1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * SPDX-License-Identifier: BSD-2-Clause 5 */ 6 7 #include <android_bootloader.h> 8 #include <android_bootloader_message.h> 9 #include <android_avb/avb_slot_verify.h> 10 #include <android_avb/avb_ops_user.h> 11 #include <android_avb/rk_avb_ops_user.h> 12 #include <android_image.h> 13 #include <asm/arch/hotkey.h> 14 #include <cli.h> 15 #include <common.h> 16 #include <dt_table.h> 17 #include <image-android-dt.h> 18 #include <malloc.h> 19 #include <fdt_support.h> 20 #include <fs.h> 21 #include <boot_rkimg.h> 22 #include <attestation_key.h> 23 #include <keymaster.h> 24 #include <linux/libfdt_env.h> 25 #include <optee_include/OpteeClientInterface.h> 26 #include <bidram.h> 27 #include <console.h> 28 #include <sysmem.h> 29 30 DECLARE_GLOBAL_DATA_PTR; 31 32 #define ANDROID_PARTITION_BOOT "boot" 33 #define ANDROID_PARTITION_MISC "misc" 34 #define ANDROID_PARTITION_OEM "oem" 35 #define ANDROID_PARTITION_RECOVERY "recovery" 36 #define ANDROID_PARTITION_SYSTEM "system" 37 #define ANDROID_PARTITION_VBMETA "vbmeta" 38 39 #define ANDROID_ARG_SLOT_SUFFIX "androidboot.slot_suffix=" 40 #define ANDROID_ARG_ROOT "root=" 41 #define ANDROID_ARG_SERIALNO "androidboot.serialno=" 42 #define ANDROID_VERIFY_STATE "androidboot.verifiedbootstate=" 43 #ifdef CONFIG_ROCKCHIP_RESOURCE_IMAGE 44 #define ANDROID_ARG_FDT_FILENAME "rk-kernel.dtb" 45 #define BOOTLOADER_MESSAGE_OFFSET_IN_MISC (16 * 1024) 46 #define BOOTLOADER_MESSAGE_BLK_OFFSET (BOOTLOADER_MESSAGE_OFFSET_IN_MISC >> 9) 47 #else 48 #define ANDROID_ARG_FDT_FILENAME "kernel.dtb" 49 #endif 50 #define OEM_UNLOCK_ARG_SIZE 30 51 #define UUID_SIZE 37 52 53 #ifdef CONFIG_ANDROID_AB 54 static int get_partition_unique_uuid(char *partition, 55 char *guid_buf, 56 size_t guid_buf_size) 57 { 58 struct blk_desc *dev_desc; 59 disk_partition_t part_info; 60 61 dev_desc = rockchip_get_bootdev(); 62 if (!dev_desc) { 63 printf("%s: Could not find device\n", __func__); 64 return -1; 65 } 66 67 if (part_get_info_by_name(dev_desc, partition, &part_info) < 0) { 68 printf("Could not find \"%s\" partition\n", partition); 69 return -1; 70 } 71 72 if (guid_buf && guid_buf_size > 0) 73 memcpy(guid_buf, part_info.uuid, guid_buf_size); 74 75 return 0; 76 } 77 #endif 78 79 char *android_str_append(char *base_name, char *slot_suffix) 80 { 81 char *part_name; 82 size_t part_name_len; 83 84 part_name_len = strlen(base_name) + 1; 85 if (slot_suffix) 86 part_name_len += strlen(slot_suffix); 87 part_name = malloc(part_name_len); 88 if (!part_name) 89 return NULL; 90 strcpy(part_name, base_name); 91 if (slot_suffix && (slot_suffix[0] != '\0')) 92 strcat(part_name, slot_suffix); 93 94 return part_name; 95 } 96 97 int android_bootloader_message_load( 98 struct blk_desc *dev_desc, 99 const disk_partition_t *part_info, 100 struct android_bootloader_message *message) 101 { 102 ulong message_blocks = sizeof(struct android_bootloader_message) / 103 part_info->blksz; 104 if (message_blocks > part_info->size) { 105 printf("misc partition too small.\n"); 106 return -1; 107 } 108 109 #ifdef CONFIG_RKIMG_BOOTLOADER 110 if (blk_dread(dev_desc, part_info->start + BOOTLOADER_MESSAGE_BLK_OFFSET, 111 message_blocks, message) != 112 #else 113 if (blk_dread(dev_desc, part_info->start, message_blocks, message) != 114 #endif 115 message_blocks) { 116 printf("Could not read from misc partition\n"); 117 return -1; 118 } 119 debug("ANDROID: Loaded BCB, %lu blocks.\n", message_blocks); 120 return 0; 121 } 122 123 static int android_bootloader_message_write( 124 struct blk_desc *dev_desc, 125 const disk_partition_t *part_info, 126 struct android_bootloader_message *message) 127 { 128 #ifdef CONFIG_RKIMG_BOOTLOADER 129 ulong message_blocks = sizeof(struct android_bootloader_message) / 130 part_info->blksz + BOOTLOADER_MESSAGE_BLK_OFFSET; 131 #else 132 ulong message_blocks = sizeof(struct android_bootloader_message) / 133 part_info->blksz; 134 #endif 135 if (message_blocks > part_info->size) { 136 printf("misc partition too small.\n"); 137 return -1; 138 } 139 140 if (blk_dwrite(dev_desc, part_info->start, message_blocks, message) != 141 message_blocks) { 142 printf("Could not write to misc partition\n"); 143 return -1; 144 } 145 debug("ANDROID: Wrote new BCB, %lu blocks.