1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * SPDX-License-Identifier: BSD-2-Clause 5 */ 6 7 #include <android_bootloader.h> 8 #include <android_bootloader_message.h> 9 #include <android_avb/avb_slot_verify.h> 10 #include <android_avb/avb_ops_user.h> 11 #include <android_avb/rk_avb_ops_user.h> 12 #include <android_image.h> 13 #include <asm/arch/hotkey.h> 14 #include <cli.h> 15 #include <common.h> 16 #include <dt_table.h> 17 #include <image-android-dt.h> 18 #include <malloc.h> 19 #include <fdt_support.h> 20 #include <fs.h> 21 #include <boot_rkimg.h> 22 #include <attestation_key.h> 23 #include <keymaster.h> 24 #include <linux/libfdt_env.h> 25 #include <optee_include/OpteeClientInterface.h> 26 #include <bidram.h> 27 #include <console.h> 28 #include <sysmem.h> 29 30 DECLARE_GLOBAL_DATA_PTR; 31 32 #define ANDROID_PARTITION_BOOT "boot" 33 #define ANDROID_PARTITION_MISC "misc" 34 #define ANDROID_PARTITION_OEM "oem" 35 #define ANDROID_PARTITION_RECOVERY "recovery" 36 #define ANDROID_PARTITION_SYSTEM "system" 37 #define ANDROID_PARTITION_VBMETA "vbmeta" 38 39 #define ANDROID_ARG_SLOT_SUFFIX "androidboot.slot_suffix=" 40 #define ANDROID_ARG_ROOT "root=" 41 #define ANDROID_ARG_SERIALNO "androidboot.serialno=" 42 #define ANDROID_VERIFY_STATE "androidboot.verifiedbootstate=" 43 #ifdef CONFIG_ROCKCHIP_RESOURCE_IMAGE 44 #define ANDROID_ARG_FDT_FILENAME "rk-kernel.dtb" 45 #define BOOTLOADER_MESSAGE_OFFSET_IN_MISC (16 * 1024) 46 #define BOOTLOADER_MESSAGE_BLK_OFFSET (BOOTLOADER_MESSAGE_OFFSET_IN_MISC >> 9) 47 #else 48 #define ANDROID_ARG_FDT_FILENAME "kernel.dtb" 49 #endif 50 #define OEM_UNLOCK_ARG_SIZE 30 51 #define UUID_SIZE 37 52 53 #ifdef CONFIG_ANDROID_AB 54 static int get_partition_unique_uuid(char *partition, 55 char *guid_buf, 56 size_t guid_buf_size) 57 { 58 struct blk_desc *dev_desc; 59 disk_partition_t part_info; 60 61 dev_desc = rockchip_get_bootdev(); 62 if (!dev_desc) { 63 printf("%s: Could not find device\n", __func__); 64 return -1; 65 } 66 67 if (part_get_info_by_name(dev_desc, partition, &part_info) < 0) { 68 printf("Could not find \"%s\" partition\n", partition); 69 return -1; 70 } 71 72 if (guid_buf && guid_buf_size > 0) 73 memcpy(guid_buf, part_info.uuid, guid_buf_size); 74 75 return 0; 76 } 77 #endif 78 79 char *android_str_append(char *base_name, char *slot_suffix) 80 { 81 char *part_name; 82 size_t part_name_len; 83 84 part_name_len = strlen(base_name) + 1; 85 if (slot_suffix) 86 part_name_len += strlen(slot_suffix); 87 part_name = malloc(part_name_len); 88 if (!part_name) 89 return NULL; 90 strcpy(part_name, base_name); 91 if (slot_suffix && (slot_suffix[0] != '\0')) 92 strcat(part_name, slot_suffix); 93 94 return part_name; 95 } 96 97 int android_bootloader_message_load( 98 struct blk_desc *dev_desc, 99 const disk_partition_t *part_info, 100 struct android_bootloader_message *message) 101 { 102 ulong message_blocks = sizeof(struct android_bootloader_message) / 103 part_info->blksz; 104 if (message_blocks > part_info->size) { 105 printf("misc partition too small.\n"); 106 return -1; 107 } 108 109 #ifdef CONFIG_RKIMG_BOOTLOADER 110 if (blk_dread(dev_desc, part_info->start + BOOTLOADER_MESSAGE_BLK_OFFSET, 111 message_blocks, message) != 112 #else 113 if (blk_dread(dev_desc, part_info->start, message_blocks, message) != 114 #endif 115 message_blocks) { 116 printf("Could not read from misc partition\n"); 117 return -1; 118 } 119 debug("ANDROID: Loaded BCB, %lu blocks.\n", message_blocks); 120 return 0; 121 } 122 123 static int android_bootloader_message_write( 124 struct blk_desc *dev_desc, 125 const disk_partition_t *part_info, 126 struct android_bootloader_message *message) 127 { 128 #ifdef CONFIG_RKIMG_BOOTLOADER 129 ulong message_blocks = sizeof(struct android_bootloader_message) / 130 part_info->blksz + BOOTLOADER_MESSAGE_BLK_OFFSET; 131 #else 132 ulong message_blocks = sizeof(struct android_bootloader_message) / 133 part_info->blksz; 134 #endif 135 if (message_blocks > part_info->size) { 136 printf("misc partition too small.\n"); 137 return -1; 138 } 139 140 if (blk_dwrite(dev_desc, part_info->start, message_blocks, message) != 141 message_blocks) { 142 printf("Could not write to misc partition\n"); 143 return -1; 144 } 145 debug("ANDROID: Wrote new BCB, %lu blocks.