1 /* 2 * Copyright (c) 2011 Sebastian Andrzej Siewior <bigeasy@linutronix.de> 3 * 4 * SPDX-License-Identifier: GPL-2.0+ 5 */ 6 7 #include <common.h> 8 #include <image.h> 9 #include <android_image.h> 10 #include <android_bootloader.h> 11 #include <malloc.h> 12 #include <mapmem.h> 13 #include <errno.h> 14 #include <boot_rkimg.h> 15 #include <sysmem.h> 16 #ifdef CONFIG_RKIMG_BOOTLOADER 17 #include <asm/arch/resource_img.h> 18 #endif 19 #ifdef CONFIG_RK_AVB_LIBAVB_USER 20 #include <android_avb/avb_slot_verify.h> 21 #include <android_avb/avb_ops_user.h> 22 #include <android_avb/rk_avb_ops_user.h> 23 #endif 24 #include <optee_include/OpteeClientInterface.h> 25 26 DECLARE_GLOBAL_DATA_PTR; 27 28 #define ANDROID_IMAGE_DEFAULT_KERNEL_ADDR 0x10008000 29 #define ANDROID_ARG_FDT_FILENAME "rk-kernel.dtb" 30 31 static char andr_tmp_str[ANDR_BOOT_ARGS_SIZE + 1]; 32 static u32 android_kernel_comp_type = IH_COMP_NONE; 33 34 static ulong android_image_get_kernel_addr(const struct andr_img_hdr *hdr) 35 { 36 /* 37 * All the Android tools that generate a boot.img use this 38 * address as the default. 39 * 40 * Even though it doesn't really make a lot of sense, and it 41 * might be valid on some platforms, we treat that address as 42 * the default value for this field, and try to execute the 43 * kernel in place in such a case. 44 * 45 * Otherwise, we will return the actual value set by the user. 46 */ 47 if (hdr->kernel_addr == ANDROID_IMAGE_DEFAULT_KERNEL_ADDR) 48 return (ulong)hdr + hdr->page_size; 49 50 #ifdef CONFIG_ARCH_ROCKCHIP 51 /* 52 * If kernel is compressed, kernel_addr is set as decompressed address 53 * after compressed being loaded to ram, so let's use it. 54 */ 55 if (android_kernel_comp_type != IH_COMP_NONE && 56 android_kernel_comp_type != IH_COMP_ZIMAGE) 57 return hdr->kernel_addr; 58 59 /* 60 * Compatble with rockchip legacy packing with kernel/ramdisk/second 61 * address base from 0x60000000(SDK versiont < 8.1), these are invalid 62 * address, so we calc it by real size. 63 */ 64 return (ulong)hdr + hdr->page_size; 65 #else 66 return hdr->kernel_addr; 67 #endif 68 69 } 70 71 void android_image_set_comp(struct andr_img_hdr *hdr, u32 comp) 72 { 73 android_kernel_comp_type = comp; 74 } 75 76 u32 android_image_get_comp(const struct andr_img_hdr *hdr) 77 { 78 return android_kernel_comp_type; 79 } 80 81 int android_image_parse_kernel_comp(const struct andr_img_hdr *hdr) 82 { 83 ulong kaddr = android_image_get_kernel_addr(hdr); 84 return bootm_parse_comp((const unsigned char *)kaddr); 85 } 86 87 /** 88 * android_image_get_kernel() - processes kernel part of Android boot images 89 * @hdr: Pointer to image header, which is at the start 90 * of the image. 91 * @verify: Checksum verification flag. Currently unimplemented. 92 * @os_data: Pointer to a ulong variable, will hold os data start 93 * address. 94 * @os_len: Pointer to a ulong variable, will hold os data length. 95 * 96 * This function returns the os image's start address and length. Also, 97 * it appends the kernel command line to the bootargs env variable. 98 * 99 * Return: Zero, os start address and length on success, 100 * otherwise on failure. 