 |
xFSTK
1.8.1-5.311
Intel SoC Cross Platform Firmware & Software Tool Kit
|
|
xFSTK
1.8.1-5.311
Intel SoC Cross Platform Firmware & Software Tool Kit
|
xFSTK Provides basic firmware and software provisioning capabilities for Intel SoC platforms. Currently xFSTK supports Windows XP 32-bit, Windows 7 32-bit/64-bit, Windows 8 64-bit, Ubuntu 10.04 LTS 32-bit/64-bit, Ubuntu 12.04 LTS 32-bit/64-bit, Red Hat, and Fedora 16 32-bit/64-bit hosts.
xFSTK Features:
\title Intel SoC Provisioning activities are performed via USB connectivity using a host/target configuration. Within the context of a 1st time programming scenario, Intel SoC platforms will boot into a firmware provisoning mode and xFSTK will detect that a device is attached to the system. Once detection of a target has been made, it is possible for the system operator to begin a firmware provisoning activity. Subsequent to provisoning firmware it is also possible to wait for the Intel SoC system to re-detect and OS provisioning can be performed. Note: In situations where the firmware / os update windows is short (on the order of 3 seconds) it is possible to initiate the download process before placing the target into an update mode. A typical system configuration is as follows:
Windows Note: During manual system provisioning, it is helpful to avoid removing the USB cable from the host machine. Instead remove the micro-usb connector from the target and connect a new one. Removing the USB cable from the Host machine may result in a need to reinstall Intel SoC provisoning drivers again. This typically occurs when the USB provisioning cable is moved to a different port on the host machine.
Intel provides SPI flash support on products that support SPI (BYT). The SPI flash support is used to program targets that have corrupted or blank SPI flash devices. This method only supports the firmware provisioning activity and is considered a 1st time programming activity or recovery method. OS downloads are not performed via SPI. The DediProg SF100 programmer provides the connectivity between target and host. In addition to the SF100 programmer, additional software is required by the SF100 as shown below:
\nfs
\nfs
\nfs
\page cmdline Command Line Usage
\title xFSTK provides a basic commandline interface to enable scripting of provisioning activities. Within the
install folder, the xfstk-dldr-solo binary can be used with the following commandline specification:
\section examples_cmdline Basic Commandline Details
<table>
<tr>
<td><b>Command</b></td>
<td><b>Explanation</b></td>
</tr>
<tr>
<td><b>-h [ --help ]</b></td>
<td>Print usage message</td>
</tr>
<tr>
<td><b>--fwdnx arg (=BLANK. BIN)</b></td>
<td>File path for the FW DNX module</td>
</tr>
<tr>
<td><b>--fwimage arg (=BLANK.bin)</b></td>
<td>File path for the FW Image module</td>
</tr>
<tr>
<td><b>--osdnx arg (=BLANK.bin)</b></td>
<td>File path for the OS DNX module</td>
</tr>
<tr>
<td><b>--osimage arg (=BLANK.bin)</b></td>
<td>File path for the OS image</td>
</tr>
<tr>
<td><b>--miscdnx arg</b></td>
<td>File path for miscellaneous DNX module</td>
</tr>
<tr>
<td><b>--gpflags arg (=0x80000000)</b></td>
<td>Optional argument. 32 Bit Hex Value of the GPFlags.</td>
</tr>
<tr>
<td><b>-r [ --rev ]</b></td>
<td>version/revision</td>
</tr>
<tr>
<td><b>-v [ --verbose ]</b></td>
<td>
