Eric Lee / smarc-uboot

19 May, 2020

1 commit

  • 071f1bdea   MA-17046-1 Show orange warning for unlocked device ... Browse Code »

    According to the google boot flow, an orange warning should
    be displayed on UNLOCKED device to reminder the users of the
    potential risks.

    This commit will show an orange warning logo and warning text
    on the screen, it shall be dismissed after 3 seconds, users
    can also skip it by pressing the ON-OFF button.

    Config 'CONFIG_AVB_WARNING_LOGO_COLS' and 'CONFIG_AVB_WARNING_LOGO_ROWS'
    define the (x, y) position of the warning logo, its default
    value is for 1080*720 resolution display and can be overridden.

    Test: Orange warning logo show on all imx8m/imx8q platfroms.

    Change-Id: I607edb3da039b47ddfac681f855834d8da187af8
    Signed-off-by: Ji Luo

    Ji Luo
     

18 May, 2020

23 commits

  • cf3fba9b8   MA-16457-3 allow automotive to access system partition info ... Browse Code »

    dynamic partition feature is not enabled on automotive, so there is
    system partition in GPT, uboot for automotive need to get the info of
    this partition to generate the correct bootargs.

    And also, there is no commandline descriptor as "dm=***" in vbmeta image
    for standard Android after dynamic partition feature is enabled, so
    there is no need to use "strstr" to eleminate this from the bootargs.

    Change-Id: I51b3b92f5a22550602335cfc212831b263526f42
    Signed-off-by: faqiang.zhu

    faqiang.zhu
     
  • 41e0a3f23   MA-16939-1 correct reserved space for kernel image for non-imx8 SoC ... Browse Code »

    With this patch, the macro MAX_KERNEL_LEN will be set for non-imx8
    SoC and will pass the build.

    Change-Id: I15599546127b843e171b2f177aaf3b3dc33b8baa
    Signed-off-by: Haoran.Wang
    (cherry picked from commit a72c79bc17c0ed3bd3385f8195f3cd35ee223af6)

    Haoran.Wang
     
  • 80eb021f7   MA-16940 remove logically dead code ... Browse Code »

    boot_buf was used to point to the memory allocated in do_boota function
    to save boot partition data. now boot partition is loaded by AVB, this
    boot_buf should be removed.

    Change-Id: I614c412b5f7ed980d29106b364a8193c56db13dc
    Signed-off-by: faqiang.zhu
    (cherry picked from commit 2a27f021798e31a8bab37804b053d2b9ebaea928)

    faqiang.zhu
     
  • 54781b897   MA-16668-2 Fix kernel hang after enabling debug configs ... Browse Code »

    The Kernel image will get bigger with some debug configs,
    48MB memory is not enough to hold the kernel image and its
    .bss segment now.

    For imx8m, we will reserve 64MB for kernel, 2MB for fdt and
    16MB for ramdisk. For imx8q, we will reserve 60MB for kernel,
    1.5MB for fdt and 16MB for ramdisk.

    Test: boots with 'kasan' enabled.

    Change-Id: I79d8e76c89f4add51bea1a16486c94c0b9f017db
    Signed-off-by: Ji Luo
    (cherry picked from commit 7ee2b20c22242f61e2595dffcb525ebdd54f9257)

    Ji Luo
     
  • 4d73a26bb   MA-16594-1 Set dtb load offset in bootloader ... Browse Code »

    We use the 'second_addr' in boot image header to store the
    fdt load address which is set by '--second_offset' parameter,
    but actually we don't pass any 'second' image to it. Now the
    mkbootimg.py will check the 'second' image size and set the
    'second_addr' as 0x0 if no 'second' image is specified.

    Since we don't store dtbs in the boot.img (except recovery dtb
    for legacy platforms), so set the dtb load offset in bootloader.
    The dtb load address will be 'kernel_addr + FDT_OFFSET_TO_KERNEL'
    (48MB memory reserved).

    Test: Boots on imx8mq.

    Change-Id: Ie597731992107ec2343e5ab6db0cab0e123f009c
    Signed-off-by: Ji Luo
    (cherry picked from commit efb9b0c9322f531c15ceedccd2fa9c6c170003a2)

    Ji Luo
     
  • 8cb9cd7e4   MA-16457-2 support reboot-fastboot command in u-boot ... Browse Code »

    Android implement the userspace fastboot in Android Recovery.
    Follow Google's spec, added below 2 fastboot command support:
    * fastboot getvar is-userspace
    * fastboot reboot fastboot

    TEST: fastboot commands.

