1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * SPDX-License-Identifier: BSD-2-Clause 5 */ 6 7 #include <android_bootloader.h> 8 #include <android_bootloader_message.h> 9 #include <android_avb/avb_slot_verify.h> 10 #include <android_avb/avb_ops_user.h> 11 #include <android_avb/rk_avb_ops_user.h> 12 #include <android_image.h> 13 #include <asm/arch/hotkey.h> 14 #include <cli.h> 15 #include <common.h> 16 #include <dt_table.h> 17 #include <image-android-dt.h> 18 #include <malloc.h> 19 #include <fdt_support.h> 20 #include <fs.h> 21 #include <boot_rkimg.h> 22 #include <attestation_key.h> 23 #include <keymaster.h> 24 #include <linux/libfdt_env.h> 25 #include <optee_include/OpteeClientInterface.h> 26 #include <bidram.h> 27 #include <console.h> 28 #include <sysmem.h> 29 30 DECLARE_GLOBAL_DATA_PTR; 31 32 #define ANDROID_PARTITION_BOOT "boot" 33 #define ANDROID_PARTITION_MISC "misc" 34 #define ANDROID_PARTITION_OEM "oem" 35 #define ANDROID_PARTITION_RECOVERY "recovery" 36 #define ANDROID_PARTITION_SYSTEM "system" 37 #define ANDROID_PARTITION_VBMETA "vbmeta" 38 39 #define ANDROID_ARG_SLOT_SUFFIX "androidboot.slot_suffix=" 40 #define ANDROID_ARG_ROOT "root=" 41 #define ANDROID_ARG_SERIALNO "androidboot.serialno=" 42 #define ANDROID_VERIFY_STATE "androidboot.verifiedbootstate=" 43 #ifdef CONFIG_ROCKCHIP_RESOURCE_IMAGE 44 #define ANDROID_ARG_FDT_FILENAME "rk-kernel.dtb" 45 #define BOOTLOADER_MESSAGE_OFFSET_IN_MISC (16 * 1024) 46 #define BOOTLOADER_MESSAGE_BLK_OFFSET (BOOTLOADER_MESSAGE_OFFSET_IN_MISC >> 9) 47 #else 48 #define ANDROID_ARG_FDT_FILENAME "kernel.dtb" 49 #endif 50 #define OEM_UNLOCK_ARG_SIZE 30 51 #define UUID_SIZE 37 52 53 #ifdef CONFIG_ANDROID_AB 54 static int get_partition_unique_uuid(char *partition, 55 char *guid_buf, 56 size_t guid_buf_size) 57 { 58 struct blk_desc *dev_desc; 59 disk_partition_t part_info; 60 61 dev_desc = rockchip_get_bootdev(); 62 if (!dev_desc) { 63 printf("%s: Could not find device\n", __func__); 64 return -1; 65 } 66 67 if (part_get_info_by_name(dev_desc, partition, &part_info) < 0) { 68 printf("Could not find \"%s\" partition\n", partition); 69 return -1; 70 } 71 72 if (guid_buf && guid_buf_size > 0) 73 memcpy(guid_buf, part_info.uuid, guid_buf_size); 74 75 return 0; 76 } 77 #endif 78 79 char *android_str_append(char *base_name, char *slot_suffix) 80 { 81 char *part_name; 82 size_t part_name_len; 83 84 part_name_len = strlen(base_name) + 1; 85 if (slot_suffix) 86 part_name_len += strlen(slot_suffix); 87 part_name = malloc(part_name_len); 88 if (!part_name) 89 return NULL; 90 strcpy(part_name, base_name); 91 if (slot_suffix && (slot_suffix[0] != '\0')) 92 strcat(part_name, slot_suffix); 93 94 return part_name; 95 } 96 97 int android_bootloader_message_load( 98 struct blk_desc *dev_desc, 99 const disk_partition_t *part_info, 100 struct android_bootloader_message *message) 101 { 102 ulong message_blocks = sizeof(struct android_bootloader_message) / 103 part_info->blksz; 104 if (message_blocks > part_info->size) { 105 printf("misc partition too small.\n"); 106 return -1; 107 } 108 109 #ifdef CONFIG_RKIMG_BOOTLOADER 110 if (blk_dread(dev_desc, part_info->start + BOOTLOADER_MESSAGE_BLK_OFFSET, 111 message_blocks, message) != 112 #else 113 if (blk_dread(dev_desc, part_info->start, message_blocks, message) != 114 #endif 115 message_blocks) { 116 printf("Could not read from misc partition\n"); 117 return -1; 118 } 119 debug("ANDROID: Loaded BCB, %lu blocks.\n", message_blocks); 120 return 0; 121 } 122 123 static int android_bootloader_message_write( 124 struct blk_desc *dev_desc, 125 const disk_partition_t *part_info, 126 struct android_bootloader_message *message) 127 { 128 #ifdef CONFIG_RKIMG_BOOTLOADER 129 ulong message_blocks = sizeof(struct android_bootloader_message) / 130 part_info->blksz + BOOTLOADER_MESSAGE_BLK_OFFSET; 131 #else 132 ulong message_blocks = sizeof(struct android_bootloader_message) / 133 part_info->blksz; 134 #endif 135 if (message_blocks > part_info->size) { 136 printf("misc partition too small.\n"); 137 return -1; 138 } 139 140 if (blk_dwrite(dev_desc, part_info->start, message_blocks, message) != 141 message_blocks) { 142 printf("Could not write to misc partition\n"); 143 return -1; 144 } 145 debug("ANDROID: Wrote new BCB, %lu blocks.\n", message_blocks); 146 return 0; 147 } 148 149 static enum android_boot_mode android_bootloader_load_and_clear_mode( 150 struct blk_desc *dev_desc, 151 const disk_partition_t *misc_part_info) 152 { 153 struct android_bootloader_message bcb; 154 155 #ifdef CONFIG_FASTBOOT 156 char *bootloader_str; 157 158 /* Check for message from bootloader stored in RAM from a previous boot. 159 */ 160 bootloader_str = (char *)CONFIG_FASTBOOT_BUF_ADDR; 161 if (!strcmp("reboot-bootloader", bootloader_str)) { 162 bootloader_str[0] = '\0'; 163 return ANDROID_BOOT_MODE_BOOTLOADER; 164 } 165 #endif 166 167 /* Check and update the BCB message if needed. */ 168 if (android_bootloader_message_load(dev_desc, misc_part_info, &bcb) < 169 0) { 170 printf("WARNING: Unable to load the BCB.