firehose: support "erase all"#255
Open
forgedynasties wants to merge 1 commit into
Open
Conversation
QFIL and PCAT offer an "erase all" operation that wipes the entire storage device. Some dev-kits fail to boot after flashing with QDL until such a full erase is performed, but QDL had no equivalent. Add a new "erase all" command that erases every physical partition on the storage device. As the programmer provides no way to enumerate the physical partitions, erase them in order starting from 0 and stop at the first one that can't be erased, treating that as the end of the device. Failing to erase physical partition 0 is reported as a genuine error. The result is that "qdl firehose.elf erase all" now wipes the whole device, mirroring the behavior of QFIL and PCAT. Link: linux-msm#193 Signed-off-by: forgedynasties <ccdd4lii@gmail.com>
Contributor
|
The command wipes every physical partition immediately with no confirmation prompt, I was thinking if it makes sense to guard sensitive ops (like we have for sec.elf flashing for blowing OTP fuses) @andersson any opinion on that? |
igoropaniuk
reviewed
Jun 10, 2026
| * the first one that can't be erased, treating that as the end of the | ||
| * device. Failing to erase physical partition 0 is a genuine error. | ||
| */ | ||
| for (i = 0; i < FIREHOSE_MAX_PHYSICAL_PARTITIONS; i++) { |
Contributor
There was a problem hiding this comment.
FIREHOSE_MAX_PHYSICAL_PARTITIONS = 8 is UFS-specific but applied to every storage type
How does this behave on eMMC? does physical_partition_number map to the hardware partitions (UDA=0, boot0=1, boot1=2, RPMB=3, GPP=4…), "erase all" would attempt to wipe boot0/boot1 and hit RPMB?
Collaborator
There was a problem hiding this comment.
What do you get if you "qdl firehose.elf read 1/0+100" ?
Contributor
There was a problem hiding this comment.
Looks like the programmer does honor the physical partition id on eMMC storages (tested on Uno Q), which confirms that erase all loop really does walk distinct physical partitions
Dump boot0 (id 1):
$ qdl --storage=emmc prog_firehose_lite.elf read 1/0+100 test_boot0.bin
Flashing device (PID 0x9008, serial: E0171CC8)
Sahara: sending prog_firehose_lite.elf (602112 bytes)
waiting for Firehose programmer...
read "test.bin" successfully
$ hexdump -C test_boot0.bin
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001c0 01 00 ee ff ff ff 01 00 00 00 ff ff ff ff 00 00 |................|
000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00000200 45 46 49 20 50 41 52 54 00 00 01 00 5c 00 00 00 |EFI PART....\...|
00000210 55 b3 3a 7e 00 00 00 00 01 00 00 00 00 00 00 00 |U.:~............|
00000220 ff 1f 00 00 00 00 00 00 22 00 00 00 00 00 00 00 |........".......|
00000230 de 1f 00 00 00 00 00 00 61 38 6a c0 36 ea d9 c8 |........a8j.6...|
00000240 7a f6 b7 09 05 a6 e6 66 02 00 00 00 00 00 00 00 |z......f........|
00000250 04 00 00 00 80 00 00 00 ee a5 5e 8b 00 00 00 00 |..........^.....|
00000260 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000400 6d e1 1a b9 88 dc 20 40 be 70 e2 14 1c 11 f9 eb |m..... @.p......|
00000410 46 1d 22 1c 94 7f 97 12 d6 e2 4f 60 08 7e f6 f6 |F.".......O`.~..|
00000420 22 00 00 00 00 00 00 00 29 00 00 00 00 00 00 00 |".......).......|
00000430 00 00 00 00 00 00 00 10 62 00 64 00 61 00 64 00 |........b.d.a.d.|
00000440 64 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 |d.r.............|
00000450 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000480 69 ec a5 c4 63 56 b0 43 9e e7 7b c4 b5 cd c6 86 |i...cV.C..{.....|
00000490 02 43 28 23 64 73 48 b1 c7 14 a2 6d 5b b8 d8 1b |.C(#dsH....m[...|
000004a0 2a 00 00 00 00 00 00 00 31 00 00 00 00 00 00 00 |*.......1.......|
000004b0 00 00 00 00 00 00 00 10 77 00 6c 00 61 00 6e 00 |........w.l.a.n.|
000004c0 61 00 64 00 64 00 72 00 00 00 00 00 00 00 00 00 |a.d.d.r.........|
000004d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000500 1b fa 44 aa 62 8e 16 4f a3 1f 24 4e 35 15 5f be |..D.b..O..$N5._.|
00000510 6c 50 51 4f a6 f5 ee e1 c9 cb ce 94 0e f1 c3 27 |lPQO...........'|
00000520 32 00 00 00 00 00 00 00 de 1f 00 00 00 00 00 00 |2...............|
00000530 00 00 00 00 00 00 00 10 70 00 65 00 72 00 73 00 |........p.e.r.s.|
00000540 69 00 73 00 74 00 00 00 00 00 00 00 00 00 00 00 |i.s.t...........|
00000550 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00004400 c0 35 32 c4 3f 7b 00 00 00 00 00 00 00 00 00 00 |.52.?{..........|
00004410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00005400 c0 35 32 c4 3f 7b 00 00 00 00 00 00 00 00 00 00 |.52.?{..........|
00005410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00006400 76 6f 69 64 0a 00 00 00 00 00 00 00 00 00 00 00 |void............|
00006410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
0000c800Dump UDA (id 0):
$ qdl --storage=emmc prog_firehose_lite.elf read 0/0+100 test_uda.bin
...