<p>Optional argument. Display debug information.</p>
</td>
</tr>
<tr>
<td><b>--softfuse arg (=BLANK.bin)</b></td>
<td>Optioanl CLVP Only argument.File path for the Softfuse Binary</td>
</tr>
<tr>
<td><b>--miscbin </b></td>
<td>MERR/MOFD Only argument. File path for miscellaneous binary file </td>
</tr>
<tr>
<td><b>--debuglevel arg (=0xffffffff)</b></td>
<td>Optional argument. 32 bit hex value to set the debuglevel, 0x1800 = LOG_STATUS | LOG_PROGRESS</td>
</tr>
<tr>
<td><b>--usbdelayms arg (<500)</b></td>
<td>Optional argument. 32 bit int value to set the usbdelayms, default 0ms</td>
</tr>
<tr>
<td><b>--usbtimeout arg (=5000)</b></td>
<td>set USB read/write timeout, default 5000ms</td>
</tr>
<tr>
<td><b>--emmcdump arg</b></td>
<td>CLVP/MOFD only - Optional argument. Indicate whether to perform an emmc dump. Set to false by default</td>
</tr>
<tr>
<td><b>-f [ --file ] </b></td>
<td>CLVP/MOFD eMMc - Output file name</td>
</tr>
<tr>
<td><b>-p [ --partition ] </b></td>
<td>CLVP/MOFD only eMMc - 0 - user partition; 1- boot partition-1; 2 - boot partition-2;3 - E-CSD</td>
</tr>
<tr>
<td><b>-b [ --blocksize ] </b></td>
<td>CLVP/MOFD only eMMc - size of blocks to read (applicable for partitions 0-2</td>
</tr>
<tr>
<td><b>-c [ --blockcount ] </b></td>
<td>CLVP/MOFD only eMMc -number of blocks to read (applicable for partitions 0-2</td>
</tr>
<tr>
<td><b>-o [ --offset ] </b></td>
<td>CLVP/MOFD only eMMc - offset from base of partition to begin reading (applicable for partitions 0-2</td>
</tr>
<tr>
<td><b>--register</b></td>
<td>CLVP/MOFD only eMMc - Register Token</td>
</tr>
<tr>
<td><b>-u [ --ufwdnx ] </b></td>
<td>CLVP/MOFD only eMMc - Unsigned DnX</td>
</tr>
<tr>
<td><b>-t [tokenoffset]</b></td>
<td>CLVP/MOFD only eMMc - Token offset for the unsigned DnX. (Default offset: 0x0108</td>
</tr>
<tr>
<td><b>-e [ --expirationduration ] </b></td>
<td>
<p>CLVP/MOFD only eMMc - Time duration of the token to be valid. </p>
<p>Supported format shall be a string which starts with a numeric number followed by</p>
<p>h/d/m/y (h for hour, d for day, m for month and y for year</td></p>
</td>
</tr>
<tr>
<td><b>--umipdump</b></td>
<td>CLVP/MOFD only - UMIP dumping. Default value 0 (disable). Set to 1 to enable</td>
</td>
<tr>
<td><b>--wipeifwi </b></td>
<td>Optional argument. Indicate whether to wipe out ifwi image on emmc. Set to false by default</td>
</tr>
<tr>
<td><b>--transfer arg (=USB)</b></td>
<td>Optional argument. Determines how the image will be transferred.</td>
</tr>
<tr>
<td><b>--idrq</b></td>
<td>
<p>Optional argument. Indicates whether IDRQ is used.</p>
<p>Tag present means idrq is used, else idrq is not used.</p>
<p>The IDRQ payload will be dumped into the --miscbin path</p>
</td>
</tr>
<tr>
<td><b>--csdb arg (=0)</b></td>
<td>
<p>MERR/MOFD only Optional argument. Exchange the chaabi specific data block specified in --miscbin parameter</p>
<p>Use the command code of the provision as the input argument.
</td>
</tr>
<tr>
<td><b>--initcsdb arg (=1)</b></td>
<td>
<p>MERR/MOFD Optional argument. Signals whether command is first csdb command in a series</p>
<p>Use value of 1 means first command, else use value of 0.
</td>
</tr>
<tr>
<td><b>--finalcsdb arg (=1)</b></td>
<td>
<p>MERR/MOFD Optional argument. Signals whether command is last csdb command in a series</p>
<p>Use value of 1 means last command, else use value of 0.