\n", message_blocks); 146 return 0; 147 } 148 149 static enum android_boot_mode android_bootloader_load_and_clear_mode( 150 struct blk_desc *dev_desc, 151 const disk_partition_t *misc_part_info) 152 { 153 struct android_bootloader_message bcb; 154 155 #ifdef CONFIG_FASTBOOT 156 char *bootloader_str; 157 158 /* Check for message from bootloader stored in RAM from a previous boot. 159 */ 160 bootloader_str = (char *)CONFIG_FASTBOOT_BUF_ADDR; 161 if (!strcmp("reboot-bootloader", bootloader_str)) { 162 bootloader_str[0] = '\0'; 163 return ANDROID_BOOT_MODE_BOOTLOADER; 164 } 165 #endif 166 167 /* Check and update the BCB message if needed. */ 168 if (android_bootloader_message_load(dev_desc, misc_part_info, &bcb) < 169 0) { 170 printf("WARNING: Unable to load the BCB.\n"); 171 return ANDROID_BOOT_MODE_NORMAL; 172 } 173 174 if (!strcmp("bootonce-bootloader", bcb.command)) { 175 /* Erase the message in the BCB since this value should be used 176 * only once. 177 */ 178 memset(bcb.command, 0, sizeof(bcb.command)); 179 android_bootloader_message_write(dev_desc, misc_part_info, 180 &bcb); 181 return ANDROID_BOOT_MODE_BOOTLOADER; 182 } 183 184 if (!strcmp("boot-recovery", bcb.command)) 185 return ANDROID_BOOT_MODE_RECOVERY; 186 187 if (!strcmp("boot-fastboot", bcb.command)) 188 return ANDROID_BOOT_MODE_RECOVERY; 189 190 return ANDROID_BOOT_MODE_NORMAL; 191 } 192 193 /** 194 * Return the reboot reason string for the passed boot mode. 195 * 196 * @param mode The Android Boot mode. 197 * @return a pointer to the reboot reason string for mode. 198 */ 199 static const char *android_boot_mode_str(enum android_boot_mode mode) 200 { 201 switch (mode) { 202 case ANDROID_BOOT_MODE_NORMAL: 203 return "(none)"; 204 case ANDROID_BOOT_MODE_RECOVERY: 205 return "recovery"; 206 case ANDROID_BOOT_MODE_BOOTLOADER: 207 return "bootloader"; 208 } 209 return NULL; 210 } 211 212 static int android_part_get_info_by_name_suffix(struct blk_desc *dev_desc, 213 const char *base_name, 214 const char *slot_suffix, 215 disk_partition_t *part_info) 216 { 217 char *part_name; 218 int part_num; 219 size_t part_name_len; 220 221 part_name_len = strlen(base_name) + 1; 222 if (slot_suffix) 223 part_name_len += strlen(slot_suffix); 224 part_name = malloc(part_name_len); 225 if (!part_name) 226 return -1; 227 strcpy(part_name, base_name); 228 if (slot_suffix && (slot_suffix[0] != '\0')) 229 strcat(part_name, slot_suffix); 230 231 part_num = part_get_info_by_name(dev_desc, part_name, part_info); 232 if (part_num < 0) { 233 debug("ANDROID: Could not find partition \"%s\"\n", part_name); 234 part_num = -1; 235 } 236 237 free(part_name); 238 return part_num; 239 } 240 241 static int android_bootloader_boot_bootloader(void) 242 { 243 const char *fastboot_cmd = env_get("fastbootcmd"); 244 245 if (fastboot_cmd == NULL) { 246 printf("fastboot_cmd is null, run default fastboot_cmd!\n"); 247 fastboot_cmd = "fastboot usb 0"; 248 } 249 250 return run_command(fastboot_cmd, CMD_FLAG_ENV); 251 } 252 253 #ifdef CONFIG_SUPPORT_OEM_DTB 254 static int android_bootloader_get_fdt(const char *part_name, 255 const char *load_file_name) 256 { 257 struct blk_desc *dev_desc; 258 disk_partition_t boot_part_info; 259 char *fdt_addr = NULL; 260 char slot_suffix[5] = {0}; 261 char dev_part[3] = {0}; 262 loff_t bytes = 0; 263 loff_t pos = 0; 264 loff_t len_read; 265 unsigned long addr = 0; 266 int part_num = -1; 267 int ret; 268 269 dev_desc = rockchip_get_bootdev(); 270 if (!dev_desc) { 271 printf("%s: dev_desc is NULL!\n", __func__); 272 return -1; 273 } 274 275 memset(&boot_part_info, 0, sizeof(boot_part_info)); 276 277 #ifdef CONFIG_RK_AVB_LIBAVB_USER 278 if (rk_avb_get_current_slot(slot_suffix)) { 279 printf("ANDROID: Get Current Slot error.\n"); 280 return -1; 281 } 282 283 part_num = android_part_get_info_by_name_suffix(dev_desc, 284 part_name, 285 slot_suffix, &boot_part_info); 286 #else 287 part_num = part_get_info_by_name(dev_desc, part_name, &boot_part_info); 288 if (part_num < 0) { 289 printf("ANDROID: Could not find partition \"%s\"\n", part_name); 290 return -1; 291 } 292 #endif 293 294 snprintf(dev_part, ARRAY_SIZE(dev_part), ":%x", part_num); 295 if (fs_set_blk_dev_with_part(dev_desc, part_num)) 296 return -1; 297 298 fdt_addr = env_get("fdt_addr_r"); 299 if (!fdt_addr) { 300 printf("ANDROID: No Found FDT Load Address.