xref: /rk3399_rockchip-uboot/common/android_bootloader.c (revision 09a003a93f4fd8521a7e2b5184b6fdecc2267727)

/*
 * Copyright (C) 2016 The Android Open Source Project
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */

#include <android_bootloader.h>
#include <android_bootloader_message.h>
#include <android_avb/avb_slot_verify.h>
#include <android_avb/avb_ops_user.h>
#include <android_avb/rk_avb_ops_user.h>
#include <android_image.h>
#include <android_ab.h>
#include <bootm.h>
#include <asm/arch/hotkey.h>
#include <cli.h>
#include <common.h>
#include <dt_table.h>
#include <image-android-dt.h>
#include <malloc.h>
#include <mp_boot.h>
#include <fdt_support.h>
#include <fs.h>
#include <boot_rkimg.h>
#include <attestation_key.h>
#include <keymaster.h>
#include <linux/libfdt_env.h>
#include <optee_include/OpteeClientInterface.h>
#include <bidram.h>
#include <console.h>
#include <sysmem.h>

DECLARE_GLOBAL_DATA_PTR;

int android_bootloader_message_load(
	struct blk_desc *dev_desc,
	const disk_partition_t *part_info,
	struct android_bootloader_message *message)
{
	ulong message_blocks = sizeof(struct android_bootloader_message) /
			       part_info->blksz;
	if (message_blocks > part_info->size) {
		printf("misc partition too small.\n");
		return -1;
	}

	if (blk_dread(dev_desc, part_info->start + android_bcb_msg_sector_offset(),
		      message_blocks, message) != message_blocks) {
		printf("Could not read from misc partition\n");
		return -1;
	}
	debug("ANDROID: Loaded BCB, %lu blocks.\n", message_blocks);
	return 0;
}

static int android_bootloader_message_write(
	struct blk_desc *dev_desc,
	const disk_partition_t *part_info,
	struct android_bootloader_message *message)
{
	ulong message_blocks = sizeof(struct android_bootloader_message) /
			       part_info->blksz;

	if (message_blocks > part_info->size) {
		printf("misc partition too small.\n");
		return -1;
	}

	if (blk_dwrite(dev_desc, part_info->start + android_bcb_msg_sector_offset(),
		       message_blocks, message) != message_blocks) {
		printf("Could not write to misc partition\n");
		return -1;
	}
	debug("ANDROID: Wrote new BCB, %lu blocks.\n", message_blocks);
	return 0;
}

static enum android_boot_mode android_bootloader_load_and_clear_mode(
	struct blk_desc *dev_desc,
	const disk_partition_t *misc_part_info)
{
	struct android_bootloader_message bcb;

#ifdef CONFIG_FASTBOOT
	char *bootloader_str;

	/* Check for message from bootloader stored in RAM from a previous boot.
	 */
	bootloader_str = (char *)CONFIG_FASTBOOT_BUF_ADDR;
	if (!strcmp("reboot-bootloader", bootloader_str)) {
		bootloader_str[0] = '\0';
		return ANDROID_BOOT_MODE_BOOTLOADER;
	}
#endif

	/* Check and update the BCB message if needed. */
	if (android_bootloader_message_load(dev_desc, misc_part_info, &bcb) <
	    0) {
		printf("WARNING: Unable to load the BCB.\n");
		return ANDROID_BOOT_MODE_NORMAL;
	}

	if (!strcmp("bootonce-bootloader", bcb.command)) {
		/* Erase the message in the BCB since this value should be used
		 * only once.
		 */
		memset(bcb.command, 0, sizeof(bcb.command));
		android_bootloader_message_write(dev_desc, misc_part_info,
						 &bcb);
		return ANDROID_BOOT_MODE_BOOTLOADER;
	}

	if (!strcmp("boot-recovery", bcb.command))
		return ANDROID_BOOT_MODE_RECOVERY;

	if (!strcmp("boot-fastboot", bcb.command))
		return ANDROID_BOOT_MODE_RECOVERY;

	return ANDROID_BOOT_MODE_NORMAL;
}

int android_bcb_write(char *cmd)
{
	struct android_bootloader_message message = {0};
	disk_partition_t part_info;
	struct blk_desc *dev_desc;
	int ret;

	if (!cmd)
		return -ENOMEM;

	if (strlen(cmd) >= 32)
		return -ENOMEM;

	dev_desc = rockchip_get_bootdev();
	if (!dev_desc) {
		printf("%s: dev_desc is NULL!\n", __func__);
		return -ENODEV;
	}

	ret = part_get_info_by_name(dev_desc, ANDROID_PARTITION_MISC, &part_info);
	if (ret < 0) {
		printf("%s: Could not found misc partition, just run recovery\n",
		       __func__);
		return -ENODEV;
	}

	strcpy(message.command, cmd);
	return android_bootloader_message_write(dev_desc, &part_info, &message);
}

/**
 * Return the reboot reason string for the passed boot mode.
 *
 * @param mode	The Android Boot mode.
 * @return a pointer to the reboot reason string for mode.
 */
static const char *android_boot_mode_str(enum android_boot_mode mode)
{
	switch (mode) {
	case ANDROID_BOOT_MODE_NORMAL:
		return "(none)";
	case ANDROID_BOOT_MODE_RECOVERY:
		return "recovery";
	case ANDROID_BOOT_MODE_BOOTLOADER:
		return "bootloader";
	}
	return NULL;
}

static int android_bootloader_boot_bootloader(void)
{
	const char *fastboot_cmd = env_get("fastbootcmd");

	if (fastboot_cmd == NULL) {
		printf("fastboot_cmd is null, run default fastboot_cmd!\n");
		fastboot_cmd = "fastboot usb 0";
	}

	return run_command(fastboot_cmd, CMD_FLAG_ENV);
}

#ifdef CONFIG_SUPPORT_OEM_DTB
static int android_bootloader_get_fdt(const char *part_name,
		const char *load_file_name)
{
	struct blk_desc *dev_desc;
	disk_partition_t part_info;
	char *fdt_addr = NULL;
	char dev_part[3] = {0};
	loff_t bytes = 0;
	loff_t pos = 0;
	loff_t len_read;
	unsigned long addr = 0;
	int part_num = -1;
	int ret;

	dev_desc = rockchip_get_bootdev();
	if (!dev_desc) {
		printf("%s: dev_desc is NULL!\n", __func__);
		return -1;
	}

