From bdebb940c9c508a6d4eca4a85e70c3a400b43b89 Mon Sep 17 00:00:00 2001
From: Adam Joseph <adam@westernsemico.com>
Date: Thu, 30 Mar 2023 01:15:42 -0700
Subject: [PATCH] platform/kevin/ecfw: init

---
 src/platform/kevin/default.nix      |  17 ++++
 src/platform/kevin/ecfw/default.nix | 149 ++++++++++++++++++++++++++++
 2 files changed, 166 insertions(+)
 create mode 100644 src/platform/kevin/ecfw/default.nix

diff --git a/src/platform/kevin/default.nix b/src/platform/kevin/default.nix
index c87e3f7..6905850 100644
--- a/src/platform/kevin/default.nix
+++ b/src/platform/kevin/default.nix
@@ -88,6 +88,23 @@ in {
         '';
       });
 
+    ecfw = final.nixpkgsOnBuildForBuild.callPackage (import ./ecfw { boardName = "kevin"; }) {
+
+      # We have to use gcc6; later versions fail with:
+      #  /build/ccyHxnc6.s: Assembler messages
+      #  /build/ccyHxnc6.s:5105: Error: offset out of range
+
+      # binaries downloaded from ARM, Inc
+      #arm-none-eabi-gcc = final.nixpkgsOnBuildForBuild.gcc-arm-embedded-6;
+
+      # built fromm source
+      arm-none-eabi-gcc = final.nixpkgsOnBuildForBuild.pkgsCross.arm-embedded.buildPackages.gcc6;
+
+      inherit (final) ectool;
+
+      flashrom-chromebook = final.nixpkgsOnBuildForHost.callPackage ../../util/flashrom { forChromebook = true; };
+    };
+
     ectool = final.nixpkgsOnBuildForHost.callPackage (import ../../util/ectool { boardName = "kevin"; }) { };
   });
 }
diff --git a/src/platform/kevin/ecfw/default.nix b/src/platform/kevin/ecfw/default.nix
new file mode 100644
index 0000000..493277e
--- /dev/null
+++ b/src/platform/kevin/ecfw/default.nix
@@ -0,0 +1,149 @@
+{ boardName
+}:
+
+{ stdenv
+, lib
+, libftdi1
+, hostname
+, git
+, pkg-config
+, arm-none-eabi-gcc
+, ncurses
+, fetchgit
+, buildPackages
+, ectool
+, flashrom-chromebook
+}:
+
+let makeTarget = "build/${boardName}/ec.bin";
+
+in stdenv.mkDerivation (finalAttrs: {
+  pname = "chromebook-ec-firmware";
+  version = "${boardName}-1d2c13";
+
+  src = fetchgit {
+    url = "https://chromium.googlesource.com/chromiumos/platform/ec";
+    rev = "90210ee80a286c4878652cce69c205af44cd84ed";
+    hash = "sha256-IcS94qDCBLOtKeEQixGcOBqxzCH5oebFCFCJoTZEoAA=";
+  };
+
+  # ectool has the same obnoxious run-git-on-myself habit that coreboot does
+  getVersion = ''
+    #!${buildPackages.runtimeShell}
+    cat <<\EOF
+    #define CROS_EC_VERSION "${finalAttrs.version} ${placeholder "out"}"
+    /* limited to 32 characters */
+    #define CROS_EC_VERSION32 "${finalAttrs.version}"
+    #define VERSION "${finalAttrs.version}"
+    #define BUILDER "nix"
+    #define DATE "1970-01-01 00:00:00"
+    EOF
+  '';
+
+  postPatch = ''
+    patchShebangs .
+    mv $getVersionPath util/getversion.sh
+    chmod +x util/getversion.sh
+  '';
+
+  nativeBuildInputs = [
+    arm-none-eabi-gcc
+
+    # ecfw uses this to search for libftdi1, which is used in a tool
+    # (`ecst`) which runs at build-time (?!?!)
+    buildPackages.pkg-config
+  ];
+  buildInputs = [
+    ncurses libftdi1  # part of `ecst`, which runs at build-time
+  ];
+  enableParallelBuilding = true;
+
+  makeFlags = [
+    "BOARD=${boardName}"
+
+    # crusty old codebase, modern compiler
+    "EXTRA_CFLAGS=-w"
+
+    # Makefile gets confused when nixpkgs sets $out
+    "out=build/${boardName}"
+
+    "CPP=arm-none-eabi-cpp"
+    "BUILDCC=${buildPackages.stdenv.cc}/bin/cc"
+
+    #"V=1"
+
+    makeTarget
+  ];
+
+  flashEcRw = ''
+    #!/usr/bin/env bash
+    set -euo pipefail
+
+    echo
+    echo "rebooting EC into the RO image..."
+    ${ectool}/bin/ectool reboot_ec RO
+    ${ectool}/bin/ectool version | grep 'Firmware copy: RO'
+
+    echo
+    echo "enabling RO image write protect..."
+    ${ectool}/bin/ectool flashprotect enable | head -n1 | grep ro_now
+    ${flashrom-chromebook}/bin/flashrom-chromebook -p ec --wp-status | grep "write protect is enabled"
+
+    echo
+    echo "writing the RW image..."
+    ${flashrom-chromebook}/bin/flashrom-chromebook -p ec -i EC_RW -w ${placeholder "out"}/ecfw.bin
+    ${ectool}/bin/ectool version
+
+    echo
+    echo "rebooting into the new RW image..."
+    ${ectool}/bin/ectool reboot_ec RW
+    sleep 2
+    ${ectool}/bin/ectool version
+    ${ectool}/bin/ectool version | grep 'Firmware copy: RW'
+  '';
+
+  flashEcRo = ''
+    #!/usr/bin/env bash
+    set -euo pipefail
+
+    echo
+    echo "making sure you are in the RW image before flashing the RO..."
+    ${ectool}/bin/ectool version | grep 'Firmware copy: RW'
+
+    echo
+    echo "disabling RO image write protect..."
+    ${ectool}/bin/ectool flashprotect disable
+    ${flashrom-chromebook}/bin/flashrom-chromebook -p ec --wp-status | grep "write protect is disabled"
+
+    echo
+    echo "writing the RO image..."
+    ${flashrom-chromebook}/bin/flashrom-chromebook -p ec -i EC_RO -w ${placeholder "out"}/ecfw.bin
+    ${ectool}/bin/ectool version
+
+    echo
+    echo "rebooting into the new RO image..."
+    ${ectool}/bin/ectool reboot_ec RO
+    sleep 2
+    ${ectool}/bin/ectool version
+    ${ectool}/bin/ectool version | grep 'Firmware copy: RO'
+
+    echo
+    echo "re-enabling RO image write protect..."
+    ${ectool}/bin/ectool flashprotect enable
+    ${flashrom-chromebook}/bin/flashrom-chromebook -p ec --wp-status | grep "write protect is enabled"
+  '';
+
+  passAsFile = [ "getVersion" "flashEcRo" "flashEcRw" ];
+
+  installPhase = ''
+    mkdir -p $out/bin
+    mv ${makeTarget} $out/ecfw.bin
+    cp $flashEcRoPath $out/bin/flash-ec-ro.sh
+    cp $flashEcRwPath $out/bin/flash-ec-rw.sh
+    chmod +x $out/bin/flash-ec-ro.sh $out/bin/flash-ec-rw.sh
+  '';
+
+  meta = with lib; {
+    description = "Firmware for Chromebooks' Embedded Controller (EC)";
+  };
+})