1 // SPDX-License-Identifier: GPL-2.0+
5 * Copyright (C) 2024 BayLibre, SAS
8 #define LOG_CATEGORY UCLASS_BOOTSTD
10 #include <android_ab.h>
11 #include <android_image.h>
12 #if CONFIG_IS_ENABLED(AVB_VERIFY)
13 #include <avb_verify.h>
26 #include "bootmeth_android.h"
28 #define BCB_FIELD_COMMAND_SZ 32
29 #define BCB_PART_NAME "misc"
30 #define BOOT_PART_NAME "boot"
31 #define VENDOR_BOOT_PART_NAME "vendor_boot"
35 * struct android_priv - Private data
37 * This is read from the disk and recorded for use when the full Android
38 * kernel must be loaded and booted
40 * @boot_mode: Requested boot mode (normal, recovery, bootloader)
41 * @slot: Nul-terminated partition slot suffix read from BCB ("a\0" or "b\0")
42 * @header_version: Android boot image header version
45 enum android_boot_mode boot_mode;
49 u32 vendor_boot_img_size;
52 static int android_check(struct udevice *dev, struct bootflow_iter *iter)
54 /* This only works on mmc devices */
55 if (bootflow_iter_check_mmc(iter))
56 return log_msg_ret("mmc", -ENOTSUPP);
59 * This only works on whole devices, as multiple
60 * partitions are needed to boot Android
63 return log_msg_ret("mmc part", -ENOTSUPP);
68 static int scan_boot_part(struct udevice *blk, struct android_priv *priv)
70 struct blk_desc *desc = dev_get_uclass_plat(blk);
71 struct disk_partition partition;
72 char partname[PART_NAME_LEN];
73 ulong num_blks, bufsz;
78 sprintf(partname, BOOT_PART_NAME "_%s", priv->slot);
80 sprintf(partname, BOOT_PART_NAME);
82 ret = part_get_info_by_name(desc, partname, &partition);
84 return log_msg_ret("part info", ret);
86 num_blks = DIV_ROUND_UP(sizeof(struct andr_boot_img_hdr_v0), desc->blksz);
87 bufsz = num_blks * desc->blksz;
90 return log_msg_ret("buf", -ENOMEM);
92 ret = blk_read(blk, partition.start, num_blks, buf);
93 if (ret != num_blks) {
95 return log_msg_ret("part read", -EIO);
98 if (!is_android_boot_image_header(buf)) {
100 return log_msg_ret("header", -ENOENT);
103 if (!android_image_get_bootimg_size(buf, &priv->boot_img_size)) {
105 return log_msg_ret("get bootimg size", -EINVAL);
108 priv->header_version = ((struct andr_boot_img_hdr_v0 *)buf)->header_version;
115 static int scan_vendor_boot_part(struct udevice *blk, struct android_priv *priv)
117 struct blk_desc *desc = dev_get_uclass_plat(blk);
118 struct disk_partition partition;
119 char partname[PART_NAME_LEN];
120 ulong num_blks, bufsz;
125 sprintf(partname, VENDOR_BOOT_PART_NAME "_%s", priv->slot);
127 sprintf(partname, VENDOR_BOOT_PART_NAME);
129 ret = part_get_info_by_name(desc, partname, &partition);
131 return log_msg_ret("part info", ret);
133 num_blks = DIV_ROUND_UP(sizeof(struct andr_vnd_boot_img_hdr), desc->blksz);
134 bufsz = num_blks * desc->blksz;
137 return log_msg_ret("buf", -ENOMEM);
139 ret = blk_read(blk, partition.start, num_blks, buf);
140 if (ret != num_blks) {
142 return log_msg_ret("part read", -EIO);
145 if (!is_android_vendor_boot_image_header(buf)) {
147 return log_msg_ret("header", -ENOENT);
150 if (!android_image_get_vendor_bootimg_size(buf, &priv->vendor_boot_img_size)) {
152 return log_msg_ret("get vendor bootimg size", -EINVAL);
160 static int android_read_slot_from_bcb(struct bootflow *bflow, bool decrement)
162 struct blk_desc *desc = dev_get_uclass_plat(bflow->blk);