101 */ 102 int android_image_get_kernel(const struct andr_img_hdr *hdr, int verify, 103 ulong *os_data, ulong *os_len) 104 { 105 u32 kernel_addr = android_image_get_kernel_addr(hdr); 106 107 /* 108 * Not all Android tools use the id field for signing the image with 109 * sha1 (or anything) so we don't check it. It is not obvious that the 110 * string is null terminated so we take care of this. 111 */ 112 strncpy(andr_tmp_str, hdr->name, ANDR_BOOT_NAME_SIZE); 113 andr_tmp_str[ANDR_BOOT_NAME_SIZE] = '\0'; 114 if (strlen(andr_tmp_str)) 115 printf("Android's image name: %s\n", andr_tmp_str); 116 117 printf("Kernel load addr 0x%08x size %u KiB\n", 118 kernel_addr, DIV_ROUND_UP(hdr->kernel_size, 1024)); 119 120 int len = 0; 121 if (*hdr->cmdline) { 122 debug("Kernel command line: %s\n", hdr->cmdline); 123 len += strlen(hdr->cmdline); 124 } 125 126 char *bootargs = env_get("bootargs"); 127 if (bootargs) 128 len += strlen(bootargs); 129 130 char *newbootargs = malloc(len + 2); 131 if (!newbootargs) { 132 puts("Error: malloc in android_image_get_kernel failed!\n"); 133 return -ENOMEM; 134 } 135 *newbootargs = '\0'; 136 137 if (bootargs) { 138 strcpy(newbootargs, bootargs); 139 strcat(newbootargs, " "); 140 } 141 if (*hdr->cmdline) 142 strcat(newbootargs, hdr->cmdline); 143 144 env_set("bootargs", newbootargs); 145 146 if (os_data) { 147 *os_data = (ulong)hdr; 148 *os_data += hdr->page_size; 149 } 150 if (os_len) 151 *os_len = hdr->kernel_size; 152 return 0; 153 } 154 155 int android_image_check_header(const struct andr_img_hdr *hdr) 156 { 157 return memcmp(ANDR_BOOT_MAGIC, hdr->magic, ANDR_BOOT_MAGIC_SIZE); 158 } 159 160 ulong android_image_get_end(const struct andr_img_hdr *hdr) 161 { 162 ulong end; 163 /* 164 * The header takes a full page, the remaining components are aligned 165 * on page boundary 166 */ 167 end = (ulong)hdr; 168 end += hdr->page_size; 169 end += ALIGN(hdr->kernel_size, hdr->page_size); 170 end += ALIGN(hdr->ramdisk_size, hdr->page_size); 171 end += ALIGN(hdr->second_size, hdr->page_size); 172 173 if (hdr->header_version >= 1) 174 end += ALIGN(hdr->recovery_dtbo_size, hdr->page_size); 175 176 return end; 177 } 178 179 u32 android_image_get_ksize(const struct andr_img_hdr *hdr) 180 { 181 return hdr->kernel_size; 182 } 183 184 void android_image_set_kload(struct andr_img_hdr *hdr, u32 load_address) 185 { 186 hdr->kernel_addr = load_address; 187 } 188 189 ulong android_image_get_kload(const struct andr_img_hdr *hdr) 190 { 191 return android_image_get_kernel_addr(hdr); 192 } 193 194 int android_image_get_ramdisk(const struct andr_img_hdr *hdr, 195 ulong *rd_data, ulong *rd_len) 196 { 197 bool avb_enabled = false; 198 199 #ifdef CONFIG_ANDROID_BOOTLOADER 200 avb_enabled = android_avb_is_enabled(); 201 #endif 202 203 if (!hdr->ramdisk_size) { 204 *rd_data = *rd_len = 0; 205 return -1; 206 } 207 208 /* 209 * We have load ramdisk at "ramdisk_addr_r" when android avb is 210 * disabled and CONFIG_ANDROID_BOOT_IMAGE_SEPARATE enabled. 211 */ 212 if (!avb_enabled && IS_ENABLED(CONFIG_ANDROID_BOOT_IMAGE_SEPARATE)) { 213 ulong ramdisk_addr_r; 214 215 ramdisk_addr_r = env_get_ulong("ramdisk_addr_r", 16, 0); 216 if (!ramdisk_addr_r) { 217 printf("No Found Ramdisk Load Address.