1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * SPDX-License-Identifier: BSD-2-Clause 5 */ 6 7 #include <android_bootloader.h> 8 #include <android_bootloader_message.h> 9 #include <android_avb/avb_slot_verify.h> 10 #include <android_avb/avb_ops_user.h> 11 #include <android_avb/rk_avb_ops_user.h> 12 13 #include <cli.h> 14 #include <common.h> 15 #include <malloc.h> 16 #include <fs.h> 17 #include <boot_rkimg.h> 18 19 #define ANDROID_PARTITION_BOOT "boot" 20 #define ANDROID_PARTITION_MISC "misc" 21 #define ANDROID_PARTITION_OEM "oem" 22 #define ANDROID_PARTITION_RECOVERY "recovery" 23 #define ANDROID_PARTITION_SYSTEM "system" 24 25 #define ANDROID_ARG_SLOT_SUFFIX "androidboot.slot_suffix=" 26 #define ANDROID_ARG_ROOT "root=" 27 #define ANDROID_ARG_SERIALNO "androidboot.serialno=" 28 #ifdef CONFIG_ROCKCHIP_RESOURCE_IMAGE 29 #define ANDROID_ARG_FDT_FILENAME "rk-kernel.dtb" 30 #define BOOTLOADER_MESSAGE_OFFSET_IN_MISC (16 * 1024) 31 #define BOOTLOADER_MESSAGE_BLK_OFFSET (BOOTLOADER_MESSAGE_OFFSET_IN_MISC >> 9) 32 #else 33 #define ANDROID_ARG_FDT_FILENAME "kernel.dtb" 34 #endif 35 36 int android_bootloader_message_load( 37 struct blk_desc *dev_desc, 38 const disk_partition_t *part_info, 39 struct android_bootloader_message *message) 40 { 41 ulong message_blocks = sizeof(struct android_bootloader_message) / 42 part_info->blksz; 43 if (message_blocks > part_info->size) { 44 printf("misc partition too small.\n"); 45 return -1; 46 } 47 48 #ifdef CONFIG_RKIMG_BOOTLOADER 49 if (blk_dread(dev_desc, part_info->start + BOOTLOADER_MESSAGE_BLK_OFFSET, 50 message_blocks, message) != 51 #else 52 if (blk_dread(dev_desc, part_info->start, message_blocks, message) != 53 #endif 54 message_blocks) { 55 printf("Could not read from misc partition\n"); 56 return -1; 57 } 58 debug("ANDROID: Loaded BCB, %lu blocks.\n", message_blocks); 59 return 0; 60 } 61 62 static int android_bootloader_message_write( 63 struct blk_desc *dev_desc, 64 const disk_partition_t *part_info, 65 struct android_bootloader_message *message) 66 { 67 ulong message_blocks = sizeof(struct android_bootloader_message) / 68 part_info->blksz; 69 if (message_blocks > part_info->size) { 70 printf("misc partition too small.\n"); 71 return -1; 72 } 73 74 if (blk_dwrite(dev_desc, part_info->start, message_blocks, message) != 75 message_blocks) { 76 printf("Could not write to misc partition\n"); 77 return -1; 78 } 79 debug("ANDROID: Wrote new BCB, %lu blocks.\n", message_blocks); 80 return 0; 81 } 82 83 static enum android_boot_mode android_bootloader_load_and_clear_mode( 84 struct blk_desc *dev_desc, 85 const disk_partition_t *misc_part_info) 86 { 87 struct android_bootloader_message bcb; 88 89 #ifdef CONFIG_FASTBOOT 90 char *bootloader_str; 91 92 /* Check for message from bootloader stored in RAM from a previous boot. 93 */ 94 bootloader_str = (char *)CONFIG_FASTBOOT_BUF_ADDR; 95 if (!strcmp("reboot-bootloader", bootloader_str)) { 96 bootloader_str[0] = '\0'; 97 return ANDROID_BOOT_MODE_BOOTLOADER; 98 } 99 #endif 100 101 /* Check and update the BCB message if needed. */ 102 if (android_bootloader_message_load(dev_desc, misc_part_info, &bcb) < 103 0) { 104 printf("WARNING: Unable to load the BCB.