163 struct android_priv *priv = bflow->bootmeth_priv;
164 struct disk_partition misc;
168 if (!CONFIG_IS_ENABLED(ANDROID_AB)) {
173 ret = part_get_info_by_name(desc, BCB_PART_NAME, &misc);
175 return log_msg_ret("part", ret);
177 ret = ab_select_slot(desc, &misc, decrement);
179 return log_msg_ret("slot", ret);
181 priv->slot = malloc(SLOT_LEN);
182 priv->slot[0] = BOOT_SLOT_NAME(ret);
183 priv->slot[1] = '\0';
185 sprintf(slot_suffix, "_%s", priv->slot);
186 ret = bootflow_cmdline_set_arg(bflow, "androidboot.slot_suffix",
189 return log_msg_ret("cmdl", ret);
194 static int configure_serialno(struct bootflow *bflow)
196 char *serialno = env_get("serial#");
199 return log_msg_ret("serial", -ENOENT);
201 return bootflow_cmdline_set_arg(bflow, "androidboot.serialno", serialno, false);
204 static int configure_bootloader_version(struct bootflow *bflow)
206 return bootflow_cmdline_set_arg(bflow, "androidboot.bootloader",
207 PLAIN_VERSION, false);
210 static int android_read_bootflow(struct udevice *dev, struct bootflow *bflow)
212 struct blk_desc *desc = dev_get_uclass_plat(bflow->blk);
213 struct disk_partition misc;
214 struct android_priv *priv;
215 char command[BCB_FIELD_COMMAND_SZ];
218 bflow->state = BOOTFLOWST_MEDIA;
221 * bcb_find_partition_and_load() will print errors to stdout
222 * if BCB_PART_NAME is not found. To avoid that, check if the
223 * partition exists first.
225 ret = part_get_info_by_name(desc, BCB_PART_NAME, &misc);
227 return log_msg_ret("part", ret);
229 ret = bcb_find_partition_and_load("mmc", desc->devnum, BCB_PART_NAME);
231 return log_msg_ret("bcb load", ret);
233 ret = bcb_get(BCB_FIELD_COMMAND, command, sizeof(command));
235 return log_msg_ret("bcb read", ret);
237 priv = malloc(sizeof(struct android_priv));
239 return log_msg_ret("buf", -ENOMEM);
241 if (!strcmp("bootonce-bootloader", command)) {
242 priv->boot_mode = ANDROID_BOOT_MODE_BOOTLOADER;
243 bflow->os_name = strdup("Android (bootloader)");
244 } else if (!strcmp("boot-fastboot", command)) {
245 priv->boot_mode = ANDROID_BOOT_MODE_RECOVERY;
246 bflow->os_name = strdup("Android (fastbootd)");
247 } else if (!strcmp("boot-recovery", command)) {
248 priv->boot_mode = ANDROID_BOOT_MODE_RECOVERY;
249 bflow->os_name = strdup("Android (recovery)");
251 priv->boot_mode = ANDROID_BOOT_MODE_NORMAL;
252 bflow->os_name = strdup("Android");
255 return log_msg_ret("os", -ENOMEM);
257 if (priv->boot_mode == ANDROID_BOOT_MODE_BOOTLOADER) {
259 memset(command, 0, sizeof(command));
260 ret = bcb_set(BCB_FIELD_COMMAND, command);
263 return log_msg_ret("bcb set", ret);
268 return log_msg_ret("bcb store", ret);
271 bflow->bootmeth_priv = priv;
272 bflow->state = BOOTFLOWST_READY;
276 bflow->bootmeth_priv = priv;
278 /* For recovery and normal boot, we need to scan the partitions */
279 ret = android_read_slot_from_bcb(bflow, false);
281 log_err("read slot: %d", ret);
285 ret = scan_boot_part(bflow->blk, priv);
287 log_debug("scan boot failed: err=%d\n", ret);
291 if (priv->header_version >= 3) {
292 ret = scan_vendor_boot_part(bflow->blk, priv);
294 log_debug("scan vendor_boot failed: err=%d\n", ret);
300 * Ignoring return code for the following configurations:
301 * these are not mandatory for booting.