\n"); 218 return -1; 219 } 220 221 *rd_data = ramdisk_addr_r; 222 } else { 223 *rd_data = (unsigned long)hdr; 224 *rd_data += hdr->page_size; 225 *rd_data += ALIGN(hdr->kernel_size, hdr->page_size); 226 } 227 228 *rd_len = hdr->ramdisk_size; 229 230 printf("RAM disk load addr 0x%08lx size %u KiB\n", 231 *rd_data, DIV_ROUND_UP(hdr->ramdisk_size, 1024)); 232 233 return 0; 234 } 235 236 int android_image_get_fdt(const struct andr_img_hdr *hdr, 237 ulong *rd_data) 238 { 239 bool avb_enabled = false; 240 241 #ifdef CONFIG_ANDROID_BOOTLOADER 242 avb_enabled = android_avb_is_enabled(); 243 #endif 244 245 if (!hdr->second_size) { 246 *rd_data = 0; 247 return -1; 248 } 249 250 /* 251 * We have load fdt at "fdt_addr_r" when android avb is 252 * disabled and CONFIG_ANDROID_BOOT_IMAGE_SEPARATE enabled; 253 * or CONFIG_USING_KERNEL_DTB is enabled. 254 */ 255 if (IS_ENABLED(CONFIG_USING_KERNEL_DTB) || 256 (!avb_enabled && IS_ENABLED(CONFIG_ANDROID_BOOT_IMAGE_SEPARATE))) { 257 ulong fdt_addr_r; 258 259 fdt_addr_r = env_get_ulong("fdt_addr_r", 16, 0); 260 if (!fdt_addr_r) { 261 printf("No Found FDT Load Address.\n"); 262 return -1; 263 } 264 265 *rd_data = fdt_addr_r; 266 } else { 267 *rd_data = (unsigned long)hdr; 268 *rd_data += hdr->page_size; 269 *rd_data += ALIGN(hdr->kernel_size, hdr->page_size); 270 *rd_data += ALIGN(hdr->ramdisk_size, hdr->page_size); 271 } 272 273 printf("FDT load addr 0x%08x size %u KiB\n", 274 hdr->second_addr, DIV_ROUND_UP(hdr->second_size, 1024)); 275 276 return 0; 277 } 278 279 #ifdef CONFIG_ANDROID_BOOT_IMAGE_SEPARATE 280 static int android_image_load_separate(struct blk_desc *dev_desc, 281 struct andr_img_hdr *hdr, 282 const disk_partition_t *part, 283 void *android_load_address) 284 { 285 ulong fdt_addr_r = env_get_ulong("fdt_addr_r", 16, 0); 286 ulong blk_start, blk_cnt, size; 287 int ret, blk_read = 0; 288 289 if (hdr->kernel_size) { 290 size = hdr->kernel_size + hdr->page_size; 291 blk_start = part->start; 292 blk_cnt = DIV_ROUND_UP(size, dev_desc->blksz); 293 if (!sysmem_alloc_base("kernel", 294 (phys_addr_t)android_load_address, 295 blk_cnt * dev_desc->blksz)) 296 return -ENXIO; 297 298 ret = blk_dread(dev_desc, blk_start, 299 blk_cnt, android_load_address); 300 if (ret < 0) { 301 debug("%s: read kernel failed, ret=%d\n", 302 __func__, ret); 303 return ret; 304 } 305 blk_read += ret; 306 } 307 308 if (hdr->ramdisk_size) { 309 ulong ramdisk_addr_r = env_get_ulong("ramdisk_addr_r", 16, 0); 310 311 size = hdr->page_size + ALIGN(hdr->kernel_size, hdr->page_size); 312 blk_start = part->start + DIV_ROUND_UP(size, dev_desc->blksz); 313 blk_cnt = DIV_ROUND_UP(hdr->ramdisk_size, dev_desc->blksz); 314 if (!sysmem_alloc_base("ramdisk", 315 ramdisk_addr_r, 316 blk_cnt * dev_desc->blksz)) 317 return -ENXIO; 318 319 ret = blk_dread(dev_desc, blk_start, 320 blk_cnt, (void *)ramdisk_addr_r); 321 if (ret < 0) { 322 debug("%s: read ramdisk failed, ret=%d\n", 323 __func__, ret); 324 return ret; 325 } 326 blk_read += ret; 327 } 328 329 if ((gd->fdt_blob != (void *)fdt_addr_r) && hdr->second_size) { 330 #ifdef CONFIG_RKIMG_BOOTLOADER 331 /* Rockchip AOSP, resource.img is in second position */ 332 ulong fdt_size; 333 334 fdt_size = rockchip_read_dtb_file((void *)fdt_addr_r); 335 if (fdt_size < 0) { 336 printf("%s: read fdt failed\n", __func__); 337 return ret; 338 } 339 340 blk_read += DIV_ROUND_UP(fdt_size, dev_desc->blksz); 341 #else 342 /* Standard AOSP, dtb is in second position */ 343 ulong blk_start, blk_cnt; 344 345 size = hdr->page_size + 346 ALIGN(hdr->kernel_size, hdr->page_size) + 347 ALIGN(hdr->ramdisk_size, hdr->page_size); 348 blk_start = part->start + DIV_ROUND_UP(size, dev_desc->blksz); 349 blk_cnt = DIV_ROUND_UP(hdr->second_size, dev_desc->blksz); 350 if (!sysmem_alloc_base("fdt(AOSP)", 351 fdt_addr_r, 352 blk_cnt * dev_desc->blksz)) 353 return -ENXIO; 354 355 ret = blk_dread(dev_desc, blk_start, blk_cnt, (void *)fdt_addr_r); 356 if (ret < 0) { 357 debug("%s: read dtb failed, ret=%d\n", __func__, ret); 358 return ret; 359 } 360 361 blk_read += blk_cnt; 362 #endif /* CONFIG_RKIMG_BOOTLOADER */ 363 } 364 365 return blk_read; 366 } 367 #endif /* CONFIG_ANDROID_BOOT_IMAGE_SEPARATE */ 368 369 long android_image_load(struct blk_desc *dev_desc, 370 const disk_partition_t *part_info, 371 unsigned long load_address, 372 unsigned long max_size) { 373 void *buf; 374 long blk_cnt = 0; 375 long blk_read = 0; 376 u32 comp; 377 u32 kload_addr; 378 u32 blkcnt; 379 struct andr_img_hdr *hdr; 380 381 if (max_size < part_info->blksz) 382 return -1; 383 384 /* 385 * Read the Android boot.img header and a few parts of 386 * the head of kernel image(2 blocks maybe enough). 387 */ 388 blkcnt = DIV_ROUND_UP(sizeof(*hdr), 512) + 2; 389 hdr = memalign(ARCH_DMA_MINALIGN, blkcnt * 512); 390 if (!hdr) { 391 printf("%s: no memory\n", __func__); 392 return -1; 393 } 394 395 if (blk_dread(dev_desc, part_info->start, blkcnt, hdr) != blkcnt) 396 blk_read = -1; 397 398 if (!blk_read && android_image_check_header(hdr) != 0) { 399 printf("** Invalid Android Image header **\n"); 400 blk_read = -1; 401 } 402 403 /* page_size for image header */ 404 load_address -= hdr->page_size; 405 406 /* We don't know the size of the Android image before reading the header 407 * so we don't limit the size of the mapped memory. 408 */ 409 buf = map_sysmem(load_address, 0 /* size */); 410 if (!blk_read) { 411 blk_cnt = (android_image_get_end(hdr) - (ulong)hdr + 412 part_info->blksz - 1) / part_info->blksz; 413 comp = android_image_parse_kernel_comp(hdr); 414 /* 415 * We should load a compressed kernel Image 416 * to high memory 417 */ 418 if (comp != IH_COMP_NONE) { 419 load_address += android_image_get_ksize(hdr) * 3; 420 load_address = env_get_ulong("kernel_addr_c", 16, load_address); 421 load_address -= hdr->page_size; 422 unmap_sysmem(buf); 423 buf = map_sysmem(load_address, 0 /* size */); 424 } 425 426 if (blk_cnt * part_info->blksz > max_size) { 427 debug("Android Image too big (%lu bytes, max %lu)\n", 428 android_image_get_end(hdr) - (ulong)hdr, 429 max_size); 430 blk_read = -1; 431 } else { 432 debug("Loading Android Image (%lu blocks) to 0x%lx... ", 433 blk_cnt, load_address); 434 435 #ifdef CONFIG_ANDROID_BOOT_IMAGE_SEPARATE 436 if (!android_avb_is_enabled()) { 437 char *fdt_high = env_get("fdt_high"); 438 char *ramdisk_high = env_get("initrd_high"); 439 440 blk_read = 441 