	part_num = part_get_info_by_name(dev_desc, part_name, &part_info);
	if (part_num < 0) {
		printf("ANDROID: Could not find partition \"%s\"\n", part_name);
		return -1;
	}

	snprintf(dev_part, ARRAY_SIZE(dev_part), ":%x", part_num);
	if (fs_set_blk_dev_with_part(dev_desc, part_num))
		return -1;

	fdt_addr = env_get("fdt_addr_r");
	if (!fdt_addr) {
		printf("ANDROID: No Found FDT Load Address.\n");
		return -1;
	}
	addr = simple_strtoul(fdt_addr, NULL, 16);

	ret = fs_read(load_file_name, addr, pos, bytes, &len_read);
	if (ret < 0)
		return -1;

	return 0;
}
#endif

/*
 *   Test on RK3308 AARCH64 mode (Cortex A35 816 MHZ) boot with eMMC:
 *
 *   |-------------------------------------------------------------------|
 *   | Format    |  Size(Byte) | Ratio | Decomp time(ms) | Boot time(ms) |
 *   |-------------------------------------------------------------------|
 *   | Image     | 7720968     |       |                 |     488       |
 *   |-------------------------------------------------------------------|
 *   | Image.lz4 | 4119448     | 53%   |       59        |     455       |
 *   |-------------------------------------------------------------------|
 *   | Image.lzo | 3858322     | 49%   |       141       |     536       |
 *   |-------------------------------------------------------------------|
 *   | Image.gz  | 3529108     | 45%   |       222       |     609       |
 *   |-------------------------------------------------------------------|
 *   | Image.bz2 | 3295914     | 42%   |       2940      |               |
 *   |-------------------------------------------------------------------|
 *   | Image.lzma| 2683750     | 34%   |                 |               |
 *   |-------------------------------------------------------------------|
 */
static int sysmem_alloc_uncomp_kernel(ulong andr_hdr,
				      ulong uncomp_kaddr, u32 comp)
{
	struct andr_img_hdr *hdr = (struct andr_img_hdr *)andr_hdr;
	ulong ksize, kaddr;

	if (comp != IH_COMP_NONE) {
		/* Release compressed sysmem */
		kaddr = env_get_hex("kernel_addr_c", 0);
		if (!kaddr)
			kaddr = env_get_hex("kernel_addr_r", 0);
		kaddr -= hdr->page_size;
		if (sysmem_free((phys_addr_t)kaddr))
			return -EINVAL;
#ifdef CONFIG_SKIP_RELOCATE_UBOOT
		sysmem_free(CONFIG_SYS_TEXT_BASE);
#endif
		/*
		 * Use smaller Ratio to get larger estimated uncompress
		 * kernel size.
		 */
		if (comp == IH_COMP_ZIMAGE)
			ksize = hdr->kernel_size * 100 / 45;
		else if (comp == IH_COMP_LZ4)
			ksize = hdr->kernel_size * 100 / 50;
		else if (comp == IH_COMP_LZO)
			ksize = hdr->kernel_size * 100 / 45;
		else if (comp == IH_COMP_GZIP)
			ksize = hdr->kernel_size * 100 / 40;
		else if (comp == IH_COMP_BZIP2)
			ksize = hdr->kernel_size * 100 / 40;
		else if (comp == IH_COMP_LZMA)
			ksize = hdr->kernel_size * 100 / 30;
		else
			ksize = hdr->kernel_size;

		kaddr = uncomp_kaddr;
		ksize = ALIGN(ksize, 512);
		if (!sysmem_alloc_base(MEM_UNCOMP_KERNEL,
				       (phys_addr_t)kaddr, ksize))
			return -ENOMEM;
	}

	return 0;
}

int android_bootloader_boot_kernel(unsigned long kernel_address)
{
	char *kernel_addr_r = env_get("kernel_addr_r");
	char *kernel_addr_c = env_get("kernel_addr_c");
	char *fdt_addr = env_get("fdt_addr_r");
	char kernel_addr_str[12];
	char comp_str[32] = {0};
	ulong comp_type;
	const char *comp_name[] = {
		[IH_COMP_NONE]  = "IMAGE",
		[IH_COMP_GZIP]  = "GZIP",
		[IH_COMP_BZIP2] = "BZIP2",
		[IH_COMP_LZMA]  = "LZMA",
		[IH_COMP_LZO]   = "LZO",
		[IH_COMP_LZ4]   = "LZ4",
		[IH_COMP_ZIMAGE]= "ZIMAGE",
	};
	char *bootm_args[] = {
		kernel_addr_str, kernel_addr_str, fdt_addr, NULL };

	comp_type = env_get_ulong("os_comp", 10, 0);
	sprintf(kernel_addr_str, "0x%08lx", kernel_address);

	if (comp_type != IH_COMP_NONE) {
		if (comp_type == IH_COMP_ZIMAGE &&
		    kernel_addr_r && !kernel_addr_c) {
			kernel_addr_c = kernel_addr_r;
			kernel_addr_r = __stringify(CONFIG_SYS_SDRAM_BASE);
		}
		snprintf(comp_str, 32, "%s%s%s",
			 "(Uncompress to ", kernel_addr_r, ")");
	}

	printf("Booting %s kernel at %s%s with fdt at %s...\n\n\n",
	       comp_name[comp_type],
	       comp_type != IH_COMP_NONE ? kernel_addr_c : kernel_addr_r,
	       comp_str, fdt_addr);

	hotkey_run(HK_SYSMEM);

	/*
	 * Check whether there is enough space for uncompress kernel,
	 * Actually, here only gives a sysmem warning message when failed
	 * but never return -1.
	 */
	if (sysmem_alloc_uncomp_kernel(kernel_address,
				       simple_strtoul(kernel_addr_r, NULL, 16),
				       comp_type))
		return -1;

	return do_bootm_states(NULL, 0, ARRAY_SIZE(bootm_args), bootm_args,
		BOOTM_STATE_START |
		BOOTM_STATE_FINDOS | BOOTM_STATE_FINDOTHER |
		BOOTM_STATE_LOADOS |
#ifdef CONFIG_SYS_BOOT_RAMDISK_HIGH
		BOOTM_STATE_RAMDISK |
#endif
		BOOTM_STATE_OS_PREP | BOOTM_STATE_OS_FAKE_GO |
		BOOTM_STATE_OS_GO, &images, 1);
}

static char *strjoin(const char **chunks, char separator)
{
	int len, joined_len = 0;
	char *ret, *current;
	const char **p;

	for (p = chunks; *p; p++)
		joined_len += strlen(*p) + 1;

	if (!joined_len) {
		ret = malloc(1);
		if (ret)
			ret[0] = '\0';
		return ret;
	}

	ret = malloc(joined_len);
	current = ret;
	if (!ret)
		return ret;

	for (p = chunks; *p; p++) {
		len = strlen(*p);
		memcpy(current, *p, len);
		current += len;
		*current = separator;
		current++;
	}
	/* Replace the last separator by a \0. */
	current[-1] = '\0';
	return ret;
}

