1 /* 2 * Copyright (c) 2011 Sebastian Andrzej Siewior <bigeasy@linutronix.de> 3 * 4 * SPDX-License-Identifier: GPL-2.0+ 5 */ 6 7 #include <common.h> 8 #include <image.h> 9 #include <android_image.h> 10 #include <android_bootloader.h> 11 #include <malloc.h> 12 #include <mapmem.h> 13 #include <errno.h> 14 #include <boot_rkimg.h> 15 #include <sysmem.h> 16 #ifdef CONFIG_RKIMG_BOOTLOADER 17 #include <asm/arch/resource_img.h> 18 #endif 19 #ifdef CONFIG_RK_AVB_LIBAVB_USER 20 #include <android_avb/avb_slot_verify.h> 21 #include <android_avb/avb_ops_user.h> 22 #include <android_avb/rk_avb_ops_user.h> 23 #endif 24 #include <optee_include/OpteeClientInterface.h> 25 26 DECLARE_GLOBAL_DATA_PTR; 27 28 #define ANDROID_IMAGE_DEFAULT_KERNEL_ADDR 0x10008000 29 #define ANDROID_ARG_FDT_FILENAME "rk-kernel.dtb" 30 31 static char andr_tmp_str[ANDR_BOOT_ARGS_SIZE + 1]; 32 static u32 android_kernel_comp_type = IH_COMP_NONE; 33 34 static ulong android_image_get_kernel_addr(const struct andr_img_hdr *hdr) 35 { 36 /* 37 * All the Android tools that generate a boot.img use this 38 * address as the default. 39 * 40 * Even though it doesn't really make a lot of sense, and it 41 * might be valid on some platforms, we treat that address as 42 * the default value for this field, and try to execute the 43 * kernel in place in such a case. 44 * 45 * Otherwise, we will return the actual value set by the user. 46 */ 47 if (hdr->kernel_addr == ANDROID_IMAGE_DEFAULT_KERNEL_ADDR) 48 return (ulong)hdr + hdr->page_size; 49 50 #ifdef CONFIG_ARCH_ROCKCHIP 51 /* 52 * If kernel is compressed, kernel_addr is set as decompressed address 53 * after compressed being loaded to ram, so let's use it. 54 */ 55 if (android_kernel_comp_type != IH_COMP_NONE && 56 android_kernel_comp_type != IH_COMP_ZIMAGE) 57 return hdr->kernel_addr; 58 59 /* 60 * Compatble with rockchip legacy packing with kernel/ramdisk/second 61 * address base from 0x60000000(SDK versiont < 8.1), these are invalid 62 * address, so we calc it by real size. 63 */ 64 return (ulong)hdr + hdr->page_size; 65 #else 66 return hdr->kernel_addr; 67 #endif 68 69 } 70 71 void android_image_set_comp(struct andr_img_hdr *hdr, u32 comp) 72 { 73 android_kernel_comp_type = comp; 74 } 75 76 u32 android_image_get_comp(const struct andr_img_hdr *hdr) 77 { 78 return android_kernel_comp_type; 79 } 80 81 int android_image_parse_kernel_comp(const struct andr_img_hdr *hdr) 82 { 83 ulong kaddr = android_image_get_kernel_addr(hdr); 84 return bootm_parse_comp((const unsigned char *)kaddr); 85 } 86 87 /** 88 * android_image_get_kernel() - processes kernel part of Android boot images 89 * @hdr: Pointer to image header, which is at the start 90 * of the image. 91 * @verify: Checksum verification flag. Currently unimplemented. 92 * @os_data: Pointer to a ulong variable, will hold os data start 93 * address. 94 * @os_len: Pointer to a ulong variable, will hold os data length. 95 * 96 * This function returns the os image's start address and length. Also, 97 * it appends the kernel command line to the bootargs env variable. 98 * 99 * Return: Zero, os start address and length on success, 100 * otherwise on failure. 