# rrcSmall

Tool used to decode, generate, patch and encode FM10000 Boot Images. Akin to Intel's rrcBig (FM10000 Boot Image Generator) tool, but open.

## Requirements
* cmake >= 3.16
* g++ (GCC C++) or clang
* make

## Compilation
* `$ mkdir build && cd build`
* `$ cmake ../ && make`
* An executable named `./rrcSmall` should now exist.

## Supported boot image versions
* **rrcBig_02.22**
  - `Image Generated with rrcBig_02.22. EEPROM Image Version: 0x0222 PCIe Master SPICO FW Version: 0x10130001 PCIe SerDes SPICO FW Version: 0x30550043`
* No other images have been found or tested. Please [open an issue](https://git.gammaspectra.live/FM10K/rrcSmall/issues) if you have information about other versions.

### Image dumping and flashing
* This tool does not dump or flash images to FM10K devices. For that, use [fm10k-dump & fm10k-flash](https://git.gammaspectra.live/FM10K/fm10k-dump).

## Decoding usage example
* `$ ./rrcSmall decode image.bin > image.asm`
* Progress will be output to STDERR
* This will extract the configuration strings, headers, and disassemble the known code.
* For disassembly, it'll use a combination of static and dynamic analysis, emulation of opcodes, and other speculation.
* Output is automatically annotated and split into functions. Please [open a pull request](https://git.gammaspectra.live/FM10K/rrcSmall/pulls) if you have annotations to contribute.

### Output example
```asm
; ================   FUNCTION    config_systimeClockSource   ================
080600  00 00 00 09   WRITE custom_RETURN_TO, 1                                  ; <config_systimeClockSource> XREF.CallFrom: 080004(Absolute), 
080604  00 08 06 0c       custom_RETURN_TO = 0x0008060c                          ; RETURN location for load_bootCfg_systimeClockSource
080608  e8 08 90 00   JUMP <load_bootCfg_systimeClockSource>                    
08060c  d4 00 00 08   BRANCH custom_RETURN_VALUE ==                              ; <loc_08060c> XREF.CallFrom: 08900c(Return), 0c900c(Return), 
080610  00 00 00 00       VALUE 0x00000000                                      
080614  00 00 00 01       MASK 0x00000001                                       
080618  00 08 06 28       JUMP_ADDRESS <loc_080628>                             
08061c  f8 00 00 04   SET DEVICE_CFG                                             ; set DEVICE_CFG.SystimeClockSource to IEEE1588_REFCLK (default PCIE_REFCLK)
080620  00 01 00 00       VALUE 0x00010000                                      
080624  00 01 00 00       MASK 0x00010000                                       
080628  e8 08 00 08   JUMP <loc_080008>                                          ; <loc_080628> XREF.CallFrom: 08060c(Branch), 
```

## Encoding / patching usage example
* `$ ./rrcSmall encode image.bin config.cfg patchedImage.bin`
  * (Optional) Check the resulting diff: `$ diff -u <(hd -v image.bin) <(hd -v patchedImage.bin)`
    * Also works using decoder `$ diff -u <(./rrcSmall decode image.bin) <(./rrcSmall decode patchedImage.bin)`
* Options will be read from image to be applied.
* Provide any options to be overridden into _config.cfg_.
* Supported directives:
  * `api.platform.config.switch.0.bootCfg.systimeClockSource` bool
  * `api.platform.config.switch.0.bootCfg.spiTransferMode` int
  * `api.platform.config.switch.0.bootCfg.spiTransferSpeed` int
  * `api.platform.config.switch.0.bootCfg.customMac.%` text
  * `api.platform.config.switch.0.bootCfg.mgmtPep` int
  * `api.platform.config.switch.0.bootCfg.pep.%.bar4Allowed` bool
  * `api.platform.config.switch.0.bootCfg.pep.%.serialNumber` text
  * `api.platform.config.switch.0.bootCfg.pep.%.vendorId` int
  * `api.platform.config.switch.0.bootCfg.pep.%.deviceId` int
  * `api.platform.config.switch.0.bootCfg.pep.%.subVendorId` int
  * `api.platform.config.switch.0.bootCfg.pep.%.subDeviceId` int
  * `api.platform.config.switch.0.bootCfg.pep.%.numberOfLanes` int
  * `api.platform.config.switch.0.bootCfg.pep.%.gen` int
  * `api.platform.config.switch.0.bootCfg.pep.%.ASPMEnable` bool
  * `api.platform.config.switch.0.bootCfg.pep.%.enable` bool
  * `api.platform.config.switch.0.bootCfg.pep.%.mode` bool
* If you want to add support for other directives, please [open a pull request](https://git.gammaspectra.live/FM10K/rrcSmall/pulls).

### config.cfg example

```
#Enable management port on all PEP that have bar4Allowed true
api.platform.config.switch.0.bootCfg.mgmtPep int -1
#api.platform.config.switch.0.bootCfg.mgmtPep int 6

#Enable access to management resources (BAR4) on specific PEP
api.platform.config.switch.0.bootCfg.pep.0.bar4Allowed bool 1
api.platform.config.switch.0.bootCfg.pep.1.bar4Allowed bool 1
api.platform.config.switch.0.bootCfg.pep.2.bar4Allowed bool 1
api.platform.config.switch.0.bootCfg.pep.3.bar4Allowed bool 1
api.platform.config.switch.0.bootCfg.pep.4.bar4Allowed bool 1
api.platform.config.switch.0.bootCfg.pep.5.bar4Allowed bool 1
api.platform.config.switch.0.bootCfg.pep.6.bar4Allowed bool 1
api.platform.config.switch.0.bootCfg.pep.7.bar4Allowed bool 0
api.platform.config.switch.0.bootCfg.pep.8.bar4Allowed bool 0

```

## librrcimage
* Besides `rrcSmall`, a static library named `librrcimage.a` will be generated for use in your own projects.

## License
* BSD-3-Clause
* See [COPYING](COPYING) for the full license.