1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * SPDX-License-Identifier: BSD-2-Clause 5 */ 6 7 #include <android_bootloader.h> 8 #include <android_bootloader_message.h> 9 #include <android_avb/avb_slot_verify.h> 10 #include <android_avb/avb_ops_user.h> 11 #include <android_avb/rk_avb_ops_user.h> 12 #include <android_image.h> 13 #include <asm/arch/hotkey.h> 14 #include <cli.h> 15 #include <common.h> 16 #include <dt_table.h> 17 #include <image-android-dt.h> 18 #include <malloc.h> 19 #include <fdt_support.h> 20 #include <fs.h> 21 #include <boot_rkimg.h> 22 #include <attestation_key.h> 23 #include <keymaster.h> 24 #include <linux/libfdt_env.h> 25 #include <optee_include/OpteeClientInterface.h> 26 #include <bidram.h> 27 #include <console.h> 28 #include <sysmem.h> 29 30 DECLARE_GLOBAL_DATA_PTR; 31 32 #define ANDROID_PARTITION_BOOT "boot" 33 #define ANDROID_PARTITION_MISC "misc" 34 #define ANDROID_PARTITION_OEM "oem" 35 #define ANDROID_PARTITION_RECOVERY "recovery" 36 #define ANDROID_PARTITION_SYSTEM "system" 37 #define ANDROID_PARTITION_VBMETA "vbmeta" 38 39 #define ANDROID_ARG_SLOT_SUFFIX "androidboot.slot_suffix=" 40 #define ANDROID_ARG_ROOT "root=" 41 #define ANDROID_ARG_SERIALNO "androidboot.serialno=" 42 #define ANDROID_VERIFY_STATE "androidboot.verifiedbootstate=" 43 #ifdef CONFIG_ROCKCHIP_RESOURCE_IMAGE 44 #define ANDROID_ARG_FDT_FILENAME "rk-kernel.dtb" 45 #else 46 #define ANDROID_ARG_FDT_FILENAME "kernel.dtb" 47 #endif 48 #define OEM_UNLOCK_ARG_SIZE 30 49 #define UUID_SIZE 37 50 51 #ifdef CONFIG_ANDROID_AB 52 static int get_partition_unique_uuid(char *partition, 53 char *guid_buf, 54 size_t guid_buf_size) 55 { 56 struct blk_desc *dev_desc; 57 disk_partition_t part_info; 58 59 dev_desc = rockchip_get_bootdev(); 60 if (!dev_desc) { 61 printf("%s: Could not find device\n", __func__); 62 return -1; 63 } 64 65 if (part_get_info_by_name(dev_desc, partition, &part_info) < 0) { 66 printf("Could not find \"%s\" partition\n", partition); 67 return -1; 68 } 69 70 if (guid_buf && guid_buf_size > 0) 71 memcpy(guid_buf, part_info.uuid, guid_buf_size); 72 73 return 0; 74 } 75 76 static void reset_cpu_if_android_ab(void) 77 { 78 printf("Reset in AB system.\n"); 79 flushc(); 80 /* 81 * Since we use the retry-count in ab system, then can 82 * try reboot if verify fail until the retry-count is 83 * equal to zero. 84 */ 85 reset_cpu(0); 86 } 87 88 static void update_root_uuid_if_android_ab(void) 89 { 90 /* 91 * In android a/b & avb process, the system.img is mandory and the 92 * "root=" will be added in vbmeta.img. 93 * 94 * In linux a/b & avb process, the system is NOT mandory and the 95 * "root=" will not be added in vbmeta.img but in kernel dts bootargs. 96 * (Parsed and droped late, i.e. "root=" is not available now/always). 97 * 98 * To compatible with the above two processes, test the existence of 99 * "root=" and create it for linux ab & avb. 100 */ 101 char root_partuuid[70] = "root=PARTUUID="; 102 char *boot_args = env_get("bootargs"); 103 char guid_buf[UUID_SIZE] = {0}; 104 105 if (!strstr(boot_args, "root=")) { 106 get_partition_unique_uuid(ANDROID_PARTITION_SYSTEM, 107 guid_buf, UUID_SIZE); 108 strcat(root_partuuid, guid_buf); 109 env_update("bootargs", root_partuuid); 110 } 111 } 112 113 static int decrease_tries_if_android_ab(char *slot_suffix) 114 { 115 AvbABData ab_data_orig; 116 AvbABData ab_data; 117 AvbOps *ops; 118 size_t slot_index = 0; 119 120 /* TODO: get from pre-loader or misc partition */ 121 if (rk_avb_get_current_slot(slot_suffix)) { 122 printf("rk_avb_get_current_slot() failed\n"); 123 return -1; 124 } 125 126 if (!strncmp(slot_suffix, "_a", 2)) 127 slot_index = 0; 128 else if (!strncmp(slot_suffix, "_b", 2)) 129 slot_index = 1; 130 else 131 slot_index = 0; 132 133 ops = avb_ops_user_new(); 134 if (!ops) { 135 printf("avb_ops_user_new() failed!\n"); 136 return -1; 137 } 138 139 if (load_metadata(ops->ab_ops, &ab_data, &ab_data_orig)) { 140 printf("Can not load metadata\n"); 141 return -1; 142 } 143 144 /* ... and decrement tries remaining, if applicable. */ 145 if (!ab_data.slots[slot_index].successful_boot && 146 ab_data.slots[slot_index].tries_remaining > 0) 147 ab_data.slots[slot_index].tries_remaining -= 1; 148 149 if (save_metadata_if_changed(ops->ab_ops, &ab_data, &ab_data_orig)) { 150 printf("Can not save metadata\n"); 151 return -1; 152 } 153 154 if (slot_suffix[0] != '_') { 155 #ifndef CONFIG_ANDROID_AVB 156 printf("###There is no bootable slot, bring up lastboot!