\n"); 301 return -1; 302 } 303 addr = simple_strtoul(fdt_addr, NULL, 16); 304 305 ret = fs_read(load_file_name, addr, pos, bytes, &len_read); 306 if (ret < 0) 307 return -1; 308 309 return 0; 310 } 311 #endif 312 313 /* 314 * Test on RK3308 AARCH64 mode (Cortex A35 816 MHZ) boot with eMMC: 315 * 316 * |-------------------------------------------------------------------| 317 * | Format | Size(Byte) | Ratio | Decomp time(ms) | Boot time(ms) | 318 * |-------------------------------------------------------------------| 319 * | Image | 7720968 | | | 488 | 320 * |-------------------------------------------------------------------| 321 * | Image.lz4 | 4119448 | 53% | 59 | 455 | 322 * |-------------------------------------------------------------------| 323 * | Image.lzo | 3858322 | 49% | 141 | 536 | 324 * |-------------------------------------------------------------------| 325 * | Image.gz | 3529108 | 45% | 222 | 609 | 326 * |-------------------------------------------------------------------| 327 * | Image.bz2 | 3295914 | 42% | 2940 | | 328 * |-------------------------------------------------------------------| 329 * | Image.lzma| 2683750 | 34% | | | 330 * |-------------------------------------------------------------------| 331 */ 332 static int sysmem_alloc_uncomp_kernel(ulong andr_hdr, 333 ulong uncomp_kaddr, u32 comp) 334 { 335 struct andr_img_hdr *hdr = (struct andr_img_hdr *)andr_hdr; 336 ulong ksize, kaddr; 337 338 if (comp != IH_COMP_NONE) { 339 /* Release compressed sysmem */ 340 kaddr = env_get_hex("kernel_addr_c", 0); 341 if (!kaddr) 342 kaddr = env_get_hex("kernel_addr_r", 0); 343 kaddr -= hdr->page_size; 344 if (sysmem_free((phys_addr_t)kaddr)) 345 return -EINVAL; 346 347 /* 348 * Use smaller Ratio to get larger estimated uncompress 349 * kernel size. 350 */ 351 if (comp == IH_COMP_ZIMAGE) 352 ksize = hdr->kernel_size * 100 / 45; 353 else if (comp == IH_COMP_LZ4) 354 ksize = hdr->kernel_size * 100 / 50; 355 else if (comp == IH_COMP_LZO) 356 ksize = hdr->kernel_size * 100 / 45; 357 else if (comp == IH_COMP_GZIP) 358 ksize = hdr->kernel_size * 100 / 40; 359 else if (comp == IH_COMP_BZIP2) 360 ksize = hdr->kernel_size * 100 / 40; 361 else if (comp == IH_COMP_LZMA) 362 ksize = hdr->kernel_size * 100 / 30; 363 else 364 ksize = hdr->kernel_size; 365 366 kaddr = uncomp_kaddr; 367 ksize = ALIGN(ksize, 512); 368 if (!sysmem_alloc_base(MEMBLK_ID_UNCOMP_KERNEL, 369 (phys_addr_t)kaddr, ksize)) 370 return -ENOMEM; 371 372 hotkey_run(HK_SYSMEM); 373 } 374 375 return 0; 376 } 377 378 int android_bootloader_boot_kernel(unsigned long kernel_address) 379 { 380 char *kernel_addr_r = env_get("kernel_addr_r"); 381 char *kernel_addr_c = env_get("kernel_addr_c"); 382 char *fdt_addr = env_get("fdt_addr"); 383 char kernel_addr_str[12]; 384 char comp_str[32] = {0}; 385 ulong comp_type; 386 const char *comp_name[] = { 387 [IH_COMP_NONE] = "IMAGE", 388 [IH_COMP_GZIP] = "GZIP", 389 [IH_COMP_BZIP2] = "BZIP2", 390 [IH_COMP_LZMA] = "LZMA", 391 [IH_COMP_LZO] = "LZO", 392 [IH_COMP_LZ4] = "LZ4", 393 [IH_COMP_ZIMAGE]= "ZIMAGE", 394 }; 395 char *bootm_args[] = { 396 "bootm", kernel_addr_str, kernel_addr_str, fdt_addr, NULL }; 397 398 comp_type = env_get_ulong("os_comp", 10, 0); 399 sprintf(kernel_addr_str, "0x%08lx", kernel_address); 400 401 if (comp_type != IH_COMP_NONE) { 402 if (comp_type == IH_COMP_ZIMAGE && 403 kernel_addr_r && !kernel_addr_c) { 404 kernel_addr_c = kernel_addr_r; 405 kernel_addr_r = __stringify(CONFIG_SYS_SDRAM_BASE); 406 } 407 snprintf(comp_str, 32, "%s%s%s", 408 "(Uncompress to ", kernel_addr_r, ")"); 409 } 410 411 printf("Booting %s kernel at %s%s with fdt at %s...\n\n\n", 412 comp_name[comp_type], 413 comp_type != IH_COMP_NONE ? kernel_addr_c : kernel_addr_r, 414 comp_str, fdt_addr); 415 416 hotkey_run(HK_SYSMEM); 417 418 /* 419 * Check whether there is enough space for uncompress kernel, 420 * Actually, here only gives a sysmem warning message when failed 421 * but never return -1. 422 */ 423 if (sysmem_alloc_uncomp_kernel(kernel_address, 424 simple_strtoul(kernel_addr_r, NULL, 16), 425 comp_type)) 426 return -1; 427 428 /* Check sysmem overflow */ 429 sysmem_overflow_check(); 430 431 do_bootm(NULL, 0, 4, bootm_args); 432 433 return -1; 434 } 435 436 static char *strjoin(const char **chunks, char separator) 437 { 438 int len, joined_len = 0; 439 char *ret, *current; 440 const char **p; 441 442 for (p = chunks; *p; p++) 443 joined_len += strlen(*p) + 1; 444 445 if (!joined_len) { 446 ret = malloc(1); 447 if (ret) 448 ret[0] = '\0'; 449 return ret; 450 } 451 452 ret = malloc(joined_len); 453 current = ret; 454 if (!ret) 455 return ret; 456 457 for (p = chunks; *p; p++) { 458 len = strlen(*p); 459 memcpy(current, *p, len); 460 current += len; 461 *current = separator; 462 current++; 463 } 464 /* Replace the last separator by a \0. */ 465 current[-1] = '\0'; 466 return ret; 467 } 468 469 /** android_assemble_cmdline - Assemble the command line to pass to the kernel 470 * @return a newly allocated string 471 */ 472 char *android_assemble_cmdline(const char *slot_suffix, 473 const char *extra_args) 474 { 475 const char *cmdline_chunks[16]; 476 const char **current_chunk = cmdline_chunks; 477 char *env_cmdline, *cmdline, *rootdev_input, *serialno; 