\n"); 171 return ANDROID_BOOT_MODE_NORMAL; 172 } 173 174 if (!strcmp("bootonce-bootloader", bcb.command)) { 175 /* Erase the message in the BCB since this value should be used 176 * only once. 177 */ 178 memset(bcb.command, 0, sizeof(bcb.command)); 179 android_bootloader_message_write(dev_desc, misc_part_info, 180 &bcb); 181 return ANDROID_BOOT_MODE_BOOTLOADER; 182 } 183 184 if (!strcmp("boot-recovery", bcb.command)) 185 return ANDROID_BOOT_MODE_RECOVERY; 186 187 if (!strcmp("boot-fastboot", bcb.command)) 188 return ANDROID_BOOT_MODE_RECOVERY; 189 190 return ANDROID_BOOT_MODE_NORMAL; 191 } 192 193 /** 194 * Return the reboot reason string for the passed boot mode. 195 * 196 * @param mode The Android Boot mode. 197 * @return a pointer to the reboot reason string for mode. 198 */ 199 static const char *android_boot_mode_str(enum android_boot_mode mode) 200 { 201 switch (mode) { 202 case ANDROID_BOOT_MODE_NORMAL: 203 return "(none)"; 204 case ANDROID_BOOT_MODE_RECOVERY: 205 return "recovery"; 206 case ANDROID_BOOT_MODE_BOOTLOADER: 207 return "bootloader"; 208 } 209 return NULL; 210 } 211 212 static int android_part_get_info_by_name_suffix(struct blk_desc *dev_desc, 213 const char *base_name, 214 const char *slot_suffix, 215 disk_partition_t *part_info) 216 { 217 char *part_name; 218 int part_num; 219 size_t part_name_len; 220 221 part_name_len = strlen(base_name) + 1; 222 if (slot_suffix) 223 part_name_len += strlen(slot_suffix); 224 part_name = malloc(part_name_len); 225 if (!part_name) 226 return -1; 227 strcpy(part_name, base_name); 228 if (slot_suffix && (slot_suffix[0] != '\0')) 229 strcat(part_name, slot_suffix); 230 231 part_num = part_get_info_by_name(dev_desc, part_name, part_info); 232 if (part_num < 0) { 233 debug("ANDROID: Could not find partition \"%s\"\n", part_name); 234 part_num = -1; 235 } 236 237 free(part_name); 238 return part_num; 239 } 240 241 static int android_bootloader_boot_bootloader(void) 242 { 243 const char *fastboot_cmd = env_get("fastbootcmd"); 244 245 if (fastboot_cmd == NULL) { 246 printf("fastboot_cmd is null, run default fastboot_cmd!\n"); 247 fastboot_cmd = "fastboot usb 0"; 248 } 249 250 return run_command(fastboot_cmd, CMD_FLAG_ENV); 251 } 252 253 #ifdef CONFIG_SUPPORT_OEM_DTB 254 static int android_bootloader_get_fdt(const char *part_name, 255 const char *load_file_name) 256 { 257 struct blk_desc *dev_desc; 258 disk_partition_t boot_part_info; 259 char *fdt_addr = NULL; 260 char slot_suffix[5] = {0}; 261 char dev_part[3] = {0}; 262 loff_t bytes = 0; 263 loff_t pos = 0; 264 loff_t len_read; 265 unsigned long addr = 0; 266 int part_num = -1; 267 int ret; 268 269 dev_desc = rockchip_get_bootdev(); 270 if (!dev_desc) { 271 printf("%s: dev_desc is NULL!\n", __func__); 272 return -1; 273 } 274 275 memset(&boot_part_info, 0, sizeof(boot_part_info)); 276 277 #ifdef CONFIG_RK_AVB_LIBAVB_USER 278 if (rk_avb_get_current_slot(slot_suffix)) { 279 printf("ANDROID: Get Current Slot error.\n"); 280 return -1; 281 } 282 283 part_num = android_part_get_info_by_name_suffix(dev_desc, 284 part_name, 285 slot_suffix, &boot_part_info); 286 #else 287 part_num = part_get_info_by_name(dev_desc, part_name, &boot_part_info); 288 if (part_num < 0) { 289 printf("ANDROID: Could not find partition \"%s\"\n", part_name); 290 return -1; 291 } 292 #endif 293 294 snprintf(dev_part, ARRAY_SIZE(dev_part), ":%x", part_num); 295 if (fs_set_blk_dev_with_part(dev_desc, part_num)) 296 return -1; 297 298 fdt_addr = env_get("fdt_addr_r"); 299 if (!fdt_addr) { 300 printf("ANDROID: No Found FDT Load Address.\n"); 301 return -1; 302 } 303 addr = simple_strtoul(fdt_addr, NULL, 16); 304 305 ret = fs_read(load_file_name, addr, pos, bytes, &len_read); 306 if (ret < 0) 307 return -1; 308 309 return 0; 310 } 311 #endif 312 313 /* 314 * Test on RK3308 AARCH64 mode (Cortex A35 816 MHZ) boot with eMMC: 315 * 316 * |-------------------------------------------------------------------| 317 * | Format | Size(Byte) | Ratio | Decomp time(ms) | Boot time(ms) | 318 * |-------------------------------------------------------------------| 319 * | Image | 7720968 | | | 488 | 320 * |-------------------------------------------------------------------| 321 * | Image.lz4 | 4119448 | 53% | 59 | 455 | 322 * |-------------------------------------------------------------------| 323 * | Image.lzo | 3858322 | 49% | 141 | 536 | 324 * |-------------------------------------------------------------------| 