101 */ 102 int android_image_get_kernel(const struct andr_img_hdr *hdr, int verify, 103 ulong *os_data, ulong *os_len) 104 { 105 u32 kernel_addr = android_image_get_kernel_addr(hdr); 106 107 /* 108 * Not all Android tools use the id field for signing the image with 109 * sha1 (or anything) so we don't check it. It is not obvious that the 110 * string is null terminated so we take care of this. 111 */ 112 strncpy(andr_tmp_str, hdr->name, ANDR_BOOT_NAME_SIZE); 113 andr_tmp_str[ANDR_BOOT_NAME_SIZE] = '\0'; 114 if (strlen(andr_tmp_str)) 115 printf("Android's image name: %s\n", andr_tmp_str); 116 117 printf("Kernel load addr 0x%08x size %u KiB\n", 118 kernel_addr, DIV_ROUND_UP(hdr->kernel_size, 1024)); 119 120 int len = 0; 121 if (*hdr->cmdline) { 122 debug("Kernel command line: %s\n", hdr->cmdline); 123 len += strlen(hdr->cmdline); 124 } 125 126 char *bootargs = env_get("bootargs"); 127 if (bootargs) 128 len += strlen(bootargs); 129 130 char *newbootargs = malloc(len + 2); 131 if (!newbootargs) { 132 puts("Error: malloc in android_image_get_kernel failed!\n"); 133 return -ENOMEM; 134 } 135 *newbootargs = '\0'; 136 137 if (bootargs) { 138 strcpy(newbootargs, bootargs); 139 strcat(newbootargs, " "); 140 } 141 if (*hdr->cmdline) 142 strcat(newbootargs, hdr->cmdline); 143 144 env_set("bootargs", newbootargs); 145 146 if (os_data) { 147 *os_data = (ulong)hdr; 148 *os_data += hdr->page_size; 149 } 150 if (os_len) 151 *os_len = hdr->kernel_size; 152 return 0; 153 } 154 155 int android_image_check_header(const struct andr_img_hdr *hdr) 156 { 157 return memcmp(ANDR_BOOT_MAGIC, hdr->magic, ANDR_BOOT_MAGIC_SIZE); 158 } 159 160 ulong android_image_get_end(const struct andr_img_hdr *hdr) 161 { 162 ulong end; 163 /* 164 * The header takes a full page, the remaining components are aligned 165 * on page boundary 166 */ 167 end = (ulong)hdr; 168 end += hdr->page_size; 169 end += ALIGN(hdr->kernel_size, hdr->page_size); 170 end += ALIGN(hdr->ramdisk_size, hdr->page_size); 171 end += ALIGN(hdr->second_size, hdr->page_size); 172 173 if (hdr->header_version >= 1) 174 end += ALIGN(hdr->recovery_dtbo_size, hdr->page_size); 175 176 return end; 177 } 178 179 u32 android_image_get_ksize(const struct andr_img_hdr *hdr) 180 { 181 return hdr->kernel_size; 182 } 183 184 void android_image_set_kload(struct andr_img_hdr *hdr, u32 load_address) 185 { 186 hdr->kernel_addr = load_address; 187 } 188 189 ulong android_image_get_kload(const struct andr_img_hdr *hdr) 190 { 191 return android_image_get_kernel_addr(hdr); 192 } 193 194 int android_image_get_ramdisk(const struct andr_img_hdr *hdr, 195 ulong *rd_data, ulong *rd_len) 196 { 197 bool avb_enabled = false; 198 199 #ifdef CONFIG_ANDROID_BOOTLOADER 200 avb_enabled = android_avb_is_enabled(); 201 #endif 202 203 if (!hdr->ramdisk_size) { 204 *rd_data = *rd_len = 0; 205 return -1; 206 } 207 208 /* 209 * We have load ramdisk at "ramdisk_addr_r" when android avb is 210 * disabled and CONFIG_ANDROID_BOOT_IMAGE_SEPARATE enabled. 211 */ 212 if (!avb_enabled && IS_ENABLED(CONFIG_ANDROID_BOOT_IMAGE_SEPARATE)) { 213 ulong ramdisk_addr_r; 214 215 ramdisk_addr_r = env_get_ulong("ramdisk_addr_r", 16, 0); 216 if (!ramdisk_addr_r) { 217 printf("No Found Ramdisk Load Address.