478 char *allocated_suffix = NULL; 479 char *allocated_serialno = NULL; 480 char *allocated_rootdev = NULL; 481 unsigned long rootdev_len; 482 483 env_cmdline = env_get("bootargs"); 484 if (env_cmdline) 485 *(current_chunk++) = env_cmdline; 486 487 /* The |slot_suffix| needs to be passed to the kernel to know what 488 * slot to boot from. 489 */ 490 if (slot_suffix) { 491 allocated_suffix = malloc(strlen(ANDROID_ARG_SLOT_SUFFIX) + 492 strlen(slot_suffix) + 1); 493 memset(allocated_suffix, 0, strlen(ANDROID_ARG_SLOT_SUFFIX) 494 + strlen(slot_suffix) + 1); 495 strcpy(allocated_suffix, ANDROID_ARG_SLOT_SUFFIX); 496 strcat(allocated_suffix, slot_suffix); 497 *(current_chunk++) = allocated_suffix; 498 } 499 500 serialno = env_get("serial#"); 501 if (serialno) { 502 allocated_serialno = malloc(strlen(ANDROID_ARG_SERIALNO) + 503 strlen(serialno) + 1); 504 memset(allocated_serialno, 0, strlen(ANDROID_ARG_SERIALNO) + 505 strlen(serialno) + 1); 506 strcpy(allocated_serialno, ANDROID_ARG_SERIALNO); 507 strcat(allocated_serialno, serialno); 508 *(current_chunk++) = allocated_serialno; 509 } 510 511 rootdev_input = env_get("android_rootdev"); 512 if (rootdev_input) { 513 rootdev_len = strlen(ANDROID_ARG_ROOT) + CONFIG_SYS_CBSIZE + 1; 514 allocated_rootdev = malloc(rootdev_len); 515 strcpy(allocated_rootdev, ANDROID_ARG_ROOT); 516 cli_simple_process_macros(rootdev_input, 517 allocated_rootdev + 518 strlen(ANDROID_ARG_ROOT)); 519 /* Make sure that the string is null-terminated since the 520 * previous could not copy to the end of the input string if it 521 * is too big. 522 */ 523 allocated_rootdev[rootdev_len - 1] = '\0'; 524 *(current_chunk++) = allocated_rootdev; 525 } 526 527 if (extra_args) 528 *(current_chunk++) = extra_args; 529 530 *(current_chunk++) = NULL; 531 cmdline = strjoin(cmdline_chunks, ' '); 532 free(allocated_suffix); 533 free(allocated_rootdev); 534 return cmdline; 535 } 536 537 #ifdef CONFIG_ANDROID_AVB 538 static void slot_set_unbootable(AvbABSlotData* slot) 539 { 540 slot->priority = 0; 541 slot->tries_remaining = 0; 542 slot->successful_boot = 0; 543 } 544 545 static AvbSlotVerifyResult android_slot_verify(char *boot_partname, 546 unsigned long *android_load_address, 547 char *slot_suffix) 548 { 549 const char *requested_partitions[1] = {NULL}; 550 uint8_t unlocked = true; 551 AvbOps *ops; 552 AvbSlotVerifyFlags flags; 553 AvbSlotVerifyData *slot_data[1] = {NULL}; 554 AvbSlotVerifyResult verify_result; 555 AvbABData ab_data, ab_data_orig; 556 size_t slot_index_to_boot = 0; 557 char verify_state[38] = {0}; 558 char can_boot = 1; 559 unsigned long load_address = *android_load_address; 560 struct andr_img_hdr *hdr; 561 562 requested_partitions[0] = boot_partname; 563 ops = avb_ops_user_new(); 564 if (ops == NULL) { 565 printf("avb_ops_user_new() failed!\n"); 566 return AVB_SLOT_VERIFY_RESULT_ERROR_OOM; 567 } 568 569 if (ops->read_is_device_unlocked(ops, (bool *)&unlocked) != AVB_IO_RESULT_OK) 570 printf("Error determining whether device is unlocked.\n"); 571 572 printf("read_is_device_unlocked() ops returned that device is %s\n", 573 (unlocked & LOCK_MASK)? "UNLOCKED" : "LOCKED"); 574 575 flags = AVB_SLOT_VERIFY_FLAGS_NONE; 576 if (unlocked & LOCK_MASK) 577 flags |= AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR; 578 579 if(load_metadata(ops->ab_ops, &ab_data, &ab_data_orig)) { 580 printf("Can not load metadata\n"); 581 return AVB_SLOT_VERIFY_RESULT_ERROR_IO; 582 } 583 584 if (!strncmp(slot_suffix, "_a", 2)) 585 slot_index_to_boot = 0; 586 else if (!strncmp(slot_suffix, "_b", 2)) 587 slot_index_to_boot = 1; 588 else 589 slot_index_to_boot = 0; 590 591 verify_result = 592 avb_slot_verify(ops, 593 requested_partitions, 594 slot_suffix, 595 flags, 596 AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE, 597 &slot_data[0]); 598 599 strcat(verify_state, ANDROID_VERIFY_STATE); 600 switch (verify_result) { 601 case AVB_SLOT_VERIFY_RESULT_OK: 602 if (unlocked & LOCK_MASK) 603 strcat(verify_state, "orange"); 604 else 605 strcat(verify_state, "green"); 606 break; 607 case AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED: 608 if (unlocked & LOCK_MASK) 609 strcat(verify_state, "orange"); 610 else 611 strcat(verify_state, "yellow"); 612 break; 613 case AVB_SLOT_VERIFY_RESULT_ERROR_OOM: 614 case AVB_SLOT_VERIFY_RESULT_ERROR_IO: 615 case AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA: 616 case AVB_SLOT_VERIFY_RESULT_ERROR_UNSUPPORTED_VERSION: 617 case AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION: 618 case AVB_SLOT_VERIFY_RESULT_ERROR_ROLLBACK_INDEX: 619 default: 620 if (unlocked & LOCK_MASK) 621 strcat(verify_state, "orange"); 622 else 623 strcat(verify_state, "red"); 624 break; 625 } 626 627 if (!slot_data[0]) { 628 can_boot = 0; 629 goto out; 630 } 631 632 if (verify_result == AVB_SLOT_VERIFY_RESULT_OK || 633 verify_result == AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED || 634 (unlocked & LOCK_MASK)) { 635 int len = 0; 636 char *bootargs, *newbootargs; 637 638 if (*slot_data[0]->cmdline) { 639 debug("Kernel command line: %s\n", slot_data[0]->cmdline); 640 len += strlen(slot_data[0]->cmdline); 641 } 642 643 bootargs = env_get("bootargs"); 644 if (bootargs) 645 len += strlen(bootargs); 646 647 newbootargs = malloc(len + 2); 648 649 if (!newbootargs) { 650 puts("Error: malloc in android_slot_verify failed!\n"); 651 return AVB_SLOT_VERIFY_RESULT_ERROR_OOM; 652 } 653 *newbootargs = '\0'; 654 655 if (bootargs) { 656 strcpy(newbootargs, bootargs); 657 strcat(newbootargs, " "); 658 } 659 if (*slot_data[0]->cmdline) 660 strcat(newbootargs, slot_data[0]->cmdline); 661 env_set("bootargs", newbootargs); 662 663 /* Reserve page_size */ 664 hdr = (void *)slot_data[0]->loaded_partitions->data; 665 load_address -= hdr->page_size; 666 *android_load_address = load_address; 667 668 #ifdef CONFIG_ANDROID_BOOT_IMAGE_SEPARATE 669 android_image_memcpy_separate(hdr, (void *)load_address); 670 #else 671 memcpy((uint8_t *)load_address, 672 slot_data[0]->loaded_partitions->data, 673 slot_data[0]->loaded_partitions->data_size); 674 #endif 675 } else { 676 slot_set_unbootable(&ab_data.slots[slot_index_to_boot]); 677 } 678 679 out: 680 #if defined(CONFIG_ANDROID_AB) && !defined(CONFIG_ANDROID_AVB) 681 /* 682 * In ab & avb process, the tries_remaining minus one in function 683 * android_slot_verify, shield this function here. 684 */ 685 /* ... and decrement tries remaining, if applicable. */ 686 if (!ab_data.slots[slot_index_to_boot].successful_boot && 687 ab_data.slots[slot_index_to_boot].tries_remaining > 0) { 688 ab_data.slots[slot_index_to_boot].tries_remaining -= 1; 689 } 690 #endif 691 env_update("bootargs", verify_state); 692 if (save_metadata_if_changed(ops->ab_ops, &ab_data, &ab_data_orig)) { 693 printf("Can not save metadata\n"); 694 verify_result = AVB_SLOT_VERIFY_RESULT_ERROR_IO; 695 } 696 697 if (slot_data[0] != NULL) 698 avb_slot_verify_data_free(slot_data[0]); 699 700 if ((unlocked & LOCK_MASK) && can_boot) 701 return 0; 702 else 703 return verify_result; 704 } 705 #endif 706 707 #if defined(CONFIG_CMD_DTIMG) && defined(CONFIG_OF_LIBFDT_OVERLAY) 708 709 /* 710 * Default return index 0. 711 */ 712 __weak int board_select_fdt_index(ulong dt_table_hdr) 713 { 714 /* 715 * User can use "dt_for_each_entry(entry, hdr, idx)" to iterate 716 * over all dt entry of DT image and pick up which they want. 717 * 718 * Example: 719 * struct dt_table_entry *entry; 720 * int index; 721 * 722 * dt_for_each_entry(entry, dt_table_hdr, index) { 723 * 724 * .... (use entry) 725 * } 726 * 727 * return index; 728 */ 729 return 0; 730 } 731 732 static int android_get_dtbo(ulong *fdt_dtbo, 733 const struct andr_img_hdr *hdr, 734 int *index) 735 { 736 struct dt_table_header *dt_hdr = NULL; 737 struct blk_desc *dev_desc; 738 const char *part_name; 739 disk_partition_t part_info; 740 u32 blk_offset, blk_cnt; 741 void *buf; 742 ulong e_addr; 743 u32 e_size; 744 int e_idx; 745 int ret; 746 747 /* Get partition according to boot mode */ 748 if (rockchip_get_boot_mode() == BOOT_MODE_RECOVERY) 749 part_name = PART_RECOVERY; 750 else 751 part_name = PART_DTBO; 752 753 /* Get partition info */ 754 dev_desc = rockchip_get_bootdev(); 755 if (!dev_desc) { 756 printf("%s: dev_desc is NULL!\n", __func__); 757 return -ENODEV; 758 } 759 760 ret = part_get_info_by_name(dev_desc, part_name, &part_info); 761 if (ret < 0) { 762 printf("%s: failed to get %s part info, ret=%d\n", 763 __func__, part_name, ret); 764 return ret; 765 } 766 767 /* Check dt table header */ 768 if (!strcmp(part_name, PART_RECOVERY)) 769 blk_offset = part_info.start + 770 (hdr->recovery_dtbo_offset / part_info.blksz); 771 else 772 blk_offset = part_info.start; 773 774 dt_hdr = memalign(ARCH_DMA_MINALIGN, part_info.blksz); 775 if (!dt_hdr) { 776 printf("%s: out of memory for dt header!\n", __func__); 777 return -ENOMEM; 778 } 779 780 ret = blk_dread(dev_desc, blk_offset, 1, dt_hdr); 781 if (ret != 1) { 782 printf("%s: failed to read dt table header\n", 783 __func__); 784 goto out1; 785 } 786 787 if (!android_dt_check_header((ulong)dt_hdr)) { 788 printf("%s: Error: invalid dt table header: 0x%x\n", 789 __func__, dt_hdr->magic); 790 ret = -EINVAL; 791 goto out1; 792 } 793 794 #ifdef DEBUG 795 android_dt_print_contents((ulong)dt_hdr); 796 #endif 797 798 blk_cnt = DIV_ROUND_UP(fdt32_to_cpu(dt_hdr->total_size), 799 part_info.blksz); 800 /* Read all DT Image */ 801 buf = memalign(ARCH_DMA_MINALIGN, part_info.blksz * blk_cnt); 802 if (!buf) { 803 printf("%s: out of memory for %s part!