###\n"); 157 if (rk_get_lastboot() == 1) 158 memcpy(slot_suffix, "_b", 2); 159 else if (rk_get_lastboot() == 0) 160 memcpy(slot_suffix, "_a", 2); 161 else 162 #endif 163 return -1; 164 } 165 166 return 0; 167 } 168 #else 169 static inline void reset_cpu_if_android_ab(void) {} 170 static inline void update_root_uuid_if_android_ab(void) {} 171 static inline int decrease_tries_if_android_ab(char *slot_suffix) { return 0; } 172 #endif 173 174 int android_bootloader_message_load( 175 struct blk_desc *dev_desc, 176 const disk_partition_t *part_info, 177 struct android_bootloader_message *message) 178 { 179 ulong message_blocks = sizeof(struct android_bootloader_message) / 180 part_info->blksz; 181 if (message_blocks > part_info->size) { 182 printf("misc partition too small.\n"); 183 return -1; 184 } 185 186 if (blk_dread(dev_desc, part_info->start + android_bcb_msg_sector_offset(), 187 message_blocks, message) != 188 message_blocks) { 189 printf("Could not read from misc partition\n"); 190 return -1; 191 } 192 debug("ANDROID: Loaded BCB, %lu blocks.\n", message_blocks); 193 return 0; 194 } 195 196 static int android_bootloader_message_write( 197 struct blk_desc *dev_desc, 198 const disk_partition_t *part_info, 199 struct android_bootloader_message *message) 200 { 201 ulong message_blocks = sizeof(struct android_bootloader_message) / 202 part_info->blksz + android_bcb_msg_sector_offset(); 203 204 if (message_blocks > part_info->size) { 205 printf("misc partition too small.\n"); 206 return -1; 207 } 208 209 if (blk_dwrite(dev_desc, part_info->start, message_blocks, message) != 210 message_blocks) { 211 printf("Could not write to misc partition\n"); 212 return -1; 213 } 214 debug("ANDROID: Wrote new BCB, %lu blocks.\n", message_blocks); 215 return 0; 216 } 217 218 static enum android_boot_mode android_bootloader_load_and_clear_mode( 219 struct blk_desc *dev_desc, 220 const disk_partition_t *misc_part_info) 221 { 222 struct android_bootloader_message bcb; 223 224 #ifdef CONFIG_FASTBOOT 225 char *bootloader_str; 226 227 /* Check for message from bootloader stored in RAM from a previous boot. 228 */ 229 bootloader_str = (char *)CONFIG_FASTBOOT_BUF_ADDR; 230 if (!strcmp("reboot-bootloader", bootloader_str)) { 231 bootloader_str[0] = '\0'; 232 return ANDROID_BOOT_MODE_BOOTLOADER; 233 } 234 #endif 235 236 /* Check and update the BCB message if needed. */ 237 if (android_bootloader_message_load(dev_desc, misc_part_info, &bcb) < 238 0) { 239 printf("WARNING: Unable to load the BCB.\n"); 240 return ANDROID_BOOT_MODE_NORMAL; 241 } 242 243 if (!strcmp("bootonce-bootloader", bcb.command)) { 244 /* Erase the message in the BCB since this value should be used 245 * only once. 246 */ 247 memset(bcb.command, 0, sizeof(bcb.command)); 248 android_bootloader_message_write(dev_desc, misc_part_info, 249 &bcb); 250 return ANDROID_BOOT_MODE_BOOTLOADER; 251 } 252 253 if (!strcmp("boot-recovery", bcb.command)) 254 return ANDROID_BOOT_MODE_RECOVERY; 255 256 if (!strcmp("boot-fastboot", bcb.command)) 257 return ANDROID_BOOT_MODE_RECOVERY; 258 259 return ANDROID_BOOT_MODE_NORMAL; 260 } 261 262 /** 263 * Return the reboot reason string for the passed boot mode. 264 * 265 * @param mode The Android Boot mode. 266 * @return a pointer to the reboot reason string for mode. 267 */ 268 static const char *android_boot_mode_str(enum android_boot_mode mode) 269 { 270 switch (mode) { 271 case ANDROID_BOOT_MODE_NORMAL: 272 return "(none)"; 273 case ANDROID_BOOT_MODE_RECOVERY: 274 return "recovery"; 275 case ANDROID_BOOT_MODE_BOOTLOADER: 276 return "bootloader"; 277 } 278 return NULL; 279 } 280 281 static int android_bootloader_boot_bootloader(void) 282 { 283 const char *fastboot_cmd = env_get("fastbootcmd"); 284 285 if (fastboot_cmd == NULL) { 286 printf("fastboot_cmd is null, run default fastboot_cmd!\n"); 287 fastboot_cmd = "fastboot usb 0"; 288 } 289 290 return run_command(fastboot_cmd, CMD_FLAG_ENV); 291 } 292 293 #ifdef CONFIG_SUPPORT_OEM_DTB 294 static int android_bootloader_get_fdt(const char *part_name, 295 const char *load_file_name) 296 { 297 struct blk_desc *dev_desc; 298 disk_partition_t part_info; 299 char *fdt_addr = NULL; 300 char dev_part[3] = {0}; 301 loff_t bytes = 0; 302 loff_t pos = 0; 303 loff_t len_read; 304 unsigned long addr = 0; 305 int part_num = -1; 306 int ret; 307 308 dev_desc = rockchip_get_bootdev(); 309 if (!dev_desc) { 310 printf("%s: dev_desc is NULL!