\n"); 218 return -1; 219 } 220 221 *rd_data = ramdisk_addr_r; 222 } else { 223 *rd_data = (unsigned long)hdr; 224 *rd_data += hdr->page_size; 225 *rd_data += ALIGN(hdr->kernel_size, hdr->page_size); 226 } 227 228 *rd_len = hdr->ramdisk_size; 229 230 printf("RAM disk load addr 0x%08lx size %u KiB\n", 231 *rd_data, DIV_ROUND_UP(hdr->ramdisk_size, 1024)); 232 233 return 0; 234 } 235 236 int android_image_get_fdt(const struct andr_img_hdr *hdr, 237 ulong *rd_data) 238 { 239 bool avb_enabled = false; 240 241 #ifdef CONFIG_ANDROID_BOOTLOADER 242 avb_enabled = android_avb_is_enabled(); 243 #endif 244 245 if (!hdr->second_size) { 246 *rd_data = 0; 247 return -1; 248 } 249 250 /* 251 * We have load fdt at "fdt_addr_r" when android avb is 252 * disabled and CONFIG_ANDROID_BOOT_IMAGE_SEPARATE enabled; 253 * or CONFIG_USING_KERNEL_DTB is enabled. 254 */ 255 if (IS_ENABLED(CONFIG_USING_KERNEL_DTB) || 256 (!avb_enabled && IS_ENABLED(CONFIG_ANDROID_BOOT_IMAGE_SEPARATE))) { 257 ulong fdt_addr_r; 258 259 fdt_addr_r = env_get_ulong("fdt_addr_r", 16, 0); 260 if (!fdt_addr_r) { 261 printf("No Found FDT Load Address.\n"); 262 return -1; 263 } 264 265 *rd_data = fdt_addr_r; 266 } else { 267 *rd_data = (unsigned long)hdr; 268 *rd_data += hdr->page_size; 269 *rd_data += ALIGN(hdr->kernel_size, hdr->page_size); 270 *rd_data += ALIGN(hdr->ramdisk_size, hdr->page_size); 271 } 272 273 printf("FDT load addr 0x%08x size %u KiB\n", 274 hdr->second_addr, DIV_ROUND_UP(hdr->second_size, 1024)); 275 276 return 0; 277 } 278 279 #ifdef CONFIG_ANDROID_BOOT_IMAGE_SEPARATE 280 static int android_image_load_separate(struct blk_desc *dev_desc, 281 struct andr_img_hdr *hdr, 282 const disk_partition_t *part, 283 void *android_load_address) 284 { 285 ulong fdt_addr_r = env_get_ulong("fdt_addr_r", 16, 0); 286 ulong blk_start, blk_cnt, size; 287 int ret, blk_read = 0; 288 289 if (hdr->kernel_size) { 290 size = hdr->kernel_size + hdr->page_size; 291 blk_start = part->start; 292 blk_cnt = DIV_ROUND_UP(size, dev_desc->blksz); 293 if (!sysmem_alloc_base("kernel", 294 (phys_addr_t)android_load_address, 295 blk_cnt * dev_desc->blksz)) 296 return -ENXIO; 297 298 ret = blk_dread(dev_desc, blk_start, 299 blk_cnt, android_load_address); 300 if (ret < 0) { 301 debug("%s: read kernel failed, ret=%d\n", 302 __func__, ret); 303 return ret; 304 } 305 blk_read += ret; 306 } 307 308 if (hdr->ramdisk_size) { 309 ulong ramdisk_addr_r = env_get_ulong("ramdisk_addr_r", 16, 0); 310 311 size = hdr->page_size + ALIGN(hdr->kernel_size, hdr->page_size); 312 blk_start = part->start + DIV_ROUND_UP(size, dev_desc->blksz); 313 blk_cnt = DIV_ROUND_UP(hdr->ramdisk_size, dev_desc->blksz); 314 if (!sysmem_alloc_base("ramdisk", 315 ramdisk_addr_r, 316 blk_cnt * dev_desc->blksz)) 317 return -ENXIO; 318 319 ret = blk_dread(dev_desc, blk_start, 320 blk_cnt, (void *)ramdisk_addr_r); 321 if (ret < 0) { 322 debug("%s: read ramdisk failed, ret=%d\n", 323 __func__, ret); 324 return ret; 325 } 326 blk_read += ret; 327 } 328 329 if ((gd->fdt_blob != (void *)fdt_addr_r) && hdr->second_size) { 330 #ifdef CONFIG_RKIMG_BOOTLOADER 331 /* Rockchip AOSP, resource.img is in second position */ 332 ulong fdt_size; 333 334 fdt_size = rockchip_read_dtb_file((void *)fdt_addr_r); 335 if (fdt_size < 0) { 336 printf("%s: read fdt failed\n", __func__); 337 return ret; 338 } 339 340 blk_read += DIV_ROUND_UP(fdt_size, dev_desc->blksz); 341 #else 342 /* Standard AOSP, dtb is in second position */ 343 ulong blk_start, blk_cnt; 344 345 size = hdr->page_size + 346 ALIGN(hdr->kernel_size, hdr->page_size) + 347 ALIGN(hdr->ramdisk_size, hdr->page_size); 348 blk_start = part->start + DIV_ROUND_UP(size, dev_desc->blksz); 349 blk_cnt = DIV_ROUND_UP(hdr->second_size, dev_desc->blksz); 350 if (!sysmem_alloc_base("fdt(AOSP)", 351 fdt_addr_r, 352 blk_cnt * dev_desc->blksz + 353 CONFIG_SYS_FDT_PAD)) 354 return -ENXIO; 355 356 ret = blk_dread(dev_desc, blk_start, blk_cnt, (void *)fdt_addr_r); 357 if (ret < 0) { 358 debug("%s: read dtb failed, ret=%d\n", __func__, ret); 359 return ret; 360 } 361 362 blk_read += blk_cnt; 363 #endif /* CONFIG_RKIMG_BOOTLOADER */ 364 } 365 366 return blk_read; 367 } 368 #endif /* CONFIG_ANDROID_BOOT_IMAGE_SEPARATE */ 369 370 long android_image_load(struct blk_desc *dev_desc, 371 const disk_partition_t *part_info, 372 unsigned long load_address, 373 unsigned long max_size) { 374 void *buf; 375 long blk_cnt = 0; 376 long blk_read = 0; 377 u32 comp; 378 u32 kload_addr; 379 u32 blkcnt; 380 struct andr_img_hdr *hdr; 381 382 if (max_size < part_info->blksz) 383 return -1; 384 385 /* 386 * Read the Android boot.img header and a few parts of 387 * the head of kernel image(2 blocks maybe enough). 388 */ 389 blkcnt = DIV_ROUND_UP(sizeof(*hdr), 512) + 2; 390 hdr = memalign(ARCH_DMA_MINALIGN, blkcnt * 512); 391 if (!hdr) { 392 printf("%s: no memory\n", __func__); 393 return -1; 394 } 395 396 if (blk_dread(dev_desc, part_info->start, blkcnt, hdr) != blkcnt) 397 blk_read = -1; 398 399 if (!blk_read && android_image_check_header(hdr) != 0) { 400 printf("** Invalid Android Image header **\n"); 401 blk_read = -1; 402 } 403 404 /* page_size for image header */ 405 load_address -= hdr->page_size; 406 407 /* We don't know the size of the Android image before reading the header 408 * so we don't limit the size of the mapped memory. 409 */ 410 buf = map_sysmem(load_address, 0 /* size */); 411 if (!blk_read) { 412 blk_cnt = (android_image_get_end(hdr) - (ulong)hdr + 413 part_info->blksz - 1) / part_info->blksz; 414 comp = android_image_parse_kernel_comp(hdr); 415 /* 416 * We should load a compressed kernel Image 417 * to high memory 418 */ 419 if (comp != IH_COMP_NONE) { 420 load_address += android_image_get_ksize(hdr) * 3; 421 load_address = env_get_ulong("kernel_addr_c", 16, load_address); 422 load_address -= hdr->page_size; 423 unmap_sysmem(buf); 424 buf = map_sysmem(load_address, 0 /* size */); 425 } 426 427 if (blk_cnt * part_info->blksz > max_size) { 428 debug("Android Image too big (%lu bytes, max %lu)\n", 429 android_image_get_end(hdr) - (ulong)hdr, 430 max_size); 431 blk_read = -1; 432 } else { 433 debug("Loading Android Image (%lu blocks) to 0x%lx... ", 434 blk_cnt, load_address); 435 436 #ifdef CONFIG_ANDROID_BOOT_IMAGE_SEPARATE 437 if (!android_avb_is_enabled()) { 438 char *fdt_high = env_get("fdt_high"); 439 char *ramdisk_high = env_get("initrd_high"); 440 441 blk_read = 442 