware/smu.h | 2 | ||||
| -rw-r--r-- | signsmu.py | 8 |
5 files changed, 33 insertions, 16 deletions
diff --git a/firmware/makefirmware.sh b/firmware/makefirmware.sh index b7e028c..bd08e65 100755 --- a/firmware/makefirmware.sh +++ b/firmware/makefirmware.sh @@ -22,22 +22,43 @@ FWHEX=$(od -t x4 -w4 -v -An --endian=big $FIRMWARE|awk '{print "0x"$1","}') SHA1HASH=$(python ../signsmu.py $1 | awk '{print $1","}') echo " +/* + * SMU FIRMWARE (Autogenerated by makefirmware.sh) + * This firmware for SMU was compiled from source + * available in 'smutool' by Damien Zammit (2016) + */ + #ifndef _SMUFIRMWARE_H #define _SMUFIRMWARE_H +UINT32 FirmwareTNHeader[] = { + 0x554D535F, + 0x554D535F, + 0x0000F030, + 0x00002000, + 0x00010000, + 0x7E26E3A5, + 0x00004E54, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, +}; + UINT32 FirmwareTN[] = { 0x000a00cb, 0x00000040," echo "$FWLEN" echo " 0x00010100," echo "$SHA1HASH" -echo " 0x0001d97c, - 0x0001da8c, +echo " 0x00010100, //0x0001d97c, + 0x00010100, //0x0001da8c, 0x00000000, - 0x0001daad, - 0x0001dabc, - 0x0001d9d0, - 0x0001dbf4, + 0x00010100, //0x0001daad, + 0x00010100, //0x0001dabc, + 0x00010100, //0x0001d9d0, + 0x00010100, //0x0001dbf4, 0x00000000, 0x00000000, 0x00000000, diff --git a/firmware/servicereq.c b/firmware/servicereq.c index 23adf5a..ebd5929 100644 --- a/firmware/servicereq.c +++ b/firmware/servicereq.c @@ -5627,6 +5627,10 @@ void smu_service_request(unsigned int e3) requestid &= 0x1fffe; requestid >>= 1; + // Instead of servicing the request, just dump the request number + SMU_POST(requestid); + return; + switch(requestid) { case SMC_MSG_HALT: halt(); diff --git a/firmware/smu.c b/firmware/smu.c index 28dfb28..557acba 100644 --- a/firmware/smu.c +++ b/firmware/smu.c @@ -16,8 +16,6 @@ #include "delay.h" #include "servicereq.h" -#define SMU_POST(x) write32(0xe0003024, (x & 0xff)) - void main(void) { int i; diff --git a/firmware/smu.h b/firmware/smu.h index b6eb864..1c1f74b 100644 --- a/firmware/smu.h +++ b/firmware/smu.h @@ -20,6 +20,8 @@ typedef unsigned char u8; typedef unsigned short u16; typedef unsigned int u32; +#define SMU_POST(x) write32(0xe0003024, (x & 0xff)) + #define SMC_MSG_HALT 1 #define SMC_MSG_PHY_LN_OFF 2 #define SMC_MSG_PHY_LN_ON 3 @@ -33,14 +33,6 @@ try: finally: f.close() -for wcnt in range(0,len(firmware)/4): - tmp = firmware[wcnt*4] - firmware[wcnt*4] = firmware[wcnt*4+3] - firmware[wcnt*4+3] = tmp - tmp = firmware[wcnt*4+1] - firmware[wcnt*4+1] = firmware[wcnt*4+2] - firmware[wcnt*4+2] = tmp - h = hmac.new(key1, firmware, hashlib.sha1) mhash = h.digest() print hex(struct.unpack(">5I", mhash)[0]) |