\n", message_blocks); 146 return 0; 147 } 148 149 static enum android_boot_mode android_bootloader_load_and_clear_mode( 150 struct blk_desc *dev_desc, 151 const disk_partition_t *misc_part_info) 152 { 153 struct android_bootloader_message bcb; 154 155 #ifdef CONFIG_FASTBOOT 156 char *bootloader_str; 157 158 /* Check for message from bootloader stored in RAM from a previous boot. 159 */ 160 bootloader_str = (char *)CONFIG_FASTBOOT_BUF_ADDR; 161 if (!strcmp("reboot-bootloader", bootloader_str)) { 162 bootloader_str[0] = '\0'; 163 return ANDROID_BOOT_MODE_BOOTLOADER; 164 } 165 #endif 166 167 /* Check and update the BCB message if needed. */ 168 if (android_bootloader_message_load(dev_desc, misc_part_info, &bcb) < 169 0) { 170 printf("WARNING: Unable to load the BCB.\n"); 171 return ANDROID_BOOT_MODE_NORMAL; 172 } 173 174 if (!strcmp("bootonce-bootloader", bcb.command)) { 175 /* Erase the message in the BCB since this value should be used 176 * only once. 177 */ 178 memset(bcb.command, 0, sizeof(bcb.command)); 179 android_bootloader_message_write(dev_desc, misc_part_info, 180 &bcb); 181 return ANDROID_BOOT_MODE_BOOTLOADER; 182 } 183 184 if (!strcmp("boot-recovery", bcb.command)) 185 return ANDROID_BOOT_MODE_RECOVERY; 186 187 return ANDROID_BOOT_MODE_NORMAL; 188 } 189 190 /** 191 * Return the reboot reason string for the passed boot mode. 192 * 193 * @param mode The Android Boot mode. 194 * @return a pointer to the reboot reason string for mode. 195 */ 196 static const char *android_boot_mode_str(enum android_boot_mode mode) 197 { 198 switch (mode) { 199 case ANDROID_BOOT_MODE_NORMAL: 200 return "(none)"; 201 case ANDROID_BOOT_MODE_RECOVERY: 202 return "recovery"; 203 case ANDROID_BOOT_MODE_BOOTLOADER: 204 return "bootloader"; 205 } 206 return NULL; 207 } 208 209 static int android_part_get_info_by_name_suffix(struct blk_desc *dev_desc, 210 const char *base_name, 211 const char *slot_suffix, 212 disk_partition_t *part_info) 213 { 214 char *part_name; 215 int part_num; 216 size_t part_name_len; 217 218 part_name_len = strlen(base_name) + 1; 219 if (slot_suffix) 220 part_name_len += strlen(slot_suffix); 221 part_name = malloc(part_name_len); 222 if (!part_name) 223 return -1; 224 strcpy(part_name, base_name); 225 if (slot_suffix && (slot_suffix[0] != '\0')) 226 strcat(part_name, slot_suffix); 227 228 part_num = part_get_info_by_name(dev_desc, part_name, part_info); 229 if (part_num < 0) { 230 debug("ANDROID: Could not find partition \"%s\"\n", part_name); 231 part_num = -1; 232 } 233 234 free(part_name); 235 return part_num; 236 } 237 238 static int android_bootloader_boot_bootloader(void) 239 { 240 const char *fastboot_cmd = env_get("fastbootcmd"); 241 242 if (fastboot_cmd == NULL) { 243 printf("fastboot_cmd is null, run default fastboot_cmd!\n"); 244 fastboot_cmd = "fastboot usb 0"; 245 } 246 247 return run_command(fastboot_cmd, CMD_FLAG_ENV); 248 } 249 250 #ifdef CONFIG_SUPPORT_OEM_DTB 251 static int android_bootloader_get_fdt(const char *part_name, 252 const char *load_file_name) 253 { 254 struct blk_desc *dev_desc; 255 disk_partition_t boot_part_info; 256 char *fdt_addr = NULL; 257 char slot_suffix[5] = {0}; 258 char dev_part[3] = {0}; 259 loff_t bytes = 0; 260 loff_t pos = 0; 261 loff_t len_read; 262 unsigned long addr = 0; 263 int part_num = -1; 264 int ret; 265 266 dev_desc = rockchip_get_bootdev(); 267 if (!dev_desc) { 268 printf("%s: dev_desc is NULL!\n", __func__); 269 return -1; 270 } 271 272 memset(&boot_part_info, 0, sizeof(boot_part_info)); 273 274 #ifdef CONFIG_RK_AVB_LIBAVB_USER 275 if (rk_avb_get_current_slot(slot_suffix)) { 276 printf("ANDROID: Get Current Slot error.\n"); 277 return -1; 278 } 279 280 part_num = android_part_get_info_by_name_suffix(dev_desc, 281 part_name, 282 slot_suffix, &boot_part_info); 283 #else 284 part_num = part_get_info_by_name(dev_desc, part_name, &boot_part_info); 285 if (part_num < 0) { 286 printf("ANDROID: Could not find partition \"%s\"\n", part_name); 287 return -1; 288 } 289 #endif 290 291 snprintf(dev_part, ARRAY_SIZE(dev_part), ":%x", part_num); 292 if (fs_set_blk_dev_with_part(dev_desc, part_num)) 293 return -1; 294 295 fdt_addr = env_get("fdt_addr_r"); 296 if (!fdt_addr) { 297 printf("ANDROID: No Found FDT Load Address.