325 * | Image.gz | 3529108 | 45% | 222 | 609 | 326 * |-------------------------------------------------------------------| 327 * | Image.bz2 | 3295914 | 42% | 2940 | | 328 * |-------------------------------------------------------------------| 329 * | Image.lzma| 2683750 | 34% | | | 330 * |-------------------------------------------------------------------| 331 */ 332 static int sysmem_alloc_uncomp_kernel(ulong andr_hdr, 333 ulong uncomp_kaddr, u32 comp) 334 { 335 struct andr_img_hdr *hdr = (struct andr_img_hdr *)andr_hdr; 336 ulong ksize, kaddr; 337 338 if (comp != IH_COMP_NONE) { 339 /* Release compressed sysmem */ 340 kaddr = env_get_hex("kernel_addr_c", 0); 341 if (!kaddr) 342 kaddr = env_get_hex("kernel_addr_r", 0); 343 kaddr -= hdr->page_size; 344 if (sysmem_free((phys_addr_t)kaddr)) 345 return -EINVAL; 346 347 /* 348 * Use smaller Ratio to get larger estimated uncompress 349 * kernel size. 350 */ 351 if (comp == IH_COMP_ZIMAGE) 352 ksize = hdr->kernel_size * 100 / 45; 353 else if (comp == IH_COMP_LZ4) 354 ksize = hdr->kernel_size * 100 / 50; 355 else if (comp == IH_COMP_LZO) 356 ksize = hdr->kernel_size * 100 / 45; 357 else if (comp == IH_COMP_GZIP) 358 ksize = hdr->kernel_size * 100 / 40; 359 else if (comp == IH_COMP_BZIP2) 360 ksize = hdr->kernel_size * 100 / 40; 361 else if (comp == IH_COMP_LZMA) 362 ksize = hdr->kernel_size * 100 / 30; 363 else 364 ksize = hdr->kernel_size; 365 366 kaddr = uncomp_kaddr; 367 ksize = ALIGN(ksize, 512); 368 if (!sysmem_alloc_base(MEMBLK_ID_UNCOMP_KERNEL, 369 (phys_addr_t)kaddr, ksize)) 370 return -ENOMEM; 371 372 hotkey_run(HK_SYSMEM); 373 } 374 375 return 0; 376 } 377 378 int android_bootloader_boot_kernel(unsigned long kernel_address) 379 { 380 char *kernel_addr_r = env_get("kernel_addr_r"); 381 char *kernel_addr_c = env_get("kernel_addr_c"); 382 char *fdt_addr = env_get("fdt_addr"); 383 char kernel_addr_str[12]; 384 char comp_str[32] = {0}; 385 ulong comp_type; 386 const char *comp_name[] = { 387 [IH_COMP_NONE] = "IMAGE", 388 [IH_COMP_GZIP] = "GZIP", 389 [IH_COMP_BZIP2] = "BZIP2", 390 [IH_COMP_LZMA] = "LZMA", 391 [IH_COMP_LZO] = "LZO", 392 [IH_COMP_LZ4] = "LZ4", 393 [IH_COMP_ZIMAGE]= "ZIMAGE", 394 }; 395 char *bootm_args[] = { 396 "bootm", kernel_addr_str, kernel_addr_str, fdt_addr, NULL }; 397 398 comp_type = env_get_ulong("os_comp", 10, 0); 399 sprintf(kernel_addr_str, "0x%08lx", kernel_address); 400 401 if (comp_type != IH_COMP_NONE) { 402 if (comp_type == IH_COMP_ZIMAGE && 403 kernel_addr_r && !kernel_addr_c) { 404 kernel_addr_c = kernel_addr_r; 405 kernel_addr_r = __stringify(CONFIG_SYS_SDRAM_BASE); 406 } 407 snprintf(comp_str, 32, "%s%s%s", 408 "(Uncompress to ", kernel_addr_r, ")"); 409 } 410 411 printf("Booting %s kernel at %s%s with fdt at %s...\n\n\n", 412 comp_name[comp_type], 413 comp_type != IH_COMP_NONE ? kernel_addr_c : kernel_addr_r, 414 comp_str, fdt_addr); 415 416 hotkey_run(HK_SYSMEM); 417 418 /* 419 * Check whether there is enough space for uncompress kernel, 420 * Actually, here only gives a sysmem warning message when failed 421 * but never return -1. 422 */ 423 if (sysmem_alloc_uncomp_kernel(kernel_address, 424 simple_strtoul(kernel_addr_r, NULL, 16), 425 comp_type)) 426 return -1; 427 428 /* Check sysmem overflow */ 429 sysmem_overflow_check(); 430 431 do_bootm(NULL, 0, 4, bootm_args); 432 433 return -1; 434 } 435 436 static char *strjoin(const char **chunks, char separator) 437 { 438 int len, joined_len = 0; 439 char *ret, *current; 440 const char **p; 441 442 for (p = chunks; *p; p++) 443 joined_len += strlen(*p) + 1; 444 445 if (!joined_len) { 446 ret = malloc(1); 447 if (ret) 448 ret[0] = '\0'; 449 return ret; 450 } 451 452 ret = malloc(joined_len); 453 current = ret; 454 if (!ret) 455 return ret; 456 457 for (p = chunks; *p; p++) { 458 len = strlen(*p); 459 memcpy(current, *p, len); 460 current += len; 461 *current = separator; 462 current++; 463 } 464 /* Replace the last separator by a \0. */ 465 current[-1] = '\0'; 466 return ret; 467 } 468 469 /** android_assemble_cmdline - Assemble the command line to pass to the kernel 470 * @return a newly allocated string 471 */ 472 char *android_assemble_cmdline(const char *slot_suffix, 473 const char *extra_args) 474 { 475 const char *cmdline_chunks[16]; 476 const char **current_chunk = cmdline_chunks; 477 char *env_cmdline, *cmdline, *rootdev_input, *serialno; 478 char *allocated_suffix = NULL; 479 char *allocated_serialno = NULL; 480 char *allocated_rootdev = NULL; 481 unsigned long rootdev_len; 482 483 env_cmdline = env_get("bootargs"); 484 if (env_cmdline) 485 *(current_chunk++) = env_cmdline; 486 487 /* The |slot_suffix| needs to be passed to the kernel to know what 488 * slot to boot from. 489 */ 490 if (slot_suffix) { 491 allocated_suffix = malloc(strlen(ANDROID_ARG_SLOT_SUFFIX) + 492 strlen(slot_suffix) + 1); 493 memset(allocated_suffix, 0, strlen(ANDROID_ARG_SLOT_SUFFIX) 494 + strlen(slot_suffix) + 1); 495 strcpy(allocated_suffix, ANDROID_ARG_SLOT_SUFFIX); 496 strcat(allocated_suffix, slot_suffix); 497 *(current_chunk++) = allocated_suffix; 498 } 499 500 serialno = env_get("serial#"); 501 if (serialno) { 502 allocated_serialno = malloc(strlen(ANDROID_ARG_SERIALNO) + 503 strlen(serialno) + 1); 504 memset(allocated_serialno, 0, strlen(ANDROID_ARG_SERIALNO) + 505 strlen(serialno) + 1); 506 strcpy(allocated_serialno, ANDROID_ARG_SERIALNO); 507 strcat(allocated_serialno, serialno); 508 *(current_chunk++) = allocated_serialno; 509 } 510 511 rootdev_input = env_get("android_rootdev"); 512 if (rootdev_input) { 513 rootdev_len = strlen(ANDROID_ARG_ROOT) + CONFIG_SYS_CBSIZE + 1; 514 allocated_rootdev = malloc(rootdev_len); 515 strcpy(allocated_rootdev, ANDROID_ARG_ROOT); 516 cli_simple_process_macros(rootdev_input, 517 allocated_rootdev + 518 strlen(ANDROID_ARG_ROOT)); 519 /* Make sure that the string is null-terminated since the 520 * previous could not copy to the end of the input string if it 521 * is too big. 522 */ 523 allocated_rootdev[rootdev_len - 1] = '\0'; 524 *(current_chunk++) = allocated_rootdev; 525 } 526 527 if (extra_args) 528 *(current_chunk++) = extra_args; 529 530 *(current_chunk++) = NULL; 531 cmdline = strjoin(cmdline_chunks, ' '); 532 free(allocated_suffix); 533 free(allocated_rootdev); 534 return cmdline; 535 } 536 537 #ifdef CONFIG_ANDROID_AVB 538 static void slot_set_unbootable(AvbABSlotData* slot) 539 { 540 slot->priority = 0; 541 slot->tries_remaining = 0; 542 slot->successful_boot = 0; 543 } 544 545 static AvbSlotVerifyResult android_slot_verify(char *boot_partname, 546 unsigned long *android_load_address, 547 char *slot_suffix) 548 { 549 const char *requested_partitions[1] = {NULL}; 550 uint8_t unlocked = true; 551 AvbOps *ops; 552 AvbSlotVerifyFlags flags; 553 AvbSlotVerifyData *slot_data[1] = {NULL}; 554 AvbSlotVerifyResult verify_result; 555 AvbABData ab_data, ab_data_orig; 556 size_t slot_index_to_boot = 0; 557 char verify_state[38] = {0}; 558 char can_boot = 1; 559 unsigned long load_address = *android_load_address; 560 struct andr_img_hdr *hdr; 561 562 requested_partitions[0] = boot_partname; 563 ops = avb_ops_user_new(); 564 if (ops == NULL) { 565 printf("avb_ops_user_new() failed!\n"); 566 return AVB_SLOT_VERIFY_RESULT_ERROR_OOM; 567 } 568 569 if (ops->read_is_device_unlocked(ops, (bool *)&unlocked) != AVB_IO_RESULT_OK) 570 printf("Error determining whether device is unlocked.\n"); 571 572 printf("read_is_device_unlocked() ops returned that device is %s\n", 573 (unlocked & LOCK_MASK)? "UNLOCKED" : "LOCKED"); 574 575 flags = AVB_SLOT_VERIFY_FLAGS_NONE; 576 if (unlocked & LOCK_MASK) 577 flags |= AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR; 578 579 if(load_metadata(ops->ab_ops, &ab_data, &ab_data_orig)) { 580 printf("Can not load metadata\n"); 581 return AVB_SLOT_VERIFY_RESULT_ERROR_IO; 582 } 583 584 if (!strncmp(slot_suffix, "_a", 2)) 585 slot_index_to_boot = 0; 586 else if (!strncmp(slot_suffix, "_b", 2)) 587 slot_index_to_boot = 1; 588 else 589 slot_index_to_boot = 0; 590 591 verify_result = 592 avb_slot_verify(ops, 593 requested_partitions, 594 slot_suffix, 595 flags, 596 AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE, 597 &slot_data[0]); 598 599 strcat(verify_state, ANDROID_VERIFY_STATE); 600 switch (verify_result) { 601 case AVB_SLOT_VERIFY_RESULT_OK: 602 if (unlocked & LOCK_MASK) 603 strcat(verify_state, "orange"); 604 else 605 strcat(verify_state, "green"); 606 break; 607 case AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED: 608 if (unlocked & LOCK_MASK) 609 strcat(verify_state, "orange"); 610 else 611 strcat(verify_state, "yellow"); 612 break; 613 case AVB_SLOT_VERIFY_RESULT_ERROR_OOM: 614 case AVB_SLOT_VERIFY_RESULT_ERROR_IO: 615 case AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA: 616 case AVB_SLOT_VERIFY_RESULT_ERROR_UNSUPPORTED_VERSION: 617 case AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION: 618 case AVB_SLOT_VERIFY_RESULT_ERROR_ROLLBACK_INDEX: 619 default: 620 if (unlocked & LOCK_MASK) 621 strcat(verify_state, "orange"); 622 else 623 strcat(verify_state, "red"); 624 break; 625 } 626 627 if (!slot_data[0]) { 628 can_boot = 0; 629 goto out; 630 } 631 632 if (verify_result == AVB_SLOT_VERIFY_RESULT_OK || 633 verify_result == AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED || 634 (unlocked & LOCK_MASK)) { 635 int len = 0; 636 char *bootargs, *newbootargs; 637 638 if (*slot_data[0]->cmdline) { 639 debug("Kernel command line: %s\n", slot_data[0]->cmdline); 640 len += strlen(slot_data[0]->cmdline); 641 } 642 643 bootargs = env_get("bootargs"); 644 if (bootargs) 645 len += strlen(bootargs); 646 647 newbootargs = malloc(len + 2); 648 649 if (!newbootargs) { 650 puts("Error: malloc in android_slot_verify failed!