$ hexdump -C test_uda.bin
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001c0 01 00 ee ff ff ff 01 00 00 00 ff ff ff ff 00 00 |................|
000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00000200 45 46 49 20 50 41 52 54 00 00 01 00 5c 00 00 00 |EFI PART....\...|
00000210 16 6d 4e 56 00 00 00 00 01 00 00 00 00 00 00 00 |.mNV............|
00000220 ff 27 d3 01 00 00 00 00 22 00 00 00 00 00 00 00 |.'......".......|
00000230 de 27 d3 01 00 00 00 00 11 2c 87 c7 ed ac 6f 20 |.'.......,....o |
00000240 fd ca e5 54 a1 67 4a 08 02 00 00 00 00 00 00 00 |...T.gJ.........|
00000250 44 00 00 00 80 00 00 00 3b dd ef 46 00 00 00 00 |D.......;..F....|
00000260 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000400 2c ba a0 de dd cb 05 48 b4 f9 f4 28 25 1c 3e 98 |,......H...(%.>.|
00000410 df b6 c4 3f ca 40 ce d0 02 ee 0b a3 5a 20 d6 0b |...?.@......Z ..|
00000420 00 00 02 00 00 00 00 00 ff 1b 02 00 00 00 00 00 |................|
00000430 00 00 00 00 00 00 00 10 78 00 62 00 6c 00 5f 00 |........x.b.l._.|
00000440 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |a...............|
00000450 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000480 a3 f1 3d 7a 1a a3 4d 45 bd 78 df 25 9e d4 86 be |..=z..ME.x.%....|
00000490 d8 d2 c7 69 02 fb ad d9 78 46 e1 56 37 95 9c a5 |...i....xF.V7...|
000004a0 00 1c 02 00 00 00 00 00 ff 37 02 00 00 00 00 00 |.........7......|
000004b0 00 00 00 00 00 00 00 10 78 00 62 00 6c 00 5f 00 |........x.b.l._.|
000004c0 62 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |b...............|
000004d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000500 e4 5a 32 5a 76 42 6d b6 0a dd 34 94 df 27 70 6a |.Z2ZvBm...4..'pj|
00000510 45 d5 ad 47 06 99 09 a6 ad 81 cc d1 ec c4 92 a2 |E..G............|
00000520 00 38 02 00 00 00 00 00 ff 38 02 00 00 00 00 00 |.8.......8......|
00000530 00 00 00 00 00 00 00 10 78 00 62 00 6c 00 5f 00 |........x.b.l._.|
00000540 63 00 6f 00 6e 00 66 00 69 00 67 00 5f 00 61 00 |c.o.n.f.i.g._.a.|
00000550 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000580 ea e0 62 f4 0e a2 10 4b 86 7a 2d 44 55 36 65 48 |..b....K.z-DU6eH|
00000590 de 41 f7 07 49 d8 cb 32 e4 ff 76 75 87 1a 80 df |.A..I..2..vu....|
000005a0 00 39 02 00 00 00 00 00 ff 39 02 00 00 00 00 00 |.9.......9......|
000005b0 00 00 00 00 00 00 00 10 78 00 62 00 6c 00 5f 00 |........x.b.l._.|
000005c0 63 00 6f 00 6e 00 66 00 69 00 67 00 5f 00 62 00 |c.o.n.f.i.g._.b.|
000005d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000600 7f aa 53 a0 b8 40 1c 4b ba 08 2f 68 ac 71 a4 f4 |..S..@.K../h.q..|
00000610 9b bd 44 ac d7 77 ad 3c b3 c8 58 1c fa 42 82 b1 |..D..w.<..X..B..|
00000620 00 3a 02 00 00 00 00 00 ff 59 02 00 00 00 00 00 |.:.......Y......|
00000630 00 00 00 00 00 00 00 10 74 00 7a 00 5f 00 61 00 |........t.z._.a.|
00000640 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
........and compare both:
$ cmp test_boot0.bin test_uda.bin
test_boot0.bin test_uda.bin differ: byte 529, line 1
Collaborator
Most operations with QDL will result in data loss, so I don't think we need to guard specifically about that. |
andersson
reviewed
Jun 11, 2026
| int ret; | ||
| int i; | ||
|
|
||
| if (!program->erase_all) { |
Collaborator
There was a problem hiding this comment.
The fact that this function is a big if/else makes me feel that it would be cleaner to split this into a separate FIREHOST_OP_ERASE_ALL.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
QFIL and PCAT offer an "erase all" operation that wipes the entire storage device. Some dev-kits fail to boot after flashing with QDL until such a full erase is performed, but QDL had no equivalent.
Add a new "erase all" command that erases every physical partition on the storage device. As the programmer provides no way to enumerate the physical partitions, erase them in order starting from 0 and stop at the first one that can't be erased, treating that as the end of the device. Failing to erase physical partition 0 is reported as a genuine error.
The result is that "qdl firehose.elf erase all" now wipes the whole device, mirroring the behavior of QFIL and PCAT.
Link: #193