Tool used to decode, generate, patch and encode FM10000 Boot Images. Akin to Intel's rrcBig tool, but open.
DataHoarder
875f6588d9
All checks were successful
continuous-integration/drone/push Build is passing
|
||
---|---|---|
src | ||
.drone.yml | ||
.gitignore | ||
CMakeLists.txt | ||
COPYING | ||
README.md |
rrcSmall
Tool used to decode, generate, patch and encode FM10000 Boot Images. Akin to Intel's rrcBig (FM10000 Boot Image Generator) tool, but open.
Requirements
- cmake >= 3.16
- g++ (GCC C++) or clang
- make
Compilation
$ mkdir build && cd build
$ cmake ../ && make
- An executable named
./rrcSmall
should now exist.
Supported boot image versions
- rrcBig_02.22
Image Generated with rrcBig_02.22. EEPROM Image Version: 0x0222 PCIe Master SPICO FW Version: 0x10130001 PCIe SerDes SPICO FW Version: 0x30550043
- No other images have been found or tested. Please open an issue if you have information about other versions.
Image dumping and flashing
- This tool does not dump or flash images to FM10K devices. For that, use fm10k-dump & fm10k-flash.
Decoding usage example
$ ./rrcSmall decode image.bin > image.asm
- Progress will be output to STDERR
- This will extract the configuration strings, headers, and disassemble the known code.
- For disassembly, it'll use a combination of static and dynamic analysis, emulation of opcodes, and other speculation.
- Output is automatically annotated and split into functions. Please open a pull request if you have annotations to contribute.
Output example
; ================ FUNCTION config_systimeClockSource ================
080600 00 00 00 09 WRITE custom_RETURN_TO, 1 ; <config_systimeClockSource> XREF.CallFrom: 080004(Absolute),
080604 00 08 06 0c custom_RETURN_TO = 0x0008060c ; RETURN location for load_bootCfg_systimeClockSource
080608 e8 08 90 00 JUMP <load_bootCfg_systimeClockSource>
08060c d4 00 00 08 BRANCH custom_RETURN_VALUE == ; <loc_08060c> XREF.CallFrom: 08900c(Return), 0c900c(Return),
080610 00 00 00 00 VALUE 0x00000000
080614 00 00 00 01 MASK 0x00000001
080618 00 08 06 28 JUMP_ADDRESS <loc_080628>
08061c f8 00 00 04 SET DEVICE_CFG ; set DEVICE_CFG.SystimeClockSource to IEEE1588_REFCLK (default PCIE_REFCLK)
080620 00 01 00 00 VALUE 0x00010000
080624 00 01 00 00 MASK 0x00010000
080628 e8 08 00 08 JUMP <loc_080008> ; <loc_080628> XREF.CallFrom: 08060c(Branch),
Encoding / patching usage example
$ ./rrcSmall encode image.bin config.cfg patchedImage.bin
- (Optional) Check the resulting diff:
$ diff -u <(hd -v image.bin) <(hd -v patchedImage.bin)
- Also works using decoder
$ diff -u <(./rrcSmall decode image.bin) <(./rrcSmall decode patchedImage.bin)
- Also works using decoder
- (Optional) Check the resulting diff:
- Options will be read from image to be applied.
- Provide any options to be overridden into config.cfg.
- Supported directives:
api.platform.config.switch.0.bootCfg.systimeClockSource
boolapi.platform.config.switch.0.bootCfg.spiTransferMode
intapi.platform.config.switch.0.bootCfg.spiTransferSpeed
intapi.platform.config.switch.0.bootCfg.customMac.%
textapi.platform.config.switch.0.bootCfg.mgmtPep
intapi.platform.config.switch.0.bootCfg.pep.%.bar4Allowed
boolapi.platform.config.switch.0.bootCfg.pep.%.serialNumber
textapi.platform.config.switch.0.bootCfg.pep.%.vendorId
intapi.platform.config.switch.0.bootCfg.pep.%.deviceId
intapi.platform.config.switch.0.bootCfg.pep.%.subVendorId
intapi.platform.config.switch.0.bootCfg.pep.%.subDeviceId
intapi.platform.config.switch.0.bootCfg.pep.%.numberOfLanes
intapi.platform.config.switch.0.bootCfg.pep.%.gen
intapi.platform.config.switch.0.bootCfg.pep.%.ASPMEnable
boolapi.platform.config.switch.0.bootCfg.pep.%.enable
boolapi.platform.config.switch.0.bootCfg.pep.%.mode
bool
- If you want to add support for other directives, please open a pull request.
config.cfg example
#Enable management port on all PEP that have bar4Allowed true
api.platform.config.switch.0.bootCfg.mgmtPep int -1
#api.platform.config.switch.0.bootCfg.mgmtPep int 6
#Enable access to management resources (BAR4) on specific PEP
api.platform.config.switch.0.bootCfg.pep.0.bar4Allowed bool 1
api.platform.config.switch.0.bootCfg.pep.1.bar4Allowed bool 1
api.platform.config.switch.0.bootCfg.pep.2.bar4Allowed bool 1
api.platform.config.switch.0.bootCfg.pep.3.bar4Allowed bool 1
api.platform.config.switch.0.bootCfg.pep.4.bar4Allowed bool 1
api.platform.config.switch.0.bootCfg.pep.5.bar4Allowed bool 1
api.platform.config.switch.0.bootCfg.pep.6.bar4Allowed bool 1
api.platform.config.switch.0.bootCfg.pep.7.bar4Allowed bool 0
api.platform.config.switch.0.bootCfg.pep.8.bar4Allowed bool 0
librrcimage
- Besides
rrcSmall
, a static library namedlibrrcimage.a
will be generated for use in your own projects.
License
- BSD-3-Clause
- See COPYING for the full license.