08 Jan, 2021
2 commits
-
Locating the misc partition by ID can help reduce the boot
time but error may happen if the ID of the misc partition
is changed. Moving the misc partition to the start of the
GPT and locate the partition by name is another option but
it will break the backward compatibility as the GPT is
changed.part_get_info_by_name() will loop the PTE and return the
matched partition info, but it will cost much time as it
will reload the whole PTE from storage in each loop.This commit provides part_get_info_efi_by_name() to support
return the partition info by name without reloading the whole
PTE.Test: A/B slot switch in dual bootloader.
Change-Id: I13cb2a7b3217f73aecc2aec6e06abc0d6e8abcdd
Signed-off-by: Ji Luo
(cherry picked from commit cd8f603f0d977ed73f0d0b44437c5c68fcebde25) -
This commit fixes Coverity Issue: 11468195, avoid
uninitialized value using.Test: AVB check.
Change-Id: I04eb8faafd6c9a9fec1aeae0b29edc6940251094
Signed-off-by: Ji Luo
(cherry picked from commit 742cc182bf9d0d0a7c8cecdac2a328e5c0bd64cb)
11 Dec, 2020
1 commit
-
blk_dwrite() will write data in blocks, padding the keyslot_package
struct to one block to avoid redundant data write.Test: RPMB key set.
Change-Id: I326d7f4394d15e6e22b12c3abd6a5e2de18920cc
Signed-off-by: Ji Luo
(cherry picked from commit 8a0deb19628d2752b516fbce00fc1b988f2e78b5)
09 Nov, 2020
1 commit
-
GCC for arm32 doesn't support division between signed
and unsigned integer. Clean up the code to use 'long'
for both arm32 and arm64 platforms.Test: build on 7ulp and 8mm.
Change-Id: I21c23b1948994558237b27bfe7452e78e3d45172
Signed-off-by: Ji Luo
(cherry picked from commit 2062183df063e0653e9e88a690764647702af7dd)
06 Nov, 2020
1 commit
-
AVB verify should fail for GKI boot image but we should allow it
continue to boot in UNLOCKED state. In such case, we should not
update the stored rollback index.This commit will update the rollback index only when the AVB
verify is OK to prevent rollback index check error.Test: boots.
Signed-off-by: Ji Luo
Change-Id: I82678d288edd4df6de40a1ca863ed36d3b3658a8
(cherry picked from commit ea48b544581d630bc031a7968a90b2fcf328424a)
30 Oct, 2020
2 commits
-
The 'offset' can be negative number passed from fsl_read_from_partition_multi(),
don't covert 'blksz' to 'uint64_t' as it will cause overflow when the 'offset'
is negative number.Test: mmc blk read with 'offset < 0'.
Signed-off-by: Ji Luo
Change-Id: Id1ce8e0c748dd280d70c1722cc7d17cc9646a4bb
(cherry picked from commit 077b448679b9ad2891495c7344ba99a6c10a59fb) -
Set the initial 'source_slot' in 'misc_virtual_ab_message' as
the current slot. At the same time, add slot checks before
erase data if virtual A/B is enabled.Test: virtual A/B update and erase.
Signed-off-by: Ji Luo
Change-Id: I84896335a95d9188b85e114037b470b3f4e7a209
(cherry picked from commit a522c2245c3e58adbbcb99c43e0917ce315cc1aa)
19 Oct, 2020
2 commits
-
Add config "CONFIG_LOAD_KEY_FROM_RPMB" to decide loading the
avb public key from RPMB storage or building it statically.Test: AVB verify.
Signed-off-by: Ji Luo
Change-Id: I1ca09c28bbfa18dd00aa28405389b382e09fe07e
(cherry picked from commit 5a7973e8f42e54b3cd8ce15624478dcbe19c49fd) -
Disable unused dts and configs for imx8q to reduce the boot time.
The 'part_get_info_by_name' can be very time consuming as it will
loop through all the GPT entries to find the matched partition,
specify the number of 'misc' partition and use 'part_get_info' to
load the partition info directly will save much time.With this patch, about 300ms can be save for imx8qm, about 350ms
can be saved for imx8qxp.Test: boot tests.
Signed-off-by: Ji Luo
Change-Id: I66bc7e002caea62754b670d0a30860a23a17ff61
(cherry picked from commit d25c0c7b9de22abd6c326975199c86c943e742cf)
26 Aug, 2020
1 commit
-
Fix Coverity Issue 2690361. Fix unintentional integer overflow by
casting the pte->length to type 'uint64_t'.Signed-off-by: Ji Luo
Change-Id: I4536e733c82cb31bbd7da0ee916e7698850c3b81
(cherry picked from commit 3a332c5264b1cdb5aa026bcb6fd4afad69c0d19b)
16 Jul, 2020
2 commits
-
The old boot control logic and misc data struct is based on the
'external/avb/libavb_ab' library which is already marked as
deprecated and won't be maintained by google anymore:commit 37f5946d0e1159273eff61dd8041377fedbf55a9
Author: David Zeuthen
Date: Wed Sep 20 15:02:32 2017 -0400Deprecate libavb_ab and bootctrl.avb code.
