Add a fwupd plugin for ASUS ROG ally and ROG ally X #7782
Conversation
superm1
force-pushed
the
superm1/asus-hid
branch
from
3ae327a to
c2c66bf
Compare
superm1
force-pushed
the
superm1/asus-hid
branch
2 times, most recently
from
b91b243 to
eaca806
Compare
|
I received an email confirming this is working. Here was the device ID that shows up:
|
|
There is an issue where doing the probe now causes the Ally X MCU to start a vibration command and it won't stop until I remove/add my ally driver and then suspend/resume. This vibration continues even in suspended state. @superm1 I think the last version that worked fine was a8692e9 with the Ally X added to quirk |
Can you try taking out the command that is setting the manufacturer ID? I suspect that's what's doing it and that it happens to do more than we thought |
|
It seems I didn't notice this before as the vibration issue occurs on on AC plugged in. I'll try the suggestion now. |
|
@superm1 whcih command is this exactly? I'm not familiar with how fwupd works. |
| fu_device_set_proxy(dev_tmp, device); | ||
| if (!fu_asus_hid_device_ensure_version(dev_tmp, i, error)) | ||
| return FALSE; | ||
| if (!fu_asus_hid_device_ensure_manufacturer(dev_tmp, error)) |
There was a problem hiding this comment.
@flukejones comment this function call out and see if it helps.
|
Output: Commenting the thing didn't help. But I've done now a full reset on the repo and rebuilt - it seems that another command is resetting the MCU as I'm seeing the LEDs reset to static-mode colour. |
I wonder if it's actually the opening and closing of the hid endpoint doing this. |
The behaviour I see seems to be consistent for this. From memory it's when the HID endpoint is opened, I have to send a packet to the device to stop vibration when the |
Can you point me at the packet? I can try to send the same thing on fwupd open. |
Is it this stuff? static int ally_gamepad_init(struct hid_device *hdev, u8 report_id)
{
const u8 buf[] = { report_id, 0x41, 0x53, 0x55, 0x53, 0x20, 0x54, 0x65,
0x63, 0x68, 0x2e, 0x49, 0x6e, 0x63, 0x2e, 0x00 };
int ret;
ret = asus_dev_set_report(hdev, buf, sizeof(buf));
if (ret < 0)
hid_err(hdev, "Ally failed to send init command: %d\n", ret);
return ret;
} |
report->report_id = 0x0D;
report->ff.enable = 0x0F; /* Enable all by default */
report->ff.pulse_sustain_10ms = 0xFF; /* Duration */
report->ff.pulse_release_10ms = 0x00; /* Start Delay */
report->ff.loop_count = 0xEB; /* Loop Count */I think a HID data packet of |
No that never stopped the vibration. Have to send the one above. It's possible I'm missing something else in the init but I've never got around to seeing what it is. The ASUS app sends an absolute ton of stuff. But for this issue I think we need to look at the MCU update capture to identify what might come after. |
Hmm, I don't see any write to report 13 in the dump you shared me. Perhaps this means more of the sequence of HID commands before getting the FW version may be needed? |
|
Most likely. I am fairly sure there is one that perhaps stops the dev from doing things? Really need an answer from asus about now |
|
I spent some time looking at the dll and pulled out some other commands. Will need to see if any of these show up before the get fw version from the dumps. |
|
I have a brief response from ASUS that they are studying update process and will get back to us soon, possibly in the email chain between us and Richard. Below are some logs that will help match things up. I think the first one matches the pcap. And I'm willing to bet the bin file bytes would match the pcap data. I'll try to find those bin files again. ROGKBFWUpdateTool_20231105122303.log |
|
Great work everybody! |
Can you add a log for Ally X? It seems for Ally that there is a set of flows that does second IC first, flash reset, then first IC and switch to main rom. And if you can get a packet capture from Ally X (ideally through a VM if you can) it would be good to put it all together. |
|
Full capture data used. The log matches the pcap here, and the binary data also. I did spot what looks like a "boot" command, lists the device in the string also as For that vibe issue: might be we need to send the NOTE: *the data read back in the pcap is the exact data in linked bin file since I forced an overwrite of same version. |
|
I will get a capture of a downgrade to an earlier firmware so we can be double clear on what is what. |
Man, unfortunately Good news though, the new firmware parser I put in which pulls the string from the right offset in the binaries seems to be working both on Ally and Ally-X binaries! ❯ fwupdtool firmware-parse ~/Downloads/FGA80100.RC72LA.312.bin asus-hid