android_image_load_separate(dev_desc, hdr, 442 part_info, buf); 443 if (blk_read > 0) { 444 if (!fdt_high) { 445 env_set_hex("fdt_high", -1UL); 446 printf("Fdt "); 447 } 448 if (!ramdisk_high) { 449 env_set_hex("initrd_high", -1UL); 450 printf("Ramdisk "); 451 } 452 if (!fdt_high || !ramdisk_high) 453 printf("skip relocation\n"); 454 } 455 } else 456 #endif 457 { 458 if (!sysmem_alloc_base("android", 459 (phys_addr_t)buf, 460 blk_cnt * part_info->blksz)) 461 return -ENXIO; 462 463 blk_read = blk_dread(dev_desc, part_info->start, 464 blk_cnt, buf); 465 } 466 } 467 468 /* 469 * zImage is not need to decompress 470 * kernel will handle decompress itself 471 */ 472 if (comp != IH_COMP_NONE && comp != IH_COMP_ZIMAGE) { 473 kload_addr = env_get_ulong("kernel_addr_r", 16, 0x02080000); 474 android_image_set_kload(buf, kload_addr); 475 android_image_set_comp(buf, comp); 476 } else { 477 android_image_set_comp(buf, IH_COMP_NONE); 478 } 479 480 } 481 482 free(hdr); 483 unmap_sysmem(buf); 484 485 #ifndef CONFIG_ANDROID_BOOT_IMAGE_SEPARATE 486 debug("%lu blocks read: %s\n", 487 blk_read, (blk_read == blk_cnt) ? "OK" : "ERROR"); 488 if (blk_read != blk_cnt) 489 return -1; 490 #else 491 debug("%lu blocks read\n", blk_read); 492 if (blk_read < 0) 493 return blk_read; 494 #endif 495 496 return load_address; 497 } 498 499 #if !defined(CONFIG_SPL_BUILD) 500 /** 501 * android_print_contents - prints out the contents of the Android format image 502 * @hdr: pointer to the Android format image header 503 * 504 * android_print_contents() formats a multi line Android image contents 505 * description. 506 * The routine prints out Android image properties 507 * 508 * returns: 509 * no returned results 510 */ 511 void android_print_contents(const struct andr_img_hdr *hdr) 512 { 513 const char * const p = IMAGE_INDENT_STRING; 514 /* os_version = ver << 11 | lvl */ 515 u32 os_ver = hdr->os_version >> 11; 516 u32 os_lvl = hdr->os_version & ((1U << 11) - 1); 517 u32 header_version = hdr->header_version; 518 519 printf("%skernel size: %x\n", p, hdr->kernel_size); 520 printf("%skernel address: %x\n", p, hdr->kernel_addr); 521 printf("%sramdisk size: %x\n", p, hdr->ramdisk_size); 522 printf("%sramdisk addrress: %x\n", p, hdr->ramdisk_addr); 523 printf("%ssecond size: %x\n", p, hdr->second_size); 524 printf("%ssecond address: %x\n", p, hdr->second_addr); 525 printf("%stags address: %x\n", p, hdr->tags_addr); 526 printf("%spage size: %x\n", p, hdr->page_size); 527 printf("%sheader_version: %x\n", p, header_version); 528 /* ver = A << 14 | B << 7 | C (7 bits for each of A, B, C) 529 * lvl = ((Y - 2000) & 127) << 4 | M (7 bits for Y, 4 bits for M) */ 530 printf("%sos_version: %x (ver: %u.%u.%u, level: %u.%u)\n", 531 p, hdr->os_version, 532 (os_ver >> 7) & 0x7F, (os_ver >> 14) & 0x7F, os_ver & 0x7F, 533 (os_lvl >> 4) + 2000, os_lvl & 0x0F); 534 printf("%sname: %s\n", p, hdr->name); 535 printf("%scmdline: %s\n", p, hdr->cmdline); 536 537 if (header_version >= 1) { 538 printf("%srecovery dtbo size: %x\n", p, hdr->recovery_dtbo_size); 539 printf("%srecovery dtbo offset: %llx\n", p, hdr->recovery_dtbo_offset); 540 printf("%sheader size: %x\n", p, hdr->header_size); 541 } 542 } 543 #endif 544