\n"); 651 return AVB_SLOT_VERIFY_RESULT_ERROR_OOM; 652 } 653 *newbootargs = '\0'; 654 655 if (bootargs) { 656 strcpy(newbootargs, bootargs); 657 strcat(newbootargs, " "); 658 } 659 if (*slot_data[0]->cmdline) 660 strcat(newbootargs, slot_data[0]->cmdline); 661 env_set("bootargs", newbootargs); 662 663 /* Reserve page_size */ 664 hdr = (void *)slot_data[0]->loaded_partitions->data; 665 load_address -= hdr->page_size; 666 *android_load_address = load_address; 667 668 #ifdef CONFIG_ANDROID_BOOT_IMAGE_SEPARATE 669 android_image_memcpy_separate(hdr, (void *)load_address); 670 #else 671 memcpy((uint8_t *)load_address, 672 slot_data[0]->loaded_partitions->data, 673 slot_data[0]->loaded_partitions->data_size); 674 #endif 675 } else { 676 slot_set_unbootable(&ab_data.slots[slot_index_to_boot]); 677 } 678 679 out: 680 #if defined(CONFIG_ANDROID_AB) && !defined(CONFIG_ANDROID_AVB) 681 /* 682 * In ab & avb process, the tries_remaining minus one in function 683 * android_slot_verify, shield this function here. 684 */ 685 /* ... and decrement tries remaining, if applicable. */ 686 if (!ab_data.slots[slot_index_to_boot].successful_boot && 687 ab_data.slots[slot_index_to_boot].tries_remaining > 0) { 688 ab_data.slots[slot_index_to_boot].tries_remaining -= 1; 689 } 690 #endif 691 env_update("bootargs", verify_state); 692 if (save_metadata_if_changed(ops->ab_ops, &ab_data, &ab_data_orig)) { 693 printf("Can not save metadata\n"); 694 verify_result = AVB_SLOT_VERIFY_RESULT_ERROR_IO; 695 } 696 697 if (slot_data[0] != NULL) 698 avb_slot_verify_data_free(slot_data[0]); 699 700 if ((unlocked & LOCK_MASK) && can_boot) 701 return 0; 702 else 703 return verify_result; 704 } 705 #endif 706 707 #if defined(CONFIG_CMD_DTIMG) && defined(CONFIG_OF_LIBFDT_OVERLAY) 708 709 /* 710 * Default return index 0. 711 */ 712 __weak int board_select_fdt_index(ulong dt_table_hdr) 713 { 714 /* 715 * User can use "dt_for_each_entry(entry, hdr, idx)" to iterate 716 * over all dt entry of DT image and pick up which they want. 717 * 718 * Example: 719 * struct dt_table_entry *entry; 720 * int index; 721 * 722 * dt_for_each_entry(entry, dt_table_hdr, index) { 723 * 724 * .... (use entry) 725 * } 726 * 727 * return index; 728 */ 729 return 0; 730 } 731 732 static int android_get_dtbo(ulong *fdt_dtbo, 733 const struct andr_img_hdr *hdr, 734 int *index) 735 { 736 struct dt_table_header *dt_hdr = NULL; 737 struct blk_desc *dev_desc; 738 const char *part_name; 739 disk_partition_t part_info; 740 u32 blk_offset, blk_cnt; 741 void *buf; 742 ulong e_addr; 743 u32 e_size; 744 int e_idx; 745 int ret; 746 747 /* Get partition according to boot mode */ 748 if (rockchip_get_boot_mode() == BOOT_MODE_RECOVERY) 749 part_name = PART_RECOVERY; 750 else 751 part_name = PART_DTBO; 752 753 #ifdef CONFIG_ANDROID_AB 754 char slot_suffix[3] = {0}; 755 char *part_name_temp = PART_DTBO; 756 757 if (rk_avb_get_current_slot(slot_suffix)) { 758 printf("%s: rk_avb_get_current_slot failed !\n", __func__); 759 return -ENODEV; 760 } 761 part_name = android_str_append(part_name_temp, slot_suffix); 762 if (!part_name) { 763 printf("%s: android_str_append failed !\n", __func__); 764 return -EINVAL; 765 } 766 debug("%s: part_name=%s\n", __func__, part_name); 767 #endif 768 769 /* Get partition info */ 770 dev_desc = rockchip_get_bootdev(); 771 if (!dev_desc) { 772 printf("%s: dev_desc is NULL!\n", __func__); 773 return -ENODEV; 774 } 775 776 ret = part_get_info_by_name(dev_desc, part_name, &part_info); 777 if (ret < 0) { 778 printf("%s: failed to get %s part info, ret=%d\n", 779 __func__, part_name, ret); 780 return ret; 781 } 782 783 /* Check dt table header */ 784 if (!strcmp(part_name, PART_RECOVERY)) 785 blk_offset = part_info.start + 786 (hdr->recovery_dtbo_offset / part_info.blksz); 787 else 788 blk_offset = part_info.start; 789 790 dt_hdr = memalign(ARCH_DMA_MINALIGN, part_info.blksz); 791 if (!dt_hdr) { 792 printf("%s: out of memory for dt header!\n", __func__); 793 return -ENOMEM; 794 } 795 796 ret = blk_dread(dev_desc, blk_offset, 1, dt_hdr); 797 if (ret != 1) { 798 printf("%s: failed to read dt table header\n", 799 __func__); 800 goto out1; 801 } 802 803 if (!android_dt_check_header((ulong)dt_hdr)) { 804 printf("%s: Error: invalid dt table header: 0x%x\n", 805 __func__, dt_hdr->magic); 806 ret = -EINVAL; 807 goto out1; 808 } 809 810 #ifdef DEBUG 811 android_dt_print_contents((ulong)dt_hdr); 812 #endif 813 814 blk_cnt = DIV_ROUND_UP(fdt32_to_cpu(dt_hdr->total_size), 815 part_info.blksz); 816 /* Read all DT Image */ 817 buf = memalign(ARCH_DMA_MINALIGN, part_info.blksz * blk_cnt); 818 if (!buf) { 819 printf("%s: out of memory for %s part!