From ee6d67565039f0269cc63b93f5ef853d40623b54 Mon Sep 17 00:00:00 2001
From: Damien Zammit <damien@zamaudio.com>
Date: Sun, 11 Sep 2016 21:12:26 +1000
Subject: Fix endianness of firmware signing and bypass service requests for
 now

Signed-off-by: Damien Zammit <damien@zamaudio.com>
---
 firmware/makefirmware.sh | 33 +++++++++++++++++++++++++++------
 firmware/servicereq.c    |  4 ++++
 firmware/smu.c           |  2 --
 firmware/smu.h           |  2 ++
 signsmu.py               |  8 --------
 5 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/firmware/makefirmware.sh b/firmware/makefirmware.sh
index b7e028c..bd08e65 100755
--- a/firmware/makefirmware.sh
+++ b/firmware/makefirmware.sh
@@ -22,22 +22,43 @@ FWHEX=$(od -t x4 -w4 -v -An --endian=big $FIRMWARE|awk '{print "0x"$1","}')
 SHA1HASH=$(python ../signsmu.py $1 | awk '{print $1","}')
 
 echo "
+/*
+ * SMU FIRMWARE (Autogenerated by makefirmware.sh)
+ * This firmware for SMU was compiled from source
+ * available in 'smutool' by Damien Zammit (2016)
+ */
+
 #ifndef _SMUFIRMWARE_H
 #define _SMUFIRMWARE_H
 
+UINT32  FirmwareTNHeader[] = {
+  0x554D535F,
+  0x554D535F,
+  0x0000F030,
+  0x00002000,
+  0x00010000,
+  0x7E26E3A5,
+  0x00004E54,
+  0x00000000,
+  0x00000000,
+  0x00000000,
+  0x00000000,
+  0x00000000,
+};
+
 UINT32  FirmwareTN[] = {
  0x000a00cb,
  0x00000040,"
 echo "$FWLEN"
 echo " 0x00010100,"
 echo "$SHA1HASH"
-echo " 0x0001d97c,
- 0x0001da8c,
+echo " 0x00010100, //0x0001d97c,
+ 0x00010100, //0x0001da8c,
  0x00000000,
- 0x0001daad,
- 0x0001dabc,
- 0x0001d9d0,
- 0x0001dbf4,
+ 0x00010100, //0x0001daad,
+ 0x00010100, //0x0001dabc,
+ 0x00010100, //0x0001d9d0,
+ 0x00010100, //0x0001dbf4,
  0x00000000,
  0x00000000,
  0x00000000,
diff --git a/firmware/servicereq.c b/firmware/servicereq.c
index 23adf5a..ebd5929 100644
--- a/firmware/servicereq.c
+++ b/firmware/servicereq.c
@@ -5627,6 +5627,10 @@ void smu_service_request(unsigned int e3)
 	requestid &= 0x1fffe;
 	requestid >>= 1;
 
+	// Instead of servicing the request, just dump the request number
+	SMU_POST(requestid);
+	return;
+
 	switch(requestid) {
 	case SMC_MSG_HALT:
 		halt();
diff --git a/firmware/smu.c b/firmware/smu.c
index 28dfb28..557acba 100644
--- a/firmware/smu.c
+++ b/firmware/smu.c
@@ -16,8 +16,6 @@
 #include "delay.h"
 #include "servicereq.h"
 
-#define SMU_POST(x) write32(0xe0003024, (x & 0xff))
-
 void main(void)
 {
 	int i;
diff --git a/firmware/smu.h b/firmware/smu.h
index b6eb864..1c1f74b 100644
--- a/firmware/smu.h
+++ b/firmware/smu.h
@@ -20,6 +20,8 @@ typedef unsigned char u8;
 typedef unsigned short u16;
 typedef unsigned int u32;
 
+#define SMU_POST(x) write32(0xe0003024, (x & 0xff))
+
 #define SMC_MSG_HALT                       1
 #define SMC_MSG_PHY_LN_OFF                 2
 #define SMC_MSG_PHY_LN_ON                  3
diff --git a/signsmu.py b/signsmu.py
index d90bab7..32327b3 100644
--- a/signsmu.py
+++ b/signsmu.py
@@ -33,14 +33,6 @@ try:
 finally:
 	f.close()
 
-for wcnt in range(0,len(firmware)/4):
-	tmp = firmware[wcnt*4]
-	firmware[wcnt*4] = firmware[wcnt*4+3]
-	firmware[wcnt*4+3] = tmp
-	tmp = firmware[wcnt*4+1]
-	firmware[wcnt*4+1] = firmware[wcnt*4+2]
-	firmware[wcnt*4+2] = tmp
-
 h = hmac.new(key1, firmware, hashlib.sha1)
 mhash = h.digest()
 print hex(struct.unpack(">5I", mhash)[0])
-- 
cgit v1.2.3