\n"); 105 return ANDROID_BOOT_MODE_NORMAL; 106 } 107 108 if (!strcmp("bootonce-bootloader", bcb.command)) { 109 /* Erase the message in the BCB since this value should be used 110 * only once. 111 */ 112 memset(bcb.command, 0, sizeof(bcb.command)); 113 android_bootloader_message_write(dev_desc, misc_part_info, 114 &bcb); 115 return ANDROID_BOOT_MODE_BOOTLOADER; 116 } 117 118 if (!strcmp("boot-recovery", bcb.command)) 119 return ANDROID_BOOT_MODE_RECOVERY; 120 121 return ANDROID_BOOT_MODE_NORMAL; 122 } 123 124 /** 125 * Return the reboot reason string for the passed boot mode. 126 * 127 * @param mode The Android Boot mode. 128 * @return a pointer to the reboot reason string for mode. 129 */ 130 static const char *android_boot_mode_str(enum android_boot_mode mode) 131 { 132 switch (mode) { 133 case ANDROID_BOOT_MODE_NORMAL: 134 return "(none)"; 135 case ANDROID_BOOT_MODE_RECOVERY: 136 return "recovery"; 137 case ANDROID_BOOT_MODE_BOOTLOADER: 138 return "bootloader"; 139 } 140 return NULL; 141 } 142 143 static int android_part_get_info_by_name_suffix(struct blk_desc *dev_desc, 144 const char *base_name, 145 const char *slot_suffix, 146 disk_partition_t *part_info) 147 { 148 char *part_name; 149 int part_num; 150 size_t part_name_len; 151 152 part_name_len = strlen(base_name) + 1; 153 if (slot_suffix) 154 part_name_len += strlen(slot_suffix); 155 part_name = malloc(part_name_len); 156 if (!part_name) 157 return -1; 158 strcpy(part_name, base_name); 159 if (slot_suffix && (slot_suffix[0] != '\0')) 160 strcat(part_name, slot_suffix); 161 162 part_num = part_get_info_by_name(dev_desc, part_name, part_info); 163 if (part_num < 0) { 164 debug("ANDROID: Could not find partition \"%s\"\n", part_name); 165 part_num = -1; 166 } 167 168 free(part_name); 169 return part_num; 170 } 171 172 static int android_bootloader_boot_bootloader(void) 173 { 174 const char *fastboot_cmd = env_get("fastbootcmd"); 175 176 if (fastboot_cmd) 177 return run_command(fastboot_cmd, CMD_FLAG_ENV); 178 return -1; 179 } 180 181 #ifdef CONFIG_SUPPORT_OEM_DTB 182 static int android_bootloader_get_fdt(const char *part_name, 183 const char *load_file_name) 184 { 185 const char *dev_iface = "mmc"; 186 struct blk_desc *dev_desc; 187 disk_partition_t boot_part_info; 188 char *fdt_addr = NULL; 189 char slot_suffix[5] = {0}; 190 char dev_part[3] = {0}; 191 loff_t bytes = 0; 192 loff_t pos = 0; 193 loff_t len_read; 194 unsigned long addr = 0; 195 int part_num = -1; 196 int dev_num = 0; 197 int ret; 198 199 dev_desc = blk_get_dev(dev_iface, dev_num); 200 if (!dev_desc) { 201 printf("Could not find %s %d\n", dev_iface, dev_num); 202 return -1; 203 } 204 205 memset(&boot_part_info, 0, sizeof(boot_part_info)); 206 207 #ifdef CONFIG_RK_AVB_LIBAVB_USER 208 if (rk_avb_get_current_slot(slot_suffix)) { 209 printf("ANDROID: Get Current Slot error.\n"); 210 return -1; 211 } 212 213 part_num = android_part_get_info_by_name_suffix(dev_desc, 214 part_name, 215 slot_suffix, &boot_part_info); 216 #else 217 part_num = part_get_info_by_name(dev_desc, part_name, &boot_part_info); 218 if (part_num < 0) { 219 printf("ANDROID: Could not find partition \"%s\"\n", part_name); 220 return -1; 221 } 222 #endif 223 224 snprintf(dev_part, ARRAY_SIZE(dev_part), ":%x", part_num); 225 if (fs_set_blk_dev(dev_iface, dev_part, FS_TYPE_EXT)) 226 return -1; 227 228 fdt_addr = env_get("fdt_addr_r"); 229 if (!fdt_addr) { 230 printf("ANDROID: No Found FDT Load Address.\n"); 231 return -1; 232 } 233 addr = simple_strtoul(fdt_addr, NULL, 16); 234 235 ret = fs_read(load_file_name, addr, pos, bytes, &len_read); 236 if (ret < 0) 237 return -1; 238 239 return 0; 240 } 241 #endif 242 243 int android_bootloader_boot_kernel(unsigned long kernel_address) 244 { 245 char kernel_addr_str[12]; 246 char *fdt_addr = env_get("fdt_addr"); 247 char *bootm_args[] = { 248 "bootm", kernel_addr_str, kernel_addr_str, fdt_addr, NULL }; 249 250 sprintf(kernel_addr_str, "0x%lx", kernel_address); 251 252 printf("Booting kernel at %s with fdt at %s...