1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * SPDX-License-Identifier: BSD-2-Clause 5 */ 6 7 #include <android_bootloader.h> 8 #include <android_bootloader_message.h> 9 #include <android_avb/avb_slot_verify.h> 10 #include <android_avb/avb_ops_user.h> 11 #include <android_avb/rk_avb_ops_user.h> 12 #include <android_image.h> 13 #include <asm/arch/hotkey.h> 14 #include <cli.h> 15 #include <common.h> 16 #include <dt_table.h> 17 #include <image-android-dt.h> 18 #include <malloc.h> 19 #include <fdt_support.h> 20 #include <fs.h> 21 #include <boot_rkimg.h> 22 #include <attestation_key.h> 23 #include <keymaster.h> 24 #include <linux/libfdt_env.h> 25 #include <optee_include/OpteeClientInterface.h> 26 #include <bidram.h> 27 #include <console.h> 28 #include <sysmem.h> 29 30 DECLARE_GLOBAL_DATA_PTR; 31 32 #define ANDROID_PARTITION_BOOT "boot" 33 #define ANDROID_PARTITION_MISC "misc" 34 #define ANDROID_PARTITION_OEM "oem" 35 #define ANDROID_PARTITION_RECOVERY "recovery" 36 #define ANDROID_PARTITION_SYSTEM "system" 37 #define ANDROID_PARTITION_VBMETA "vbmeta" 38 39 #define ANDROID_ARG_SLOT_SUFFIX "androidboot.slot_suffix=" 40 #define ANDROID_ARG_ROOT "root=" 41 #define ANDROID_ARG_SERIALNO "androidboot.serialno=" 42 #define ANDROID_VERIFY_STATE "androidboot.verifiedbootstate=" 43 #ifdef CONFIG_ROCKCHIP_RESOURCE_IMAGE 44 #define ANDROID_ARG_FDT_FILENAME "rk-kernel.dtb" 45 #define BOOTLOADER_MESSAGE_OFFSET_IN_MISC (16 * 1024) 46 #define BOOTLOADER_MESSAGE_BLK_OFFSET (BOOTLOADER_MESSAGE_OFFSET_IN_MISC >> 9) 47 #else 48 #define ANDROID_ARG_FDT_FILENAME "kernel.dtb" 49 #endif 50 #define OEM_UNLOCK_ARG_SIZE 30 51 #define UUID_SIZE 37 52 53 #if defined(CONFIG_ANDROID_AB) && !defined(CONFIG_ANDROID_AVB) 54 static int get_partition_unique_uuid(char *partition, 55 char *guid_buf, 56 size_t guid_buf_size) 57 { 58 struct blk_desc *dev_desc; 59 disk_partition_t part_info; 60 61 dev_desc = rockchip_get_bootdev(); 62 if (!dev_desc) { 63 printf("%s: Could not find device\n", __func__); 64 return -1; 65 } 66 67 if (part_get_info_by_name(dev_desc, partition, &part_info) < 0) { 68 printf("Could not find \"%s\" partition\n", partition); 69 return -1; 70 } 71 72 if (guid_buf && guid_buf_size > 0) 73 memcpy(guid_buf, part_info.uuid, guid_buf_size); 74 75 return 0; 76 } 77 #endif 78 79 char *android_str_append(char *base_name, char *slot_suffix) 80 { 81 char *part_name; 82 size_t part_name_len; 83 84 part_name_len = strlen(base_name) + 1; 85 if (slot_suffix) 86 part_name_len += strlen(slot_suffix); 87 part_name = malloc(part_name_len); 88 if (!part_name) 89 return NULL; 90 strcpy(part_name, base_name); 91 if (slot_suffix && (slot_suffix[0] != '\0')) 92 strcat(part_name, slot_suffix); 93 94 return part_name; 95 } 96 97 int android_bootloader_message_load( 98 struct blk_desc *dev_desc, 99 const disk_partition_t *part_info, 100 struct android_bootloader_message *message) 101 { 102 ulong message_blocks = sizeof(struct android_bootloader_message) / 103 part_info->blksz; 104 if (message_blocks > part_info->size) { 105 printf("misc partition too small.\n"); 106 return -1; 107 } 108 109 #ifdef CONFIG_RKIMG_BOOTLOADER 110 if (blk_dread(dev_desc, part_info->start + BOOTLOADER_MESSAGE_BLK_OFFSET, 111 message_blocks, message) != 112 #else 113 if (blk_dread(dev_desc, part_info->start, message_blocks, message) != 114 #endif 115 message_blocks) { 116 printf("Could not read from misc partition\n"); 117 return -1; 118 } 119 debug("ANDROID: Loaded BCB, %lu blocks.\n", message_blocks); 120 return 0; 121 } 122 123 static int android_bootloader_message_write( 124 struct blk_desc *dev_desc, 125 const disk_partition_t *part_info, 126 struct android_bootloader_message *message) 127 { 128 #ifdef CONFIG_RKIMG_BOOTLOADER 129 ulong message_blocks = sizeof(struct android_bootloader_message) / 130 part_info->blksz + BOOTLOADER_MESSAGE_BLK_OFFSET; 131 #else 132 ulong message_blocks = sizeof(struct android_bootloader_message) / 133 part_info->blksz; 134 #endif 135 if (message_blocks > part_info->size) { 136 printf("misc partition too small.\n"); 137 return -1; 138 } 139 140 if (blk_dwrite(dev_desc, part_info->start, message_blocks, message) != 141 message_blocks) { 142 printf("Could not write to misc partition\n"); 143 return -1; 144 } 145 debug("ANDROID: Wrote new BCB, %lu blocks.