Check for bootloader file on device before copying.
[maemo-rb.git] / tools / mkboot.c
blob77f65d9dc70868d832506f517839660f6d3230c0
1 /***************************************************************************
2 * __________ __ ___.
3 * Open \______ \ ____ ____ | | _\_ |__ _______ ___
4 * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ /
5 * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < <
6 * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \
7 * \/ \/ \/ \/ \/
8 * $Id$
10 * Copyright (C) 2005 by Linus Nielsen Feltzing
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
18 * KIND, either express or implied.
20 ****************************************************************************/
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include "mkboot.h"
26 #ifndef RBUTIL
27 static void usage(void)
29 printf("usage: mkboot <target> <firmware file> <boot file> <output file>\n");
30 printf("available targets:\n"
31 "\t-h100 Iriver H1x0\n"
32 "\t-h300 Iriver H3x0\n"
33 "\t-iax5 iAudio X5\n"
34 "\t-iam5 iAudio M5\n");
36 exit(1);
38 #endif
40 #ifndef RBUTIL
41 int main(int argc, char *argv[])
43 if(argc != 5)
45 usage();
46 return 1;
49 if ( ! strcmp(argv[1], "-h100"))
50 return mkboot_iriver(argv[2], argv[3], argv[4], 0x1f0000);
52 if ( ! strcmp(argv[1], "-h300"))
53 return mkboot_iriver(argv[2], argv[3], argv[4], 0x3f0000);
55 if ( ! strcmp(argv[1], "-iax5"))
56 return mkboot_iaudio(argv[2], argv[3], argv[4], 0);
58 if ( ! strcmp(argv[1], "-iam5"))
59 return mkboot_iaudio(argv[2], argv[3], argv[4], 1);
61 usage();
62 return 1;
64 #endif
66 static unsigned char image[0x400000 + 0x220 + 0x400000/0x200];
68 int mkboot_iriver(const char* infile, const char* bootfile, const char* outfile, int origin)
70 FILE *f;
71 int i;
72 int len;
73 int actual_length, total_length, binary_length, num_chksums;
75 memset(image, 0xff, sizeof(image));
77 /* First, read the iriver original firmware into the image */
78 f = fopen(infile, "rb");
79 if(!f) {
80 perror(infile);
81 return -1;
84 i = fread(image, 1, 16, f);
85 if(i < 16) {
86 perror(infile);
87 fclose(f);
88 return -2;
91 /* This is the length of the binary image without the scrambling
92 overhead (but including the ESTFBINR header) */
93 binary_length = image[4] + (image[5] << 8) +
94 (image[6] << 16) + (image[7] << 24);
96 /* Read the rest of the binary data, but not the checksum block */
97 len = binary_length+0x200-16;
98 i = fread(image+16, 1, len, f);
99 if(i < len) {
100 perror(infile);
101 fclose(f);
102 return -3;
105 fclose(f);
107 /* Now, read the boot loader into the image */
108 f = fopen(bootfile, "rb");
109 if(!f) {
110 perror(bootfile);
111 fclose(f);
112 return -4;
115 fseek(f, 0, SEEK_END);
116 len = ftell(f);
118 fseek(f, 0, SEEK_SET);
120 i = fread(image+0x220 + origin, 1, len, f);
121 if(i < len) {
122 perror(bootfile);
123 fclose(f);
124 return -5;
127 fclose(f);
129 f = fopen(outfile, "wb");
130 if(!f) {
131 perror(outfile);
132 return -6;
135 /* Patch the reset vector to start the boot loader */
136 image[0x220 + 4] = image[origin + 0x220 + 4];
137 image[0x220 + 5] = image[origin + 0x220 + 5];
138 image[0x220 + 6] = image[origin + 0x220 + 6];
139 image[0x220 + 7] = image[origin + 0x220 + 7];
141 /* This is the actual length of the binary, excluding all headers */
142 actual_length = origin + len;
144 /* Patch the ESTFBINR header */
145 image[0x20c] = (actual_length >> 24) & 0xff;
146 image[0x20d] = (actual_length >> 16) & 0xff;
147 image[0x20e] = (actual_length >> 8) & 0xff;
148 image[0x20f] = actual_length & 0xff;
150 image[0x21c] = (actual_length >> 24) & 0xff;
151 image[0x21d] = (actual_length >> 16) & 0xff;
152 image[0x21e] = (actual_length >> 8) & 0xff;
153 image[0x21f] = actual_length & 0xff;
155 /* This is the length of the binary, including the ESTFBINR header and
156 rounded up to the nearest 0x200 boundary */
157 binary_length = (actual_length + 0x20 + 0x1ff) & 0xfffffe00;
159 /* The number of checksums, i.e number of 0x200 byte blocks */
160 num_chksums = binary_length / 0x200;
162 /* The total file length, including all headers and checksums */
163 total_length = binary_length + num_chksums + 0x200;
165 /* Patch the scrambler header with the new length info */
166 image[0] = total_length & 0xff;
167 image[1] = (total_length >> 8) & 0xff;
168 image[2] = (total_length >> 16) & 0xff;
169 image[3] = (total_length >> 24) & 0xff;
171 image[4] = binary_length & 0xff;
172 image[5] = (binary_length >> 8) & 0xff;
173 image[6] = (binary_length >> 16) & 0xff;
174 image[7] = (binary_length >> 24) & 0xff;
176 image[8] = num_chksums & 0xff;
177 image[9] = (num_chksums >> 8) & 0xff;
178 image[10] = (num_chksums >> 16) & 0xff;
179 image[11] = (num_chksums >> 24) & 0xff;
181 i = fwrite(image, 1, total_length, f);
182 if(i < total_length) {
183 perror(outfile);
184 fclose(f);
185 return -7;
188 printf("Wrote 0x%x bytes in %s\n", total_length, outfile);
190 fclose(f);
192 return 0;
195 /* iAudio firmware update file header size */
196 #define HEADER_SIZE 0x1030
197 /* Address of flash contents that get overwritten by a firmware update.