/** android_assemble_cmdline - Assemble the command line to pass to the kernel
 * @return a newly allocated string
 */
char *android_assemble_cmdline(const char *slot_suffix,
				      const char *extra_args)
{
	const char *cmdline_chunks[16];
	const char **current_chunk = cmdline_chunks;
	char *env_cmdline, *cmdline, *rootdev_input, *serialno;
	char *allocated_suffix = NULL;
	char *allocated_serialno = NULL;
	char *allocated_rootdev = NULL;
	unsigned long rootdev_len;

	env_cmdline = env_get("bootargs");
	if (env_cmdline)
		*(current_chunk++) = env_cmdline;

	/* The |slot_suffix| needs to be passed to the kernel to know what
	 * slot to boot from.
	 */
#ifdef CONFIG_ANDROID_AB
	if (slot_suffix) {
		allocated_suffix = malloc(strlen(ANDROID_ARG_SLOT_SUFFIX) +
					  strlen(slot_suffix) + 1);
		memset(allocated_suffix, 0, strlen(ANDROID_ARG_SLOT_SUFFIX)
		       + strlen(slot_suffix) + 1);
		strcpy(allocated_suffix, ANDROID_ARG_SLOT_SUFFIX);
		strcat(allocated_suffix, slot_suffix);
		*(current_chunk++) = allocated_suffix;
	}
#endif
	serialno = env_get("serial#");
	if (serialno) {
		allocated_serialno = malloc(strlen(ANDROID_ARG_SERIALNO) +
					  strlen(serialno) + 1);
		memset(allocated_serialno, 0, strlen(ANDROID_ARG_SERIALNO) +
				strlen(serialno) + 1);
		strcpy(allocated_serialno, ANDROID_ARG_SERIALNO);
		strcat(allocated_serialno, serialno);
		*(current_chunk++) = allocated_serialno;
	}

	rootdev_input = env_get("android_rootdev");
	if (rootdev_input) {
		rootdev_len = strlen(ANDROID_ARG_ROOT) + CONFIG_SYS_CBSIZE + 1;
		allocated_rootdev = malloc(rootdev_len);
		strcpy(allocated_rootdev, ANDROID_ARG_ROOT);
		cli_simple_process_macros(rootdev_input,
					  allocated_rootdev +
					  strlen(ANDROID_ARG_ROOT));
		/* Make sure that the string is null-terminated since the
		 * previous could not copy to the end of the input string if it
		 * is too big.
		 */
		allocated_rootdev[rootdev_len - 1] = '\0';
		*(current_chunk++) = allocated_rootdev;
	}

	if (extra_args)
		*(current_chunk++) = extra_args;

	*(current_chunk++) = NULL;
	cmdline = strjoin(cmdline_chunks, ' ');
	free(allocated_suffix);
	free(allocated_rootdev);
	return cmdline;
}

#ifdef CONFIG_ANDROID_AVB
static void slot_set_unbootable(AvbABSlotData* slot)
{
	slot->priority = 0;
	slot->tries_remaining = 0;
	slot->successful_boot = 0;
}

static char *join_str(const char *a, const char *b)
{
	size_t len = strlen(a) + strlen(b) + 1 /* null term */;
	char *ret = (char *)malloc(len);

	if (!ret) {
		debug("failed to alloc %zu\n", len);
		return NULL;
	}
	strcpy(ret, a);
	strcat(ret, b);

	return ret;
}

static size_t get_partition_size(AvbOps *ops, char *name,
				 const char *slot_suffix)
{
	char *partition_name = join_str(name, slot_suffix);
	uint64_t size = 0;
	AvbIOResult res;

	if (partition_name == NULL)
		goto bail;

	res = ops->get_size_of_partition(ops, partition_name, &size);
	if (res != AVB_IO_RESULT_OK && res != AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION)
		size = 0;
bail:
	if (partition_name)
		free(partition_name);

	return size;
}

static struct AvbOpsData preload_user_data;

static int avb_image_distribute_prepare(AvbSlotVerifyData *slot_data,
					AvbOps *ops, char *slot_suffix)
{
	struct AvbOpsData *data = (struct AvbOpsData *)(ops->user_data);
	size_t vendor_boot_size;
	size_t init_boot_size;
	size_t resource_size;
	size_t boot_size;
	void *image_buf;

	boot_size = max(get_partition_size(ops, ANDROID_PARTITION_BOOT, slot_suffix),
		get_partition_size(ops, ANDROID_PARTITION_RECOVERY, slot_suffix));
	init_boot_size = get_partition_size(ops,
				ANDROID_PARTITION_INIT_BOOT, slot_suffix);
	vendor_boot_size = get_partition_size(ops,
				ANDROID_PARTITION_VENDOR_BOOT, slot_suffix);
	resource_size = get_partition_size(ops,
				ANDROID_PARTITION_RESOURCE, slot_suffix);
	image_buf = sysmem_alloc(MEM_AVB_ANDROID,
				 boot_size + init_boot_size +
				 vendor_boot_size + resource_size);
	if (!image_buf) {
		printf("avb: sysmem alloc failed\n");
		return -ENOMEM;
	}