\n", __func__); 311 return -1; 312 } 313 314 part_num = part_get_info_by_name(dev_desc, part_name, &part_info); 315 if (part_num < 0) { 316 printf("ANDROID: Could not find partition \"%s\"\n", part_name); 317 return -1; 318 } 319 320 snprintf(dev_part, ARRAY_SIZE(dev_part), ":%x", part_num); 321 if (fs_set_blk_dev_with_part(dev_desc, part_num)) 322 return -1; 323 324 fdt_addr = env_get("fdt_addr_r"); 325 if (!fdt_addr) { 326 printf("ANDROID: No Found FDT Load Address.\n"); 327 return -1; 328 } 329 addr = simple_strtoul(fdt_addr, NULL, 16); 330 331 ret = fs_read(load_file_name, addr, pos, bytes, &len_read); 332 if (ret < 0) 333 return -1; 334 335 return 0; 336 } 337 #endif 338 339 /* 340 * Test on RK3308 AARCH64 mode (Cortex A35 816 MHZ) boot with eMMC: 341 * 342 * |-------------------------------------------------------------------| 343 * | Format | Size(Byte) | Ratio | Decomp time(ms) | Boot time(ms) | 344 * |-------------------------------------------------------------------| 345 * | Image | 7720968 | | | 488 | 346 * |-------------------------------------------------------------------| 347 * | Image.lz4 | 4119448 | 53% | 59 | 455 | 348 * |-------------------------------------------------------------------| 349 * | Image.lzo | 3858322 | 49% | 141 | 536 | 350 * |-------------------------------------------------------------------| 351 * | Image.gz | 3529108 | 45% | 222 | 609 | 352 * |-------------------------------------------------------------------| 353 * | Image.bz2 | 3295914 | 42% | 2940 | | 354 * |-------------------------------------------------------------------| 355 * | Image.lzma| 2683750 | 34% | | | 356 * |-------------------------------------------------------------------| 357 */ 358 static int sysmem_alloc_uncomp_kernel(ulong andr_hdr, 359 ulong uncomp_kaddr, u32 comp) 360 { 361 struct andr_img_hdr *hdr = (struct andr_img_hdr *)andr_hdr; 362 ulong ksize, kaddr; 363 364 if (comp != IH_COMP_NONE) { 365 /* Release compressed sysmem */ 366 kaddr = env_get_hex("kernel_addr_c", 0); 367 if (!kaddr) 368 kaddr = env_get_hex("kernel_addr_r", 0); 369 kaddr -= hdr->page_size; 370 if (sysmem_free((phys_addr_t)kaddr)) 371 return -EINVAL; 372 373 /* 374 * Use smaller Ratio to get larger estimated uncompress 375 * kernel size. 376 */ 377 if (comp == IH_COMP_ZIMAGE) 378 ksize = hdr->kernel_size * 100 / 45; 379 else if (comp == IH_COMP_LZ4) 380 ksize = hdr->kernel_size * 100 / 50; 381 else if (comp == IH_COMP_LZO) 382 ksize = hdr->kernel_size * 100 / 45; 383 else if (comp == IH_COMP_GZIP) 384 ksize = hdr->kernel_size * 100 / 40; 385 else if (comp == IH_COMP_BZIP2) 386 ksize = hdr->kernel_size * 100 / 40; 387 else if (comp == IH_COMP_LZMA) 388 ksize = hdr->kernel_size * 100 / 30; 389 else 390 ksize = hdr->kernel_size; 391 392 kaddr = uncomp_kaddr; 393 ksize = ALIGN(ksize, 512); 394 if (!sysmem_alloc_base(MEMBLK_ID_UNCOMP_KERNEL, 395 (phys_addr_t)kaddr, ksize)) 396 return -ENOMEM; 397 398 hotkey_run(HK_SYSMEM); 399 } 400 401 return 0; 402 } 403 404 int android_bootloader_boot_kernel(unsigned long kernel_address) 405 { 406 char *kernel_addr_r = env_get("kernel_addr_r"); 407 char *kernel_addr_c = env_get("kernel_addr_c"); 408 char *fdt_addr = env_get("fdt_addr"); 409 char kernel_addr_str[12]; 410 char comp_str[32] = {0}; 411 ulong comp_type; 412 const char *comp_name[] = { 413 [IH_COMP_NONE] = "IMAGE", 414 [IH_COMP_GZIP] = "GZIP", 415 [IH_COMP_BZIP2] = "BZIP2", 416 [IH_COMP_LZMA] = "LZMA", 417 [IH_COMP_LZO] = "LZO", 418 [IH_COMP_LZ4] = "LZ4", 419 [IH_COMP_ZIMAGE]= "ZIMAGE", 420 }; 421 char *bootm_args[] = { 422 "bootm", kernel_addr_str, kernel_addr_str, fdt_addr, NULL }; 423 424 comp_type = env_get_ulong("os_comp", 10, 0); 425 sprintf(kernel_addr_str, "0x%08lx", kernel_address); 426 427 if (comp_type != IH_COMP_NONE) { 428 if (comp_type == IH_COMP_ZIMAGE && 429 kernel_addr_r && !kernel_addr_c) { 430 kernel_addr_c = kernel_addr_r; 431 kernel_addr_r = __stringify(CONFIG_SYS_SDRAM_BASE); 432 } 433 snprintf(comp_str, 32, "%s%s%s", 434 "(Uncompress to ", kernel_addr_r, ")"); 435 } 436 437 printf("Booting %s kernel at %s%s with fdt at %s...\n\n\n", 438 comp_name[comp_type], 439 comp_type != IH_COMP_NONE ? kernel_addr_c : kernel_addr_r, 440 comp_str, fdt_addr); 441 442 hotkey_run(HK_SYSMEM); 443 444 /* 445 * Check whether there is enough space for uncompress kernel, 446 * Actually, here only gives a sysmem warning message when failed 447 * but never return -1. 