    Change-Id: Ib6047413be0a45b3c00626cdb8594809eb8a2b6b
    Signed-off-by: Haoran.Wang
    (cherry picked from commit 314bded076dfc3e544cc7094ce3f6c4c330be4dd)

    Haoran.Wang
     
  • a6ea228bd   MA-16457-1 avoid to try to access system partition ... Browse Code »

    To enable dynamic partition feature, system partition will be a logic
    parition in "super" partition, uboot can't access system partition
    anymore.

    In i.MX Android use case, only vbmeta partition is used to verify other
    imags. boot and system are not used. so there is no need to access
    system partition to get avb device info, remove system partition from
    avb lib.

    Now, standard Android will boot with ramdisk in boot.img, there is no
    need to provide root info to kernel for standard Android. so only
    Android Auto will provide this info.

    Change-Id: I99a43eb8f7aa1dc635e3937c93266f881c9b3655
    Signed-off-by: faqiang.zhu
    (cherry picked from commit 3a2418a1cc097cd956347fc12b0b4e0566652bfd)

    faqiang.zhu
     
  • 475c6cf32   MA-16191 eliminate warning info about "is-logical" when flash images ... Browse Code »

    "is-logical" is used to check whether the partition to be flashed is
    dynamic partition, if it is, a partition resize command will be issued
    by host fastboot. this can be well processed in fastbootd.

    process this "is-logical" in uboot, now there is no logical partition,
    for every partition found in u-boot, returns "no".

    Signed-off-by: faqiang.zhu
    Change-Id: I4d93a0c7b32fed9fe5a5ac846bc4e97bfbe69e67
    (cherry picked from commit 7b27a2290aec78b49ce7c2aed497db858f436eb4)

    faqiang.zhu
     
  • fae9176d3   MA-16084 Wrap oem unlock permission protection feature ... Browse Code »

    Guard oem unlock permission protection feature with new config
    'CONFIG_TRUSTY_UNLOCK_PERMISSION', so we can enable or disable
    it as needed.

    Test: build and boot on imx8mm.

    Signed-off-by: Ji Luo
    (cherry picked from commit c664d8e8b94e9b6f66b2bf04d1be47e9b8a22978)

    Change-Id: If1db4b46ecac21b8f187854531704eaff2df30c4

    Ji Luo
     
  • 0fe27003f   MA-15860 Get and switch the target dev in fastboot erase ... Browse Code »

    Target mmc dev is not properly switched when the device enters
    fastboot mode via uuu "-i" parameter, which causes "erase"
    operation doesn't work.

    Get and switch the target mmc dev every time before erase operations
    happen.

    Test: "fastboot erase boot_a" in uuu fastboot mode.

    Change-Id: I4822d2b4ecfd2d874dfbe7474d6824b8fc3a7903
    Signed-off-by: Ji Luo
    (cherry picked from commit 46161b62c341139dcdbb13e00634ae8ae903c5da)

    Ji Luo
     
  • 8568bbdfb   MA-15339-1 load ramdisk in boot image to do first stage mount ... Browse Code »

    With Android10 code, to build GSI image for devices launching with
    Android10, the target should be "aosp_$arch-user". Google releases GSI
    images is so built in user mode.

    To do CTS-on-GSI test, a debug ramdisk containing .prop file to enable
    adb root permission and GSI keys to verify the GSI image is needed, this
    ramdisk is in boot image. so ramdisk in boot image need to be loaded by
    uboot even in non-recovery mode.

    To save boot time, only standard Android use ramdisk to boot up Android,
    Android Auto keeps the original way: kernel be responsible for verify
    and mount system partition. Let the customers to decide whether to use
    recovery ramdisk to boot the system. and under this condition, user-debug
    Android Auto GSI image need to be used for VTS-on-GSI test.

    when use ramdisk to bootup Android, info provided by "dm=" bootarg is
    not used by kernel to setup dm-verity, so it is removed from the
    bootargs. The 4.19 kernel used together with this uboot does not handle
    "skip_initramfs", so it's also removed.

    Change-Id: Ia8b8fa8b85a44acda2670b46504038a009ce01a8
    Signed-off-by: faqiang.zhu
    (cherry picked from commit e7d3c9ee1a713434d2948928ff0c4daea09ce3dc)

    faqiang.zhu
     
  • 2380630c9   MA-15575-3 Add support for oemlock 1.0 hal ... Browse Code »

    Add commands to read oem device unlock state from
    trusty avb app. Use the oem device unlock state to
    determine if the device can be unlocked instead of
    the state in persistdata part.