\n\n\n", 253 kernel_addr_str, fdt_addr); 254 do_bootm(NULL, 0, 4, bootm_args); 255 256 return -1; 257 } 258 259 static char *strjoin(const char **chunks, char separator) 260 { 261 int len, joined_len = 0; 262 char *ret, *current; 263 const char **p; 264 265 for (p = chunks; *p; p++) 266 joined_len += strlen(*p) + 1; 267 268 if (!joined_len) { 269 ret = malloc(1); 270 if (ret) 271 ret[0] = '\0'; 272 return ret; 273 } 274 275 ret = malloc(joined_len); 276 current = ret; 277 if (!ret) 278 return ret; 279 280 for (p = chunks; *p; p++) { 281 len = strlen(*p); 282 memcpy(current, *p, len); 283 current += len; 284 *current = separator; 285 current++; 286 } 287 /* Replace the last separator by a \0. */ 288 current[-1] = '\0'; 289 return ret; 290 } 291 292 /** android_assemble_cmdline - Assemble the command line to pass to the kernel 293 * @return a newly allocated string 294 */ 295 char *android_assemble_cmdline(const char *slot_suffix, 296 const char *extra_args) 297 { 298 const char *cmdline_chunks[16]; 299 const char **current_chunk = cmdline_chunks; 300 char *env_cmdline, *cmdline, *rootdev_input, *serialno; 301 char *allocated_suffix = NULL; 302 char *allocated_serialno = NULL; 303 char *allocated_rootdev = NULL; 304 unsigned long rootdev_len; 305 306 env_cmdline = env_get("bootargs"); 307 if (env_cmdline) 308 *(current_chunk++) = env_cmdline; 309 310 /* The |slot_suffix| needs to be passed to the kernel to know what 311 * slot to boot from. 312 */ 313 if (slot_suffix) { 314 allocated_suffix = malloc(strlen(ANDROID_ARG_SLOT_SUFFIX) + 315 strlen(slot_suffix)); 316 strcpy(allocated_suffix, ANDROID_ARG_SLOT_SUFFIX); 317 strcat(allocated_suffix, slot_suffix); 318 *(current_chunk++) = allocated_suffix; 319 } 320 321 serialno = env_get("serial#"); 322 if (serialno) { 323 allocated_serialno = malloc(strlen(ANDROID_ARG_SERIALNO) + 324 strlen(serialno) + 1); 325 memset(allocated_serialno, 0, strlen(ANDROID_ARG_SERIALNO) + 326 strlen(serialno) + 1); 327 strcpy(allocated_serialno, ANDROID_ARG_SERIALNO); 328 strcat(allocated_serialno, serialno); 329 *(current_chunk++) = allocated_serialno; 330 } 331 332 rootdev_input = env_get("android_rootdev"); 333 if (rootdev_input) { 334 rootdev_len = strlen(ANDROID_ARG_ROOT) + CONFIG_SYS_CBSIZE + 1; 335 allocated_rootdev = malloc(rootdev_len); 336 strcpy(allocated_rootdev, ANDROID_ARG_ROOT); 337 cli_simple_process_macros(rootdev_input, 338 allocated_rootdev + 339 strlen(ANDROID_ARG_ROOT)); 340 /* Make sure that the string is null-terminated since the 341 * previous could not copy to the end of the input string if it 342 * is too big. 343 */ 344 allocated_rootdev[rootdev_len - 1] = '\0'; 345 *(current_chunk++) = allocated_rootdev; 346 } 347 348 if (extra_args) 349 *(current_chunk++) = extra_args; 350 351 *(current_chunk++) = NULL; 352 cmdline = strjoin(cmdline_chunks, ' '); 353 free(allocated_suffix); 354 free(allocated_rootdev); 355 return cmdline; 356 } 357 358 #ifdef CONFIG_ANDROID_AVB 359 static void slot_set_unbootable(AvbABSlotData* slot) 360 { 361 slot->priority = 0; 362 slot->tries_remaining = 0; 363 slot->successful_boot = 0; 364 } 365 366 static AvbSlotVerifyResult android_slot_verify(char *boot_partname, 367 unsigned long load_address, 368 char *slot_suffix) 369 { 370 const char *requested_partitions[1] = {NULL}; 371 uint8_t unlocked = true; 372 AvbOps *ops; 373 AvbSlotVerifyFlags flags; 374 AvbSlotVerifyData *slot_data[1] = {NULL}; 375 AvbSlotVerifyResult verify_result; 376 AvbABData ab_data, ab_data_orig; 377 size_t slot_index_to_boot = 0; 378 379 requested_partitions[0] = boot_partname; 380 ops = avb_ops_user_new(); 381 if (ops == NULL) { 382 printf("avb_ops_user_new() failed!