</td>
</tr>
<tr>
<td><b>spi</b></td>
<td>Print SPI usage message (BYT products only)</td>
</tr>
</table>
\section examples_cmdline Basic Commandline Examples
<dl>
<dt><b>Download Firmware</b></dt>
<dd><pre>xfstk-dldr-solo --fwdnx /intel/fwdnx.bin --fwimage /intel/fwimage.bin</pre></dd>
<dt><b>Download Operating System</b></dt>
<dd><pre>xfstk-dldr-solo --osdnx /intel/osdnx.bin --osimage /intel/osimage.bin --gpflags 80000001</pre></dd>
<dt><b>Download Firmware and Operating System</b></dt>
<dd><pre>xfstk-dldr-solo --fwdnx /intel/fwdnx.bin --fwimage /intel/fwimage.bin --osdnx /intel/osdnx.bin --osimage /intel/osimage.bin --gpflags 80000001</pre></dd>
<dt><b>Wipe Out IFWI On Emmc</b></dt>
<dd><pre>xfstk-dldr-solo --fwdnx /intel/fwdnx.bin --fwimage /intel/fwimage.bin --wipeifwi --gpflags 80000000</pre></dd>
<dt><b>Dump IDRQ Payload(Merrifield B0)</b></dt>
<dd><pre>xfstk-dldr-solo --idrq --miscbin /intel/miscbin.bin</pre></dd>
<dt><b>Dump Key Hash</b></dt>
<dd><pre>xfstk-dldr-solo hashverify --hashfile /intel/hashfile.bin -w</pre></dd>
<dt><b>Perform Key Hash Verification</b></dt>
<dd><pre>xfstk-dldr-solo hashverify --hashfile /intel/hashfile.bin</pre></dd>
<dt><b>SPI Download Firmware (BYT products)</b></dt>
<dd><pre>xfstk-dldr-solo spi --fwimage /intel/fwimage.bin</pre></dd>
<dt><b>Perform CSDB Provision: Lifetime Refresh (Merrifield B0)</b></dt>
<dd><pre>xfstk-dldr-solo --fwdnx /intel/fwdnx.bin --miscbin /intel/payload.bin --csdb 2</pre></dd>
</dl>
<dt><b>Perform CSDB Provision: First command in a sequence of commands</b></dt>
<dd><pre>xfstk-dldr-solo --fwdnx /intel/fwdnx.bin --miscbin /intel/payload.bin --csdb *command code* --initcsdb 1 --finalcsdb 0</pre></dd>
</dl>
<dt><b>Perform CSDB Provision: Middle command in a sequence of commands</b></dt>
<dd><pre>xfstk-dldr-solo --fwdnx /intel/fwdnx.bin --miscbin /intel/payload.bin --csdb *command code* --initcsdb 0 --finalcsdb 0</pre></dd>
</dl>
<dt><b>Perform CSDB Provision: Last command in a sequence of commands</b></dt>
<dd><pre>xfstk-dldr-solo --fwdnx /intel/fwdnx.bin --miscbin /intel/payload.bin --csdb *command code* --initcsdb 0 --finalcsdb 1</pre></dd>
</dl>
\section debuglevel_defines Debug Level Bit Definitions
<ul>
<li>#define LOG_ACK 0x0001
<li>#define LOG_UPDATE 0x0002
<li>#define LOG_OPCODE 0x0004
<li>#define LOG_FWUPGRADE 0x0008
<li>#define LOG_OS 0x0010
<li>#define LOG_USB 0x0020
<li>#define LOG_SOCKET 0x0040
<li>#define LOG_SERIAL 0x0080
<li>#define LOG_UTIL 0x0100
<li>#define LOG_DOWNLOADER 0x0200
<li>#define LOG_ENTRY 0x0400
<li>#define LOG_STATUS 0x0800
<li>#define LOG_PROGRESS 0x1000
<li>#define DEBUG_ERROR 0xfffffff1
<li>#define LOG_ALL 0xffffffff
</ul>
\page emmc_dump_guide Secure eMMC Dump Guide
\section emmc_purpose Purpose
\title This document describes the steps to perform a secure eMMC Dump.
\section emmc_steps Step-by-Step Guide
\nfs
\image html emmc_token.png
Steps to read a token (unique ID) from the device and write it to an unsigned firmware DNX using the xFSTK downloader.
<ul>
<li>STEP 1: xFSTK-Downloader - Token Register (refer to diagram above)
<ol>
<li>Disconnect the phone from the Host PC USB port, and power off the Phone.
<li>Using the xFSTK Downloader CLI, run the command:<br>
<b>xfstk-dldr-solo.exe --emmcdump --register -u \<unsigned_fwdnx.bin\> -t \<token offset\> -e \<expiration duration\></b>
<li>Immediately connect the phone to the Host PC USB port to register the token to an unsigned DnX.
</ol>
</ul><br>
unsigned_fwdnx
Unsigned firmware dnx that to be added with token/expiration time
--register
Register.
Collect a 16 byte ASCII format token which can be used while stitching the SMIP for CLVP and 32 byte ASCII format token for MOFD
token offset
Hex offset in unsigned firmware dnx that to store retrieved token string and its minimum and maximum expiration time. Default value for CLVP is 0x108, for MOFD is 0x10C
expiration duration
Supported format shall be in string starts with a numeric number following by h/d/m/y (h for hour, d for day, m for month and y for year). For example, if one provide 17d, it means the token string will expire in 17 days. If the value of the duration is zero (i.e. 0h, 0d, 0m or 0y), it means the token will never expire.
\nfs
\image html emmc_signing.png
<ul>
<li>STEP 2: Customer Signing Utility (refer to diagram above)
<ol>
<li>Add the VRL to the unsigned firmware DNX using the Customer Signing Utility.