448 */ 449 if (sysmem_alloc_uncomp_kernel(kernel_address, 450 simple_strtoul(kernel_addr_r, NULL, 16), 451 comp_type)) 452 return -1; 453 454 /* Check sysmem overflow */ 455 sysmem_overflow_check(); 456 457 do_bootm(NULL, 0, 4, bootm_args); 458 459 return -1; 460 } 461 462 static char *strjoin(const char **chunks, char separator) 463 { 464 int len, joined_len = 0; 465 char *ret, *current; 466 const char **p; 467 468 for (p = chunks; *p; p++) 469 joined_len += strlen(*p) + 1; 470 471 if (!joined_len) { 472 ret = malloc(1); 473 if (ret) 474 ret[0] = '\0'; 475 return ret; 476 } 477 478 ret = malloc(joined_len); 479 current = ret; 480 if (!ret) 481 return ret; 482 483 for (p = chunks; *p; p++) { 484 len = strlen(*p); 485 memcpy(current, *p, len); 486 current += len; 487 *current = separator; 488 current++; 489 } 490 /* Replace the last separator by a \0. */ 491 current[-1] = '\0'; 492 return ret; 493 } 494 495 /** android_assemble_cmdline - Assemble the command line to pass to the kernel 496 * @return a newly allocated string 497 */ 498 char *android_assemble_cmdline(const char *slot_suffix, 499 const char *extra_args) 500 { 501 const char *cmdline_chunks[16]; 502 const char **current_chunk = cmdline_chunks; 503 char *env_cmdline, *cmdline, *rootdev_input, *serialno; 504 char *allocated_suffix = NULL; 505 char *allocated_serialno = NULL; 506 char *allocated_rootdev = NULL; 507 unsigned long rootdev_len; 508 509 env_cmdline = env_get("bootargs"); 510 if (env_cmdline) 511 *(current_chunk++) = env_cmdline; 512 513 /* The |slot_suffix| needs to be passed to the kernel to know what 514 * slot to boot from. 515 */ 516 if (slot_suffix) { 517 allocated_suffix = malloc(strlen(ANDROID_ARG_SLOT_SUFFIX) + 518 strlen(slot_suffix) + 1); 519 memset(allocated_suffix, 0, strlen(ANDROID_ARG_SLOT_SUFFIX) 520 + strlen(slot_suffix) + 1); 521 strcpy(allocated_suffix, ANDROID_ARG_SLOT_SUFFIX); 522 strcat(allocated_suffix, slot_suffix); 523 *(current_chunk++) = allocated_suffix; 524 } 525 526 serialno = env_get("serial#"); 527 if (serialno) { 528 allocated_serialno = malloc(strlen(ANDROID_ARG_SERIALNO) + 529 strlen(serialno) + 1); 530 memset(allocated_serialno, 0, strlen(ANDROID_ARG_SERIALNO) + 531 strlen(serialno) + 1); 532 strcpy(allocated_serialno, ANDROID_ARG_SERIALNO); 533 strcat(allocated_serialno, serialno); 534 *(current_chunk++) = allocated_serialno; 535 } 536 537 rootdev_input = env_get("android_rootdev"); 538 if (rootdev_input) { 539 rootdev_len = strlen(ANDROID_ARG_ROOT) + CONFIG_SYS_CBSIZE + 1; 540 allocated_rootdev = malloc(rootdev_len); 541 strcpy(allocated_rootdev, ANDROID_ARG_ROOT); 542 cli_simple_process_macros(rootdev_input, 543 allocated_rootdev + 544 strlen(ANDROID_ARG_ROOT)); 545 /* Make sure that the string is null-terminated since the 546 * previous could not copy to the end of the input string if it 547 * is too big. 548 */ 549 allocated_rootdev[rootdev_len - 1] = '\0'; 550 *(current_chunk++) = allocated_rootdev; 551 } 552 553 if (extra_args) 554 *(current_chunk++) = extra_args; 555 556 *(current_chunk++) = NULL; 557 cmdline = strjoin(cmdline_chunks, ' '); 558 free(allocated_suffix); 559 free(allocated_rootdev); 560 return cmdline; 561 } 562 563 #ifdef CONFIG_ANDROID_AVB 564 static void slot_set_unbootable(AvbABSlotData* slot) 565 { 566 slot->priority = 0; 567 slot->tries_remaining = 0; 568 slot->successful_boot = 0; 569 } 570 571 static AvbSlotVerifyResult android_slot_verify(char *boot_partname, 572 unsigned long *android_load_address, 573 char *slot_suffix) 574 { 575 const char *requested_partitions[1] = {NULL}; 576 uint8_t unlocked = true; 577 AvbOps *ops; 578 AvbSlotVerifyFlags flags; 579 AvbSlotVerifyData *slot_data[1] = {NULL}; 580 AvbSlotVerifyResult verify_result; 581 AvbABData ab_data, ab_data_orig; 582 size_t slot_index_to_boot = 0; 583 char verify_state[38] = {0}; 584 char can_boot = 1; 585 unsigned long load_address = *android_load_address; 586 struct andr_img_hdr *hdr; 587 588 requested_partitions[0] = boot_partname; 589 ops = avb_ops_user_new(); 590 if (ops == NULL) { 591 printf("avb_ops_user_new() failed!\n"); 592 return AVB_SLOT_VERIFY_RESULT_ERROR_OOM; 593 } 594 595 if (ops->read_is_device_unlocked(ops, (bool *)&unlocked) != AVB_IO_RESULT_OK) 596 printf("Error determining whether device is unlocked.