\n", message_blocks); 146 return 0; 147 } 148 149 static enum android_boot_mode android_bootloader_load_and_clear_mode( 150 struct blk_desc *dev_desc, 151 const disk_partition_t *misc_part_info) 152 { 153 struct android_bootloader_message bcb; 154 155 #ifdef CONFIG_FASTBOOT 156 char *bootloader_str; 157 158 /* Check for message from bootloader stored in RAM from a previous boot. 159 */ 160 bootloader_str = (char *)CONFIG_FASTBOOT_BUF_ADDR; 161 if (!strcmp("reboot-bootloader", bootloader_str)) { 162 bootloader_str[0] = '\0'; 163 return ANDROID_BOOT_MODE_BOOTLOADER; 164 } 165 #endif 166 167 /* Check and update the BCB message if needed. */ 168 if (android_bootloader_message_load(dev_desc, misc_part_info, &bcb) < 169 0) { 170 printf("WARNING: Unable to load the BCB.\n"); 171 return ANDROID_BOOT_MODE_NORMAL; 172 } 173 174 if (!strcmp("bootonce-bootloader", bcb.command)) { 175 /* Erase the message in the BCB since this value should be used 176 * only once. 177 */ 178 memset(bcb.command, 0, sizeof(bcb.command)); 179 android_bootloader_message_write(dev_desc, misc_part_info, 180 &bcb); 181 return ANDROID_BOOT_MODE_BOOTLOADER; 182 } 183 184 if (!strcmp("boot-recovery", bcb.command)) 185 return ANDROID_BOOT_MODE_RECOVERY; 186 187 return ANDROID_BOOT_MODE_NORMAL; 188 } 189 190 /** 191 * Return the reboot reason string for the passed boot mode. 192 * 193 * @param mode The Android Boot mode. 194 * @return a pointer to the reboot reason string for mode. 195 */ 196 static const char *android_boot_mode_str(enum android_boot_mode mode) 197 { 198 switch (mode) { 199 case ANDROID_BOOT_MODE_NORMAL: 200 return "(none)"; 201 case ANDROID_BOOT_MODE_RECOVERY: 202 return "recovery"; 203 case ANDROID_BOOT_MODE_BOOTLOADER: 204 return "bootloader"; 205 } 206 return NULL; 207 } 208 209 static int android_part_get_info_by_name_suffix(struct blk_desc *dev_desc, 210 const char *base_name, 211 const char *slot_suffix, 212 disk_partition_t *part_info) 213 { 214 char *part_name; 215 int part_num; 216 size_t part_name_len; 217 218 part_name_len = strlen(base_name) + 1; 219 if (slot_suffix) 220 part_name_len += strlen(slot_suffix); 221 part_name = malloc(part_name_len); 222 if (!part_name) 223 return -1; 224 strcpy(part_name, base_name); 225 if (slot_suffix && (slot_suffix[0] != '\0')) 226 strcat(part_name, slot_suffix); 227 228 part_num = part_get_info_by_name(dev_desc, part_name, part_info); 229 if (part_num < 0) { 230 debug("ANDROID: Could not find partition \"%s\"\n", part_name); 231 part_num = -1; 232 } 233 234 free(part_name); 235 return part_num; 236 } 237 238 static int android_bootloader_boot_bootloader(void) 239 { 240 const char *fastboot_cmd = env_get("fastbootcmd"); 241 242 if (fastboot_cmd == NULL) { 243 printf("fastboot_cmd is null, run default fastboot_cmd!\n"); 244 fastboot_cmd = "fastboot usb 0"; 245 } 246 247 return run_command(fastboot_cmd, CMD_FLAG_ENV); 248 } 249 250 #ifdef CONFIG_SUPPORT_OEM_DTB 251 static int android_bootloader_get_fdt(const char *part_name, 252 const char *load_file_name) 253 { 254 struct blk_desc *dev_desc; 255 disk_partition_t boot_part_info; 256 char *fdt_addr = NULL; 257 char slot_suffix[5] = {0}; 258 char dev_part[3] = {0}; 259 loff_t bytes = 0; 260 loff_t pos = 0; 261 loff_t len_read; 262 unsigned long addr = 0; 263 int part_num = -1; 264 int ret; 265 266 dev_desc = rockchip_get_bootdev(); 267 if (!dev_desc) { 268 printf("%s: dev_desc is NULL!\n", __func__); 269 return -1; 270 } 271 272 memset(&boot_part_info, 0, sizeof(boot_part_info)); 273 274 #ifdef CONFIG_RK_AVB_LIBAVB_USER 275 if (rk_avb_get_current_slot(slot_suffix)) { 276 printf("ANDROID: Get Current Slot error.\n"); 277 return -1; 278 } 279 280 part_num = android_part_get_info_by_name_suffix(dev_desc, 281 part_name, 282 slot_suffix, &boot_part_info); 283 #else 284 part_num = part_get_info_by_name(dev_desc, part_name, &boot_part_info); 285 if (part_num < 0) { 286 printf("ANDROID: Could not find partition \"%s\"\n", part_name); 287 return -1; 288 } 289 #endif 290 291 snprintf(dev_part, ARRAY_SIZE(dev_part), ":%x", part_num); 292 if (fs_set_blk_dev_with_part(dev_desc, part_num)) 293 return -1; 294 295 fdt_addr = env_get("fdt_addr_r"); 296 if (!fdt_addr) { 297 printf("ANDROID: No Found FDT Load Address.