	/* layout: | boot/recovery | vendor_boot | init_boot | resource | */
	data->slot_suffix = slot_suffix;
	data->boot.addr = image_buf;
	data->boot.size = 0;
	data->vendor_boot.addr = data->boot.addr + boot_size;
	data->vendor_boot.size = 0;
	data->init_boot.addr = data->vendor_boot.addr + vendor_boot_size;
	data->init_boot.size = 0;
	data->resource.addr = data->init_boot.addr + init_boot_size;
	data->resource.size = 0;

	return 0;
}

static int avb_image_distribute_finish(AvbSlotVerifyData *slot_data,
				       AvbSlotVerifyFlags flags,
				       ulong *load_address)
{
	struct andr_img_hdr *hdr;
	ulong load_addr = *load_address;
	void *vendor_boot_hdr = NULL;
	void *init_boot_hdr = NULL;
	void *boot_hdr = NULL;
	char *part_name;
	int i, ret;

	for (i = 0; i < slot_data->num_loaded_partitions; i++) {
		part_name = slot_data->loaded_partitions[i].partition_name;
		if (!strncmp(ANDROID_PARTITION_BOOT, part_name, 4) ||
		    !strncmp(ANDROID_PARTITION_RECOVERY, part_name, 8)) {
			boot_hdr = slot_data->loaded_partitions[i].data;
		} else if (!strncmp(ANDROID_PARTITION_INIT_BOOT, part_name, 9)) {
			init_boot_hdr = slot_data->loaded_partitions[i].data;
		} else if (!strncmp(ANDROID_PARTITION_VENDOR_BOOT, part_name, 11)) {
			vendor_boot_hdr = slot_data->loaded_partitions[i].data;
		}
	}

	/*
	 *		populate boot_img_hdr_v34
	 *
	 * If allow verification error: the images are loaded by
	 * ops->get_preloaded_partition() which auto populates
	 * boot_img_hdr_v34.
	 *
	 * If not allow verification error: the images are full loaded
	 * by ops->read_from_partition() which doesn't populate
	 * boot_img_hdr_v34, we need to fix it here for bootm and
	 */

	hdr = boot_hdr;
	if (hdr->header_version >= 3 &&
	    !(flags & AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR)) {
		hdr = malloc(sizeof(struct andr_img_hdr));
		if (!hdr)
			return -ENOMEM;

		ret = populate_boot_info(boot_hdr, vendor_boot_hdr,
					 init_boot_hdr, hdr, true);
		if (ret < 0) {
			printf("avb: populate boot info failed, ret=%d\n", ret);
			return ret;
		}
		memcpy(boot_hdr, hdr, sizeof(*hdr));
	}

	/* distribute ! */
	load_addr -= hdr->page_size;
	if (android_image_memcpy_separate(boot_hdr, &load_addr)) {
		printf("Failed to separate copy android image\n");
		return AVB_SLOT_VERIFY_RESULT_ERROR_IO;
	}

	*load_address = load_addr;

	return 0;
}

int android_image_verify_resource(const char *boot_part, ulong *resc_buf)
{
	const char *requested_partitions[] = {
		NULL,
		NULL,
	};
	struct AvbOpsData *data;
	uint8_t unlocked = true;
	AvbOps *ops;
	AvbSlotVerifyFlags flags;
	AvbSlotVerifyData *slot_data = {NULL};
	AvbSlotVerifyResult verify_result;
	char slot_suffix[3] = {0};
	char *part_name;
	void *image_buf = NULL;
	int retry_no_vbmeta_partition = 1;
	int i, ret;

	ops = avb_ops_user_new();
	if (ops == NULL) {
		printf("avb_ops_user_new() failed!\n");
		return -AVB_SLOT_VERIFY_RESULT_ERROR_OOM;
	}

	if (ops->read_is_device_unlocked(ops, (bool *)&unlocked) != AVB_IO_RESULT_OK)
		printf("Error determining whether device is unlocked.\n");

	printf("Device is: %s\n", (unlocked & LOCK_MASK)? "UNLOCKED" : "LOCKED");

	if (unlocked & LOCK_MASK) {
		*resc_buf = 0;
		return 0;
	}

	flags = AVB_SLOT_VERIFY_FLAGS_NONE;
	if (strcmp(boot_part, ANDROID_PARTITION_RECOVERY) == 0)
		flags |= AVB_SLOT_VERIFY_FLAGS_NO_VBMETA_PARTITION;

#ifdef CONFIG_ANDROID_AB
	part_name = strdup(boot_part);
	*(part_name + strlen(boot_part) - 2) = '\0';
	requested_partitions[0] = part_name;

	ret = rk_avb_get_current_slot(slot_suffix);
	if (ret) {
		printf("Failed to get slot suffix, ret=%d\n", ret);
		return ret;
	}
#else
	requested_partitions[0] = boot_part;
#endif
	data = (struct AvbOpsData *)(ops->user_data);
	ret = avb_image_distribute_prepare(slot_data, ops, slot_suffix);
	if (ret) {
		printf("avb image distribute prepare failed %d\n", ret);
		return ret;
	}

retry_verify:
	verify_result =
	avb_slot_verify(ops,
			requested_partitions,
			slot_suffix,
			flags,
			AVB_HASHTREE_ERROR_MODE_RESTART,
			&slot_data);
	if (verify_result != AVB_SLOT_VERIFY_RESULT_OK &&
	    verify_result != AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED) {
		if (retry_no_vbmeta_partition && strcmp(boot_part, ANDROID_PARTITION_RECOVERY) == 0) {
			printf("Verify recovery with vbmeta.\n");
			flags &= ~AVB_SLOT_VERIFY_FLAGS_NO_VBMETA_PARTITION;
			retry_no_vbmeta_partition = 0;
			goto retry_verify;
		}
	}

	if (verify_result != AVB_SLOT_VERIFY_RESULT_OK || !slot_data) {
		sysmem_free((ulong)data->boot.addr);
		return verify_result;
	}

	for (i = 0; i < slot_data->num_loaded_partitions; i++) {
		part_name = slot_data->loaded_partitions[i].partition_name;
		if (!strncmp(ANDROID_PARTITION_RESOURCE, part_name, 8)) {
			image_buf = slot_data->loaded_partitions[i].data;
			break;
		} else if (!strncmp(ANDROID_PARTITION_BOOT, part_name, 4) ||
			   !strncmp(ANDROID_PARTITION_RECOVERY, part_name, 8)) {
			struct andr_img_hdr *hdr;

			hdr = (void *)slot_data->loaded_partitions[i].data;
			if (android_image_check_header(hdr))
				continue;

			if (hdr->header_version <= 2) {
				image_buf = (void *)hdr + hdr->page_size +
					ALIGN(hdr->kernel_size, hdr->page_size) +
					ALIGN(hdr->ramdisk_size, hdr->page_size);
				break;
			}
		}
	}

	if (image_buf) {
		memcpy((char *)&preload_user_data, (char *)data, sizeof(*data));
		*resc_buf = (ulong)image_buf;
	}