\n", __func__, part_name); 804 ret = -ENOMEM; 805 goto out1; 806 } 807 808 ret = blk_dread(dev_desc, blk_offset, blk_cnt, buf); 809 if (ret != blk_cnt) { 810 printf("%s: failed to read dtbo, blk_cnt=%d, ret=%d\n", 811 __func__, blk_cnt, ret); 812 goto out2; 813 } 814 815 e_idx = board_select_fdt_index((ulong)buf); 816 if (e_idx < 0) { 817 printf("%s: failed to select board fdt index\n", __func__); 818 ret = -EINVAL; 819 goto out2; 820 } 821 822 ret = android_dt_get_fdt_by_index((ulong)buf, e_idx, &e_addr, &e_size); 823 if (!ret) { 824 printf("%s: failed to get fdt, index=%d\n", __func__, e_idx); 825 ret = -EINVAL; 826 goto out2; 827 } 828 829 if (fdt_dtbo) 830 *fdt_dtbo = e_addr; 831 if (index) 832 *index = e_idx; 833 834 free(dt_hdr); 835 debug("ANDROID: Loading dt entry to 0x%lx size 0x%x idx %d from \"%s\" part\n", 836 e_addr, e_size, e_idx, part_name); 837 838 return 0; 839 840 out2: 841 free(buf); 842 out1: 843 free(dt_hdr); 844 845 return ret; 846 } 847 848 int android_fdt_overlay_apply(void *fdt_addr) 849 { 850 struct andr_img_hdr *hdr; 851 struct blk_desc *dev_desc; 852 const char *part_name; 853 disk_partition_t part_info; 854 char buf[32] = {0}; 855 u32 blk_cnt; 856 ulong fdt_dtbo = -1; 857 int index = -1; 858 int ret; 859 860 /* Get partition according to boot mode */ 861 if (rockchip_get_boot_mode() == BOOT_MODE_RECOVERY) 862 part_name = PART_RECOVERY; 863 else 864 part_name = PART_BOOT; 865 866 /* Get partition info */ 867 dev_desc = rockchip_get_bootdev(); 868 if (!dev_desc) { 869 printf("%s: dev_desc is NULL!\n", __func__); 870 return -ENODEV; 871 } 872 873 ret = part_get_info_by_name(dev_desc, part_name, &part_info); 874 if (ret < 0) { 875 printf("%s: failed to get %s part info, ret=%d\n", 876 __func__, part_name, ret); 877 return ret; 878 } 879 880 blk_cnt = DIV_ROUND_UP(sizeof(*hdr), part_info.blksz); 881 hdr = memalign(ARCH_DMA_MINALIGN, part_info.blksz * blk_cnt); 882 if (!hdr) { 883 printf("%s: out of memory!\n", __func__); 884 return -ENOMEM; 885 } 886 887 ret = blk_dread(dev_desc, part_info.start, blk_cnt, hdr); 888 if (ret != blk_cnt) { 889 printf("%s: failed to read %s hdr!\n", __func__, part_name); 890 goto out; 891 } 892 893 #ifdef DEBUG 894 android_print_contents(hdr); 895 #endif 896 897 if (android_image_check_header(hdr)) 898 return -EINVAL; 899 900 /* Check header version */ 901 if (!hdr->header_version) { 902 printf("Android header version 0\n"); 903 ret = -EINVAL; 904 goto out; 905 } 906 907 ret = android_get_dtbo(&fdt_dtbo, (void *)hdr, &index); 908 if (!ret) { 909 phys_size_t fdt_size; 910 /* Must incease size before overlay */ 911 fdt_size = fdt_totalsize((void *)fdt_addr) + 912 fdt_totalsize((void *)fdt_dtbo); 913 if (sysmem_free((phys_addr_t)fdt_addr)) 914 goto out; 915 916 if (!sysmem_alloc_base(MEMBLK_ID_FDT_DTBO, 917 (phys_addr_t)fdt_addr, 918 fdt_size + CONFIG_SYS_FDT_PAD)) 919 goto out; 920 fdt_increase_size(fdt_addr, fdt_totalsize((void *)fdt_dtbo)); 921 ret = fdt_overlay_apply(fdt_addr, (void *)fdt_dtbo); 922 if (!ret) { 923 snprintf(buf, 32, "%s%d", "androidboot.dtbo_idx=", index); 924 env_update("bootargs", buf); 925 printf("ANDROID: fdt overlay OK\n"); 926 } else { 927 printf("ANDROID: fdt overlay failed, ret=%d\n", ret); 928 } 929 } 930 931 out: 932 free(hdr); 933 934 return 0; 935 } 936 #endif 937 938 static int load_android_image(struct blk_desc *dev_desc, 939 char *boot_partname, 940 char *slot_suffix, 941 unsigned long *load_address) 942 { 943 disk_partition_t boot_part; 944 int ret, part_num; 945 946 part_num = android_part_get_info_by_name_suffix(dev_desc, 947 boot_partname, 948 slot_suffix, 949 &boot_part); 950 if (part_num < 0) { 951 printf("%s: Can't find part: %s\n", __func__, boot_partname); 952 return -1; 953 } 954 debug("ANDROID: Loading kernel from \"%s\", partition %d.\n", 955 boot_part.name, part_num); 956 957 ret = android_image_load(dev_desc, &boot_part, *load_address, -1UL); 958 if (ret < 0) { 959 debug("%s: %s part load fail, ret=%d\n", 960 __func__, boot_part.name, ret); 961 return ret; 962 } 963 *load_address = ret; 964 965 return 0; 966 } 967 968 int android_bootloader_boot_flow(struct blk_desc *dev_desc, 969 unsigned long load_address) 970 { 971 enum android_boot_mode mode = ANDROID_BOOT_MODE_NORMAL; 972 disk_partition_t misc_part_info; 973 int part_num; 974 int ret; 975 char *command_line; 976 char slot_suffix[3] = {0}; 977 const char *mode_cmdline = NULL; 978 char *boot_partname = ANDROID_PARTITION_BOOT; 979 ulong fdt_addr; 980 981 /* 982 * 1. Load MISC partition and determine the boot mode 983 * clear its value for the next boot if needed. 