This code was already marked as experimental in anticipation of being
removed in the future. Officially deprecate it and set Jun 1 2018 as
the date it will be removed. This should give users of the code ample
time to fork/migrate.To keep using the code AVB_AB_I_UNDERSTAND_LIBAVB_AB_IS_DEPRECATED
must be defined.The reason for deprecating this code is twofold:
- Its policy was optimized for devices without a display with
e.g. automatic fallback to the other slot if a slot fails to
boot. Since most A/B stacks in Android devices don't work this
way this code is confusing.- There are no known active users, no good test coverage for the
bootctrl.avb code, and no plans to use it.When the code is removed we'll provide an easy transition path by
keeping (but renaming) the |ab_ops| member in AvbOps.Change-Id: Id5e090a2048076d36ccca2e1c4cb55e226b8b43d
Google has provided a new boot control v1.1 implementation under
'hardware/interfaces/boot/1.1/default' which uses a new misc data struct defined
in the 'include/android_bootloader_message.h'. This commit adds a new boot control
implementation in bootloader, which combines the new misc data struct and inherit
some flow in 'libavb_ab', the old 'libavb_ab' library will be removed.Test: boot/slot switch/retry count test on single&dual bootloader.
Signed-off-by: Ji Luo
Change-Id: I0fa1ee8562c83afec549c8f6aad7a26a2214f626
(cherry picked from commit 29aafaf065d1688201d014213052863ec9d18e9c) -
This commit eliminate the annoying build warning logs.
Test: builds with buildman.
Signed-off-by: Ji Luo
Change-Id: Ia335dafe3f4c0eab08e011215b9de5d2974b8d0c
(cherry picked from commit 85e0d429d19b8f9a62369a5f20e088644c488b1e)
16 Jun, 2020
13 commits
-
According to the google boot flow, an orange warning should
be displayed on UNLOCKED device to reminder the users of the
potential risks.This commit will show an orange warning logo and warning text
on the screen, it shall be dismissed after 3 seconds, users
can also skip it by pressing the ON-OFF button.Config 'CONFIG_AVB_WARNING_LOGO_COLS' and 'CONFIG_AVB_WARNING_LOGO_ROWS'
define the (x, y) position of the warning logo, its default
value is for 1080*720 resolution display and can be overridden.Test: Orange warning logo show on all imx8m/imx8q platfroms.
Change-Id: I607edb3da039b47ddfac681f855834d8da187af8
Signed-off-by: Ji Luo -
Only check the bootloader rollback index and trusty keyslot package
for rpmb key flashed boards.Test: boots on boards without rpmb key.
Change-Id: I130e4d906c0f08d602eac820ec5612214e01ff55
Signed-off-by: Ji Luo -
Address 0x8880_0000 is reserved for M4 image on imx8q, which
leaves limited memory region for the malloc pool. The avb
will consume much heap memory to verify the kernel and dtbo
image, memory conflicts may happen as the kernel/dtbo image
size is getting larger.As the avb will load kernel/dtbo in every avb_slot_verify(), but
will only free the memory after both slots are checked(if needed).
And for trusty enabled platforms, extra heap memory will be used
to do the hash calculation.This commit will free the slot memory once it's marked as unbootable
and will use fixed memory started from CONFIG_FASTBOOT_BUF_ADDR to
help store the data to do the hash calculation. With above change,
we get a chance to decrease the malloc pool size.Test: boot on imx8qxp and imx8mm.
Change-Id: Ia5cdaf9962ae1cb8b8e9bee5305205ec6d90b84a
Signed-off-by: Ji Luo
(cherry picked from commit 0a299eb1a4c8c929d069cb4a0d58a096c04f09f7) -
Slot will be marked as "unbootable" state if error happens during
image load/verify process, this may cause the board never boot up
if some random failures happen (like eMMC/DRAM access error at some
critical temperature).Check the "successful_boot" flag before marking the slot as "unbootable",
this will help ease the "no bootable slot" issue.Test: slot switch on imx8qm_mek.
Signed-off-by: Ji Luo
(cherry picked from commit 6db8ebe2224ab6656e8e798288bd1b3c0472c0c0)Change-Id: Ib060b11cc6687a3bacd09cecda7dd925beba6316
-
Don't skip vbmeta public key verify for non-trusty
platforms.Test: boot on imx8mm.
Change-Id: I4712e5dd6e5c8848468e9d85c6b38eb5fb11377f
Signed-off-by: Ji Luo
(cherry picked from commit 9b8264c89ccb3e9179a438e428ad79d72c7efe9b) -
Decrypt and verify the secure credential in keymaster TA, unlock
operation can only be allowed after secure credential verify pass.Since the mppubk can only be generated on hab closed imx8q, so secure
unlock feature can only supported when hab is closed.Test: secure unlock credential verify on hab closed imx8mm_evk.