\n"); 298 return -1; 299 } 300 addr = simple_strtoul(fdt_addr, NULL, 16); 301 302 ret = fs_read(load_file_name, addr, pos, bytes, &len_read); 303 if (ret < 0) 304 return -1; 305 306 return 0; 307 } 308 #endif 309 310 /* 311 * Test on RK3308 AARCH64 mode (Cortex A35 816 MHZ) boot with eMMC: 312 * 313 * |-------------------------------------------------------------------| 314 * | Format | Size(Byte) | Ratio | Decomp time(ms) | Boot time(ms) | 315 * |-------------------------------------------------------------------| 316 * | Image | 7720968 | | | 488 | 317 * |-------------------------------------------------------------------| 318 * | Image.lz4 | 4119448 | 53% | 59 | 455 | 319 * |-------------------------------------------------------------------| 320 * | Image.lzo | 3858322 | 49% | 141 | 536 | 321 * |-------------------------------------------------------------------| 322 * | Image.gz | 3529108 | 45% | 222 | 609 | 323 * |-------------------------------------------------------------------| 324 * | Image.bz2 | 3295914 | 42% | 2940 | | 325 * |-------------------------------------------------------------------| 326 * | Image.lzma| 2683750 | 34% | | | 327 * |-------------------------------------------------------------------| 328 */ 329 static int sysmem_alloc_uncomp_kernel(ulong andr_hdr, 330 ulong uncomp_kaddr, u32 comp) 331 { 332 struct andr_img_hdr *hdr = (struct andr_img_hdr *)andr_hdr; 333 ulong ksize, kaddr; 334 335 if (comp != IH_COMP_NONE) { 336 /* Release compressed sysmem */ 337 kaddr = env_get_hex("kernel_addr_c", 0); 338 if (!kaddr) 339 kaddr = env_get_hex("kernel_addr_r", 0); 340 kaddr -= hdr->page_size; 341 if (sysmem_free((phys_addr_t)kaddr)) 342 return -EINVAL; 343 344 /* 345 * Use smaller Ratio to get larger estimated uncompress 346 * kernel size. 347 */ 348 if (comp == IH_COMP_ZIMAGE) 349 ksize = hdr->kernel_size * 100 / 45; 350 else if (comp == IH_COMP_LZ4) 351 ksize = hdr->kernel_size * 100 / 50; 352 else if (comp == IH_COMP_LZO) 353 ksize = hdr->kernel_size * 100 / 45; 354 else if (comp == IH_COMP_GZIP) 355 ksize = hdr->kernel_size * 100 / 40; 356 else if (comp == IH_COMP_BZIP2) 357 ksize = hdr->kernel_size * 100 / 40; 358 else if (comp == IH_COMP_LZMA) 359 ksize = hdr->kernel_size * 100 / 30; 360 else 361 ksize = hdr->kernel_size; 362 363 kaddr = uncomp_kaddr; 364 ksize = ALIGN(ksize, 512); 365 if (!sysmem_alloc_base(MEMBLK_ID_UNCOMP_KERNEL, 366 (phys_addr_t)kaddr, ksize)) 367 return -ENOMEM; 368 369 hotkey_run(HK_SYSMEM); 370 } 371 372 return 0; 373 } 374 375 int android_bootloader_boot_kernel(unsigned long kernel_address) 376 { 377 char *kernel_addr_r = env_get("kernel_addr_r"); 378 char *kernel_addr_c = env_get("kernel_addr_c"); 379 char *fdt_addr = env_get("fdt_addr"); 380 char kernel_addr_str[12]; 381 char comp_str[32] = {0}; 382 ulong comp_type; 383 const char *comp_name[] = { 384 [IH_COMP_NONE] = "IMAGE", 385 [IH_COMP_GZIP] = "GZIP", 386 [IH_COMP_BZIP2] = "BZIP2", 387 [IH_COMP_LZMA] = "LZMA", 388 [IH_COMP_LZO] = "LZO", 389 [IH_COMP_LZ4] = "LZ4", 390 [IH_COMP_ZIMAGE]= "ZIMAGE", 391 }; 392 char *bootm_args[] = { 393 "bootm", kernel_addr_str, kernel_addr_str, fdt_addr, NULL }; 394 395 comp_type = env_get_ulong("os_comp", 10, 0); 396 sprintf(kernel_addr_str, "0x%lx", kernel_address); 397 398 if (comp_type != IH_COMP_NONE) { 399 if (comp_type == IH_COMP_ZIMAGE && 400 kernel_addr_r && !kernel_addr_c) { 401 kernel_addr_c = kernel_addr_r; 402 kernel_addr_r = __stringify(CONFIG_SYS_SDRAM_BASE); 403 } 404 snprintf(comp_str, 32, "%s%s%s", 405 "(Uncompress to ", kernel_addr_r, ")"); 406 } 407 408 printf("Booting %s kernel at %s%s with fdt at %s...\n\n\n", 409 comp_name[comp_type], 410 comp_type != IH_COMP_NONE ? kernel_addr_c : kernel_addr_r, 411 comp_str, fdt_addr); 412 413 hotkey_run(HK_SYSMEM); 414 415 /* 416 * Check whether there is enough space for uncompress kernel, 417 * Actually, here only gives a sysmem warning message when failed 418 * but never return -1. 419 */ 420 if (sysmem_alloc_uncomp_kernel(kernel_address, 421 simple_strtoul(kernel_addr_r, NULL, 16), 422 comp_type)) 423 return -1; 424 425 /* Check sysmem overflow */ 426 sysmem_overflow_check(); 427 428 do_bootm(NULL, 0, 4, bootm_args); 429 430 return -1; 431 } 432 433 static char *strjoin(const char **chunks, char separator) 434 { 435 int len, joined_len = 0; 436 char *ret, *current; 437 const char **p; 438 439 for (p = chunks; *p; p++) 440 joined_len += strlen(*p) + 1; 441 442 if (!joined_len) { 443 ret = malloc(1); 444 if (ret) 445 ret[0] = '\0'; 446 return ret; 447 } 448 449 ret = malloc(joined_len); 450 current = ret; 451 if (!ret) 452 return ret; 453 454 for (p = chunks; *p; p++) { 455 len = strlen(*p); 456 memcpy(current, *p, len); 457 current += len; 458 *current = separator; 459 current++; 460 } 461 /* Replace the last separator by a \0. */ 462 current[-1] = '\0'; 463 return ret; 464 } 465 466 /** android_assemble_cmdline - Assemble the command line to pass to the kernel 467 * @return a newly allocated string 468 */ 469 char *android_assemble_cmdline(const char *slot_suffix, 470 const char *extra_args) 471 { 472 const char *cmdline_chunks[16]; 473 const char **current_chunk = cmdline_chunks; 474 char *env_cmdline, *cmdline, *rootdev_input, *serialno; 475 char *allocated_suffix = NULL; 476 char *allocated_serialno = NULL; 477 char *allocated_rootdev = NULL; 478 unsigned long rootdev_len; 479 480 env_cmdline = env_get("bootargs"); 481 if (env_cmdline) 482 *(current_chunk++) = env_cmdline; 483 484 /* The |slot_suffix| needs to be passed to the kernel to know what 485 * slot to boot from. 486 */ 487 if (slot_suffix) { 488 allocated_suffix = malloc(strlen(ANDROID_ARG_SLOT_SUFFIX) + 489 strlen(slot_suffix) + 1); 490 memset(allocated_suffix, 0, strlen(ANDROID_ARG_SLOT_SUFFIX) 491 + strlen(slot_suffix) + 1); 492 strcpy(allocated_suffix, ANDROID_ARG_SLOT_SUFFIX); 493 strcat(allocated_suffix, slot_suffix); 494 *(current_chunk++) = allocated_suffix; 495 } 496 497 serialno = env_get("serial#"); 498 if (serialno) { 499 allocated_serialno = malloc(strlen(ANDROID_ARG_SERIALNO) + 500 strlen(serialno) + 1); 501 memset(allocated_serialno, 0, strlen(ANDROID_ARG_SERIALNO) + 502 strlen(serialno) + 1); 503 strcpy(allocated_serialno, ANDROID_ARG_SERIALNO); 504 strcat(allocated_serialno, serialno); 505 *(current_chunk++) = allocated_serialno; 506 } 507 508 rootdev_input = env_get("android_rootdev"); 509 if (rootdev_input) { 510 rootdev_len = strlen(ANDROID_ARG_ROOT) + CONFIG_SYS_CBSIZE + 1; 511 allocated_rootdev = malloc(rootdev_len); 512 strcpy(allocated_rootdev, ANDROID_ARG_ROOT); 513 cli_simple_process_macros(rootdev_input, 514 allocated_rootdev + 515 strlen(ANDROID_ARG_ROOT)); 516 /* Make sure that the string is null-terminated since the 517 * previous could not copy to the end of the input string if it 518 * is too big. 519 */ 520 allocated_rootdev[rootdev_len - 1] = '\0'; 521 *(current_chunk++) = allocated_rootdev; 522 } 523 524 if (extra_args) 525 *(current_chunk++) = extra_args; 526 527 *(current_chunk++) = NULL; 528 cmdline = strjoin(cmdline_chunks, ' '); 529 free(allocated_suffix); 530 free(allocated_rootdev); 531 return cmdline; 532 } 533 534 #ifdef CONFIG_ANDROID_AVB 535 static void slot_set_unbootable(AvbABSlotData* slot) 536 { 537 slot->priority = 0; 538 slot->tries_remaining = 0; 539 slot->successful_boot = 0; 540 } 541 542 static AvbSlotVerifyResult android_slot_verify(char *boot_partname, 543 unsigned long *android_load_address, 544 char *slot_suffix) 545 { 546 const char *requested_partitions[1] = {NULL}; 547 uint8_t unlocked = true; 548 AvbOps *ops; 549 AvbSlotVerifyFlags flags; 550 AvbSlotVerifyData *slot_data[1] = {NULL}; 551 AvbSlotVerifyResult verify_result; 552 AvbABData ab_data, ab_data_orig; 553 size_t slot_index_to_boot = 0; 554 char verify_state[38] = {0}; 555 char can_boot = 1; 556 unsigned long load_address = *android_load_address; 557 struct andr_img_hdr *hdr; 558 559 requested_partitions[0] = boot_partname; 560 ops = avb_ops_user_new(); 561 if (ops == NULL) { 562 printf("avb_ops_user_new() failed!\n"); 563 return AVB_SLOT_VERIFY_RESULT_ERROR_OOM; 564 } 565 566 if (ops->read_is_device_unlocked(ops, (bool *)&unlocked) != AVB_IO_RESULT_OK) 567 printf("Error determining whether device is unlocked.\n"); 568 569 printf("read_is_device_unlocked() ops returned that device is %s\n", 570 (unlocked & LOCK_MASK)? "UNLOCKED" : "LOCKED"); 571 572 flags = AVB_SLOT_VERIFY_FLAGS_NONE; 573 if (unlocked & LOCK_MASK) 574 flags |= AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR; 575 576 if(load_metadata(ops->ab_ops, &ab_data, &ab_data_orig)) { 577 printf("Can not load metadata\n"); 578 return AVB_SLOT_VERIFY_RESULT_ERROR_IO; 579 } 580 581 if (!strncmp(slot_suffix, "_a", 2)) 582 slot_index_to_boot = 0; 583 else if (!strncmp(slot_suffix, "_b", 2)) 584 slot_index_to_boot = 1; 585 else 586 slot_index_to_boot = 0; 587 588 verify_result = 589 avb_slot_verify(ops, 590 requested_partitions, 591 slot_suffix, 592 flags, 593 AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE, 594 &slot_data[0]); 595 596 strcat(verify_state, ANDROID_VERIFY_STATE); 597 switch (verify_result) { 598 case AVB_SLOT_VERIFY_RESULT_OK: 599 if (unlocked & LOCK_MASK) 600 strcat(verify_state, "orange"); 601 else 602 strcat(verify_state, "green"); 603 break; 604 case AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED: 605 if (unlocked & LOCK_MASK) 606 strcat(verify_state, "orange"); 607 else 608 strcat(verify_state, "yellow"); 609 break; 610 case AVB_SLOT_VERIFY_RESULT_ERROR_OOM: 611 case