29 Nov, 2018
2 commits
-
now the uboot used by uuu is compiled indepently from the one flashed to
the board, and for imx6 and imx7, defconfig from BSP team is used to
configure the uboot for uuu, so there is no need to unlock the device
when flash the board.Change-Id: Ieefbd67e095dd51eab87e9a32b586cdf88f05d81
Signed-off-by: faqiang.zhu -
to handle situations that it is not allowed to unlock but the board is
already unlocked, unlock logic is modified in this patchChange-Id: I90b22c2dfbc1c64ed9514032986e98b27526c7b9
Signed-off-by: faqiang.zhu
22 Nov, 2018
1 commit
-
Too many macros are used in fsl_avbkey.c and
make it difficult to maintain.
This patch made some refine by:
1. Move all avb/atx operations to fsl_avb.c.
2. Refine the functions logic.
3. Drop some unsupported conditions/functions.Test: build and boot on
imx8qm_mek/imx8mq_evk/imx6qp_sabresd/imx7d_pico/imx8m_aiy.Change-Id: I5c99732acfc47d53cdf188d69223983777e577f4
Signed-off-by: Luo Ji
13 Nov, 2018
4 commits
-
Current code uses strlen of string to get the property data
length, which is wrong for unicode string, also the whole
property length also should be corrected(descriptor length
minus head length, 142-10=132), detail data format of single
GUID see below table:Table 4a: Microsoft Extended Properties Feature Descriptor
===================================================================
Value | TYPE | Description
===================================================================
0x8E, 0x00, 0x00, 0x00 | DWORD (LE) | Descriptor length
| | (142 bytes)
--------------------------------------------------------------------
0x00, 0x01 | BCD WORD (LE) | Version ('1.0')
--------------------------------------------------------------------
0x05, 0x00 | WORD (LE) | Extended Property
| | Descriptor index (5)
--------------------------------------------------------------------
0x01, 0x00 | WORD (LE) | Number of sections (1)
--------------------------------------------------------------------
0x84, 0x00, 0x00, 0x00 | DWORD (LE) | Size of the property
| | section (132 bytes)
--------------------------------------------------------------------
0x01, 0x00, 0x00, 0x00 | DWORD (LE) | Property data type
| | (1 = Unicode
| | REG_SZ,
| | see table below)
--------------------------------------------------------------------
0x28, 0x00 | WORD (LE) | Property name
| | length (40 bytes)
--------------------------------------------------------------------
0x44, 0x00, 0x65, 0x00, | NUL-terminated | Property name
(...) | Unicode String | "DeviceInterfaceGUID"
0x74, 0x00, 0x00, 0x00 | (LE) |
--------------------------------------------------------------------
0x4e, 0x00, 0x00, 0x00 | DWORD (LE) | Property data
| | length (78 bytes)
--------------------------------------------------------------------
0x7b, 0x00, 0x46, 0x00, | NUL-terminated | Property name
(...) | Unicode String | "{xxxxxxxx-xxxx-
0x7d, 0x00, 0x00, 0x00 | (LE) | xxxx-xxxx-
| | xxxxxxxxxxxx}\0"
--------------------------------------------------------------------Details of WCID see below link:
https://github.com/pbatard/libwdi/wiki/WCID-DevicesReviewed-by: Ye Li
Signed-off-by: Li Jun -
Fix coverity issue CID 5015449: Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking mmc suggests that it may be null, but it has
already been dereferenced on all paths leading to the checkSigned-off-by: Ye Li
-
Fix coverity issue CID 1898965: Dereference null return value (NULL_RETURNS)
dereference: Dereferencing a pointer that might be NULL dev_desc when calling
write_backup_gpt_partitionsSigned-off-by: Ye Li
-
Fix coverity issue CID 3826473: Destination buffer too small (STRING_OVERFLOW)
string_overflow: You might overrun the 16-character destination string buffer by
writing 20 characters fromThe size of g_ptable->name is 20, but we use 16 bytes buffer for strcpy. It may
cause buffer overflow.Signed-off-by: Ye Li
12 Nov, 2018
8 commits
-
The rollback index should be updated when avb verify pass
and the slot has been marked as successful, update the
rollback index also for those enabled dual bootloader
feature.