    Test: Read oem device unlock state from avb app.

    Change-Id: Ifccaa788ba0f681c2b3a47151c8474e8da5a2559
    Signed-off-by: Ji Luo
    (cherry picked from commit c6eaf8e32987f120c0c5441ea39aa0f39a65b50d)

    Ji Luo
     
  • 4bab52fe8   MA-15321-3 Support secure unlock feature ... Browse Code »

    Decrypt and verify the secure credential in keymaster TA, unlock
    operation can only be allowed after secure credential verify pass.

    Since the mppubk can only be generated on hab closed imx8q, so secure
    unlock feature can only supported when hab is closed.

    Test: secure unlock credential verify on hab closed imx8mm_evk.

    Change-Id: I1ab5e24df28d1e75ff853de3adf29f34da1d0a71
    Signed-off-by: Ji Luo
    (cherry picked from commit 631149fc0fc8ce035311949db643c2708e41435a)

    Ji Luo
     
  • 9ad629beb   MA-15321-2 Add command to get serial number ... Browse Code »

    Add commands to support extract serial number from device.
    Commands:
    $ fastboot oem get-serial-number
    $ fastboot get_staged

    Test: serial number upload on imx8mm.

    Change-Id: I5c905ab797d4fd28d76c8403914f191eaf2ef687
    Signed-off-by: Ji Luo
    (cherry picked from commit 250ef119c1dc02908046113893df5eeb9ef40605)

    Ji Luo
     
  • e543be2df   MA-15158 Set spl recovery mode for dual bootloader ... Browse Code »

    The A/B slot selection is moved to spl, it may lead to hang
    if no bootable slots found. The only way to recover the board
    is re-flash images with uuu tool, which is quite inconvenient
    for some customers who can't enter serial download mode.

    This patch will set "spl recovery mode" which will give us a
    chance to re-flash images with fastboot commands.

    Test: Enter spl recovery mode and flash images when no bootable
    slots found.

    Change-Id: I31278f5212bde7609fe2f49e77b3849e92c0c516
    Signed-off-by: Ji Luo
    (cherry picked from commit 46cc755cf3f42422ee1d7783394e14e8125df2b6)

    Ji Luo
     
  • 14374c837   MA-15152 erase user data before setting lock/unlock status ... Browse Code »

    when conduct fastboot lock/unlock operations, erase the userdata first
    and then set lock/unlock status to improve security level.

    Change-Id: I74c571c35b88afd6fdd4c287463f7209da8c15ff
    Signed-off-by: faqiang.zhu
    (cherry picked from commit b81f0b617d23548cd30953b94aca4ff8cc4da723)

    faqiang.zhu
     
  • 1411f5bb8   MA-15151 Limit some hwcrypto commands within bootloader ... Browse Code »

    It can be dangerous to export some hwcrypto commands to Linux,
    add commands to limit some commands within bootloader.

    Test: hwcrypto commands can't be used after locking boot state.

    Change-Id: Ib0a96a87f661778c133178840d8dccf49f151c22
    Signed-off-by: Ji Luo
    (cherry picked from commit 3fc3f521957677b1f363624494ed866985a25505)

    Ji Luo
     
  • 6ada408d7   MA-15142 Support secure attestation provision ... Browse Code »

    In host end, need encrypt the attestation keys and certs
    by manufacture protection public key though AES-128-ECB.
    Then use below 4 set of commands to provision encrypted
    RSA attestation and EC attestation:
    * $fastboot stage atte_rsa_key.bin
    * $fastboot oem set-rsa-atte-key-enc
    * $fastboot stage atte_rsa_cert.bin
    * $fastboot oem append-rsa-atte-cert-enc
    * $fastboot stage atte_ec_key.bin
    * $fastboot oem set-ec-atte-key-enc
    * $fastboot stage atte_ec_cert.bin
    * $fastboot oem append-ec-atte-cert-enc

    Change-Id: I8a7c64004a17f7dde89f28c3123a2e2b1a6d3346
    Signed-off-by: Haoran.Wang
    (cherry picked from commit 58965915dd69050429142d3d180c75e98ad14788)

    Haoran.Wang
     
  • 6b09b4240   MA-15019-1 Support Manufacture Protection public key generation ... Browse Code »

    Add new keymaster commands to get Manufacure Production key (mppubk).
    Since the mppubk can only be generated in OEM CLOSED imx8q board, so
    we can only use this command when the board is HAB/AHAB closed.