AVB_SLOT_VERIFY_RESULT_ERROR_IO: 612 case AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA: 613 case AVB_SLOT_VERIFY_RESULT_ERROR_UNSUPPORTED_VERSION: 614 case AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION: 615 case AVB_SLOT_VERIFY_RESULT_ERROR_ROLLBACK_INDEX: 616 default: 617 if (unlocked & LOCK_MASK) 618 strcat(verify_state, "orange"); 619 else 620 strcat(verify_state, "red"); 621 break; 622 } 623 624 if (!slot_data[0]) { 625 can_boot = 0; 626 goto out; 627 } 628 629 if (verify_result == AVB_SLOT_VERIFY_RESULT_OK || 630 verify_result == AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED || 631 (unlocked & LOCK_MASK)) { 632 int len = 0; 633 char *bootargs, *newbootargs; 634 635 if (*slot_data[0]->cmdline) { 636 debug("Kernel command line: %s\n", slot_data[0]->cmdline); 637 len += strlen(slot_data[0]->cmdline); 638 } 639 640 bootargs = env_get("bootargs"); 641 if (bootargs) 642 len += strlen(bootargs); 643 644 newbootargs = malloc(len + 2); 645 646 if (!newbootargs) { 647 puts("Error: malloc in android_slot_verify failed!\n"); 648 return AVB_SLOT_VERIFY_RESULT_ERROR_OOM; 649 } 650 *newbootargs = '\0'; 651 652 if (bootargs) { 653 strcpy(newbootargs, bootargs); 654 strcat(newbootargs, " "); 655 } 656 if (*slot_data[0]->cmdline) 657 strcat(newbootargs, slot_data[0]->cmdline); 658 env_set("bootargs", newbootargs); 659 660 /* Reserve page_size */ 661 hdr = (void *)slot_data[0]->loaded_partitions->data; 662 load_address -= hdr->page_size; 663 *android_load_address = load_address; 664 665 #ifdef CONFIG_ANDROID_BOOT_IMAGE_SEPARATE 666 android_image_load_separate(hdr, NULL, 667 (void *)load_address, hdr); 668 #else 669 memcpy((uint8_t *)load_address, 670 slot_data[0]->loaded_partitions->data, 671 slot_data[0]->loaded_partitions->data_size); 672 #endif 673 } else { 674 slot_set_unbootable(&ab_data.slots[slot_index_to_boot]); 675 } 676 677 out: 678 #if defined(CONFIG_ANDROID_AB) && !defined(CONFIG_ANDROID_AVB) 679 /* 680 * In ab & avb process, the tries_remaining minus one in function 681 * android_slot_verify, shield this function here. 682 */ 683 /* ... and decrement tries remaining, if applicable. */ 684 if (!ab_data.slots[slot_index_to_boot].successful_boot && 685 ab_data.slots[slot_index_to_boot].tries_remaining > 0) { 686 ab_data.slots[slot_index_to_boot].tries_remaining -= 1; 687 } 688 #endif 689 env_update("bootargs", verify_state); 690 if (save_metadata_if_changed(ops->ab_ops, &ab_data, &ab_data_orig)) { 691 printf("Can not save metadata\n"); 692 verify_result = AVB_SLOT_VERIFY_RESULT_ERROR_IO; 693 } 694 695 if (slot_data[0] != NULL) 696 avb_slot_verify_data_free(slot_data[0]); 697 698 if ((unlocked & LOCK_MASK) && can_boot) 699 return 0; 700 else 701 return verify_result; 702 } 703 #endif 704 705 #if defined(CONFIG_CMD_DTIMG) && defined(CONFIG_OF_LIBFDT_OVERLAY) 706 707 /* 708 * Default return index 0. 709 */ 710 __weak int board_select_fdt_index(ulong dt_table_hdr) 711 { 712 /* 713 * User can use "dt_for_each_entry(entry, hdr, idx)" to iterate 714 * over all dt entry of DT image and pick up which they want. 715 * 716 * Example: 717 * struct dt_table_entry *entry; 718 * int index; 719 * 720 * dt_for_each_entry(entry, dt_table_hdr, index) { 721 * 722 * .... (use entry) 723 * } 724 * 725 * return index; 726 */ 727 return 0; 728 } 729 730 static int android_get_dtbo(ulong *fdt_dtbo, 731 const struct andr_img_hdr *hdr, 732 int *index) 733 { 734 struct dt_table_header *dt_hdr = NULL; 735 struct blk_desc *dev_desc; 736 const char *part_name; 737 disk_partition_t part_info; 738 u32 blk_offset, blk_cnt; 739 void *buf; 740 ulong e_addr; 741 u32 e_size; 742 int e_idx; 743 int ret; 744 745 /* Get partition according to boot mode */ 746 if (rockchip_get_boot_mode() == BOOT_MODE_RECOVERY) 747 part_name = PART_RECOVERY; 748 else 749 part_name = PART_DTBO; 750 751 /* Get partition info */ 752 dev_desc = rockchip_get_bootdev(); 753 if (!dev_desc) { 754 printf("%s: dev_desc is NULL!\n", __func__); 755 return -ENODEV; 756 } 757 758 ret = part_get_info_by_name(dev_desc, part_name, &part_info); 759 if (ret < 0) { 760 printf("%s: failed to get %s part info, ret=%d\n", 761 __func__, part_name, ret); 762 return ret; 763 } 764 765 /* Check dt table header */ 766 if (!strcmp(part_name, PART_RECOVERY)) 767 blk_offset = part_info.start + 768 (hdr->recovery_dtbo_offset / part_info.blksz); 769 else 770 blk_offset = part_info.start; 771 772 dt_hdr = memalign(ARCH_DMA_MINALIGN, part_info.blksz); 773 if (!dt_hdr) { 774 printf("%s: out of memory for dt header!