\n"); 298 return -1; 299 } 300 addr = simple_strtoul(fdt_addr, NULL, 16); 301 302 ret = fs_read(load_file_name, addr, pos, bytes, &len_read); 303 if (ret < 0) 304 return -1; 305 306 return 0; 307 } 308 #endif 309 310 /* 311 * Test on RK3308 AARCH64 mode (Cortex A35 816 MHZ) boot with eMMC: 312 * 313 * |-------------------------------------------------------------------| 314 * | Format | Size(Byte) | Ratio | Decomp time(ms) | Boot time(ms) | 315 * |-------------------------------------------------------------------| 316 * | Image | 7720968 | | | 488 | 317 * |-------------------------------------------------------------------| 318 * | Image.lz4 | 4119448 | 53% | 59 | 455 | 319 * |-------------------------------------------------------------------| 320 * | Image.lzo | 3858322 | 49% | 141 | 536 | 321 * |-------------------------------------------------------------------| 322 * | Image.gz | 3529108 | 45% | 222 | 609 | 323 * |-------------------------------------------------------------------| 324 * | Image.bz2 | 3295914 | 42% | 2940 | | 325 * |-------------------------------------------------------------------| 326 * | Image.lzma| 2683750 | 34% | | | 327 * |-------------------------------------------------------------------| 328 */ 329 static int sysmem_alloc_uncomp_kernel(ulong andr_hdr, 330 ulong uncomp_kaddr, u32 comp) 331 { 332 struct andr_img_hdr *hdr = (struct andr_img_hdr *)andr_hdr; 333 ulong ksize, kaddr; 334 335 if (comp != IH_COMP_NONE) { 336 /* Release compressed sysmem */ 337 kaddr = env_get_hex("kernel_addr_c", 0); 338 if (!kaddr) 339 kaddr = env_get_hex("kernel_addr_r", 0); 340 kaddr -= hdr->page_size; 341 if (sysmem_free((phys_addr_t)kaddr)) 342 return -EINVAL; 343 344 /* 345 * Use smaller Ratio to get larger estimated uncompress 346 * kernel size. 347 */ 348 if (comp == IH_COMP_ZIMAGE) 349 ksize = hdr->kernel_size * 100 / 45; 350 else if (comp == IH_COMP_LZ4) 351 ksize = hdr->kernel_size * 100 / 50; 352 else if (comp == IH_COMP_LZO) 353 ksize = hdr->kernel_size * 100 / 45; 354 else if (comp == IH_COMP_GZIP) 355 ksize = hdr->kernel_size * 100 / 40; 356 else if (comp == IH_COMP_BZIP2) 357 ksize = hdr->kernel_size * 100 / 40; 358 else if (comp == IH_COMP_LZMA) 359 ksize = hdr->kernel_size * 100 / 30; 360 else 361 ksize = hdr->kernel_size; 362 363 kaddr = uncomp_kaddr; 364 ksize = ALIGN(ksize, 512); 365 if (!sysmem_alloc_base(MEMBLK_ID_UNCOMP_KERNEL, 366 (phys_addr_t)kaddr, ksize)) 367 return -ENOMEM; 368 369 hotkey_run(HK_SYSMEM); 370 } 371 372 return 0; 373 } 374 375 int android_bootloader_boot_kernel(unsigned long kernel_address) 376 { 377 char *kernel_addr_r = env_get("kernel_addr_r"); 378 char *kernel_addr_c = env_get("kernel_addr_c"); 379 char *fdt_addr = env_get("fdt_addr"); 380 char kernel_addr_str[12]; 381 char comp_str[32] = {0}; 382 ulong comp_type; 383 const char *comp_name[] = { 384 [IH_COMP_NONE] = "IMAGE", 385 [IH_COMP_GZIP] = "GZIP", 386 [IH_COMP_BZIP2] = "BZIP2", 387 [IH_COMP_LZMA] = "LZMA", 388 [IH_COMP_LZO] = "LZO", 389 [IH_COMP_LZ4] = "LZ4", 390 [IH_COMP_ZIMAGE]= "ZIMAGE", 391 }; 392 char *bootm_args[] = { 393 "bootm", kernel_addr_str, kernel_addr_str, fdt_addr, NULL }; 394 395 comp_type = env_get_ulong("os_comp", 10, 0); 396 sprintf(kernel_addr_str, "0x%lx", kernel_address); 397 398 if (comp_type != IH_COMP_NONE) { 399 if (comp_type == IH_COMP_ZIMAGE && 400 kernel_addr_r && !kernel_addr_c) { 401 kernel_addr_c = kernel_addr_r; 402 kernel_addr_r = __stringify(CONFIG_SYS_SDRAM_BASE); 403 } 404 snprintf(comp_str, 32, "%s%s%s", 405 "(Uncompress to ", kernel_addr_r, ")"); 406 } 407 408 printf("Booting %s kernel at %s%s with fdt at %s...\n\n\n", 409 comp_name[comp_type], 410 comp_type != IH_COMP_NONE ? kernel_addr_c : kernel_addr_r, 411 comp_str, fdt_addr); 412 413 hotkey_run(HK_SYSMEM); 414 415 /* 416 * Check whether there is enough space for uncompress kernel, 417 * Actually, here only gives a sysmem warning message when failed 418 * but never return -1. 419 */ 420 if (sysmem_alloc_uncomp_kernel(kernel_address, 421 simple_strtoul(kernel_addr_r, NULL, 16), 422 comp_type)) 423 return -1; 424 425 do_bootm(NULL, 0, 4, bootm_args); 426 427 return -1; 428 } 429 430 static char *strjoin(const char **chunks, char separator) 431 { 432 int len, joined_len = 0; 433 char *ret, *current; 434 const char **p; 435 436 for (p = chunks; *p; p++) 437 joined_len += strlen(*p) + 1; 438 439 if (!joined_len) { 440 ret = malloc(1); 441 if (ret) 442 ret[0] = '\0'; 443 return ret; 444 } 445 446 ret = malloc(joined_len); 447 current = ret; 448 if (!ret) 449 return ret; 450 451 for (p = chunks; *p; p++) { 452 len = strlen(*p); 453 memcpy(current, *p, len); 454 current += len; 455 *current = separator; 456 current++; 457 } 458 /* Replace the last separator by a \0. */ 459 current[-1] = '\0'; 460 