\n"); 383 return AVB_SLOT_VERIFY_RESULT_ERROR_OOM; 384 } 385 386 if (ops->read_is_device_unlocked(ops, (bool *)&unlocked) != AVB_IO_RESULT_OK) 387 printf("Error determining whether device is unlocked.\n"); 388 389 printf("read_is_device_unlocked() ops returned that device is %s\n", 390 (unlocked & LOCK_MASK)? "UNLOCKED" : "LOCKED"); 391 392 flags = AVB_SLOT_VERIFY_FLAGS_NONE; 393 if (unlocked & LOCK_MASK) 394 flags |= AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR; 395 396 if(load_metadata(ops->ab_ops, &ab_data, &ab_data_orig)) { 397 printf("Can not load metadata\n"); 398 return AVB_SLOT_VERIFY_RESULT_ERROR_IO; 399 } 400 401 if (strncmp(slot_suffix, "_a", 2)) 402 slot_index_to_boot = 0; 403 else if(strncmp(slot_suffix, "_b", 2)) 404 slot_index_to_boot = 1; 405 else 406 slot_index_to_boot = 0; 407 408 verify_result = 409 avb_slot_verify(ops, 410 requested_partitions, 411 slot_suffix, 412 flags, 413 AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE, 414 &slot_data[0]); 415 416 if (verify_result != AVB_SLOT_VERIFY_RESULT_OK) { 417 slot_set_unbootable(&ab_data.slots[slot_index_to_boot]); 418 goto out; 419 } 420 421 memcpy((uint8_t*)load_address, 422 slot_data[0]->loaded_partitions->data, 423 slot_data[0]->loaded_partitions->data_size); 424 env_set("bootargs", slot_data[0]->cmdline); 425 426 /* ... and decrement tries remaining, if applicable. */ 427 if (!ab_data.slots[slot_index_to_boot].successful_boot && 428 ab_data.slots[slot_index_to_boot].tries_remaining > 0) { 429 ab_data.slots[slot_index_to_boot].tries_remaining -= 1; 430 } 431 out: 432 if (save_metadata_if_changed(ops->ab_ops, &ab_data, &ab_data_orig)) { 433 printf("Can not save metadata\n"); 434 verify_result = AVB_SLOT_VERIFY_RESULT_ERROR_IO; 435 } 436 437 if (slot_data[0] != NULL) 438 avb_slot_verify_data_free(slot_data[0]); 439 440 return verify_result; 441 } 442 #endif 443 444 int android_bootloader_boot_flow(struct blk_desc *dev_desc, 445 unsigned long load_address) 446 { 447 enum android_boot_mode mode; 448 disk_partition_t misc_part_info; 449 int part_num; 450 int ret; 451 char *command_line; 452 char slot_suffix[3] = {0}; 453 const char *mode_cmdline = NULL; 454 char *boot_partname = ANDROID_PARTITION_BOOT; 455 ulong fdt_addr; 456 457 /* 458 * 1. Load MISC partition and determine the boot mode 459 * clear its value for the next boot if needed. 460 */ 461 part_num = part_get_info_by_name(dev_desc, ANDROID_PARTITION_MISC, 462 &misc_part_info); 463 if (part_num < 0) 464 printf("%s Could not find misc partition\n", __func__); 465 mode = android_bootloader_load_and_clear_mode(dev_desc, &misc_part_info); 466 printf("ANDROID: reboot reason: \"%s\"\n", android_boot_mode_str(mode)); 467 468 switch (mode) { 469 case ANDROID_BOOT_MODE_NORMAL: 470 /* In normal mode, we load the kernel from "boot" but append 471 * "skip_initramfs" to the cmdline to make it ignore the 472 * recovery initramfs in the boot partition. 473 */ 474 #ifdef CONFIG_ANDROID_AB 475 mode_cmdline = "skip_initramfs"; 476 #endif 477 break; 478 case ANDROID_BOOT_MODE_RECOVERY: 479 /* In recovery mode we still boot the kernel from "boot" but 480 * don't skip the initramfs so it boots to recovery. 481 */ 482 #ifndef CONFIG_ANDROID_AB 483 boot_partname = ANDROID_PARTITION_RECOVERY; 484 #endif 485 break; 486 case ANDROID_BOOT_MODE_BOOTLOADER: 487 /* Bootloader mode enters fastboot. If this operation fails we 488 * simply return since we can't recover from this situation by 489 * switching to another slot. 490 */ 491 return android_bootloader_boot_bootloader(); 492 } 493 494 #ifdef CONFIG_ANDROID_AB 495 /*TODO: get from pre-loader or misc partition*/ 496 if (rk_avb_get_current_slot(slot_suffix)) 497 return -1; 498 499 if (slot_suffix[0] != '_') { 500 printf("There is no bootable slot!