\n", __func__); 775 return -ENOMEM; 776 } 777 778 ret = blk_dread(dev_desc, blk_offset, 1, dt_hdr); 779 if (ret != 1) { 780 printf("%s: failed to read dt table header\n", 781 __func__); 782 goto out1; 783 } 784 785 if (!android_dt_check_header((ulong)dt_hdr)) { 786 printf("%s: Error: invalid dt table header: 0x%x\n", 787 __func__, dt_hdr->magic); 788 ret = -EINVAL; 789 goto out1; 790 } 791 792 #ifdef DEBUG 793 android_dt_print_contents((ulong)dt_hdr); 794 #endif 795 796 blk_cnt = DIV_ROUND_UP(fdt32_to_cpu(dt_hdr->total_size), 797 part_info.blksz); 798 /* Read all DT Image */ 799 buf = memalign(ARCH_DMA_MINALIGN, part_info.blksz * blk_cnt); 800 if (!buf) { 801 printf("%s: out of memory for %s part!\n", __func__, part_name); 802 ret = -ENOMEM; 803 goto out1; 804 } 805 806 ret = blk_dread(dev_desc, blk_offset, blk_cnt, buf); 807 if (ret != blk_cnt) { 808 printf("%s: failed to read dtbo, blk_cnt=%d, ret=%d\n", 809 __func__, blk_cnt, ret); 810 goto out2; 811 } 812 813 e_idx = board_select_fdt_index((ulong)buf); 814 if (e_idx < 0) { 815 printf("%s: failed to select board fdt index\n", __func__); 816 ret = -EINVAL; 817 goto out2; 818 } 819 820 ret = android_dt_get_fdt_by_index((ulong)buf, e_idx, &e_addr, &e_size); 821 if (!ret) { 822 printf("%s: failed to get fdt, index=%d\n", __func__, e_idx); 823 ret = -EINVAL; 824 goto out2; 825 } 826 827 if (fdt_dtbo) 828 *fdt_dtbo = e_addr; 829 if (index) 830 *index = e_idx; 831 832 free(dt_hdr); 833 debug("ANDROID: Loading dt entry to 0x%lx size 0x%x idx %d from \"%s\" part\n", 834 e_addr, e_size, e_idx, part_name); 835 836 return 0; 837 838 out2: 839 free(buf); 840 out1: 841 free(dt_hdr); 842 843 return ret; 844 } 845 846 int android_fdt_overlay_apply(void *fdt_addr) 847 { 848 struct andr_img_hdr *hdr; 849 struct blk_desc *dev_desc; 850 const char *part_name; 851 disk_partition_t part_info; 852 char buf[32] = {0}; 853 u32 blk_cnt; 854 ulong fdt_dtbo = -1; 855 int index = -1; 856 int ret; 857 858 /* Get partition according to boot mode */ 859 if (rockchip_get_boot_mode() == BOOT_MODE_RECOVERY) 860 part_name = PART_RECOVERY; 861 else 862 part_name = PART_BOOT; 863 864 /* Get partition info */ 865 dev_desc = rockchip_get_bootdev(); 866 if (!dev_desc) { 867 printf("%s: dev_desc is NULL!\n", __func__); 868 return -ENODEV; 869 } 870 871 ret = part_get_info_by_name(dev_desc, part_name, &part_info); 872 if (ret < 0) { 873 printf("%s: failed to get %s part info, ret=%d\n", 874 __func__, part_name, ret); 875 return ret; 876 } 877 878 blk_cnt = DIV_ROUND_UP(sizeof(*hdr), part_info.blksz); 879 hdr = memalign(ARCH_DMA_MINALIGN, part_info.blksz * blk_cnt); 880 if (!hdr) { 881 printf("%s: out of memory!\n", __func__); 882 return -ENOMEM; 883 } 884 885 ret = blk_dread(dev_desc, part_info.start, blk_cnt, hdr); 886 if (ret != blk_cnt) { 887 printf("%s: failed to read %s hdr!\n", __func__, part_name); 888 goto out; 889 } 890 891 #ifdef DEBUG 892 android_print_contents(hdr); 893 #endif 894 895 if (android_image_check_header(hdr)) 896 return -EINVAL; 897 898 /* Check header version */ 899 if (!hdr->header_version) { 900 printf("Android header version 0\n"); 901 ret = -EINVAL; 902 goto out; 903 } 904 905 ret = android_get_dtbo(&fdt_dtbo, (void *)hdr, &index); 906 if (!ret) { 907 phys_size_t fdt_size; 908 /* Must incease size before overlay */ 909 fdt_size = fdt_totalsize((void *)fdt_addr) + 910 fdt_totalsize((void *)fdt_dtbo); 911 if (sysmem_free((phys_addr_t)fdt_addr)) 912 goto out; 913 914 if (!sysmem_alloc_base(MEMBLK_ID_FDT_DTBO, 915 (phys_addr_t)fdt_addr, 916 fdt_size + CONFIG_SYS_FDT_PAD)) 917 goto out; 918 fdt_increase_size(fdt_addr, fdt_totalsize((void *)fdt_dtbo)); 919 ret = fdt_overlay_apply(fdt_addr, (void *)fdt_dtbo); 920 if (!ret) { 921 snprintf(buf, 32, "%s%d", "androidboot.dtbo_idx=", index); 922 env_update("bootargs", buf); 923 printf("ANDROID: fdt overlay OK\n"); 924 } else { 925 printf("ANDROID: fdt overlay failed, ret=%d\n", ret); 926 } 927 } 928 929 out: 930 free(hdr); 931 932 return 0; 933 } 934 #endif 935 936 static int load_android_image(struct blk_desc *dev_desc, 937 char *boot_partname, 938 char *slot_suffix, 939 unsigned long *load_address) 940 { 941 disk_partition_t boot_part; 942 int ret, part_num; 943 944 part_num = android_part_get_info_by_name_suffix(dev_desc, 945 boot_partname, 946 slot_suffix, 947 &boot_part); 948 if (part_num < 0) { 949 printf("%s: Can't find part: %s\n", __func__, boot_partname); 950 return -1; 951 } 952 debug("ANDROID: Loading kernel from \"%s\", partition %d.