return ret; 461 } 462 463 /** android_assemble_cmdline - Assemble the command line to pass to the kernel 464 * @return a newly allocated string 465 */ 466 char *android_assemble_cmdline(const char *slot_suffix, 467 const char *extra_args) 468 { 469 const char *cmdline_chunks[16]; 470 const char **current_chunk = cmdline_chunks; 471 char *env_cmdline, *cmdline, *rootdev_input, *serialno; 472 char *allocated_suffix = NULL; 473 char *allocated_serialno = NULL; 474 char *allocated_rootdev = NULL; 475 unsigned long rootdev_len; 476 477 env_cmdline = env_get("bootargs"); 478 if (env_cmdline) 479 *(current_chunk++) = env_cmdline; 480 481 /* The |slot_suffix| needs to be passed to the kernel to know what 482 * slot to boot from. 483 */ 484 if (slot_suffix) { 485 allocated_suffix = malloc(strlen(ANDROID_ARG_SLOT_SUFFIX) + 486 strlen(slot_suffix) + 1); 487 memset(allocated_suffix, 0, strlen(ANDROID_ARG_SLOT_SUFFIX) 488 + strlen(slot_suffix) + 1); 489 strcpy(allocated_suffix, ANDROID_ARG_SLOT_SUFFIX); 490 strcat(allocated_suffix, slot_suffix); 491 *(current_chunk++) = allocated_suffix; 492 } 493 494 serialno = env_get("serial#"); 495 if (serialno) { 496 allocated_serialno = malloc(strlen(ANDROID_ARG_SERIALNO) + 497 strlen(serialno) + 1); 498 memset(allocated_serialno, 0, strlen(ANDROID_ARG_SERIALNO) + 499 strlen(serialno) + 1); 500 strcpy(allocated_serialno, ANDROID_ARG_SERIALNO); 501 strcat(allocated_serialno, serialno); 502 *(current_chunk++) = allocated_serialno; 503 } 504 505 rootdev_input = env_get("android_rootdev"); 506 if (rootdev_input) { 507 rootdev_len = strlen(ANDROID_ARG_ROOT) + CONFIG_SYS_CBSIZE + 1; 508 allocated_rootdev = malloc(rootdev_len); 509 strcpy(allocated_rootdev, ANDROID_ARG_ROOT); 510 cli_simple_process_macros(rootdev_input, 511 allocated_rootdev + 512 strlen(ANDROID_ARG_ROOT)); 513 /* Make sure that the string is null-terminated since the 514 * previous could not copy to the end of the input string if it 515 * is too big. 516 */ 517 allocated_rootdev[rootdev_len - 1] = '\0'; 518 *(current_chunk++) = allocated_rootdev; 519 } 520 521 if (extra_args) 522 *(current_chunk++) = extra_args; 523 524 *(current_chunk++) = NULL; 525 cmdline = strjoin(cmdline_chunks, ' '); 526 free(allocated_suffix); 527 free(allocated_rootdev); 528 return cmdline; 529 } 530 531 #ifdef CONFIG_ANDROID_AVB 532 static void slot_set_unbootable(AvbABSlotData* slot) 533 { 534 slot->priority = 0; 535 slot->tries_remaining = 0; 536 slot->successful_boot = 0; 537 } 538 539 static AvbSlotVerifyResult android_slot_verify(char *boot_partname, 540 unsigned long *android_load_address, 541 char *slot_suffix) 542 { 543 const char *requested_partitions[1] = {NULL}; 544 uint8_t unlocked = true; 545 AvbOps *ops; 546 AvbSlotVerifyFlags flags; 547 AvbSlotVerifyData *slot_data[1] = {NULL}; 548 AvbSlotVerifyResult verify_result; 549 AvbABData ab_data, ab_data_orig; 550 size_t slot_index_to_boot = 0; 551 char verify_state[38] = {0}; 552 char can_boot = 1; 553 unsigned long load_address = *android_load_address; 554 struct andr_img_hdr *hdr; 555 556 requested_partitions[0] = boot_partname; 557 ops = avb_ops_user_new(); 558 if (ops == NULL) { 559 printf("avb_ops_user_new() failed!\n"); 560 return AVB_SLOT_VERIFY_RESULT_ERROR_OOM; 561 } 562 563 if (ops->read_is_device_unlocked(ops, (bool *)&unlocked) != AVB_IO_RESULT_OK) 564 printf("Error determining whether device is unlocked.\n"); 565 566 printf("read_is_device_unlocked() ops returned that device is %s\n", 567 (unlocked & LOCK_MASK)? "UNLOCKED" : "LOCKED"); 568 569 flags = AVB_SLOT_VERIFY_FLAGS_NONE; 570 if (unlocked & LOCK_MASK) 571 flags |= AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR; 572 573 if(load_metadata(ops->ab_ops, &ab_data, &ab_data_orig)) { 574 printf("Can not load metadata\n"); 575 return AVB_SLOT_VERIFY_RESULT_ERROR_IO; 576 } 577 578 if (!strncmp(slot_suffix, "_a", 2)) 579 slot_index_to_boot = 0; 580 else if (!strncmp(slot_suffix, "_b", 2)) 581 slot_index_to_boot = 1; 582 else 583 slot_index_to_boot = 0; 584 585 verify_result = 586 avb_slot_verify(ops, 587 requested_partitions, 588 slot_suffix, 589 flags, 590 AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE, 591 &slot_data[0]); 592 593 strcat(verify_state, ANDROID_VERIFY_STATE); 594 switch (verify_result) { 595 case AVB_SLOT_VERIFY_RESULT_OK: 596 if (unlocked & LOCK_MASK) 597 strcat(verify_state, "orange"); 598 else 599 strcat(verify_state, "green"); 600 break; 601 case AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED: 602 if (unlocked & LOCK_MASK) 603 strcat(verify_state, "orange"); 604 else 605 strcat(verify_state, "yellow"); 606 break; 607 case AVB_SLOT_VERIFY_RESULT_ERROR_OOM: 608 case AVB_SLOT_VERIFY_RESULT_ERROR_IO: 609 case AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA: 610 case AVB_SLOT_VERIFY_RESULT_ERROR_UNSUPPORTED_VERSION: 611 case AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION: 612 case AVB_SLOT_VERIFY_RESULT_ERROR_ROLLBACK_INDEX: 613 default: 614 if (unlocked & LOCK_MASK) 615 strcat(verify_state, "orange"); 616 else 617 strcat(verify_state, "red"); 618 break; 619 } 620 621 if (!slot_data[0]) { 622 can_boot = 0; 623 goto out; 624 } 625 626 if (verify_result == AVB_SLOT_VERIFY_RESULT_OK || 627 verify_result == AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED || 628 (unlocked & LOCK_MASK)) { 629 int len = 0; 630 char *bootargs, *newbootargs; 631 632 if (*slot_data[0]->cmdline) { 633 debug("Kernel command line: %s\n", slot_data[0]->cmdline); 634 len += strlen(slot_data[0]->cmdline); 635 } 636 637 bootargs = env_get("bootargs"); 638 if (bootargs) 639 len += strlen(bootargs); 640 641 newbootargs = malloc(len + 2); 642 643 if (!newbootargs) { 644 puts("Error: malloc in android_slot_verify failed!\n"); 645 return AVB_SLOT_VERIFY_RESULT_ERROR_OOM; 646 } 647 *newbootargs = '\0'; 648 649 if (bootargs) { 650 strcpy(newbootargs, bootargs); 651 strcat(newbootargs, " "); 652 } 653 if (*slot_data[0]->cmdline) 654 strcat(newbootargs, slot_data[0]->cmdline); 655 env_set("bootargs", newbootargs); 656 657 /* Reserve page_size */ 658 hdr = (void *)slot_data[0]->loaded_partitions->data; 659 load_address -= hdr->page_size; 660 *android_load_address = load_address; 661 662 #ifdef CONFIG_ANDROID_BOOT_IMAGE_SEPARATE 663 android_image_load_separate(hdr, NULL, 664 (void *)load_address, hdr); 665 #else 666 memcpy((uint8_t *)load_address, 667 slot_data[0]->loaded_partitions->data, 668 slot_data[0]->loaded_partitions->data_size); 669 #endif 670 } else { 671 slot_set_unbootable(&ab_data.slots[slot_index_to_boot]); 672 } 673 674 out: 675 #ifdef CONFIG_ANDROID_AB 676 /* ... and decrement tries remaining, if applicable. */ 677 if (!ab_data.slots[slot_index_to_boot].successful_boot && 678 ab_data.slots[slot_index_to_boot].tries_remaining > 0) { 679 ab_data.slots[slot_index_to_boot].tries_remaining -= 1; 680 } 681 #endif 682 env_update("bootargs", verify_state); 683 if (save_metadata_if_changed(ops->ab_ops, &ab_data, &ab_data_orig)) { 684 printf("Can not save metadata\n"); 685 verify_result = AVB_SLOT_VERIFY_RESULT_ERROR_IO; 686 } 687 688 if (slot_data[0] != NULL) 689 avb_slot_verify_data_free(slot_data[0]); 690 691 if ((unlocked & LOCK_MASK) && can_boot) 692 return 0; 693 else 694 return verify_result; 695 } 696 #endif 697 698 #if defined(CONFIG_CMD_DTIMG) && defined(CONFIG_OF_LIBFDT_OVERLAY) 699 700 /* 701 * Default return index 0. 702 */ 703 __weak int board_select_fdt_index(ulong dt_table_hdr) 704 { 705 /* 706 * User can use "dt_for_each_entry(entry, hdr, idx)" to iterate 707 * over all dt entry of DT image and pick up which they want. 708 * 709 * Example: 710 * struct dt_table_entry *entry; 711 * int index; 712 * 713 * dt_for_each_entry(entry, dt_table_hdr, index) { 714 * 715 * .... (use entry) 716 * } 717 * 718 * return index; 719 */ 720 return 0; 721 } 722 723 static int android_get_dtbo(ulong *fdt_dtbo, 724 const struct andr_img_hdr *hdr, 725 int *index) 726 { 727 struct dt_table_header *dt_hdr = NULL; 728 struct blk_desc *dev_desc; 729 const char *part_name; 730 disk_partition_t part_info; 731 u32 blk_offset, blk_cnt; 732 void *buf; 733 ulong e_addr; 734 u32 e_size; 735 int e_idx; 736 int ret; 737 738 /* Get partition according to boot mode */ 739 if (rockchip_get_boot_mode() == BOOT_MODE_RECOVERY) 740 part_name = PART_RECOVERY; 741 else 742 part_name = PART_DTBO; 743 744 /* Get partition info */ 745 dev_desc = rockchip_get_bootdev(); 746 if (!dev_desc) { 747 printf("%s: dev_desc is NULL!\n", __func__); 748 return -ENODEV; 749 } 750 751 ret = part_get_info_by_name(dev_desc, part_name, &part_info); 752 if (ret < 0) { 753 printf("%s: failed to get %s part info, ret=%d\n", 754 __func__, part_name, ret); 755 return ret; 756 } 757 758 /* Check dt table header */ 759 if (!strcmp(part_name, PART_RECOVERY)) 760 blk_offset = part_info.start + 761 (hdr->recovery_dtbo_offset / part_info.blksz); 762 else 763 blk_offset = part_info.start; 764 765 dt_hdr = memalign(ARCH_DMA_MINALIGN, part_info.blksz); 766 if (!dt_hdr) { 767 printf("%s: out of memory for dt header!