\n"); 597 598 printf("read_is_device_unlocked() ops returned that device is %s\n", 599 (unlocked & LOCK_MASK)? "UNLOCKED" : "LOCKED"); 600 601 flags = AVB_SLOT_VERIFY_FLAGS_NONE; 602 if (unlocked & LOCK_MASK) 603 flags |= AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR; 604 605 if(load_metadata(ops->ab_ops, &ab_data, &ab_data_orig)) { 606 printf("Can not load metadata\n"); 607 return AVB_SLOT_VERIFY_RESULT_ERROR_IO; 608 } 609 610 if (!strncmp(slot_suffix, "_a", 2)) 611 slot_index_to_boot = 0; 612 else if (!strncmp(slot_suffix, "_b", 2)) 613 slot_index_to_boot = 1; 614 else 615 slot_index_to_boot = 0; 616 617 verify_result = 618 avb_slot_verify(ops, 619 requested_partitions, 620 slot_suffix, 621 flags, 622 AVB_HASHTREE_ERROR_MODE_RESTART, 623 &slot_data[0]); 624 625 strcat(verify_state, ANDROID_VERIFY_STATE); 626 switch (verify_result) { 627 case AVB_SLOT_VERIFY_RESULT_OK: 628 if (unlocked & LOCK_MASK) 629 strcat(verify_state, "orange"); 630 else 631 strcat(verify_state, "green"); 632 break; 633 case AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED: 634 if (unlocked & LOCK_MASK) 635 strcat(verify_state, "orange"); 636 else 637 strcat(verify_state, "yellow"); 638 break; 639 case AVB_SLOT_VERIFY_RESULT_ERROR_OOM: 640 case AVB_SLOT_VERIFY_RESULT_ERROR_IO: 641 case AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA: 642 case AVB_SLOT_VERIFY_RESULT_ERROR_UNSUPPORTED_VERSION: 643 case AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION: 644 case AVB_SLOT_VERIFY_RESULT_ERROR_ROLLBACK_INDEX: 645 default: 646 if (unlocked & LOCK_MASK) 647 strcat(verify_state, "orange"); 648 else 649 strcat(verify_state, "red"); 650 break; 651 } 652 653 if (!slot_data[0]) { 654 can_boot = 0; 655 goto out; 656 } 657 658 if (verify_result == AVB_SLOT_VERIFY_RESULT_OK || 659 verify_result == AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED || 660 (unlocked & LOCK_MASK)) { 661 int len = 0; 662 char *bootargs, *newbootargs; 663 664 if (*slot_data[0]->cmdline) { 665 debug("Kernel command line: %s\n", slot_data[0]->cmdline); 666 len += strlen(slot_data[0]->cmdline); 667 } 668 669 bootargs = env_get("bootargs"); 670 if (bootargs) 671 len += strlen(bootargs); 672 673 newbootargs = malloc(len + 2); 674 675 if (!newbootargs) { 676 puts("Error: malloc in android_slot_verify failed!\n"); 677 return AVB_SLOT_VERIFY_RESULT_ERROR_OOM; 678 } 679 *newbootargs = '\0'; 680 681 if (bootargs) { 682 strcpy(newbootargs, bootargs); 683 strcat(newbootargs, " "); 684 } 685 if (*slot_data[0]->cmdline) 686 strcat(newbootargs, slot_data[0]->cmdline); 687 env_set("bootargs", newbootargs); 688 689 /* Reserve page_size */ 690 hdr = (void *)slot_data[0]->loaded_partitions->data; 691 load_address -= hdr->page_size; 692 *android_load_address = load_address; 693 694 #ifdef CONFIG_ANDROID_BOOT_IMAGE_SEPARATE 695 android_image_memcpy_separate(hdr, (void *)load_address); 696 #else 697 memcpy((uint8_t *)load_address, 698 slot_data[0]->loaded_partitions->data, 699 slot_data[0]->loaded_partitions->data_size); 700 #endif 701 } else { 702 slot_set_unbootable(&ab_data.slots[slot_index_to_boot]); 703 } 704 705 out: 706 #if defined(CONFIG_ANDROID_AB) && !defined(CONFIG_ANDROID_AVB) 707 /* 708 * In ab & avb process, the tries_remaining minus one in function 709 * android_slot_verify, shield this function here. 710 */ 711 /* ... and decrement tries remaining, if applicable. */ 712 if (!ab_data.slots[slot_index_to_boot].successful_boot && 713 ab_data.slots[slot_index_to_boot].tries_remaining > 0) { 714 ab_data.slots[slot_index_to_boot].tries_remaining -= 1; 715 } 716 #endif 717 env_update("bootargs", verify_state); 718 if (save_metadata_if_changed(ops->ab_ops, &ab_data, &ab_data_orig)) { 719 printf("Can not save metadata\n"); 720 verify_result = AVB_SLOT_VERIFY_RESULT_ERROR_IO; 721 } 722 723 if (slot_data[0] != NULL) 724 avb_slot_verify_data_free(slot_data[0]); 725 726 if ((unlocked & LOCK_MASK) && can_boot) 727 return 0; 728 else 729 return verify_result; 730 } 731 #endif 732 733 #if defined(CONFIG_CMD_DTIMG) && defined(CONFIG_OF_LIBFDT_OVERLAY) 734 735 /* 736 * Default return index 0. 