\n", 953 boot_part.name, part_num); 954 955 ret = android_image_load(dev_desc, &boot_part, *load_address, -1UL); 956 if (ret < 0) { 957 debug("%s: %s part load fail, ret=%d\n", 958 __func__, boot_part.name, ret); 959 return ret; 960 } 961 *load_address = ret; 962 963 return 0; 964 } 965 966 int android_bootloader_boot_flow(struct blk_desc *dev_desc, 967 unsigned long load_address) 968 { 969 enum android_boot_mode mode = ANDROID_BOOT_MODE_NORMAL; 970 disk_partition_t misc_part_info; 971 int part_num; 972 int ret; 973 char *command_line; 974 char slot_suffix[3] = {0}; 975 const char *mode_cmdline = NULL; 976 char *boot_partname = ANDROID_PARTITION_BOOT; 977 ulong fdt_addr; 978 979 /* 980 * 1. Load MISC partition and determine the boot mode 981 * clear its value for the next boot if needed. 982 */ 983 part_num = part_get_info_by_name(dev_desc, ANDROID_PARTITION_MISC, 984 &misc_part_info); 985 if (part_num < 0) { 986 printf("Could not find misc partition\n"); 987 } else { 988 #ifdef CONFIG_ANDROID_KEYMASTER_CA 989 /* load attestation key from misc partition. */ 990 load_attestation_key(dev_desc, &misc_part_info); 991 #endif 992 993 mode = android_bootloader_load_and_clear_mode(dev_desc, 994 &misc_part_info); 995 #ifdef CONFIG_RKIMG_BOOTLOADER 996 if (mode == ANDROID_BOOT_MODE_NORMAL) { 997 if (rockchip_get_boot_mode() == BOOT_MODE_RECOVERY) 998 mode = ANDROID_BOOT_MODE_RECOVERY; 999 } 1000 #endif 1001 } 1002 1003 printf("ANDROID: reboot reason: \"%s\"\n", android_boot_mode_str(mode)); 1004 1005 #ifdef CONFIG_ANDROID_AB 1006 /*TODO: get from pre-loader or misc partition*/ 1007 if (rk_avb_get_current_slot(slot_suffix)) { 1008 printf("rk_avb_get_current_slot() failed\n"); 1009 return -1; 1010 } 1011 1012 AvbOps *ops; 1013 AvbABData ab_data; 1014 AvbABData ab_data_orig; 1015 size_t slot_index_to_boot = 0; 1016 1017 if (!strncmp(slot_suffix, "_a", 2)) 1018 slot_index_to_boot = 0; 1019 else if (!strncmp(slot_suffix, "_b", 2)) 1020 slot_index_to_boot = 1; 1021 else 1022 slot_index_to_boot = 0; 1023 ops = avb_ops_user_new(); 1024 if (ops == NULL) { 1025 printf("avb_ops_user_new() failed!\n"); 1026 return -1; 1027 } 1028 1029 if(load_metadata(ops->ab_ops, &ab_data, &ab_data_orig)) { 1030 printf("Can not load metadata\n"); 1031 return -1; 1032 } 1033 1034 /* ... and decrement tries remaining, if applicable. */ 1035 if (!ab_data.slots[slot_index_to_boot].successful_boot && 1036 ab_data.slots[slot_index_to_boot].tries_remaining > 0) { 1037 ab_data.slots[slot_index_to_boot].tries_remaining -= 1; 1038 } 1039 1040 if (save_metadata_if_changed(ops->ab_ops, &ab_data, &ab_data_orig)) { 1041 printf("Can not save metadata\n"); 1042 return -1; 1043 } 1044 1045 if (slot_suffix[0] != '_') { 1046 printf("###There is no bootable slot, bring up lastboot!###\n"); 1047 if (rk_get_lastboot() == 1) 1048 memcpy(slot_suffix, "_b", 2); 1049 else if(rk_get_lastboot() == 0) 1050 memcpy(slot_suffix, "_a", 2); 1051 else 1052 return -1; 1053 } 1054 #endif 1055 1056 switch (mode) { 1057 case ANDROID_BOOT_MODE_NORMAL: 1058 /* In normal mode, we load the kernel from "boot" but append 1059 * "skip_initramfs" to the cmdline to make it ignore the 1060 * recovery initramfs in the boot partition. 1061 */ 1062 #ifdef CONFIG_ANDROID_AB 1063 mode_cmdline = "skip_initramfs"; 1064 #endif 1065 break; 1066 case ANDROID_BOOT_MODE_RECOVERY: 1067 /* In recovery mode we still boot the kernel from "boot" but 1068 * don't skip the initramfs so it boots to recovery. 1069 */ 1070 #ifndef CONFIG_ANDROID_AB 1071 boot_partname = ANDROID_PARTITION_RECOVERY; 1072 #endif 1073 break; 1074 case ANDROID_BOOT_MODE_BOOTLOADER: 1075 /* Bootloader mode enters fastboot. If this operation fails we 1076 * simply return since we can't recover from this situation by 1077 * switching to another slot. 1078 */ 1079 return android_bootloader_boot_bootloader(); 1080 } 1081 1082 #ifdef CONFIG_ANDROID_AVB 1083 uint8_t vboot_flag = 0; 1084 char vbmeta_partition[9] = {0}; 1085 disk_partition_t vbmeta_part_info; 1086 1087 if (trusty_read_vbootkey_enable_flag(&vboot_flag)) { 1088 printf("Can't read vboot flag\n"); 1089 return -1; 1090 } 1091 1092 if (vboot_flag) { 1093 printf("Vboot=1, SecureBoot enabled, AVB verify\n"); 1094 if (android_slot_verify(boot_partname, &load_address, 1095 slot_suffix)) { 1096 printf("AVB verify failed\n"); 1097 return -1; 1098 } 1099 } else { 1100 strcat(vbmeta_partition, ANDROID_PARTITION_VBMETA); 1101 strcat(vbmeta_partition, slot_suffix); 1102 part_num = part_get_info_by_name(dev_desc, vbmeta_partition, 1103 &vbmeta_part_info); 1104 if (part_num < 0) { 1105 printf("Not AVB images, AVB skip\n"); 1106 env_update("bootargs", 1107 "androidboot.verifiedbootstate=orange"); 1108 if (load_android_image(dev_desc, boot_partname, 1109 slot_suffix, &load_address)) { 1110 printf("Android image load failed\n"); 1111 return -1; 1112 } 1113 } else { 1114 printf("Vboot=0, AVB images, AVB verify\n"); 1115 if (android_slot_verify(boot_partname, &load_address, 1116 slot_suffix)) { 1117 printf("AVB verify failed\n"); 1118 return -1; 1119 } 1120 } 1121 } 1122 #else 1123 /* 1124 * 2. Load the boot/recovery from the desired "boot" partition. 