984 */ 985 part_num = part_get_info_by_name(dev_desc, ANDROID_PARTITION_MISC, 986 &misc_part_info); 987 if (part_num < 0) { 988 printf("Could not find misc partition\n"); 989 } else { 990 #ifdef CONFIG_ANDROID_KEYMASTER_CA 991 /* load attestation key from misc partition. */ 992 load_attestation_key(dev_desc, &misc_part_info); 993 #endif 994 995 mode = android_bootloader_load_and_clear_mode(dev_desc, 996 &misc_part_info); 997 #ifdef CONFIG_RKIMG_BOOTLOADER 998 if (mode == ANDROID_BOOT_MODE_NORMAL) { 999 if (rockchip_get_boot_mode() == BOOT_MODE_RECOVERY) 1000 mode = ANDROID_BOOT_MODE_RECOVERY; 1001 } 1002 #endif 1003 } 1004 1005 printf("ANDROID: reboot reason: \"%s\"\n", android_boot_mode_str(mode)); 1006 1007 #ifdef CONFIG_ANDROID_AB 1008 /*TODO: get from pre-loader or misc partition*/ 1009 if (rk_avb_get_current_slot(slot_suffix)) { 1010 printf("rk_avb_get_current_slot() failed\n"); 1011 return -1; 1012 } 1013 1014 AvbOps *ops; 1015 AvbABData ab_data; 1016 AvbABData ab_data_orig; 1017 size_t slot_index_to_boot = 0; 1018 1019 if (!strncmp(slot_suffix, "_a", 2)) 1020 slot_index_to_boot = 0; 1021 else if (!strncmp(slot_suffix, "_b", 2)) 1022 slot_index_to_boot = 1; 1023 else 1024 slot_index_to_boot = 0; 1025 ops = avb_ops_user_new(); 1026 if (ops == NULL) { 1027 printf("avb_ops_user_new() failed!\n"); 1028 return -1; 1029 } 1030 1031 if(load_metadata(ops->ab_ops, &ab_data, &ab_data_orig)) { 1032 printf("Can not load metadata\n"); 1033 return -1; 1034 } 1035 1036 /* ... and decrement tries remaining, if applicable. */ 1037 if (!ab_data.slots[slot_index_to_boot].successful_boot && 1038 ab_data.slots[slot_index_to_boot].tries_remaining > 0) { 1039 ab_data.slots[slot_index_to_boot].tries_remaining -= 1; 1040 } 1041 1042 if (save_metadata_if_changed(ops->ab_ops, &ab_data, &ab_data_orig)) { 1043 printf("Can not save metadata\n"); 1044 return -1; 1045 } 1046 1047 if (slot_suffix[0] != '_') { 1048 #ifndef CONFIG_ANDROID_AVB 1049 printf("###There is no bootable slot, bring up lastboot!###\n"); 1050 if (rk_get_lastboot() == 1) 1051 memcpy(slot_suffix, "_b", 2); 1052 else if(rk_get_lastboot() == 0) 1053 memcpy(slot_suffix, "_a", 2); 1054 else 1055 #endif 1056 return -1; 1057 } 1058 #endif 1059 1060 switch (mode) { 1061 case ANDROID_BOOT_MODE_NORMAL: 1062 /* In normal mode, we load the kernel from "boot" but append 1063 * "skip_initramfs" to the cmdline to make it ignore the 1064 * recovery initramfs in the boot partition. 1065 */ 1066 #ifdef CONFIG_ANDROID_AB 1067 mode_cmdline = "skip_initramfs"; 1068 #endif 1069 break; 1070 case ANDROID_BOOT_MODE_RECOVERY: 1071 /* In recovery mode we still boot the kernel from "boot" but 1072 * don't skip the initramfs so it boots to recovery. 1073 */ 1074 #ifndef CONFIG_ANDROID_AB 1075 boot_partname = ANDROID_PARTITION_RECOVERY; 1076 #endif 1077 break; 1078 case ANDROID_BOOT_MODE_BOOTLOADER: 1079 /* Bootloader mode enters fastboot. If this operation fails we 1080 * simply return since we can't recover from this situation by 1081 * switching to another slot. 1082 */ 1083 return android_bootloader_boot_bootloader(); 1084 } 1085 1086 #ifdef CONFIG_ANDROID_AVB 1087 uint8_t vboot_flag = 0; 1088 char vbmeta_partition[9] = {0}; 1089 disk_partition_t vbmeta_part_info; 1090 1091 if (trusty_read_vbootkey_enable_flag(&vboot_flag)) { 1092 printf("Can't read vboot flag\n"); 1093 return -1; 1094 } 1095 1096 if (vboot_flag) { 1097 printf("Vboot=1, SecureBoot enabled, AVB verify\n"); 1098 if (android_slot_verify(boot_partname, &load_address, 1099 slot_suffix)) { 1100 printf("AVB verify failed\n"); 1101 #ifdef CONFIG_ANDROID_AB 1102 printf("Reset in AB system.\n"); 1103 flushc(); 1104 /* 1105 * Since we use the retry-count in ab system, then can 1106 * try reboot if verify fail until the retry-count is 1107 * equal to zero. 1108 */ 1109 reset_cpu(0); 1110 #endif 1111 return -1; 1112 } 1113 } else { 1114 strcat(vbmeta_partition, ANDROID_PARTITION_VBMETA); 1115 strcat(vbmeta_partition, slot_suffix); 1116 part_num = part_get_info_by_name(dev_desc, vbmeta_partition, 1117 &vbmeta_part_info); 1118 if (part_num < 0) { 1119 printf("Not AVB images, AVB skip\n"); 1120 env_update("bootargs", 1121 "androidboot.verifiedbootstate=orange"); 1122 if (load_android_image(dev_desc, boot_partname, 1123 slot_suffix, &load_address)) { 1124 printf("Android image load failed\n"); 1125 return -1; 1126 } 1127 } else { 1128 printf("Vboot=0, AVB images, AVB verify\n"); 1129 if (android_slot_verify(boot_partname, &load_address, 1130 slot_suffix)) { 1131 printf("AVB verify failed\n"); 1132 #ifdef CONFIG_ANDROID_AB 1133 printf("Reset in AB system.