    Commands to extract the mppubk:
    * $fastboot oem get-mppubk
    * $fastboot get_staged mppubk.bin

    Test: Generate and dump the mppubk.bin

    Change-Id: Idc59e78ca6345497e744162664b8293f50d1eda4
    Signed-off-by: Ji Luo
    (cherry picked from commit 52300d644a275dfa4fe73ecb51601a8efaff8ab7)

    Ji Luo
     
  • e7ced1ea8   MA-14948 Append lock status by Android Property ... Browse Code »

    Follow Bootloader requirement spec in
    https://source.android.com/devices/bootloader/unlock-trusty.
    Need to pass the flash lock status by androidboot.flash.locked.

    This patch fixed the GTS failure
    com.google.android.gts.persistentdata.PersistentDataHostTest#testTestGetFlashLockState.

    Change-Id: I9a3508f7546b02c998e7668df2a33f864a58db75
    Signed-off-by: Haoran.Wang
    (cherry picked from commit 3f2c4d49fe147637e61309421e5817b3e574ed56)

    Haoran.Wang
     
  • 90539a1e7   MA-15062-2 change mcu firmware partition name ... Browse Code »

    new imx8mn chips have Cortex-M7 inside, not like any other existing
    multi-core i.MX MPU, users may manually flash mcu firmware with
    fastboot, partition name need to be specified at the same time, so the
    mcu firmware partition name need to be changed. related enum and
    variable names are also modified.

    Change-Id: Ia801e76fb3a20d0074dbbc1433258358c1a53907
    Signed-off-by: faqiang.zhu
    Signed-off-by: Ji Luo
    (cherry picked from commit dc25b7b27fa5c2293d09789a338a1aed2e3a010f)

    Ji Luo
     
  • 3f96c0ddf   MA-14916-10 fix fastboot reboot bootloader issue ... Browse Code »

    In Android, the reboot bootloader flag is written to misc partition, in
    the boot flow, u-boot will check that message to decide whether enter
    fastboot mode or not. To be compatible with the common implemention,
    keep the fastboot_set_reboot_flag there and redefine it to avoid the
    error return value which block the reboot process.

    Change-Id: Ifb55236d5a5daf3edd124d3ed01851ff6e916e1a
    Signed-off-by: faqiang.zhu
    (cherry picked from commit aa78cbe3d3148ab99ea039ede767e6d1152092b4)

    faqiang.zhu
     
  • e9bcb2537   MA-14916-1 adapt to the directory change of libavb ... Browse Code »

    libavb is now under the directory of lib/, not lib/avb/ as before, to
    adapt to this change, some modifications are made:
    1. header file inclusion change, including parameter of -I option in
    Makefile
    2. remove fsl_avb_sysdeps_uboot.c as the functions have been defined in
    avb_sysdeps_posix.c.

    Change-Id: I4216e3ddb4e3e810783e4f46b953eda510c2627b
    Signed-off-by: faqiang.zhu
    Signed-off-by: Ji Luo
    (cherry pick from 58010b99560eea2027dd39909eb5b35404e6030e)

    faqiang.zhu
     

27 Apr, 2020

7 commits

26 Jan, 2020

1 commit

04 Dec, 2019

1 commit

03 Dec, 2019

1 commit

23 Nov, 2019

2 commits

12 Aug, 2019

2 commits

08 Aug, 2019

2 commits

  • 29a81142b   fastboot: Remove "bootloader-version" variable ... Browse Code »

    As per [1], there is no such fastboot variable as "bootloader-version".
    Only "version-bootloader" is supported. Let's reflect this and not
    confuse users further.

    [1] https://android.googlesource.com/platform/system/core/+/refs/tags/android-q-preview-4/fastboot/README.md

    Fixes: 3aab70afc531d1 ("usb/gadget: add the fastboot gadget")
    Signed-off-by: Sam Protsenko
    Reviewed-by: Eugeniu Rosca

    Sam Protsenko
     
  • 139db354b   fastboot: getvar: Add "is-userspace" variable ... Browse Code »

    As per documentation [1], Android-Q requires for bootloader to provide
    "is-userspace" variable. "no" value should be always returned. This
    patch implements this fastboot variable.

    [1] https://android.googlesource.com/platform/system/core/+/refs/tags/android-q-preview-4/fastboot/README.md

    Signed-off-by: Sam Protsenko
    Reviewed-by: Eugeniu Rosca

    Sam Protsenko