\n", __func__); 768 return -ENOMEM; 769 } 770 771 ret = blk_dread(dev_desc, blk_offset, 1, dt_hdr); 772 if (ret != 1) { 773 printf("%s: failed to read dt table header\n", 774 __func__); 775 goto out1; 776 } 777 778 if (!android_dt_check_header((ulong)dt_hdr)) { 779 printf("%s: Error: invalid dt table header: 0x%x\n", 780 __func__, dt_hdr->magic); 781 ret = -EINVAL; 782 goto out1; 783 } 784 785 #ifdef DEBUG 786 android_dt_print_contents((ulong)dt_hdr); 787 #endif 788 789 blk_cnt = DIV_ROUND_UP(fdt32_to_cpu(dt_hdr->total_size), 790 part_info.blksz); 791 /* Read all DT Image */ 792 buf = memalign(ARCH_DMA_MINALIGN, part_info.blksz * blk_cnt); 793 if (!buf) { 794 printf("%s: out of memory for %s part!\n", __func__, part_name); 795 ret = -ENOMEM; 796 goto out1; 797 } 798 799 ret = blk_dread(dev_desc, blk_offset, blk_cnt, buf); 800 if (ret != blk_cnt) { 801 printf("%s: failed to read dtbo, blk_cnt=%d, ret=%d\n", 802 __func__, blk_cnt, ret); 803 goto out2; 804 } 805 806 e_idx = board_select_fdt_index((ulong)buf); 807 if (e_idx < 0) { 808 printf("%s: failed to select board fdt index\n", __func__); 809 ret = -EINVAL; 810 goto out2; 811 } 812 813 ret = android_dt_get_fdt_by_index((ulong)buf, e_idx, &e_addr, &e_size); 814 if (!ret) { 815 printf("%s: failed to get fdt, index=%d\n", __func__, e_idx); 816 ret = -EINVAL; 817 goto out2; 818 } 819 820 if (fdt_dtbo) 821 *fdt_dtbo = e_addr; 822 if (index) 823 *index = e_idx; 824 825 free(dt_hdr); 826 debug("ANDROID: Loading dt entry to 0x%lx size 0x%x idx %d from \"%s\" part\n", 827 e_addr, e_size, e_idx, part_name); 828 829 return 0; 830 831 out2: 832 free(buf); 833 out1: 834 free(dt_hdr); 835 836 return ret; 837 } 838 839 int android_fdt_overlay_apply(void *fdt_addr) 840 { 841 struct andr_img_hdr *hdr; 842 struct blk_desc *dev_desc; 843 const char *part_name; 844 disk_partition_t part_info; 845 char buf[32] = {0}; 846 u32 blk_cnt; 847 ulong fdt_dtbo = -1; 848 int index = -1; 849 int ret; 850 851 /* Get partition according to boot mode */ 852 if (rockchip_get_boot_mode() == BOOT_MODE_RECOVERY) 853 part_name = PART_RECOVERY; 854 else 855 part_name = PART_BOOT; 856 857 /* Get partition info */ 858 dev_desc = rockchip_get_bootdev(); 859 if (!dev_desc) { 860 printf("%s: dev_desc is NULL!\n", __func__); 861 return -ENODEV; 862 } 863 864 ret = part_get_info_by_name(dev_desc, part_name, &part_info); 865 if (ret < 0) { 866 printf("%s: failed to get %s part info, ret=%d\n", 867 __func__, part_name, ret); 868 return ret; 869 } 870 871 blk_cnt = DIV_ROUND_UP(sizeof(*hdr), part_info.blksz); 872 hdr = memalign(ARCH_DMA_MINALIGN, part_info.blksz * blk_cnt); 873 if (!hdr) { 874 printf("%s: out of memory!\n", __func__); 875 return -ENOMEM; 876 } 877 878 ret = blk_dread(dev_desc, part_info.start, blk_cnt, hdr); 879 if (ret != blk_cnt) { 880 printf("%s: failed to read %s hdr!\n", __func__, part_name); 881 goto out; 882 } 883 884 #ifdef DEBUG 885 android_print_contents(hdr); 886 #endif 887 888 if (android_image_check_header(hdr)) 889 return -EINVAL; 890 891 /* Check header version */ 892 if (!hdr->header_version) { 893 printf("Android header version 0\n"); 894 ret = -EINVAL; 895 goto out; 896 } 897 898 ret = android_get_dtbo(&fdt_dtbo, (void *)hdr, &index); 899 if (!ret) { 900 phys_size_t fdt_size; 901 /* Must incease size before overlay */ 902 fdt_size = fdt_totalsize((void *)fdt_addr) + 903 fdt_totalsize((void *)fdt_dtbo); 904 if (sysmem_free((phys_addr_t)fdt_addr)) 905 goto out; 906 907 if (!sysmem_alloc_base(MEMBLK_ID_FDT_DTBO, 908 (phys_addr_t)fdt_addr, 909 fdt_size + CONFIG_SYS_FDT_PAD)) 910 goto out; 911 fdt_increase_size(fdt_addr, fdt_totalsize((void *)fdt_dtbo)); 912 ret = fdt_overlay_apply(fdt_addr, (void *)fdt_dtbo); 913 if (!ret) { 914 snprintf(buf, 32, "%s%d", "androidboot.dtbo_idx=", index); 915 env_update("bootargs", buf); 916 printf("ANDROID: fdt overlay OK\n"); 917 } else { 918 printf("ANDROID: fdt overlay failed, ret=%d\n", ret); 919 } 920 } 921 922 out: 923 free(hdr); 924 925 return 0; 926 } 927 #endif 928 929 static int load_android_image(struct blk_desc *dev_desc, 930 char *boot_partname, 931 char *slot_suffix, 932 unsigned long *load_address) 933 { 934 disk_partition_t boot_part; 935 int ret, part_num; 936 937 part_num = android_part_get_info_by_name_suffix(dev_desc, 938 boot_partname, 939 slot_suffix, 940 &boot_part); 941 if (part_num < 0) { 942 printf("%s: Can't find part: %s\n", __func__, boot_partname); 943 return -1; 944 } 945 debug("ANDROID: Loading kernel from \"%s\", partition %d.