198 * Contents before this address contain the preloader and are not affected
199 * by a firmware update.
200 * -> Firmware update file contents starting at offset HEADER_SIZE end up
201 * in flash at address FLASH_START
203 #define FLASH_START 0x00010000
204 /* Start of unused space in original firmware (flash address, not file
205 * offset!) where we patch in the Rockbox loader */
206 #define ROCKBOX_BOOTLOADER 0x00150000
207 /* End of unused space in original firmware */
208 #define BOOTLOADER_LIMIT 0x00170000
210 /* Patch the Rockbox bootloader into free space in the original firmware
211 * (starting at 0x150000). The preloader starts execution of the OF at
212 * 0x10000 which normally contains a jsr 0x10010. We also patch this to
213 * do a jsr 0x150000 to the Rockbox dual boot loader instead. If it then
214 * decides to start the OF instead of Rockbox, it simply does a jmp
215 * 0x10010 instead of loading Rockbox from disk.
217 int mkboot_iaudio(const char* infile, const char* bootfile, const char* outfile, int model_nr)
219 size_t flength, blength;
220 unsigned char *bbuf, *fbuf, *p;
221 const unsigned char fsig[] = {
222 0x4e, 0xb9, 0x00, 0x01, 0x00, 0x10 }; /* jsr 0x10010 */
223 unsigned char bsig[2][8] = {
224 /* dualboot signatures */
225 { 0x60, 0x06, 0x44, 0x42, 0x69, 0x61, 0x78, 0x35 }, /* X5 */
226 { 0x60, 0x06, 0x44, 0x42, 0x69, 0x61, 0x6d, 0x35 }, /* M5 */ };
227 FILE *ffile, *bfile, *ofile;
228 unsigned char sum = 0;
229 int i;
231 /* read input files */
232 if ((bfile = fopen(bootfile, "rb")) == NULL) {
233 perror("Cannot open Rockbox bootloader file.\n");
234 return 1;
237 fseek(bfile, 0, SEEK_END);
238 blength = ftell(bfile);
239 fseek(bfile, 0, SEEK_SET);
241 if (blength + ROCKBOX_BOOTLOADER >= BOOTLOADER_LIMIT) {
242 fprintf(stderr, "Rockbox bootloader is too big.\n");
243 return 1;
246 if ((ffile = fopen(infile, "rb")) == NULL) {
247 perror("Cannot open original firmware file.");
248 return 1;
251 fseek(ffile, 0, SEEK_END);
252 flength = ftell(ffile);
253 fseek(ffile, 0, SEEK_SET);
255 bbuf = malloc(blength);
256 fbuf = malloc(flength);
258 if (!bbuf || !fbuf) {
259 fprintf(stderr, "Out of memory.\n");
260 return 1;
263 if ( fread(bbuf, 1, blength, bfile) < blength
264 || fread(fbuf, 1, flength, ffile) < flength) {
265 fprintf(stderr, "Read error.\n");
266 return 1;
268 fclose(bfile);
269 fclose(ffile);
271 /* verify format of input files */
272 if (blength < 0x10 || memcmp(bbuf, bsig[model_nr], sizeof(bsig[0]))) {
273 fprintf(stderr, "Rockbox bootloader format error (is it bootloader.bin?).\n");
274 return 1;
276 if (flength < HEADER_SIZE-FLASH_START+BOOTLOADER_LIMIT
277 || memcmp(fbuf+HEADER_SIZE, fsig, sizeof(fsig))) {
278 fprintf(stderr, "Original firmware format error.\n");
279 return 1;
282 /* verify firmware is not overrun */
283 for (i = ROCKBOX_BOOTLOADER; i < BOOTLOADER_LIMIT; i++) {
284 if (fbuf[HEADER_SIZE-FLASH_START+i] != 0xff) {
285 fprintf(stderr, "Original firmware has grown too much.\n");
286 return 1;
290 /* change jsr 0x10010 to jsr DUAL_BOOTLOADER */
291 p = fbuf + HEADER_SIZE + 2;
292 *p++ = (ROCKBOX_BOOTLOADER >> 24) & 0xff;
293 *p++ = (ROCKBOX_BOOTLOADER >> 16) & 0xff;
294 *p++ = (ROCKBOX_BOOTLOADER >> 8) & 0xff;
295 *p++ = (ROCKBOX_BOOTLOADER ) & 0xff;
297 p = fbuf + HEADER_SIZE + ROCKBOX_BOOTLOADER - FLASH_START;
298 memcpy(p, bbuf, blength);
300 /* recalc checksum */
301 for (i = HEADER_SIZE; (size_t)i < flength; i++)
302 sum += fbuf[i];
303 fbuf[0x102b] = sum;
305 /* write output */
306 if ((ofile = fopen(outfile, "wb")) == NULL) {
307 perror("Cannot open output file");
308 return 1;
310 if (fwrite(fbuf, 1, flength, ofile) < flength) {
311 fprintf(stderr, "Write error.\n");
312 return 1;
314 fclose(ofile);
315 free(bbuf);
316 free(fbuf);
318 return 0;