303 configure_serialno(bflow);
304 configure_bootloader_version(bflow);
306 if (priv->boot_mode == ANDROID_BOOT_MODE_NORMAL && priv->slot) {
307 ret = bootflow_cmdline_set_arg(bflow, "androidboot.force_normal_boot",
310 log_debug("normal_boot %d", ret);
315 bflow->state = BOOTFLOWST_READY;
321 bflow->bootmeth_priv = NULL;
325 static int android_read_file(struct udevice *dev, struct bootflow *bflow,
326 const char *file_path, ulong addr,
327 enum bootflow_img_t type, ulong *sizep)
330 * Reading individual files is not supported since we only
331 * operate on whole mmc devices (because we require multiple partitions)
333 return log_msg_ret("Unsupported", -ENOSYS);
337 * read_slotted_partition() - Read a partition by appending a slot suffix
339 * Most modern Android devices use Seamless Updates, where each partition
340 * is duplicated. For example, the boot partition has boot_a and boot_b.
341 * For more information, see:
342 * https://source.android.com/docs/core/ota/ab
343 * https://source.android.com/docs/core/ota/ab/ab_implement
345 * @blk: Block device to read
346 * @name: Partition name to read
347 * @slot: Nul-terminated slot suffixed to partition name ("a\0" or "b\0")
348 * @image_size: Image size in bytes used when reading the partition
349 * @addr: Address where the partition content is loaded into
350 * Return: 0 if OK, negative errno on failure.
352 static int read_slotted_partition(struct blk_desc *desc, const char *const name,
353 const char slot[2], ulong image_size, ulong addr)
355 struct disk_partition partition;
356 char partname[PART_NAME_LEN];
358 ulong num_blks = DIV_ROUND_UP(image_size, desc->blksz);
363 * Ensure name fits in partname.
364 * For A/B, it should be <name>_<slot>\0
365 * For non A/B, it should be <name>\0
367 if (CONFIG_IS_ENABLED(ANDROID_AB))
368 partname_len = PART_NAME_LEN - 2 - 1;
370 partname_len = PART_NAME_LEN - 1;
372 if (strlen(name) > partname_len)
373 return log_msg_ret("name too long", -EINVAL);
376 sprintf(partname, "%s_%s", name, slot);
378 sprintf(partname, "%s", name);
380 ret = part_get_info_by_name(desc, partname, &partition);
382 return log_msg_ret("part", ret);
384 n = blk_dread(desc, partition.start, num_blks, map_sysmem(addr, 0));
386 return log_msg_ret("part read", -EIO);
391 #if CONFIG_IS_ENABLED(AVB_VERIFY)
392 static int avb_append_commandline_arg(struct bootflow *bflow, char *arg)
394 char *key = strsep(&arg, "=");
398 ret = bootflow_cmdline_set_arg(bflow, key, value, false);
400 return log_msg_ret("avb cmdline", ret);
405 static int avb_append_commandline(struct bootflow *bflow, char *cmdline)
407 char *arg = strsep(&cmdline, " ");
411 ret = avb_append_commandline_arg(bflow, arg);
415 arg = strsep(&cmdline, " ");
421 static int run_avb_verification(struct bootflow *bflow)
423 struct blk_desc *desc = dev_get_uclass_plat(bflow->blk);
424 struct android_priv *priv = bflow->bootmeth_priv;
425 const char * const requested_partitions[] = {"boot", "vendor_boot", NULL};
426 struct AvbOps *avb_ops;
427 AvbSlotVerifyResult result;
428 AvbSlotVerifyData *out_data;
429 enum avb_boot_state boot_state;
431 char slot_suffix[3] = "";
432 bool unlocked = false;
435 avb_ops = avb_ops_alloc(desc->devnum);
437 return log_msg_ret("avb ops", -ENOMEM);
440 sprintf(slot_suffix, "_%s", priv->slot);
442 ret = avb_ops->read_is_device_unlocked(avb_ops, &unlocked);
443 if (ret != AVB_IO_RESULT_OK)
444 return log_msg_ret("avb lock", -EIO);
446 result = avb_slot_verify(avb_ops,
447 requested_partitions,
450 AVB_HASHTREE_ERROR_MODE_RESTART_AND_INVALIDATE,
454 /* When device is locked, we only accept AVB_SLOT_VERIFY_RESULT_OK */
455 if (result != AVB_SLOT_VERIFY_RESULT_OK) {
456 printf("Verification failed, reason: %s\n",
457 str_avb_slot_error(result));