Loading… [************************************** ]
<firmware gtype="FuAsusHidFirmware">
<data size="0x40000">[GInputStream]</data>
<fga>FGA80100</fga>
<product>RC72LA</product>
<version>312</version>
</firmware>
❯ fwupdtool firmware-parse ~/src/asusmcu/ROGMCUFWUpdateTool/fw/FGA80100.RC71LS.318_T02.bin asus-hid
Loading… [************************************** ]
<firmware gtype="FuAsusHidFirmware">
<data size="0x1e000">[GInputStream]</data>
<fga>FGA80100</fga>
<product>RC71LS</product>
<version>318_T02</version>
</firmware>
❯ fwupdtool firmware-parse ~/src/asusmcu/ROGMCUFWUpdateTool/fw/FGA80100.RC71LM.318_T02.bin asus-hid
Loading… [************************************** ]
<firmware gtype="FuAsusHidFirmware">
<data size="0x1b000">[GInputStream]</data>
<fga>FGA80100</fga>
<product>RC71LM</product>
<version>318_T02</version>
</firmware>
I've been wondering about that, in the Ghidra stuff and packet capture it looked at first like random stale stack data, but it really does have a static string. If it's functional then yeah I should be able to force it in to see if it helps. I'll do that tomorrow. |
|
Capture shared. Cloud recovery did not work and I simply reinstall ed windiws the usual way. |
|
Thanks @NeroReflex! I've pulled it into my branch of emulation data and will continue to work with it. |
|
With my cleaned up emulation data at https://github.com/superm1/ally-emulation I've managed to do a full write sequence for the microcontroller RC71LS, but not for RC71LM. @hughsie I was about to rebase, but with the changes in 88050ee I wanted to check how you think this should be handled. I need to send a few commands at the start of the page, write all the blocks, send a command at end of page. So walking a straightforward loop doesn't work unless I special case. Thoughts? Or maybe if you have an idea just (force) push to the branch. |
I think you're going to need a FuChunkArray of a FuChunkArray still - you need to do (failable) stuff at the start and end of the page. I've got a branch which adds the fu_chunk_get_stream() API you need, but it depends on the steelseries rustgen branch. If you want a sneak peak it's predictably |
OK thanks, that clarifies my big confusion, I didn't see how this API could possibly work for that purpose without a
Ack, as I still haven't verified RC71LM, I'll hold off on rebasing. Maybe by the time I'm ready that will have landed :) |
superm1
force-pushed
the
superm1/asus-hid
branch
4 times, most recently
from
d8ff5e7 to
abc347a
Compare
|
@superm1 I'd be fine if you wanted to merge this to avoid it bitrotting. We can always disable it by default in the build if you want. |
That's not a bad idea to merge as is with some guard rail. I don't mind it being enabled by default, enumeration is definitely correct. I am thinking to add a force check for the write routine though. Once I find the time to find the problem with the other microcontroller can drop that. I'll spin a change. |
superm1
force-pushed
the
superm1/asus-hid
branch
from
abc347a to
6b2f356
Compare
| static void | ||
| fu_asus_hid_device_init(FuAsusHidDevice *self) | ||
| { | ||
| fu_device_add_private_flag(FU_DEVICE(self), FU_DEVICE_PRIVATE_FLAG_NO_AUTO_REMOVE_CHILDREN); |
There was a problem hiding this comment.
do you need the children to outlive the parent?
There was a problem hiding this comment.
Yup! Specifically when doing the detach/attach dance the parent disappears. Without those children you won't have all the details of what payload goes to what child device.
superm1
force-pushed
the
superm1/asus-hid
branch
from
6b2f356 to
f6aaa6f
Compare
|
Thx, let's hold off to merge 1-2 days more. I need to make sure I didn't break the installation emulation that was working so far with any of these changes for child vs parent ownership. |
Until this has been validated end to end either on real hardware or on emulation the plugin should not be allowed to issue upgrades. Leave the flag in place however for testing with --force.
superm1
force-pushed
the
superm1/asus-hid
branch
from
f6aaa6f to
b6ca25b
Compare
|
Yup, found some regression. I've sorted it out and can get the secondary controller updating again. The primary controller update flow is missing from the emulation data but I'm suspecting a conversion issue because it's quite obviously in the wireshark dump. |
This is only for querying the MCU firmware version for now. The sequence for writing the firmware update either needs some more RE or some help from ASUS.
@flukejones can I please ask you to test this branch on Ally and Ally X and show the versions it pulls up to see if everything looks sane?