	return 0;
}

/*
 *		AVB Policy.
 *
 * == avb with unlock:
 * Don't process hash verify.
 * Go pre-loaded path: Loading vendor_boot and init_boot
 * directly to where they should be, while loading the
 * boot/recovery. The boot message tells like:
 * ···
 * preloaded: distribute image from 'boot_a'
 * preloaded: distribute image from 'init_boot_a'
 * preloaded: distribute image from 'vendor_boot_a'
 * ···
 *
 * == avb with lock:
 * Process hash verify.
 * Go pre-loaded path: Loading full vendor_boot, init_boot and
 * boot/recovery one by one to verify, and distributing them to
 * where they should be by memcpy at last.
 *
 * The three images share a large memory buffer that allocated
 * by sysmem_alloc(), it locate at high memory address that
 * just lower than SP bottom. The boot message tells like:
 * ···
 * preloaded: full image from 'boot_a' at 0xe47f90c0 - 0xe7a4b0c0
 * preloaded: full image from 'init_boot_a' at 0xeaff90c0 - 0xeb2950c0
 * preloaded: full image from 'vendor_boot_a' at 0xe87f90c0 - 0xe9f6e0c0
 * ···
 */
static AvbSlotVerifyResult android_slot_verify(char *boot_partname,
			       unsigned long *android_load_address,
			       char *slot_suffix)
{
	const char *requested_partitions[] = {
		boot_partname,
		NULL,
		NULL,
		NULL,
	};
	struct AvbOpsData *data;
	struct blk_desc *dev_desc;
	struct andr_img_hdr *hdr;
	disk_partition_t part_info;
	uint8_t unlocked = true;
	AvbOps *ops;
	AvbSlotVerifyFlags flags;
	AvbSlotVerifyData *slot_data = {NULL};
	AvbSlotVerifyResult verify_result;
	AvbABData ab_data, ab_data_orig;
	size_t slot_index_to_boot = 0;
	char verify_state[38] = {0};
	char can_boot = 1;
	char retry_no_vbmeta_partition = 1;
	unsigned long load_address = *android_load_address;
	int ret;

	dev_desc = rockchip_get_bootdev();
	if (!dev_desc)
		return AVB_IO_RESULT_ERROR_IO;

	if (part_get_info_by_name(dev_desc, boot_partname, &part_info) < 0) {
		printf("Could not find \"%s\" partition\n", boot_partname);
		return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
	}

	hdr = populate_andr_img_hdr(dev_desc, &part_info);
	if (!hdr) {
		printf("No valid android hdr\n");
		return AVB_IO_RESULT_ERROR_NO_SUCH_VALUE;
	}

	if (hdr->header_version >= 4) {
		requested_partitions[1] = ANDROID_PARTITION_VENDOR_BOOT;
		if (((hdr->os_version >> 25) & 0x7f) >= 13)
			requested_partitions[2] = ANDROID_PARTITION_INIT_BOOT;
	}

	ops = avb_ops_user_new();
	if (ops == NULL) {
		printf("avb_ops_user_new() failed!\n");
		return AVB_SLOT_VERIFY_RESULT_ERROR_OOM;
	}

	if (ops->read_is_device_unlocked(ops, (bool *)&unlocked) != AVB_IO_RESULT_OK)
		printf("Error determining whether device is unlocked.\n");

	printf("read_is_device_unlocked() ops returned that device is %s\n",
	       (unlocked & LOCK_MASK)? "UNLOCKED" : "LOCKED");

	flags = AVB_SLOT_VERIFY_FLAGS_NONE;
	if (unlocked & LOCK_MASK)
		flags |= AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR;

	if (load_metadata(ops->ab_ops, &ab_data, &ab_data_orig)) {
		printf("Can not load metadata\n");
		return AVB_SLOT_VERIFY_RESULT_ERROR_IO;
	}

	if (!strncmp(slot_suffix, "_a", 2))
		slot_index_to_boot = 0;
	else if (!strncmp(slot_suffix, "_b", 2))
		slot_index_to_boot = 1;
	else
		slot_index_to_boot = 0;

	if (strcmp(boot_partname, ANDROID_PARTITION_RECOVERY) == 0)
		flags |= AVB_SLOT_VERIFY_FLAGS_NO_VBMETA_PARTITION;

#ifdef CONFIG_MP_BOOT
	preload_user_data.boot.addr = (void *)mpb_post(1);
	preload_user_data.boot.size = (size_t)mpb_post(2);
#endif

	/*
	 * Handle the case: "avb lock + (vbus = 0) + recovery key pressed".
	 * Check whether required boot_partname is same as preload boot_partition.
	 */
	if (preload_user_data.boot_partition && strcmp(preload_user_data.boot_partition, boot_partname))
		preload_user_data.boot.addr = NULL;

	/* use preload one if available */
	if (preload_user_data.boot.addr) {
		data = (struct AvbOpsData *)(ops->user_data);

		data->slot_suffix = slot_suffix;
		data->boot = preload_user_data.boot;
		data->vendor_boot = preload_user_data.vendor_boot;
		data->init_boot = preload_user_data.init_boot;
		data->resource = preload_user_data.resource;
	} else {
		ret = avb_image_distribute_prepare(slot_data, ops, slot_suffix);
		if (ret < 0) {
			printf("avb image distribute prepare failed %d\n", ret);
			return AVB_SLOT_VERIFY_RESULT_ERROR_OOM;
		}
	}

retry_verify:
	verify_result =
	avb_slot_verify(ops,
			requested_partitions,
			slot_suffix,
			flags,
			AVB_HASHTREE_ERROR_MODE_RESTART,
			&slot_data);
	if (verify_result != AVB_SLOT_VERIFY_RESULT_OK &&
	    verify_result != AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED) {
		if (retry_no_vbmeta_partition && strcmp(boot_partname, ANDROID_PARTITION_RECOVERY) == 0) {
			printf("Verify recovery with vbmeta.\n");
			flags &= ~AVB_SLOT_VERIFY_FLAGS_NO_VBMETA_PARTITION;
			retry_no_vbmeta_partition = 0;
			goto retry_verify;
		}
	}