458 avb_slot_verify_data_free(out_data);
459 return log_msg_ret("avb verify", -EIO);
461 boot_state = AVB_GREEN;
463 /* When device is unlocked, we also accept verification errors */
464 if (result != AVB_SLOT_VERIFY_RESULT_OK &&
465 result != AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION) {
466 printf("Unlocked verification failed, reason: %s\n",
467 str_avb_slot_error(result));
468 avb_slot_verify_data_free(out_data);
469 return log_msg_ret("avb verify unlocked", -EIO);
471 boot_state = AVB_ORANGE;
474 extra_args = avb_set_state(avb_ops, boot_state);
476 /* extra_args will be modified after this. This is fine */
477 ret = avb_append_commandline_arg(bflow, extra_args);
482 if (result == AVB_SLOT_VERIFY_RESULT_OK) {
483 ret = avb_append_commandline(bflow, out_data->cmdline);
492 avb_slot_verify_data_free(out_data);
494 return log_msg_ret("avb cmdline", ret);
497 static int run_avb_verification(struct bootflow *bflow)
501 /* When AVB is unsupported, pass ORANGE state */
502 ret = bootflow_cmdline_set_arg(bflow,
503 "androidboot.verifiedbootstate",
506 return log_msg_ret("avb cmdline", ret);
510 #endif /* AVB_VERIFY */
512 static int boot_android_normal(struct bootflow *bflow)
514 struct blk_desc *desc = dev_get_uclass_plat(bflow->blk);
515 struct android_priv *priv = bflow->bootmeth_priv;
517 ulong loadaddr = env_get_hex("loadaddr", 0);
518 ulong vloadaddr = env_get_hex("vendor_boot_comp_addr_r", 0);
520 ret = run_avb_verification(bflow);
522 return log_msg_ret("avb", ret);
524 /* Read slot once more to decrement counter from BCB */
525 ret = android_read_slot_from_bcb(bflow, true);
527 return log_msg_ret("read slot", ret);
529 ret = read_slotted_partition(desc, "boot", priv->slot, priv->boot_img_size,
532 return log_msg_ret("read boot", ret);
534 if (priv->header_version >= 3) {
535 ret = read_slotted_partition(desc, "vendor_boot", priv->slot,
536 priv->vendor_boot_img_size, vloadaddr);
538 return log_msg_ret("read vendor_boot", ret);
539 set_avendor_bootimg_addr(vloadaddr);
541 set_abootimg_addr(loadaddr);
546 ret = bootm_boot_start(loadaddr, bflow->cmdline);
548 return log_msg_ret("boot", ret);
551 static int boot_android_recovery(struct bootflow *bflow)
555 ret = boot_android_normal(bflow);
557 return log_msg_ret("boot", ret);
560 static int boot_android_bootloader(struct bootflow *bflow)
564 ret = run_command("fastboot usb 0", 0);
565 do_reset(NULL, 0, 0, NULL);
567 return log_msg_ret("boot", ret);
570 static int android_boot(struct udevice *dev, struct bootflow *bflow)
572 struct android_priv *priv = bflow->bootmeth_priv;
575 switch (priv->boot_mode) {
576 case ANDROID_BOOT_MODE_NORMAL:
577 ret = boot_android_normal(bflow);
579 case ANDROID_BOOT_MODE_RECOVERY:
580 ret = boot_android_recovery(bflow);
582 case ANDROID_BOOT_MODE_BOOTLOADER:
583 ret = boot_android_bootloader(bflow);
586 printf("ANDROID: Unknown boot mode %d. Running fastboot...\n",
588 boot_android_bootloader(bflow);
589 /* Tell we failed to boot since boot mode is unknown */
596 static int android_bootmeth_bind(struct udevice *dev)
598 struct bootmeth_uc_plat *plat = dev_get_uclass_plat(dev);
600 plat->desc = "Android boot";
601 plat->flags = BOOTMETHF_ANY_PART;
606 static struct bootmeth_ops android_bootmeth_ops = {
607 .check = android_check,
608 .read_bootflow = android_read_bootflow,
609 .read_file = android_read_file,
610 .boot = android_boot,
613 static const struct udevice_id android_bootmeth_ids[] = {
614 { .compatible = "u-boot,android" },
618 U_BOOT_DRIVER(bootmeth_android) = {
619 .name = "bootmeth_android",
620 .id = UCLASS_BOOTMETH,
621 .of_match = android_bootmeth_ids,
622 .ops = &android_bootmeth_ops,
623 .bind = android_bootmeth_bind,
projects / J-u-boot.git / blob