\n", 946 boot_part.name, part_num); 947 948 ret = android_image_load(dev_desc, &boot_part, *load_address, -1UL); 949 if (ret < 0) { 950 debug("%s: %s part load fail, ret=%d\n", 951 __func__, boot_part.name, ret); 952 return ret; 953 } 954 *load_address = ret; 955 956 return 0; 957 } 958 959 int android_bootloader_boot_flow(struct blk_desc *dev_desc, 960 unsigned long load_address) 961 { 962 enum android_boot_mode mode = ANDROID_BOOT_MODE_NORMAL; 963 disk_partition_t misc_part_info; 964 int part_num; 965 int ret; 966 char *command_line; 967 char slot_suffix[3] = {0}; 968 const char *mode_cmdline = NULL; 969 char *boot_partname = ANDROID_PARTITION_BOOT; 970 ulong fdt_addr; 971 972 /* 973 * 1. Load MISC partition and determine the boot mode 974 * clear its value for the next boot if needed. 975 */ 976 part_num = part_get_info_by_name(dev_desc, ANDROID_PARTITION_MISC, 977 &misc_part_info); 978 if (part_num < 0) { 979 printf("Could not find misc partition\n"); 980 } else { 981 #ifdef CONFIG_ANDROID_KEYMASTER_CA 982 /* load attestation key from misc partition. */ 983 load_attestation_key(dev_desc, &misc_part_info); 984 #endif 985 986 mode = android_bootloader_load_and_clear_mode(dev_desc, 987 &misc_part_info); 988 #ifdef CONFIG_RKIMG_BOOTLOADER 989 if (mode == ANDROID_BOOT_MODE_NORMAL) { 990 if (rockchip_get_boot_mode() == BOOT_MODE_RECOVERY) 991 mode = ANDROID_BOOT_MODE_RECOVERY; 992 } 993 #endif 994 } 995 996 printf("ANDROID: reboot reason: \"%s\"\n", android_boot_mode_str(mode)); 997 998 #ifdef CONFIG_ANDROID_AB 999 /*TODO: get from pre-loader or misc partition*/ 1000 if (rk_avb_get_current_slot(slot_suffix)) { 1001 printf("rk_avb_get_current_slot() failed\n"); 1002 return -1; 1003 } 1004 1005 AvbOps *ops; 1006 AvbABData ab_data; 1007 AvbABData ab_data_orig; 1008 size_t slot_index_to_boot = 0; 1009 1010 if (!strncmp(slot_suffix, "_a", 2)) 1011 slot_index_to_boot = 0; 1012 else if (!strncmp(slot_suffix, "_b", 2)) 1013 slot_index_to_boot = 1; 1014 else 1015 slot_index_to_boot = 0; 1016 ops = avb_ops_user_new(); 1017 if (ops == NULL) { 1018 printf("avb_ops_user_new() failed!\n"); 1019 return -1; 1020 } 1021 1022 if(load_metadata(ops->ab_ops, &ab_data, &ab_data_orig)) { 1023 printf("Can not load metadata\n"); 1024 return -1; 1025 } 1026 1027 /* ... and decrement tries remaining, if applicable. */ 1028 if (!ab_data.slots[slot_index_to_boot].successful_boot && 1029 ab_data.slots[slot_index_to_boot].tries_remaining > 0) { 1030 ab_data.slots[slot_index_to_boot].tries_remaining -= 1; 1031 } 1032 1033 if (save_metadata_if_changed(ops->ab_ops, &ab_data, &ab_data_orig)) { 1034 printf("Can not save metadata\n"); 1035 return -1; 1036 } 1037 1038 if (slot_suffix[0] != '_') { 1039 printf("###There is no bootable slot, bring up lastboot!###\n"); 1040 if (rk_get_lastboot() == 1) 1041 memcpy(slot_suffix, "_b", 2); 1042 else if(rk_get_lastboot() == 0) 1043 memcpy(slot_suffix, "_a", 2); 1044 else 1045 return -1; 1046 } 1047 #endif 1048 1049 switch (mode) { 1050 case ANDROID_BOOT_MODE_NORMAL: 1051 /* In normal mode, we load the kernel from "boot" but append 1052 * "skip_initramfs" to the cmdline to make it ignore the 1053 * recovery initramfs in the boot partition. 1054 */ 1055 #if (defined(CONFIG_ANDROID_AB) && !defined(CONFIG_ANDROID_AVB)) 1056 { 1057 char root_partition[20] = {0}; 1058 char guid_buf[UUID_SIZE] = {0}; 1059 char root_partuuid[70] = "root=PARTUUID="; 1060 1061 strcat(root_partition, ANDROID_PARTITION_SYSTEM); 1062 strcat(root_partition, slot_suffix); 1063 get_partition_unique_uuid(root_partition, guid_buf, UUID_SIZE); 1064 strcat(root_partuuid, guid_buf); 1065 env_update("bootargs", root_partuuid); 1066 } 1067 #endif 1068 1069 #ifdef CONFIG_ANDROID_AB 1070 mode_cmdline = "skip_initramfs"; 1071 #endif 1072 break; 1073 case ANDROID_BOOT_MODE_RECOVERY: 1074 /* In recovery mode we still boot the kernel from "boot" but 1075 * don't skip the initramfs so it boots to recovery. 