	strcat(verify_state, ANDROID_VERIFY_STATE);
	switch (verify_result) {
	case AVB_SLOT_VERIFY_RESULT_OK:
		if (unlocked & LOCK_MASK)
			strcat(verify_state, "orange");
		else
			strcat(verify_state, "green");
		break;
	case AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED:
		if (unlocked & LOCK_MASK)
			strcat(verify_state, "orange");
		else
			strcat(verify_state, "yellow");
		break;
	case AVB_SLOT_VERIFY_RESULT_ERROR_OOM:
	case AVB_SLOT_VERIFY_RESULT_ERROR_IO:
	case AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA:
	case AVB_SLOT_VERIFY_RESULT_ERROR_UNSUPPORTED_VERSION:
	case AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION:
	case AVB_SLOT_VERIFY_RESULT_ERROR_ROLLBACK_INDEX:
	default:
		if (unlocked & LOCK_MASK)
			strcat(verify_state, "orange");
		else
			strcat(verify_state, "red");
		break;
	}

	if (!slot_data) {
		can_boot = 0;
		goto out;
	}

	if (verify_result == AVB_SLOT_VERIFY_RESULT_OK ||
	    verify_result == AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED ||
	    (unlocked & LOCK_MASK)) {
		int len = 0;
		char *bootargs, *newbootargs;
#ifdef CONFIG_ANDROID_AVB_ROLLBACK_INDEX
		if (rk_avb_update_stored_rollback_indexes_for_slot(ops, slot_data))
			printf("Fail to update the rollback indexes.\n");
#endif
		if (slot_data->cmdline) {
			debug("Kernel command line: %s\n", slot_data->cmdline);
			len += strlen(slot_data->cmdline);
		}

		bootargs = env_get("bootargs");
		if (bootargs)
			len += strlen(bootargs);

		newbootargs = malloc(len + 2);

		if (!newbootargs) {
			puts("Error: malloc in android_slot_verify failed!\n");
			return AVB_SLOT_VERIFY_RESULT_ERROR_OOM;
		}
		*newbootargs = '\0';

		if (bootargs) {
			strcpy(newbootargs, bootargs);
			strcat(newbootargs, " ");
		}
		if (slot_data->cmdline)
			strcat(newbootargs, slot_data->cmdline);
		env_set("bootargs", newbootargs);

		/* if need, distribute full image to where they should be */
		ret = avb_image_distribute_finish(slot_data, flags, &load_address);
		if (ret) {
			printf("avb image distribute finish failed %d\n", ret);
			return ret;
		}
		*android_load_address = load_address;
	} else {
		slot_set_unbootable(&ab_data.slots[slot_index_to_boot]);
	}

out:
	env_update("bootargs", verify_state);
	if (save_metadata_if_changed(ops->ab_ops, &ab_data, &ab_data_orig)) {
		printf("Can not save metadata\n");
		verify_result = AVB_SLOT_VERIFY_RESULT_ERROR_IO;
	}

	if (slot_data != NULL)
		avb_slot_verify_data_free(slot_data);

	if ((unlocked & LOCK_MASK) && can_boot)
		return 0;
	else
		return verify_result;
}
#endif

#if defined(CONFIG_OF_LIBFDT_OVERLAY)

/*
 * Default return index 0.
 */
__weak int board_select_fdt_index(ulong dt_table_hdr)
{
/*
 * User can use "dt_for_each_entry(entry, hdr, idx)" to iterate
 * over all dt entry of DT image and pick up which they want.
 *
 * Example:
 *	struct dt_table_entry *entry;
 *	int index;
 *
 *	dt_for_each_entry(entry, dt_table_hdr, index) {
 *
 *		.... (use entry)
 *	}
 *
 *	return index;
 */
	return 0;
}

static int android_get_dtbo(ulong *fdt_dtbo,
			    const struct andr_img_hdr *hdr,
			    int *index, const char *part_dtbo)
{
	struct dt_table_header *dt_hdr = NULL;
	struct blk_desc *dev_desc;
	disk_partition_t part_info;
	u32 blk_offset, blk_cnt;
	void *buf;
	ulong e_addr;
	u32 e_size;
	int e_idx;
	int ret;

	/* Get partition info */
	dev_desc = rockchip_get_bootdev();
	if (!dev_desc)
		return -ENODEV;

	ret = part_get_info_by_name(dev_desc, part_dtbo, &part_info);
	if (ret < 0) {
		printf("No %s partition, ret=%d\n", part_dtbo, ret);
		return ret;
	}

	/* Check dt table header */
	if (!strcmp(part_dtbo, PART_RECOVERY))
		blk_offset = part_info.start +
			     (hdr->recovery_dtbo_offset / part_info.blksz);
	else
		blk_offset = part_info.start;

	dt_hdr = memalign(ARCH_DMA_MINALIGN, part_info.blksz);
	if (!dt_hdr)
		return -ENOMEM;

	ret = blk_dread(dev_desc, blk_offset, 1, dt_hdr);
	if (ret != 1)
		goto out1;

	if (!android_dt_check_header((ulong)dt_hdr)) {
		printf("DTBO: invalid dt table header: 0x%x\n", dt_hdr->magic);
		ret = -EINVAL;
		goto out1;
	}

#ifdef DEBUG
	android_dt_print_contents((ulong)dt_hdr);
#endif

	blk_cnt = DIV_ROUND_UP(fdt32_to_cpu(dt_hdr->total_size),
			       part_info.blksz);
	/* Read all DT Image */
	buf = memalign(ARCH_DMA_MINALIGN, part_info.blksz * blk_cnt);
	if (!buf) {
		ret = -ENOMEM;
		goto out1;
	}

	ret = blk_dread(dev_desc, blk_offset, blk_cnt, buf);
	if (ret != blk_cnt)
		goto out2;

	e_idx = board_select_fdt_index((ulong)buf);
	if (e_idx < 0) {
		printf("%s: failed to select board fdt index\n", __func__);
		ret = -EINVAL;
		goto out2;
	}

	ret = android_dt_get_fdt_by_index((ulong)buf, e_idx, &e_addr, &e_size);
	if (!ret) {
		printf("%s: failed to get fdt, index=%d\n", __func__, e_idx);
		ret = -EINVAL;
		goto out2;
	}

	if (fdt_dtbo)
		*fdt_dtbo = e_addr;
	if (index)
		*index = e_idx;

	free(dt_hdr);
	debug("ANDROID: Loading dt entry to 0x%lx size 0x%x idx %d from \"%s\" part\n",
	      e_addr, e_size, e_idx, part_dtbo);

	return 0;

out2:
	free(buf);
out1:
	free(dt_hdr);