\n"); 501 return -1; 502 } 503 #endif 504 505 #ifdef CONFIG_ANDROID_AVB 506 if (android_slot_verify(boot_partname, load_address, slot_suffix)) 507 return -1; 508 #else 509 /* 510 * 2. Load the boot/recovery from the desired "boot" partition. 511 * Determine if this is an AOSP image. 512 */ 513 disk_partition_t boot_part_info; 514 part_num = 515 android_part_get_info_by_name_suffix(dev_desc, 516 boot_partname, 517 slot_suffix, &boot_part_info); 518 if (part_num < 0) { 519 printf("%s Could not found bootable partition %s\n", __func__, 520 boot_partname); 521 return -1; 522 } 523 debug("ANDROID: Loading kernel from \"%s\", partition %d.\n", 524 boot_part_info.name, part_num); 525 526 ret = android_image_load(dev_desc, &boot_part_info, load_address, 527 -1UL); 528 if (ret < 0) { 529 printf("%s %s part load fail\n", __func__, boot_part_info.name); 530 return ret; 531 } 532 #endif 533 534 /* Set Android root variables. */ 535 env_set_ulong("android_root_devnum", dev_desc->devnum); 536 env_set("android_slotsufix", slot_suffix); 537 538 /* Assemble the command line */ 539 command_line = android_assemble_cmdline(slot_suffix, mode_cmdline); 540 env_update("bootargs", command_line); 541 542 debug("ANDROID: bootargs: \"%s\"\n", command_line); 543 544 #ifdef CONFIG_SUPPORT_OEM_DTB 545 if (android_bootloader_get_fdt(ANDROID_PARTITION_OEM, 546 ANDROID_ARG_FDT_FILENAME)) { 547 printf("Can not get the fdt data from oem!\n"); 548 } 549 #else 550 ret = android_image_get_fdt((void *)load_address, &fdt_addr); 551 if (!ret) 552 env_set_hex("fdt_addr", fdt_addr); 553 #endif 554 android_bootloader_boot_kernel(load_address); 555 556 /* TODO: If the kernel doesn't boot mark the selected slot as bad. */ 557 return -1; 558 } 559 560 int android_avb_boot_flow(char *slot_suffix, unsigned long kernel_address) 561 { 562 const char *dev_iface = "mmc"; 563 int dev_num = 0; 564 struct blk_desc *dev_desc; 565 disk_partition_t boot_part_info; 566 int ret; 567 dev_desc = blk_get_dev(dev_iface, dev_num); 568 if (!dev_desc) { 569 printf("Could not find %s %d\n", dev_iface, dev_num); 570 return -1; 571 } 572 /* Load the kernel from the desired "boot" partition. */ 573 android_part_get_info_by_name_suffix(dev_desc, 574 ANDROID_PARTITION_BOOT, 575 slot_suffix, &boot_part_info); 576 ret = android_image_load(dev_desc, &boot_part_info, kernel_address, 577 -1UL); 578 if (ret < 0) 579 return ret; 580 android_bootloader_boot_kernel(kernel_address); 581 582 /* TODO: If the kernel doesn't boot mark the selected slot as bad. */ 583 return -1; 584 } 585 586 int android_boot_flow(unsigned long kernel_address) 587 { 588 const char *dev_iface = "mmc"; 589 int dev_num = 0; 590 struct blk_desc *dev_desc; 591 disk_partition_t boot_part_info; 592 int ret; 593 dev_desc = blk_get_dev(dev_iface, dev_num); 594 if (!dev_desc) { 595 printf("Could not find %s %d\n", dev_iface, dev_num); 596 return -1; 597 } 598 /* Load the kernel from the desired "boot" partition. */ 599 part_get_info_by_name(dev_desc, ANDROID_PARTITION_BOOT, &boot_part_info); 600 ret = android_image_load(dev_desc, &boot_part_info, kernel_address, 601 -1UL); 602 if (ret < 0) 603 return ret; 604 android_bootloader_boot_kernel(kernel_address); 605 606 /* TODO: If the kernel doesn't boot mark the selected slot as bad. */ 607 return -1; 608 } 609