\n", __func__, part_name); 820 ret = -ENOMEM; 821 goto out1; 822 } 823 824 ret = blk_dread(dev_desc, blk_offset, blk_cnt, buf); 825 if (ret != blk_cnt) { 826 printf("%s: failed to read dtbo, blk_cnt=%d, ret=%d\n", 827 __func__, blk_cnt, ret); 828 goto out2; 829 } 830 831 e_idx = board_select_fdt_index((ulong)buf); 832 if (e_idx < 0) { 833 printf("%s: failed to select board fdt index\n", __func__); 834 ret = -EINVAL; 835 goto out2; 836 } 837 838 ret = android_dt_get_fdt_by_index((ulong)buf, e_idx, &e_addr, &e_size); 839 if (!ret) { 840 printf("%s: failed to get fdt, index=%d\n", __func__, e_idx); 841 ret = -EINVAL; 842 goto out2; 843 } 844 845 if (fdt_dtbo) 846 *fdt_dtbo = e_addr; 847 if (index) 848 *index = e_idx; 849 850 free(dt_hdr); 851 debug("ANDROID: Loading dt entry to 0x%lx size 0x%x idx %d from \"%s\" part\n", 852 e_addr, e_size, e_idx, part_name); 853 854 return 0; 855 856 out2: 857 free(buf); 858 out1: 859 free(dt_hdr); 860 861 return ret; 862 } 863 864 int android_fdt_overlay_apply(void *fdt_addr) 865 { 866 struct andr_img_hdr *hdr; 867 struct blk_desc *dev_desc; 868 const char *part_name; 869 disk_partition_t part_info; 870 char buf[32] = {0}; 871 u32 blk_cnt; 872 ulong fdt_dtbo = -1; 873 int index = -1; 874 int ret; 875 876 /* Get partition according to boot mode */ 877 if (rockchip_get_boot_mode() == BOOT_MODE_RECOVERY) 878 part_name = PART_RECOVERY; 879 else 880 part_name = PART_BOOT; 881 882 #ifdef CONFIG_ANDROID_AB 883 char slot_suffix[3] = {0}; 884 char *part_name_temp = PART_BOOT; 885 886 if (rk_avb_get_current_slot(slot_suffix)) { 887 printf("%s: rk_avb_get_current_slot failed !\n", __func__); 888 return -ENODEV; 889 } 890 part_name = android_str_append(part_name_temp, slot_suffix); 891 if (!part_name) { 892 printf("%s: android_str_append failed !\n", __func__); 893 return -EINVAL; 894 } 895 printf("%s: part_name=%s\n", __func__, part_name); 896 #endif 897 898 /* Get partition info */ 899 dev_desc = rockchip_get_bootdev(); 900 if (!dev_desc) { 901 printf("%s: dev_desc is NULL!\n", __func__); 902 return -ENODEV; 903 } 904 905 ret = part_get_info_by_name(dev_desc, part_name, &part_info); 906 if (ret < 0) { 907 printf("%s: failed to get %s part info, ret=%d\n", 908 __func__, part_name, ret); 909 return ret; 910 } 911 912 blk_cnt = DIV_ROUND_UP(sizeof(*hdr), part_info.blksz); 913 hdr = memalign(ARCH_DMA_MINALIGN, part_info.blksz * blk_cnt); 914 if (!hdr) { 915 printf("%s: out of memory!\n", __func__); 916 return -ENOMEM; 917 } 918 919 ret = blk_dread(dev_desc, part_info.start, blk_cnt, hdr); 920 if (ret != blk_cnt) { 921 printf("%s: failed to read %s hdr!\n", __func__, part_name); 922 goto out; 923 } 924 925 #ifdef DEBUG 926 android_print_contents(hdr); 927 #endif 928 929 if (android_image_check_header(hdr)) 930 return -EINVAL; 931 932 /* Check header version */ 933 if (!hdr->header_version) { 934 printf("Android header version 0\n"); 935 ret = -EINVAL; 936 goto out; 937 } 938 939 ret = android_get_dtbo(&fdt_dtbo, (void *)hdr, &index); 940 if (!ret) { 941 phys_size_t fdt_size; 942 /* Must incease size before overlay */ 943 fdt_size = fdt_totalsize((void *)fdt_addr) + 944 fdt_totalsize((void *)fdt_dtbo); 945 if (sysmem_free((phys_addr_t)fdt_addr)) 946 goto out; 947 948 if (!sysmem_alloc_base(MEMBLK_ID_FDT_DTBO, 949 (phys_addr_t)fdt_addr, 950 fdt_size + CONFIG_SYS_FDT_PAD)) 951 goto out; 952 fdt_increase_size(fdt_addr, fdt_totalsize((void *)fdt_dtbo)); 953 ret = fdt_overlay_apply(fdt_addr, (void *)fdt_dtbo); 954 if (!ret) { 955 snprintf(buf, 32, "%s%d", "androidboot.dtbo_idx=", index); 956 env_update("bootargs", buf); 957 printf("ANDROID: fdt overlay OK\n"); 958 } else { 959 printf("ANDROID: fdt overlay failed, ret=%d\n", ret); 960 } 961 } 962 963 out: 964 free(hdr); 965 966 return 0; 967 } 968 #endif 969 970 static int load_android_image(struct blk_desc *dev_desc, 971 char *boot_partname, 972 char *slot_suffix, 973 unsigned long *load_address) 974 { 975 disk_partition_t boot_part; 976 int ret, part_num; 977 978 part_num = android_part_get_info_by_name_suffix(dev_desc, 979 boot_partname, 980 slot_suffix, 981 &boot_part); 982 if (part_num < 0) { 983 printf("%s: Can't find part: %s\n", __func__, boot_partname); 984 return -1; 985 } 986 debug("ANDROID: Loading kernel from \"%s\", partition %d.