737 */ 738 __weak int board_select_fdt_index(ulong dt_table_hdr) 739 { 740 /* 741 * User can use "dt_for_each_entry(entry, hdr, idx)" to iterate 742 * over all dt entry of DT image and pick up which they want. 743 * 744 * Example: 745 * struct dt_table_entry *entry; 746 * int index; 747 * 748 * dt_for_each_entry(entry, dt_table_hdr, index) { 749 * 750 * .... (use entry) 751 * } 752 * 753 * return index; 754 */ 755 return 0; 756 } 757 758 static int android_get_dtbo(ulong *fdt_dtbo, 759 const struct andr_img_hdr *hdr, 760 int *index, int boot_mode) 761 { 762 struct dt_table_header *dt_hdr = NULL; 763 struct blk_desc *dev_desc; 764 const char *part_name; 765 disk_partition_t part_info; 766 u32 blk_offset, blk_cnt; 767 void *buf; 768 ulong e_addr; 769 u32 e_size; 770 int e_idx; 771 int ret; 772 773 /* Get partition according to boot mode */ 774 if (boot_mode == BOOT_MODE_RECOVERY) 775 part_name = PART_RECOVERY; 776 else 777 part_name = PART_DTBO; 778 779 /* Get partition info */ 780 dev_desc = rockchip_get_bootdev(); 781 if (!dev_desc) { 782 printf("%s: dev_desc is NULL!\n", __func__); 783 return -ENODEV; 784 } 785 786 ret = part_get_info_by_name(dev_desc, part_name, &part_info); 787 if (ret < 0) { 788 printf("%s: failed to get %s part info, ret=%d\n", 789 __func__, part_name, ret); 790 return ret; 791 } 792 793 /* Check dt table header */ 794 if (!strcmp(part_name, PART_RECOVERY)) 795 blk_offset = part_info.start + 796 (hdr->recovery_dtbo_offset / part_info.blksz); 797 else 798 blk_offset = part_info.start; 799 800 dt_hdr = memalign(ARCH_DMA_MINALIGN, part_info.blksz); 801 if (!dt_hdr) { 802 printf("%s: out of memory for dt header!\n", __func__); 803 return -ENOMEM; 804 } 805 806 ret = blk_dread(dev_desc, blk_offset, 1, dt_hdr); 807 if (ret != 1) { 808 printf("%s: failed to read dt table header\n", 809 __func__); 810 goto out1; 811 } 812 813 if (!android_dt_check_header((ulong)dt_hdr)) { 814 printf("%s: Error: invalid dt table header: 0x%x\n", 815 __func__, dt_hdr->magic); 816 ret = -EINVAL; 817 goto out1; 818 } 819 820 #ifdef DEBUG 821 android_dt_print_contents((ulong)dt_hdr); 822 #endif 823 824 blk_cnt = DIV_ROUND_UP(fdt32_to_cpu(dt_hdr->total_size), 825 part_info.blksz); 826 /* Read all DT Image */ 827 buf = memalign(ARCH_DMA_MINALIGN, part_info.blksz * blk_cnt); 828 if (!buf) { 829 printf("%s: out of memory for %s part!\n", __func__, part_name); 830 ret = -ENOMEM; 831 goto out1; 832 } 833 834 ret = blk_dread(dev_desc, blk_offset, blk_cnt, buf); 835 if (ret != blk_cnt) { 836 printf("%s: failed to read dtbo, blk_cnt=%d, ret=%d\n", 837 __func__, blk_cnt, ret); 838 goto out2; 839 } 840 841 e_idx = board_select_fdt_index((ulong)buf); 842 if (e_idx < 0) { 843 printf("%s: failed to select board fdt index\n", __func__); 844 ret = -EINVAL; 845 goto out2; 846 } 847 848 ret = android_dt_get_fdt_by_index((ulong)buf, e_idx, &e_addr, &e_size); 849 if (!ret) { 850 printf("%s: failed to get fdt, index=%d\n", __func__, e_idx); 851 ret = -EINVAL; 852 goto out2; 853 } 854 855 if (fdt_dtbo) 856 *fdt_dtbo = e_addr; 857 if (index) 858 *index = e_idx; 859 860 free(dt_hdr); 861 debug("ANDROID: Loading dt entry to 0x%lx size 0x%x idx %d from \"%s\" part\n", 862 e_addr, e_size, e_idx, part_name); 863 864 return 0; 865 866 out2: 867 free(buf); 868 out1: 869 free(dt_hdr); 870 871 return ret; 872 } 873 874 int android_fdt_overlay_apply(void *fdt_addr) 875 { 876 struct andr_img_hdr *hdr; 877 struct blk_desc *dev_desc; 878 const char *part_name; 879 disk_partition_t part_info; 880 char buf[32] = {0}; 881 u32 blk_cnt; 882 ulong fdt_dtbo = -1; 883 int boot_mode; 884 int index = -1; 885 int ret; 886 887 boot_mode = rockchip_get_boot_mode(); 888 #ifdef CONFIG_ANDROID_AB 889 if (boot_mode == BOOT_MODE_RECOVERY) 890 boot_mode = BOOT_MODE_NORMAL; 891 #endif 892 if (boot_mode == BOOT_MODE_RECOVERY) 893 part_name = PART_RECOVERY; 894 else 895 part_name = PART_BOOT; 896 897 /* Get partition info */ 898 dev_desc = rockchip_get_bootdev(); 899 if (!dev_desc) { 900 printf("%s: dev_desc is NULL!\n", __func__); 901 return -ENODEV; 902 } 903 904 ret = part_get_info_by_name(dev_desc, part_name, &part_info); 905 if (ret < 0) { 906 printf("%s: failed to get %s part info, ret=%d\n", 907 __func__, part_name, ret); 908 return ret; 909 } 910 911 blk_cnt = DIV_ROUND_UP(sizeof(*hdr), part_info.blksz); 912 hdr = memalign(ARCH_DMA_MINALIGN, part_info.blksz * blk_cnt); 913 if (!hdr) { 914 printf("%s: out of memory!\n", __func__); 915 return -ENOMEM; 916 } 917 918 ret = blk_dread(dev_desc, part_info.start, blk_cnt, hdr); 919 if (ret != blk_cnt) { 920 printf("%s: failed to read %s hdr!