	return ret;
}

int android_fdt_overlay_apply(void *fdt_addr)
{
	struct andr_img_hdr *hdr;
	struct blk_desc *dev_desc;
	const char *part_boot = PART_BOOT;
	disk_partition_t part_info;
	char *fdt_backup;
	char *part_dtbo = PART_DTBO;
	char buf[32] = {0};
	ulong fdt_dtbo = -1;
	u32 totalsize;
	int index = -1;
	int ret;

	if (rockchip_get_boot_mode() == BOOT_MODE_RECOVERY) {
#ifdef CONFIG_ANDROID_AB
		bool can_find_recovery;

		can_find_recovery = ab_can_find_recovery_part();
		part_boot = can_find_recovery ? PART_RECOVERY : PART_BOOT;
		part_dtbo = can_find_recovery ? PART_RECOVERY : PART_DTBO;
#else
		part_boot = PART_RECOVERY;
		part_dtbo = PART_RECOVERY;
#endif
	}

	dev_desc = rockchip_get_bootdev();
	if (!dev_desc)
		return -ENODEV;

	ret = part_get_info_by_name(dev_desc, part_boot, &part_info);
	if (ret < 0)
		return ret;

	hdr = populate_andr_img_hdr(dev_desc, &part_info);
	if (!hdr)
		return -EINVAL;
#ifdef DEBUG
	android_print_contents(hdr);
#endif

	/*
	 * Google requires a/b system mandory from Android Header v3 for
	 * google authentication, that means there is not recovery.
	 *
	 * But for the products that don't care about google authentication,
	 * it's not mandory to use a/b system. So that we use the solution:
	 * boot.img(v3+) with recovery(v2).
	 *
	 * [recovery_dtbo fields]
	 *	recovery.img with boot_img_hdr_v1,2:  supported
	 *	recovery.img with boot_img_hdr_v0,3+: illegal
	 */
	if ((hdr->header_version == 0) ||
	    (hdr->header_version >= 3 && !strcmp(part_boot, PART_RECOVERY)))
		goto out;

	ret = android_get_dtbo(&fdt_dtbo, (void *)hdr, &index, part_dtbo);
	if (!ret) {
		phys_size_t fdt_size;

		/* Must incease size before overlay */
		fdt_size = fdt_totalsize((void *)fdt_addr) +
				fdt_totalsize((void *)fdt_dtbo);
		if (sysmem_free((phys_addr_t)fdt_addr))
			goto out;

		if (!sysmem_alloc_base(MEM_FDT_DTBO,
				       (phys_addr_t)fdt_addr,
					fdt_size + CONFIG_SYS_FDT_PAD))
			goto out;
		/*
		 * Backup main fdt in case of being destroyed by
		 * fdt_overlay_apply() when it overlys failed.
		 */
		totalsize = fdt_totalsize(fdt_addr);
		fdt_backup = malloc(totalsize);
		if (!fdt_backup)
			goto out;

		memcpy(fdt_backup, fdt_addr, totalsize);
		fdt_increase_size(fdt_addr, fdt_totalsize((void *)fdt_dtbo));
		ret = fdt_overlay_apply(fdt_addr, (void *)fdt_dtbo);
		if (!ret) {
			snprintf(buf, 32, "%s%d", "androidboot.dtbo_idx=", index);
			env_update("bootargs", buf);
			printf("ANDROID: fdt overlay OK\n");
		} else {
			memcpy(fdt_addr, fdt_backup, totalsize);
			printf("ANDROID: fdt overlay failed, ret=%d\n", ret);
		}

		free(fdt_backup);
	}

out:
	free(hdr);

	return 0;
}
#endif

int android_image_load_by_partname(struct blk_desc *dev_desc,
				   const char *boot_partname,
				   unsigned long *load_address)
{
	disk_partition_t boot_part;
	int ret, part_num;

	part_num = part_get_info_by_name(dev_desc, boot_partname, &boot_part);
	if (part_num < 0) {
		printf("%s: Can't find part: %s\n", __func__, boot_partname);
		return -1;
	}
	debug("ANDROID: Loading kernel from \"%s\", partition %d.\n",
	      boot_part.name, part_num);

	ret = android_image_load(dev_desc, &boot_part, *load_address, -1UL);
	if (ret < 0) {
		debug("%s: %s part load fail, ret=%d\n",
		      __func__, boot_part.name, ret);
		return ret;
	}
	*load_address = ret;

	return 0;
}

int android_bootloader_boot_flow(struct blk_desc *dev_desc,
				 unsigned long load_address)
{
	enum android_boot_mode mode = ANDROID_BOOT_MODE_NORMAL;
	disk_partition_t misc_part_info;
	int part_num;
	char *command_line;
	char slot_suffix[3] = {0};
	const char *mode_cmdline = NULL;
	char *boot_partname = ANDROID_PARTITION_BOOT;

	/*
	 * 1. Load MISC partition and determine the boot mode
	 *   clear its value for the next boot if needed.
	 */
	part_num = part_get_info_by_name(dev_desc, ANDROID_PARTITION_MISC,
					 &misc_part_info);
	if (part_num < 0) {
		printf("Could not find misc partition\n");
	} else {
#ifdef CONFIG_ANDROID_KEYMASTER_CA
		/* load attestation key from misc partition. */
		load_attestation_key(dev_desc, &misc_part_info);
#endif

		mode = android_bootloader_load_and_clear_mode(dev_desc,
							      &misc_part_info);
#ifdef CONFIG_RKIMG_BOOTLOADER
		if (mode == ANDROID_BOOT_MODE_NORMAL) {
			if (rockchip_get_boot_mode() == BOOT_MODE_RECOVERY)
				mode = ANDROID_BOOT_MODE_RECOVERY;
		}
#endif
	}