\n", 987 boot_part.name, part_num); 988 989 ret = android_image_load(dev_desc, &boot_part, *load_address, -1UL); 990 if (ret < 0) { 991 debug("%s: %s part load fail, ret=%d\n", 992 __func__, boot_part.name, ret); 993 return ret; 994 } 995 *load_address = ret; 996 997 return 0; 998 } 999 1000 int android_bootloader_boot_flow(struct blk_desc *dev_desc, 1001 unsigned long load_address) 1002 { 1003 enum android_boot_mode mode = ANDROID_BOOT_MODE_NORMAL; 1004 disk_partition_t misc_part_info; 1005 int part_num; 1006 int ret; 1007 char *command_line; 1008 char slot_suffix[3] = {0}; 1009 const char *mode_cmdline = NULL; 1010 char *boot_partname = ANDROID_PARTITION_BOOT; 1011 ulong fdt_addr; 1012 1013 /* 1014 * 1. Load MISC partition and determine the boot mode 1015 * clear its value for the next boot if needed. 1016 */ 1017 part_num = part_get_info_by_name(dev_desc, ANDROID_PARTITION_MISC, 1018 &misc_part_info); 1019 if (part_num < 0) { 1020 printf("Could not find misc partition\n"); 1021 } else { 1022 #ifdef CONFIG_ANDROID_KEYMASTER_CA 1023 /* load attestation key from misc partition. */ 1024 load_attestation_key(dev_desc, &misc_part_info); 1025 #endif 1026 1027 mode = android_bootloader_load_and_clear_mode(dev_desc, 1028 &misc_part_info); 1029 #ifdef CONFIG_RKIMG_BOOTLOADER 1030 if (mode == ANDROID_BOOT_MODE_NORMAL) { 1031 if (rockchip_get_boot_mode() == BOOT_MODE_RECOVERY) 1032 mode = ANDROID_BOOT_MODE_RECOVERY; 1033 } 1034 #endif 1035 } 1036 1037 printf("ANDROID: reboot reason: \"%s\"\n", android_boot_mode_str(mode)); 1038 1039 #ifdef CONFIG_ANDROID_AB 1040 /*TODO: get from pre-loader or misc partition*/ 1041 if (rk_avb_get_current_slot(slot_suffix)) { 1042 printf("rk_avb_get_current_slot() failed\n"); 1043 return -1; 1044 } 1045 1046 AvbOps *ops; 1047 AvbABData ab_data; 1048 AvbABData ab_data_orig; 1049 size_t slot_index_to_boot = 0; 1050 1051 if (!strncmp(slot_suffix, "_a", 2)) 1052 slot_index_to_boot = 0; 1053 else if (!strncmp(slot_suffix, "_b", 2)) 1054 slot_index_to_boot = 1; 1055 else 1056 slot_index_to_boot = 0; 1057 ops = avb_ops_user_new(); 1058 if (ops == NULL) { 1059 printf("avb_ops_user_new() failed!\n"); 1060 return -1; 1061 } 1062 1063 if(load_metadata(ops->ab_ops, &ab_data, &ab_data_orig)) { 1064 printf("Can not load metadata\n"); 1065 return -1; 1066 } 1067 1068 /* ... and decrement tries remaining, if applicable. */ 1069 if (!ab_data.slots[slot_index_to_boot].successful_boot && 1070 ab_data.slots[slot_index_to_boot].tries_remaining > 0) { 1071 ab_data.slots[slot_index_to_boot].tries_remaining -= 1; 1072 } 1073 1074 if (save_metadata_if_changed(ops->ab_ops, &ab_data, &ab_data_orig)) { 1075 printf("Can not save metadata\n"); 1076 return -1; 1077 } 1078 1079 if (slot_suffix[0] != '_') { 1080 #ifndef CONFIG_ANDROID_AVB 1081 printf("###There is no bootable slot, bring up lastboot!###\n"); 1082 if (rk_get_lastboot() == 1) 1083 memcpy(slot_suffix, "_b", 2); 1084 else if(rk_get_lastboot() == 0) 1085 memcpy(slot_suffix, "_a", 2); 1086 else 1087 #endif 1088 return -1; 1089 } 1090 #endif 1091 1092 switch (mode) { 1093 case ANDROID_BOOT_MODE_NORMAL: 1094 /* In normal mode, we load the kernel from "boot" but append 1095 * "skip_initramfs" to the cmdline to make it ignore the 1096 * recovery initramfs in the boot partition. 1097 */ 1098 #ifdef CONFIG_ANDROID_AB 1099 mode_cmdline = "skip_initramfs"; 1100 #endif 1101 break; 1102 case ANDROID_BOOT_MODE_RECOVERY: 1103 /* In recovery mode we still boot the kernel from "boot" but 1104 * don't skip the initramfs so it boots to recovery. 1105 */ 1106 #ifndef CONFIG_ANDROID_AB 1107 boot_partname = ANDROID_PARTITION_RECOVERY; 1108 #endif 1109 break; 1110 case ANDROID_BOOT_MODE_BOOTLOADER: 1111 /* Bootloader mode enters fastboot. If this operation fails we 1112 * simply return since we can't recover from this situation by 1113 * switching to another slot. 1114 */ 1115 return android_bootloader_boot_bootloader(); 1116 } 1117 1118 #ifdef CONFIG_ANDROID_AVB 1119 uint8_t vboot_flag = 0; 1120 char vbmeta_partition[9] = {0}; 1121 disk_partition_t vbmeta_part_info; 1122 1123 if (trusty_read_vbootkey_enable_flag(&vboot_flag)) { 1124 printf("Can't read vboot flag\n"); 1125 return -1; 1126 } 1127 1128 if (vboot_flag) { 1129 printf("Vboot=1, SecureBoot enabled, AVB verify\n"); 1130 if (android_slot_verify(boot_partname, &load_address, 1131 slot_suffix)) { 1132 printf("AVB verify failed\n"); 1133 #ifdef CONFIG_ANDROID_AB 1134 printf("Reset in AB system.\n"); 1135 flushc(); 1136 /* 1137 * Since we use the retry-count in ab system, then can 1138 * try reboot if verify fail until the retry-count is 1139 * equal to zero. 1140 */ 1141 reset_cpu(0); 1142 #endif 1143 return -1; 1144 } 1145 } else { 1146 strcat(vbmeta_partition, ANDROID_PARTITION_VBMETA); 1147 strcat(vbmeta_partition, slot_suffix); 1148 part_num = part_get_info_by_name(dev_desc, vbmeta_partition, 1149 &vbmeta_part_info); 1150 if (part_num < 0) { 1151 printf("Not AVB images, AVB skip\n"); 1152 env_update("bootargs", 1153 "androidboot.verifiedbootstate=orange"); 1154 if (load_android_image(dev_desc, boot_partname, 1155 slot_suffix, &load_address)) { 1156 printf("Android image load failed\n"); 1157 return -1; 1158 } 1159 } else { 1160 printf("Vboot=0, AVB images, AVB verify\n"); 1161 if (android_slot_verify(boot_partname, &load_address, 1162 slot_suffix)) { 1163 printf("AVB verify failed\n"); 1164 #ifdef CONFIG_ANDROID_AB 1165 printf("Reset in AB system.