1125 * Determine if this is an AOSP image. 1126 */ 1127 if (load_android_image(dev_desc, boot_partname, 1128 slot_suffix, &load_address)) { 1129 printf("Android image load failed\n"); 1130 return -1; 1131 } 1132 #endif 1133 1134 #ifdef CONFIG_ANDROID_AB 1135 /* In android a/b & avb process, the "root=" will be add which parameter 1136 * is in vbmeta.In linux a/b & avb process, the "root=" must be add by 1137 * follow code. To be compatible with the above two processes, test it 1138 * is necessary to add "root=". 1139 */ 1140 char root_partition[20] = {0}; 1141 char guid_buf[UUID_SIZE] = {0}; 1142 char root_partuuid[70] = "root=PARTUUID="; 1143 char *boot_args = env_get("bootargs"); 1144 1145 if (!strstr(boot_args, "root=")) { 1146 strcat(root_partition, ANDROID_PARTITION_SYSTEM); 1147 strcat(root_partition, slot_suffix); 1148 get_partition_unique_uuid(root_partition, guid_buf, UUID_SIZE); 1149 strcat(root_partuuid, guid_buf); 1150 env_update("bootargs", root_partuuid); 1151 } 1152 #endif 1153 1154 /* Set Android root variables. */ 1155 env_set_ulong("android_root_devnum", dev_desc->devnum); 1156 env_set("android_slotsufix", slot_suffix); 1157 1158 #ifdef CONFIG_FASTBOOT_OEM_UNLOCK 1159 /* read oem unlock status and attach to bootargs */ 1160 uint8_t unlock = 0; 1161 TEEC_Result result; 1162 char oem_unlock[OEM_UNLOCK_ARG_SIZE] = {0}; 1163 result = trusty_read_oem_unlock(&unlock); 1164 if (result) { 1165 printf("read oem unlock status with error : 0x%x\n", result); 1166 } else { 1167 snprintf(oem_unlock, OEM_UNLOCK_ARG_SIZE, "androidboot.oem_unlocked=%d", unlock); 1168 env_update("bootargs", oem_unlock); 1169 } 1170 #endif 1171 1172 /* Assemble the command line */ 1173 command_line = android_assemble_cmdline(slot_suffix, mode_cmdline); 1174 env_update("bootargs", command_line); 1175 1176 debug("ANDROID: bootargs: \"%s\"\n", command_line); 1177 1178 #ifdef CONFIG_SUPPORT_OEM_DTB 1179 if (android_bootloader_get_fdt(ANDROID_PARTITION_OEM, 1180 ANDROID_ARG_FDT_FILENAME)) { 1181 printf("Can not get the fdt data from oem!\n"); 1182 } 1183 #else 1184 ret = android_image_get_fdt((void *)load_address, &fdt_addr); 1185 if (!ret) 1186 env_set_hex("fdt_addr", fdt_addr); 1187 #endif 1188 android_bootloader_boot_kernel(load_address); 1189 1190 /* TODO: If the kernel doesn't boot mark the selected slot as bad. */ 1191 return -1; 1192 } 1193 1194 int android_avb_boot_flow(char *slot_suffix, unsigned long kernel_address) 1195 { 1196 struct blk_desc *dev_desc; 1197 disk_partition_t boot_part_info; 1198 int ret; 1199 dev_desc = rockchip_get_bootdev(); 1200 if (!dev_desc) { 1201 printf("%s: dev_desc is NULL!\n", __func__); 1202 return -1; 1203 } 1204 /* Load the kernel from the desired "boot" partition. */ 1205 android_part_get_info_by_name_suffix(dev_desc, 1206 ANDROID_PARTITION_BOOT, 1207 slot_suffix, &boot_part_info); 1208 ret = android_image_load(dev_desc, &boot_part_info, kernel_address, 1209 -1UL); 1210 if (ret < 0) 1211 return ret; 1212 android_bootloader_boot_kernel(kernel_address); 1213 1214 /* TODO: If the kernel doesn't boot mark the selected slot as bad. */ 1215 return -1; 1216 } 1217 1218 int android_boot_flow(unsigned long kernel_address) 1219 { 1220 struct blk_desc *dev_desc; 1221 disk_partition_t boot_part_info; 1222 int ret; 1223 dev_desc = rockchip_get_bootdev(); 1224 if (!dev_desc) { 1225 printf("%s: dev_desc is NULL!\n", __func__); 1226 return -1; 1227 } 1228 /* Load the kernel from the desired "boot" partition. */ 1229 part_get_info_by_name(dev_desc, ANDROID_PARTITION_BOOT, &boot_part_info); 1230 ret = android_image_load(dev_desc, &boot_part_info, kernel_address, 1231 -1UL); 1232 if (ret < 0) 1233 return ret; 1234 android_bootloader_boot_kernel(kernel_address); 1235 1236 /* TODO: If the kernel doesn't boot mark the selected slot as bad. */ 1237 return -1; 1238 } 1239