Change-Id: I1ab5e24df28d1e75ff853de3adf29f34da1d0a71
Signed-off-by: Ji Luo
(cherry picked from commit 631149fc0fc8ce035311949db643c2708e41435a) -
MMC device id remap function "board_mmc_get_env_dev()" was
removed in u-boot v2019 because we add the mmc device aliases
in dts file. But we still need to remap the mmc device id in
spl or read/write rpmb keyslot package will fail.This patch adds mmc device id remap function in spl to get the
correct device id.Test: boot on imx8mm with trusty enabled.
Change-Id: I41c46494326d9eb2658d2cda692968fb895d0292
Signed-off-by: Ji Luo
(cherry picked from commit c079188d06b3669df7836e1b8c6126558b1fa39e) -
The A/B slot selection is moved to spl, it may lead to hang
if no bootable slots found. The only way to recover the board
is re-flash images with uuu tool, which is quite inconvenient
for some customers who can't enter serial download mode.This patch will set "spl recovery mode" which will give us a
chance to re-flash images with fastboot commands.Test: Enter spl recovery mode and flash images when no bootable
slots found.Change-Id: I31278f5212bde7609fe2f49e77b3849e92c0c516
Signed-off-by: Ji Luo
(cherry picked from commit 46cc755cf3f42422ee1d7783394e14e8125df2b6) -
Add new keymaster commands to get Manufacure Production key (mppubk).
Since the mppubk can only be generated in OEM CLOSED imx8q board, so
we can only use this command when the board is HAB/AHAB closed.Commands to extract the mppubk:
* $fastboot oem get-mppubk
* $fastboot get_staged mppubk.binTest: Generate and dump the mppubk.bin
Change-Id: Idc59e78ca6345497e744162664b8293f50d1eda4
Signed-off-by: Ji Luo
(cherry picked from commit 52300d644a275dfa4fe73ecb51601a8efaff8ab7) -
Due SPL doesn't have env, so cannot use mmc_get_env_dev() get
the mmc index.
Following spl_mmc.c get correct mmc index in SPL.Change-Id: I0f07a9ea35d5b3ba0d638af436238d0cfe925981
Signed-off-by: Haoran.Wang
(cherry picked from commit 6e4753b4dc0c5bde5aa573b42cb6b7caa6a95bc9) -
This commit enables dual bootloader feature for imx8m/imx8q, but
as commit 'a2018ab' already brings in some dual bootloader codes
when enabling fastboot support, so this commit won't be a complete
and standalone patch to introduce the dual bootloader feature.This commit will do the following:
1. clean up dual bootloader flow and add missing implementation.
2. Merge the dual bootloader entry for fit and container to one
function 'mmc_load_image_raw_sector_dual_uboot'.Change-Id: Ic9410a48092cc05de599dd897fc912177e2a1fe1
Signed-off-by: Ji Luo -
Driver Module may be used in SPL, with CONFIG_BLK enabled for U-Boot,
CONFIG_SPL_BLK will be enabled, struct mmc definition will be different.
comply with that mmc struct definition in fsl_avbkey.c file to handle
conditions when DM is used in SPL.Change-Id: I632600556e764b25228ba467a5e5141cf3fc3dfe
Signed-off-by: faqiang.zhu
(cherry picked from commit de905a8a3c6dfdf9241a188b2e22c76dbef851c1) -
libavb is now under the directory of lib/, not lib/avb/ as before, to
adapt to this change, some modifications are made:
1. header file inclusion change, including parameter of -I option in
Makefile
2. remove fsl_avb_sysdeps_uboot.c as the functions have been defined in
avb_sysdeps_posix.c.Change-Id: I4216e3ddb4e3e810783e4f46b953eda510c2627b
Signed-off-by: faqiang.zhu
Signed-off-by: Ji Luo
(cherry pick from 58010b99560eea2027dd39909eb5b35404e6030e)
06 May, 2020
2 commits
-
Porting the FSL android fastboot features from imx u-boot v2018.03 to
support all SoCs: imx6/imx7/imx7ulp/imx8/imx8m.The UUU commands like UCmd and ACmd are also added. Users need set
CONFIG_FASTBOOT_UUU_SUPPORT=y to enable the feature.Signed-off-by: Frank Li
Signed-off-by: Ye Li
(cherry picked from commit 65120b06a7f750b9b1a6e0db3d2082cc7088d5a8)
(cherry picked from commit 9b149c2a28829fe7017f83981d634157bc31cc94) -
Porting the android AVB lib from imx u-boot v2018.03. Since 2019 u-boot
has added latest AVB library, try to reuse it.Signed-off-by: Ye Li
(cherry picked from commit 2105662ada738a271e12a81d775134a5821dc38f)
(cherry picked from commit f7291d86c4183ce2e299ad271aa5618c71507ffc)
(cherry picked from commit b871714c519e1bda3de6afbd354bee2cb246e4b7)