</ol><br>
</ul><br><br><br><br><br>
\nfs
\image html emmc_cdph.png
<ul>
<li>STEP 3: xFSTK-Stitcher, Stitch CDPH (refer to diagram above)<br>
<ol>
<li>Stitch the CDPH to the firmware DNX using the xFSTK-Stitcher.
<li>Ensure your config file has the following fields set:<br>
<ol>
<li><b>PlatformType</b> = MFDD0
<li><b>ImageType</b> = FWUSB
<li><b>Dnx_Key</b> = ./keys/CRAK_1_public.key
<li><b>DnxFile_Input</b> = ./FW_Components/dnx_file_input.bin
<li><b>DnxFile_Output</b> = ./dnx_output_file.bin
<li><b>DnxKey_Index</b> = 1 <br>
Please note the following description of the fields in the example above:<br>
<b>Dnx_Key</b> is the public key associated with the <b>DnxKey_Index</b> specified.
The key index here is indicative of which of the key indices 0 through 4 is used to hash verify
the image against. The public Key specified for generating CDPH in step 3 should match the public
key specified while signing the DnX in step 2.<br>
<b>DnxFile_Input</b> is the INPUT file that is a signed DnX file. In this example
\"./FW_Components/dnx_file_input.bin\" is the input binary.<br>
<b>DnxFile_Output</b> is the OUTPUT file that is DnX module with CDPH header. In this example
\"./dnx_output_file.bin\" is the location of the output file along with the name of the output file.<br>
<li>Supply the platform file and the config file with the CDPH option that is -C to the xfstk-stitcher as:<br>
<b>xfstk-stitcher -k \<platform.xml\> -c \<config.txt\> -C</b><br>
Note: The output DnX file as specified in the config now has a VRL header, a token and the CDPH header stitched to it.
</ol>
</ol>
</ul>
\nfs
\image html emmc_dump.png
<ul>
<li>STEP 4: xFSTK-Downloader, eMMC Dump (refer to diagram above)<br>
Download the signed DNX to the device and execute an eMMC Dump. Failure in verifying the unique ID will
prevent an eMMC Dump for the user partition.
<ol>
<li>Disconnect the phone from the Host PC USB port, and power off the Phone.
<li>Using the xFSTK Downloader CLI, run the command:<br>
<b>xfstk-dldr-solo.exe --emmcdump --fwdnx \<signed_fwdnx.bin\> -f \<outfile\> -p \<partition\> -b \<blocksize\> -c \<blockcount\> -o \<offset\></b>
<li>Immediately connect the phone to the Host PC USB port to download the dnx and perform an eMMC Dump.
</ol>
</ul><br>
\section dump_commands xFSTK Downloader eMMC Dump Commands
| –file <filename> –partition <partition number> –blocksize <block size> –blockcount <count> | Extract |
\section dump_partitions eMMC Dump Partitions
\title From the context of the emmcdump utility, the term \"partition\" is referring to physical partitions within the eMMC card as defined by
eMMC JEDEC JESD84-A441 standard. This standard defines 4 physical partitions: 2 boot partitions, 1 user partition, and 1 eCSD registerbank.
The utilization of these physical partitions is application specific.<br>
The Intel Medfield Platform Architecture utilizes the physical eMMC partitions as follows:
<table>
<tr>
<td><b>Partition Number </b></td>
<td><b>Usage</b></td>
<td><b>Details</b></td>
</tr>
<tr>
<td>0</td>
<td>User Partition</td>
<td>Holds Intel Firmware defined \"OS Image Profile\", Firmware \"OS Images blobs\" and the Main OS (Android) defined OS Filesystem
(ext2/3/vfat). See Medfield Firmware Architecture Specification (FAS) for more details on OSIP and OS Image blobs. See Android /
Kernel references for Main OS Filesystem.</td>
</tr>
<tr>
<td>1</td>
<td>Boot Partition</td>
<td>Both Boot partition 1 and 2 hold redundant copies of the Integrated Firmware Image (IFWI) image.</td>
</tr>
<tr>
<td>2</td>
<td>Boot Partition</td>
<td>Both Boot partition 1 and 2 hold redundant copies of the Integrated Firmware Image (IFWI) image.</td>
</tr>
<tr>
<td>3</td>
<td>ESCD</td>
<td>Specifiying this partition will retrieve the \"Extended CSD\" registers of the eMMC Controller. This is a 512 byte binary file that represents
the register setting of the emmc controller\'s \"Extended CSD\" register set as defined by the by JEDEC eMMC standard (JEDEC JESD84-A441).
Please refer the JEDEC JESD84-A441 for more details.</td>
</tr>
</table>
1.8.18