\n"); 1134 flushc(); 1135 /* 1136 * Since we use the retry-count in ab system, 1137 * then can try reboot if verify fail until 1138 * the retry-count is equal to zero. 1139 */ 1140 reset_cpu(0); 1141 #endif 1142 return -1; 1143 } 1144 } 1145 } 1146 #else 1147 /* 1148 * 2. Load the boot/recovery from the desired "boot" partition. 1149 * Determine if this is an AOSP image. 1150 */ 1151 if (load_android_image(dev_desc, boot_partname, 1152 slot_suffix, &load_address)) { 1153 printf("Android image load failed\n"); 1154 return -1; 1155 } 1156 #endif 1157 1158 #ifdef CONFIG_ANDROID_AB 1159 /* In android a/b & avb process, the "root=" will be add which parameter 1160 * is in vbmeta.In linux a/b & avb process, the "root=" must be add by 1161 * follow code. To be compatible with the above two processes, test it 1162 * is necessary to add "root=". 1163 */ 1164 char root_partition[20] = {0}; 1165 char guid_buf[UUID_SIZE] = {0}; 1166 char root_partuuid[70] = "root=PARTUUID="; 1167 char *boot_args = env_get("bootargs"); 1168 1169 if (!strstr(boot_args, "root=")) { 1170 strcat(root_partition, ANDROID_PARTITION_SYSTEM); 1171 strcat(root_partition, slot_suffix); 1172 get_partition_unique_uuid(root_partition, guid_buf, UUID_SIZE); 1173 strcat(root_partuuid, guid_buf); 1174 env_update("bootargs", root_partuuid); 1175 } 1176 #endif 1177 1178 /* Set Android root variables. */ 1179 env_set_ulong("android_root_devnum", dev_desc->devnum); 1180 env_set("android_slotsufix", slot_suffix); 1181 1182 #ifdef CONFIG_FASTBOOT_OEM_UNLOCK 1183 /* read oem unlock status and attach to bootargs */ 1184 uint8_t unlock = 0; 1185 TEEC_Result result; 1186 char oem_unlock[OEM_UNLOCK_ARG_SIZE] = {0}; 1187 result = trusty_read_oem_unlock(&unlock); 1188 if (result) { 1189 printf("read oem unlock status with error : 0x%x\n", result); 1190 } else { 1191 snprintf(oem_unlock, OEM_UNLOCK_ARG_SIZE, "androidboot.oem_unlocked=%d", unlock); 1192 env_update("bootargs", oem_unlock); 1193 } 1194 #endif 1195 1196 /* Assemble the command line */ 1197 command_line = android_assemble_cmdline(slot_suffix, mode_cmdline); 1198 env_update("bootargs", command_line); 1199 1200 debug("ANDROID: bootargs: \"%s\"\n", command_line); 1201 1202 #ifdef CONFIG_SUPPORT_OEM_DTB 1203 if (android_bootloader_get_fdt(ANDROID_PARTITION_OEM, 1204 ANDROID_ARG_FDT_FILENAME)) { 1205 printf("Can not get the fdt data from oem!\n"); 1206 } 1207 #else 1208 ret = android_image_get_fdt((void *)load_address, &fdt_addr); 1209 if (!ret) 1210 env_set_hex("fdt_addr", fdt_addr); 1211 #endif 1212 #ifdef CONFIG_OPTEE_CLIENT 1213 if (trusty_notify_optee_uboot_end()) 1214 printf("Close optee client failed!\n"); 1215 #endif 1216 android_bootloader_boot_kernel(load_address); 1217 1218 /* TODO: If the kernel doesn't boot mark the selected slot as bad. */ 1219 return -1; 1220 } 1221 1222 int android_avb_boot_flow(char *slot_suffix, unsigned long kernel_address) 1223 { 1224 struct blk_desc *dev_desc; 1225 disk_partition_t boot_part_info; 1226 int ret; 1227 dev_desc = rockchip_get_bootdev(); 1228 if (!dev_desc) { 1229 printf("%s: dev_desc is NULL!\n", __func__); 1230 return -1; 1231 } 1232 /* Load the kernel from the desired "boot" partition. */ 1233 android_part_get_info_by_name_suffix(dev_desc, 1234 ANDROID_PARTITION_BOOT, 1235 slot_suffix, &boot_part_info); 1236 ret = android_image_load(dev_desc, &boot_part_info, kernel_address, 1237 -1UL); 1238 if (ret < 0) 1239 return ret; 1240 android_bootloader_boot_kernel(kernel_address); 1241 1242 /* TODO: If the kernel doesn't boot mark the selected slot as bad. */ 1243 return -1; 1244 } 1245 1246 int android_boot_flow(unsigned long kernel_address) 1247 { 1248 struct blk_desc *dev_desc; 1249 disk_partition_t boot_part_info; 1250 int ret; 1251 dev_desc = rockchip_get_bootdev(); 1252 if (!dev_desc) { 1253 printf("%s: dev_desc is NULL!\n", __func__); 1254 return -1; 1255 } 1256 /* Load the kernel from the desired "boot" partition. */ 1257 part_get_info_by_name(dev_desc, ANDROID_PARTITION_BOOT, &boot_part_info); 1258 ret = android_image_load(dev_desc, &boot_part_info, kernel_address, 1259 -1UL); 1260 if (ret < 0) 1261 return ret; 1262 android_bootloader_boot_kernel(kernel_address); 1263 1264 /* TODO: If the kernel doesn't boot mark the selected slot as bad. */ 1265 return -1; 1266 } 1267