\n"); 1166 flushc(); 1167 /* 1168 * Since we use the retry-count in ab system, 1169 * then can try reboot if verify fail until 1170 * the retry-count is equal to zero. 1171 */ 1172 reset_cpu(0); 1173 #endif 1174 return -1; 1175 } 1176 } 1177 } 1178 #else 1179 /* 1180 * 2. Load the boot/recovery from the desired "boot" partition. 1181 * Determine if this is an AOSP image. 1182 */ 1183 if (load_android_image(dev_desc, boot_partname, 1184 slot_suffix, &load_address)) { 1185 printf("Android image load failed\n"); 1186 return -1; 1187 } 1188 #endif 1189 1190 #ifdef CONFIG_ANDROID_AB 1191 /* In android a/b & avb process, the "root=" will be add which parameter 1192 * is in vbmeta.In linux a/b & avb process, the "root=" must be add by 1193 * follow code. To be compatible with the above two processes, test it 1194 * is necessary to add "root=". 1195 */ 1196 char root_partition[20] = {0}; 1197 char guid_buf[UUID_SIZE] = {0}; 1198 char root_partuuid[70] = "root=PARTUUID="; 1199 char *boot_args = env_get("bootargs"); 1200 1201 if (!strstr(boot_args, "root=")) { 1202 strcat(root_partition, ANDROID_PARTITION_SYSTEM); 1203 strcat(root_partition, slot_suffix); 1204 get_partition_unique_uuid(root_partition, guid_buf, UUID_SIZE); 1205 strcat(root_partuuid, guid_buf); 1206 env_update("bootargs", root_partuuid); 1207 } 1208 #endif 1209 1210 /* Set Android root variables. */ 1211 env_set_ulong("android_root_devnum", dev_desc->devnum); 1212 env_set("android_slotsufix", slot_suffix); 1213 1214 #ifdef CONFIG_FASTBOOT_OEM_UNLOCK 1215 /* read oem unlock status and attach to bootargs */ 1216 uint8_t unlock = 0; 1217 TEEC_Result result; 1218 char oem_unlock[OEM_UNLOCK_ARG_SIZE] = {0}; 1219 result = trusty_read_oem_unlock(&unlock); 1220 if (result) { 1221 printf("read oem unlock status with error : 0x%x\n", result); 1222 } else { 1223 snprintf(oem_unlock, OEM_UNLOCK_ARG_SIZE, "androidboot.oem_unlocked=%d", unlock); 1224 env_update("bootargs", oem_unlock); 1225 } 1226 #endif 1227 1228 /* Assemble the command line */ 1229 command_line = android_assemble_cmdline(slot_suffix, mode_cmdline); 1230 env_update("bootargs", command_line); 1231 1232 debug("ANDROID: bootargs: \"%s\"\n", command_line); 1233 1234 #ifdef CONFIG_SUPPORT_OEM_DTB 1235 if (android_bootloader_get_fdt(ANDROID_PARTITION_OEM, 1236 ANDROID_ARG_FDT_FILENAME)) { 1237 printf("Can not get the fdt data from oem!\n"); 1238 } 1239 #else 1240 ret = android_image_get_fdt((void *)load_address, &fdt_addr); 1241 if (!ret) 1242 env_set_hex("fdt_addr", fdt_addr); 1243 #endif 1244 #ifdef CONFIG_OPTEE_CLIENT 1245 if (trusty_notify_optee_uboot_end()) 1246 printf("Close optee client failed!\n"); 1247 #endif 1248 android_bootloader_boot_kernel(load_address); 1249 1250 /* TODO: If the kernel doesn't boot mark the selected slot as bad. */ 1251 return -1; 1252 } 1253 1254 int android_avb_boot_flow(char *slot_suffix, unsigned long kernel_address) 1255 { 1256 struct blk_desc *dev_desc; 1257 disk_partition_t boot_part_info; 1258 int ret; 1259 dev_desc = rockchip_get_bootdev(); 1260 if (!dev_desc) { 1261 printf("%s: dev_desc is NULL!\n", __func__); 1262 return -1; 1263 } 1264 /* Load the kernel from the desired "boot" partition. */ 1265 android_part_get_info_by_name_suffix(dev_desc, 1266 ANDROID_PARTITION_BOOT, 1267 slot_suffix, &boot_part_info); 1268 ret = android_image_load(dev_desc, &boot_part_info, kernel_address, 1269 -1UL); 1270 if (ret < 0) 1271 return ret; 1272 android_bootloader_boot_kernel(kernel_address); 1273 1274 /* TODO: If the kernel doesn't boot mark the selected slot as bad. */ 1275 return -1; 1276 } 1277 1278 int android_boot_flow(unsigned long kernel_address) 1279 { 1280 struct blk_desc *dev_desc; 1281 disk_partition_t boot_part_info; 1282 int ret; 1283 dev_desc = rockchip_get_bootdev(); 1284 if (!dev_desc) { 1285 printf("%s: dev_desc is NULL!\n", __func__); 1286 return -1; 1287 } 1288 /* Load the kernel from the desired "boot" partition. */ 1289 part_get_info_by_name(dev_desc, ANDROID_PARTITION_BOOT, &boot_part_info); 1290 ret = android_image_load(dev_desc, &boot_part_info, kernel_address, 1291 -1UL); 1292 if (ret < 0) 1293 return ret; 1294 android_bootloader_boot_kernel(kernel_address); 1295 1296 /* TODO: If the kernel doesn't boot mark the selected slot as bad. */ 1297 return -1; 1298 } 1299