	printf("ANDROID: reboot reason: \"%s\"\n", android_boot_mode_str(mode));
#ifdef CONFIG_ANDROID_AB
	/* Get current slot_suffix */
	if (ab_get_slot_suffix(slot_suffix))
		return -1;
#endif
	switch (mode) {
	case ANDROID_BOOT_MODE_NORMAL:
		/* In normal mode, we load the kernel from "boot" but append
		 * "skip_initramfs" to the cmdline to make it ignore the
		 * recovery initramfs in the boot partition.
		 */
#ifdef CONFIG_ANDROID_AB
		/*  In A/B, the recovery image is built as boot.img, containing the
		* recovery's ramdisk. Previously, bootloader used the skip_initramfs
		* kernel command line parameter to decide which mode to boot into.
		* For Android >=10 and with dynamic partition support, the bootloader
		* MUST NOT pass skip_initramfs to the kernel command-line.
		* Instead, bootloader should pass androidboot.force_normal_boot=1
		* and then Android's first-stage init in ramdisk
		* will skip recovery and boot normal Android.
		*/
		if (ab_is_support_dynamic_partition(dev_desc)) {
			mode_cmdline = "androidboot.force_normal_boot=1";
		} else {
			mode_cmdline = "skip_initramfs";
		}
#endif
		break;
	case ANDROID_BOOT_MODE_RECOVERY:
		/*
		 * In recovery mode, if have recovery partition, we still boot the
		 * kernel from "recovery". If not, don't skip the initramfs so it
		 * boots to recovery from image in partition "boot".
		 */
#ifdef CONFIG_ANDROID_AB
		boot_partname = ab_can_find_recovery_part() ?
			ANDROID_PARTITION_RECOVERY : ANDROID_PARTITION_BOOT;
#else
		boot_partname = ANDROID_PARTITION_RECOVERY;
#endif
		break;
	case ANDROID_BOOT_MODE_BOOTLOADER:
		/* Bootloader mode enters fastboot. If this operation fails we
		 * simply return since we can't recover from this situation by
		 * switching to another slot.
		 */
		return android_bootloader_boot_bootloader();
	}

#ifdef CONFIG_ANDROID_AVB
	uint8_t vboot_flag = 0;
	disk_partition_t vbmeta_part_info;

#ifdef CONFIG_OPTEE_CLIENT
	if (trusty_read_vbootkey_enable_flag(&vboot_flag)) {
		printf("Can't read vboot flag\n");
		return -1;
	}
#endif
	if (vboot_flag) {
		printf("Vboot=1, SecureBoot enabled, AVB verify\n");
		if (android_slot_verify(boot_partname, &load_address,
					slot_suffix)) {
			printf("AVB verify failed\n");

			return -1;
		}
	} else {
		part_num = part_get_info_by_name(dev_desc,
						 ANDROID_PARTITION_VBMETA,
						 &vbmeta_part_info);
		if (part_num < 0) {
			printf("Not AVB images, AVB skip\n");
			env_update("bootargs",
				   "androidboot.verifiedbootstate=orange");
			if (android_image_load_by_partname(dev_desc,
							   boot_partname,
							   &load_address)) {
				printf("Android image load failed\n");
				return -1;
			}
		} else {
			printf("Vboot=0, AVB images, AVB verify\n");
			if (android_slot_verify(boot_partname, &load_address,
						slot_suffix)) {
				printf("AVB verify failed\n");

				return -1;
			}
		}
	}
#else
	/*
	 * 2. Load the boot/recovery from the desired "boot" partition.
	 * Determine if this is an AOSP image.
	 */
	if (android_image_load_by_partname(dev_desc,
					   boot_partname,
					   &load_address)) {
		printf("Android image load failed\n");
		return -1;
	}
#endif

	/* Set Android root variables. */
	env_set_ulong("android_root_devnum", dev_desc->devnum);
	env_set("android_slotsuffix", slot_suffix);

#ifdef CONFIG_FASTBOOT_OEM_UNLOCK
	/* read oem unlock status and attach to bootargs */
	uint8_t unlock = 0;
	TEEC_Result result;
	char oem_unlock[OEM_UNLOCK_ARG_SIZE] = {0};
	result = trusty_read_oem_unlock(&unlock);
	if (result) {
		printf("read oem unlock status with error : 0x%x\n", result);
	} else {
		snprintf(oem_unlock, OEM_UNLOCK_ARG_SIZE, "androidboot.oem_unlocked=%d", unlock);
		env_update("bootargs", oem_unlock);
	}
#endif

	/* Assemble the command line */
	command_line = android_assemble_cmdline(slot_suffix, mode_cmdline);
	env_update("bootargs", command_line);

	debug("ANDROID: bootargs: \"%s\"\n", command_line);

#ifdef CONFIG_SUPPORT_OEM_DTB
	if (android_bootloader_get_fdt(ANDROID_PARTITION_OEM,
				       ANDROID_ARG_FDT_FILENAME)) {
		printf("Can not get the fdt data from oem!\n");
	}
#endif
#ifdef CONFIG_OPTEE_CLIENT
	if (trusty_notify_optee_uboot_end())
		printf("Close optee client failed!\n");
#endif

#ifdef CONFIG_AMP
	return android_bootloader_boot_kernel(load_address);
#else
	android_bootloader_boot_kernel(load_address);

	/* TODO: If the kernel doesn't boot mark the selected slot as bad. */
	return -1;
#endif
}

int android_avb_boot_flow(unsigned long kernel_address)
{
	struct blk_desc *dev_desc;
	disk_partition_t boot_part_info;
	int ret;

	dev_desc = rockchip_get_bootdev();
	if (!dev_desc) {
		printf("%s: dev_desc is NULL!\n", __func__);
		return -1;
	}

	/* Load the kernel from the desired "boot" partition. */
	ret = part_get_info_by_name(dev_desc, ANDROID_PARTITION_BOOT,
				    &boot_part_info);
	if (ret < 0) {
		printf("%s: failed to get boot part\n", __func__);
		return ret;
	}

	ret = android_image_load(dev_desc, &boot_part_info,
				 kernel_address, -1UL);
	if (ret < 0) {
		printf("Android avb boot failed, error %d.\n", ret);
		return ret;
	}

	android_bootloader_boot_kernel(kernel_address);

	/* TODO: If the kernel doesn't boot mark the selected slot as bad. */
	return -1;
}

int android_boot_flow(unsigned long kernel_address)
{
	struct blk_desc *dev_desc;
	disk_partition_t boot_part_info;
	int ret;

	dev_desc = rockchip_get_bootdev();
	if (!dev_desc) {
		printf("%s: dev_desc is NULL!\n", __func__);
		return -1;
	}
	/* Load the kernel from the desired "boot" partition. */
	ret = part_get_info_by_name(dev_desc, ANDROID_PARTITION_BOOT,
				    &boot_part_info);
	if (ret < 0) {
		printf("%s: failed to get boot part\n", __func__);
		return ret;
	}

	ret = android_image_load(dev_desc, &boot_part_info, kernel_address,
				 -1UL);
	if (ret < 0)
		return ret;

	android_bootloader_boot_kernel(kernel_address);

	/* TODO: If the kernel doesn't boot mark the selected slot as bad. */
	return -1;
}