1076 */ 1077 #ifndef CONFIG_ANDROID_AB 1078 boot_partname = ANDROID_PARTITION_RECOVERY; 1079 #endif 1080 break; 1081 case ANDROID_BOOT_MODE_BOOTLOADER: 1082 /* Bootloader mode enters fastboot. If this operation fails we 1083 * simply return since we can't recover from this situation by 1084 * switching to another slot. 1085 */ 1086 return android_bootloader_boot_bootloader(); 1087 } 1088 1089 #ifdef CONFIG_ANDROID_AVB 1090 uint8_t vboot_flag = 0; 1091 char vbmeta_partition[9] = {0}; 1092 disk_partition_t vbmeta_part_info; 1093 1094 if (trusty_read_vbootkey_enable_flag(&vboot_flag)) { 1095 printf("Can't read vboot flag\n"); 1096 return -1; 1097 } 1098 1099 if (vboot_flag) { 1100 printf("Vboot=1, SecureBoot enabled, AVB verify\n"); 1101 if (android_slot_verify(boot_partname, &load_address, 1102 slot_suffix)) { 1103 printf("AVB verify failed\n"); 1104 return -1; 1105 } 1106 } else { 1107 strcat(vbmeta_partition, ANDROID_PARTITION_VBMETA); 1108 strcat(vbmeta_partition, slot_suffix); 1109 part_num = part_get_info_by_name(dev_desc, vbmeta_partition, 1110 &vbmeta_part_info); 1111 if (part_num < 0) { 1112 printf("Not AVB images, AVB skip\n"); 1113 env_update("bootargs", 1114 "androidboot.verifiedbootstate=orange"); 1115 if (load_android_image(dev_desc, boot_partname, 1116 slot_suffix, &load_address)) { 1117 printf("Android image load failed\n"); 1118 return -1; 1119 } 1120 } else { 1121 printf("Vboot=0, AVB images, AVB verify\n"); 1122 if (android_slot_verify(boot_partname, &load_address, 1123 slot_suffix)) { 1124 printf("AVB verify failed\n"); 1125 return -1; 1126 } 1127 } 1128 } 1129 #else 1130 /* 1131 * 2. Load the boot/recovery from the desired "boot" partition. 1132 * Determine if this is an AOSP image. 1133 */ 1134 if (load_android_image(dev_desc, boot_partname, 1135 slot_suffix, &load_address)) { 1136 printf("Android image load failed\n"); 1137 return -1; 1138 } 1139 #endif 1140 1141 /* Set Android root variables. */ 1142 env_set_ulong("android_root_devnum", dev_desc->devnum); 1143 env_set("android_slotsufix", slot_suffix); 1144 1145 #ifdef CONFIG_FASTBOOT_OEM_UNLOCK 1146 /* read oem unlock status and attach to bootargs */ 1147 uint8_t unlock = 0; 1148 TEEC_Result result; 1149 char oem_unlock[OEM_UNLOCK_ARG_SIZE] = {0}; 1150 result = trusty_read_oem_unlock(&unlock); 1151 if (result) { 1152 printf("read oem unlock status with error : 0x%x\n", result); 1153 } else { 1154 snprintf(oem_unlock, OEM_UNLOCK_ARG_SIZE, "androidboot.oem_unlocked=%d", unlock); 1155 env_update("bootargs", oem_unlock); 1156 } 1157 #endif 1158 1159 /* Assemble the command line */ 1160 command_line = android_assemble_cmdline(slot_suffix, mode_cmdline); 1161 env_update("bootargs", command_line); 1162 1163 debug("ANDROID: bootargs: \"%s\"\n", command_line); 1164 1165 #ifdef CONFIG_SUPPORT_OEM_DTB 1166 if (android_bootloader_get_fdt(ANDROID_PARTITION_OEM, 1167 ANDROID_ARG_FDT_FILENAME)) { 1168 printf("Can not get the fdt data from oem!\n"); 1169 } 1170 #else 1171 ret = android_image_get_fdt((void *)load_address, &fdt_addr); 1172 if (!ret) 1173 env_set_hex("fdt_addr", fdt_addr); 1174 #endif 1175 android_bootloader_boot_kernel(load_address); 1176 1177 /* TODO: If the kernel doesn't boot mark the selected slot as bad. */ 1178 return -1; 1179 } 1180 1181 int android_avb_boot_flow(char *slot_suffix, unsigned long kernel_address) 1182 { 1183 struct blk_desc *dev_desc; 1184 disk_partition_t boot_part_info; 1185 int ret; 1186 dev_desc = rockchip_get_bootdev(); 1187 if (!dev_desc) { 1188 printf("%s: dev_desc is NULL!\n", __func__); 1189 return -1; 1190 } 1191 /* Load the kernel from the desired "boot" partition. */ 1192 android_part_get_info_by_name_suffix(dev_desc, 1193 ANDROID_PARTITION_BOOT, 1194 slot_suffix, &boot_part_info); 1195 ret = android_image_load(dev_desc, &boot_part_info, kernel_address, 1196 -1UL); 1197 if (ret < 0) 1198 return ret; 1199 android_bootloader_boot_kernel(kernel_address); 1200 1201 /* TODO: If the kernel doesn't boot mark the selected slot as bad. */ 1202 return -1; 1203 } 1204 1205 int android_boot_flow(unsigned long kernel_address) 1206 { 1207 struct blk_desc *dev_desc; 1208 disk_partition_t boot_part_info; 1209 int ret; 1210 dev_desc = rockchip_get_bootdev(); 1211 if (!dev_desc) { 1212 printf("%s: dev_desc is NULL!\n", __func__); 1213 return -1; 1214 } 1215 /* Load the kernel from the desired "boot" partition. */ 1216 part_get_info_by_name(dev_desc, ANDROID_PARTITION_BOOT, &boot_part_info); 1217 ret = android_image_load(dev_desc, &boot_part_info, kernel_address, 1218 -1UL); 1219 if (ret < 0) 1220 return ret; 1221 android_bootloader_boot_kernel(kernel_address); 1222 1223 /* TODO: If the kernel doesn't boot mark the selected slot as bad. */ 1224 return -1; 1225 } 1226