android_image_load_separate(dev_desc, hdr, 443 part_info, buf); 444 if (blk_read > 0) { 445 if (!fdt_high) { 446 env_set_hex("fdt_high", -1UL); 447 printf("Fdt "); 448 } 449 if (!ramdisk_high) { 450 env_set_hex("initrd_high", -1UL); 451 printf("Ramdisk "); 452 } 453 if (!fdt_high || !ramdisk_high) 454 printf("skip relocation\n"); 455 } 456 } else 457 #endif 458 { 459 if (!sysmem_alloc_base("android", 460 (phys_addr_t)buf, 461 blk_cnt * part_info->blksz)) 462 return -ENXIO; 463 464 blk_read = blk_dread(dev_desc, part_info->start, 465 blk_cnt, buf); 466 } 467 } 468 469 /* 470 * zImage is not need to decompress 471 * kernel will handle decompress itself 472 */ 473 if (comp != IH_COMP_NONE && comp != IH_COMP_ZIMAGE) { 474 kload_addr = env_get_ulong("kernel_addr_r", 16, 0x02080000); 475 android_image_set_kload(buf, kload_addr); 476 android_image_set_comp(buf, comp); 477 } else { 478 android_image_set_comp(buf, IH_COMP_NONE); 479 } 480 481 } 482 483 free(hdr); 484 unmap_sysmem(buf); 485 486 #ifndef CONFIG_ANDROID_BOOT_IMAGE_SEPARATE 487 debug("%lu blocks read: %s\n", 488 blk_read, (blk_read == blk_cnt) ? "OK" : "ERROR"); 489 if (blk_read != blk_cnt) 490 return -1; 491 #else 492 debug("%lu blocks read\n", blk_read); 493 if (blk_read < 0) 494 return blk_read; 495 #endif 496 497 return load_address; 498 } 499 500 #if !defined(CONFIG_SPL_BUILD) 501 /** 502 * android_print_contents - prints out the contents of the Android format image 503 * @hdr: pointer to the Android format image header 504 * 505 * android_print_contents() formats a multi line Android image contents 506 * description. 507 * The routine prints out Android image properties 508 * 509 * returns: 510 * no returned results 511 */ 512 void android_print_contents(const struct andr_img_hdr *hdr) 513 { 514 const char * const p = IMAGE_INDENT_STRING; 515 /* os_version = ver << 11 | lvl */ 516 u32 os_ver = hdr->os_version >> 11; 517 u32 os_lvl = hdr->os_version & ((1U << 11) - 1); 518 u32 header_version = hdr->header_version; 519 520 printf("%skernel size: %x\n", p, hdr->kernel_size); 521 printf("%skernel address: %x\n", p, hdr->kernel_addr); 522 printf("%sramdisk size: %x\n", p, hdr->ramdisk_size); 523 printf("%sramdisk addrress: %x\n", p, hdr->ramdisk_addr); 524 printf("%ssecond size: %x\n", p, hdr->second_size); 525 printf("%ssecond address: %x\n", p, hdr->second_addr); 526 printf("%stags address: %x\n", p, hdr->tags_addr); 527 printf("%spage size: %x\n", p, hdr->page_size); 528 printf("%sheader_version: %x\n", p, header_version); 529 /* ver = A << 14 | B << 7 | C (7 bits for each of A, B, C) 530 * lvl = ((Y - 2000) & 127) << 4 | M (7 bits for Y, 4 bits for M) */ 531 printf("%sos_version: %x (ver: %u.%u.%u, level: %u.%u)\n", 532 p, hdr->os_version, 533 (os_ver >> 7) & 0x7F, (os_ver >> 14) & 0x7F, os_ver & 0x7F, 534 (os_lvl >> 4) + 2000, os_lvl & 0x0F); 535 printf("%sname: %s\n", p, hdr->name); 536 printf("%scmdline: %s\n", p, hdr->cmdline); 537 538 if (header_version >= 1) { 539 printf("%srecovery dtbo size: %x\n", p, hdr->recovery_dtbo_size); 540 printf("%srecovery dtbo offset: %llx\n", p, hdr->recovery_dtbo_offset); 541 printf("%sheader size: %x\n", p, hdr->header_size); 542 } 543 } 544 #endif 545