\n", __func__, part_name); 921 goto out; 922 } 923 924 #ifdef DEBUG 925 android_print_contents(hdr); 926 #endif 927 928 if (android_image_check_header(hdr)) 929 return -EINVAL; 930 931 /* Check header version */ 932 if (!hdr->header_version) { 933 printf("Android header version 0\n"); 934 ret = -EINVAL; 935 goto out; 936 } 937 938 ret = android_get_dtbo(&fdt_dtbo, (void *)hdr, &index, boot_mode); 939 if (!ret) { 940 phys_size_t fdt_size; 941 /* Must incease size before overlay */ 942 fdt_size = fdt_totalsize((void *)fdt_addr) + 943 fdt_totalsize((void *)fdt_dtbo); 944 if (sysmem_free((phys_addr_t)fdt_addr)) 945 goto out; 946 947 if (!sysmem_alloc_base(MEMBLK_ID_FDT_DTBO, 948 (phys_addr_t)fdt_addr, 949 fdt_size + CONFIG_SYS_FDT_PAD)) 950 goto out; 951 fdt_increase_size(fdt_addr, fdt_totalsize((void *)fdt_dtbo)); 952 ret = fdt_overlay_apply(fdt_addr, (void *)fdt_dtbo); 953 if (!ret) { 954 snprintf(buf, 32, "%s%d", "androidboot.dtbo_idx=", index); 955 env_update("bootargs", buf); 956 printf("ANDROID: fdt overlay OK\n"); 957 } else { 958 printf("ANDROID: fdt overlay failed, ret=%d\n", ret); 959 } 960 } 961 962 out: 963 free(hdr); 964 965 return 0; 966 } 967 #endif 968 969 static int load_android_image(struct blk_desc *dev_desc, 970 char *boot_partname, 971 unsigned long *load_address) 972 { 973 disk_partition_t boot_part; 974 int ret, part_num; 975 976 part_num = part_get_info_by_name(dev_desc, boot_partname, &boot_part); 977 if (part_num < 0) { 978 printf("%s: Can't find part: %s\n", __func__, boot_partname); 979 return -1; 980 } 981 debug("ANDROID: Loading kernel from \"%s\", partition %d.\n", 982 boot_part.name, part_num); 983 984 ret = android_image_load(dev_desc, &boot_part, *load_address, -1UL); 985 if (ret < 0) { 986 debug("%s: %s part load fail, ret=%d\n", 987 __func__, boot_part.name, ret); 988 return ret; 989 } 990 *load_address = ret; 991 992 return 0; 993 } 994 995 int android_bootloader_boot_flow(struct blk_desc *dev_desc, 996 unsigned long load_address) 997 { 998 enum android_boot_mode mode = ANDROID_BOOT_MODE_NORMAL; 999 disk_partition_t misc_part_info; 1000 int part_num; 1001 int ret; 1002 char *command_line; 1003 char slot_suffix[3] = {0}; 1004 const char *mode_cmdline = NULL; 1005 char *boot_partname = ANDROID_PARTITION_BOOT; 1006 ulong fdt_addr; 1007 1008 /* 1009 * 1. Load MISC partition and determine the boot mode 1010 * clear its value for the next boot if needed. 1011 */ 1012 part_num = part_get_info_by_name(dev_desc, ANDROID_PARTITION_MISC, 1013 &misc_part_info); 1014 if (part_num < 0) { 1015 printf("Could not find misc partition\n"); 1016 } else { 1017 #ifdef CONFIG_ANDROID_KEYMASTER_CA 1018 /* load attestation key from misc partition. */ 1019 load_attestation_key(dev_desc, &misc_part_info); 1020 #endif 1021 1022 mode = android_bootloader_load_and_clear_mode(dev_desc, 1023 &misc_part_info); 1024 #ifdef CONFIG_RKIMG_BOOTLOADER 1025 if (mode == ANDROID_BOOT_MODE_NORMAL) { 1026 if (rockchip_get_boot_mode() == BOOT_MODE_RECOVERY) 1027 mode = ANDROID_BOOT_MODE_RECOVERY; 1028 } 1029 #endif 1030 } 1031 1032 printf("ANDROID: reboot reason: \"%s\"\n", android_boot_mode_str(mode)); 1033 1034 /* Get current slot_suffix */ 1035 if (decrease_tries_if_android_ab(slot_suffix)) 1036 return -1; 1037 1038 switch (mode) { 1039 case ANDROID_BOOT_MODE_NORMAL: 1040 /* In normal mode, we load the kernel from "boot" but append 1041 * "skip_initramfs" to the cmdline to make it ignore the 1042 * recovery initramfs in the boot partition. 1043 */ 1044 #ifdef CONFIG_ANDROID_AB 1045 mode_cmdline = "skip_initramfs"; 1046 #endif 1047 break; 1048 case ANDROID_BOOT_MODE_RECOVERY: 1049 /* In recovery mode we still boot the kernel from "boot" but 1050 * don't skip the initramfs so it boots to recovery. 1051 */ 1052 #ifndef CONFIG_ANDROID_AB 1053 boot_partname = ANDROID_PARTITION_RECOVERY; 1054 #endif 1055 break; 1056 case ANDROID_BOOT_MODE_BOOTLOADER: 1057 /* Bootloader mode enters fastboot. If this operation fails we 1058 * simply return since we can't recover from this situation by 1059 * switching to another slot. 1060 */ 1061 return android_bootloader_boot_bootloader(); 1062 } 1063 1064 #ifdef CONFIG_ANDROID_AVB 1065 uint8_t vboot_flag = 0; 1066 disk_partition_t vbmeta_part_info; 1067 1068 if (trusty_read_vbootkey_enable_flag(&vboot_flag)) { 1069 printf("Can't read vboot flag\n"); 1070 return -1; 1071 } 1072 1073 if (vboot_flag) { 1074 printf("Vboot=1, SecureBoot enabled, AVB verify\n"); 1075 if (android_slot_verify(boot_partname, &load_address, 1076 slot_suffix)) { 1077 printf("AVB verify failed\n"); 1078 reset_cpu_if_android_ab(); 1079 1080 return -1; 1081 } 1082 } else { 1083 part_num = part_get_info_by_name(dev_desc, 1084 ANDROID_PARTITION_VBMETA, 1085 &vbmeta_part_info); 1086 if (part_num < 0) { 1087 printf("Not AVB images, AVB skip\n"); 1088 env_update("bootargs", 1089 "androidboot.verifiedbootstate=orange"); 1090 if (load_android_image(dev_desc, boot_partname, 1091 &load_address)) { 1092 printf("Android image load failed\n"); 1093 return -1; 1094 } 1095 } else { 1096 printf("Vboot=0, AVB images, AVB verify\n"); 1097 if (android_slot_verify(boot_partname, &load_address, 1098 slot_suffix)) { 1099 printf("AVB verify failed\n"); 1100 reset_cpu_if_android_ab(); 1101 1102 return -1; 1103 } 1104 } 1105 } 1106 #else 1107 /* 1108 * 2. Load the boot/recovery from the desired "boot" partition. 1109 * Determine if this is an AOSP image. 1110 */ 1111 if (load_android_image(dev_desc, boot_partname, &load_address)) { 1112 printf("Android image load failed\n"); 1113 return -1; 1114 } 1115 #endif 1116 update_root_uuid_if_android_ab(); 1117 1118 /* Set Android root variables. */ 1119 env_set_ulong("android_root_devnum", dev_desc->devnum); 1120 env_set("android_slotsufix", slot_suffix); 1121 1122 #ifdef CONFIG_FASTBOOT_OEM_UNLOCK 1123 /* read oem unlock status and attach to bootargs */ 1124 uint8_t unlock = 0; 1125 TEEC_Result result; 1126 char oem_unlock[OEM_UNLOCK_ARG_SIZE] = {0}; 1127 result = trusty_read_oem_unlock(&unlock); 1128 if (result) { 1129 printf("read oem unlock status with error : 0x%x\n", result); 1130 } else { 1131 snprintf(oem_unlock, OEM_UNLOCK_ARG_SIZE, "androidboot.oem_unlocked=%d", unlock); 1132 env_update("bootargs", oem_unlock); 1133 } 1134 #endif 1135 1136 /* Assemble the command line */ 1137 command_line = android_assemble_cmdline(slot_suffix, mode_cmdline); 1138 env_update("bootargs", command_line); 1139 1140 debug("ANDROID: bootargs: \"%s\"\n", command_line); 1141 1142 #ifdef CONFIG_SUPPORT_OEM_DTB 1143 if (android_bootloader_get_fdt(ANDROID_PARTITION_OEM, 1144 ANDROID_ARG_FDT_FILENAME)) { 1145 printf("Can not get the fdt data from oem!\n"); 1146 } 1147 #else 1148 ret = android_image_get_fdt((void *)load_address, &fdt_addr); 1149 if (!ret) 1150 env_set_hex("fdt_addr", fdt_addr); 1151 #endif 1152 #ifdef CONFIG_OPTEE_CLIENT 1153 if (trusty_notify_optee_uboot_end()) 1154 printf("Close optee client failed!\n"); 1155 #endif 1156 android_bootloader_boot_kernel(load_address); 1157 1158 /* TODO: If the kernel doesn't boot mark the selected slot as bad. */ 1159 return -1; 1160 } 1161 1162 int android_avb_boot_flow(unsigned long kernel_address) 1163 { 1164 struct blk_desc *dev_desc; 1165 disk_partition_t boot_part_info; 1166 int ret; 1167 1168 dev_desc = rockchip_get_bootdev(); 1169 if (!dev_desc) { 1170 printf("%s: dev_desc is NULL!\n", __func__); 1171 return -1; 1172 } 1173 1174 /* Load the kernel from the desired "boot" partition. */ 1175 ret = part_get_info_by_name(dev_desc, ANDROID_PARTITION_BOOT, 1176 &boot_part_info); 1177 if (ret < 0) { 1178 printf("%s: failed to get boot part\n", __func__); 1179 return ret; 1180 } 1181 1182 ret = android_image_load(dev_desc, &boot_part_info, 1183 kernel_address, -1UL); 1184 if (ret < 0) { 1185 printf("Android avb boot failed, error %d.\n", ret); 1186 return ret; 1187 } 1188 1189 android_bootloader_boot_kernel(kernel_address); 1190 1191 /* TODO: If the kernel doesn't boot mark the selected slot as bad. */ 1192 return -1; 1193 } 1194 1195 int android_boot_flow(unsigned long kernel_address) 1196 { 1197 struct blk_desc *dev_desc; 1198 disk_partition_t boot_part_info; 1199 int ret; 1200 1201 dev_desc = rockchip_get_bootdev(); 1202 if (!dev_desc) { 1203 printf("%s: dev_desc is NULL!\n", __func__); 1204 return -1; 1205 } 1206 /* Load the kernel from the desired "boot" partition. */ 1207 ret = part_get_info_by_name(dev_desc, ANDROID_PARTITION_BOOT, 1208 &boot_part_info); 1209 if (ret < 0) { 1210 printf("%s: failed to get boot part\n", __func__); 1211 return ret; 1212 } 1213 1214 ret = android_image_load(dev_desc, &boot_part_info, kernel_address, 1215 -1UL); 1216 if (ret < 0) 1217 return ret; 1218 1219 android_bootloader_boot_kernel(kernel_address); 1220 1221 /* TODO: If the kernel doesn't boot mark the selected slot as bad. */ 1222 return -1; 1223 } 1224