This commit also fix some configs condition issue so
read/write rollback index with trusty will work.Test: rollback index updated successfully on
imx7d_pico and AIY.Change-Id: I2344d6462249d8d88f0622d331cdeffc7e12f885
Signed-off-by: Ji Luo -
SHA256 hash of the entire verified software stack should be calculated
and passed to 'trusty_set_boot_params'. This commit will calculate the
SHA256 hash which represents spl.bin and bootloader.img, and then extend
that hash with the hash of vbmeta image into the final VBH.Bug: 110905171
Test: VBH is calculated and passed ok on AIY.
Change-Id: Id83ad36f3de79bedd435ca8f26035a35cca66b07
Signed-off-by: Ji Luo -
Add support for fastboot variable 'at-vboot-state', it's composed
by 6 sub-variable: 'bootloader-locked', 'bootloader-min-versions',
'avb-perm-attr-set', 'avb-locked', 'avb-unlock-disabled' and
'avb-min-versions'.Test: All 'at-vboot-state' variables are returned
correctly on imx7d_pico and AIY.Change-Id: Ibb855cbcc7c41657af62dafb98a96c4dfb96ef22
Signed-off-by: Ji Luo -
Device will be locked permanently after disabling the unlcok vboot, store
the disable unlock vboot status into fuse. Since the fuse write operation
is irreversible so config 'CONFIG_AVB_FUSE' is disabled by default, user
need to add this config manually and run this command again.Test: Disable unlock vboot bit is set after enabling "CONFIG_AVB_FUSE",
device was locked permanently after running this command. This is
verified on both imx7d_pico and AIY.Change-Id: Iad8991a238763b1d662e33cba65f0b9eb44e97ef
Signed-off-by: Ji Luo -
Supoort "fastboot oem at-lock-vboot" command for Android
Things, this command can only be called after perm-attr
have been fused.Test: build and boot ok on imx7d_pico and AIY.
Change-Id: Ifcfeb2a38d88c5d12b46a1d9ea61b182ae2e7bcb
Signed-off-by: Ji Luo -
Add fastboot commands "fastboot oem at-get-vboot-unlock-challenge"
and "fastboot oem at-unlock-vboot" to support the authenticated
unlock feature for Android Things devices. Use software random
numbers generator to generate the 16 bytes random challenge, it
should be replaced with hardware encrypted random generator when
the TEE part is ready.Test: Generate unlock challenge by:
./avbtool make_atx_unlock_credential
--output=atx_unlock_credential.bin
--intermediate_key_certificate=atx_pik_certificate.bin
--unlock_key_certificate=atx_puk_certificate.bin
--challenge=my_generated_challenge.bin
--unlock_key=testkey_atx_puk.pem
validated the unlock credential successfully on imx7d_pico
and AIY.Change-Id: I4b8cee87c9e96924169479b65020a081136681f6
Signed-off-by: Ji Luo -
Per security requirement, attestation of keymaster
supported by Trusty OS should support both P256
and curve25519 algorithm for Diffie-Hellman.TEST: Works on AIY boards by below commands:
$fastboot getvar at-attest-dhChange-Id: I3244f8d8b677222463b4e8fc75412e54dadeb23e
Signed-off-by: Haoran.Wang -
Flashing a signed vbmeta image adds extra
parameters to the kernel command line, overflowing
the buffer and corrupting the global data struct.
Increase the command line buffer size from 512
to 1024 to accomodate the extra data, and change
the sprintf's to snprintf's to prevent this from
happening if more parameters are added later.This bug was exposed by
Idd55dde79eed793dccdd7319600fbd04e11ca12d.Bug: 112397808
Test: Device boots with images from console and
from local build.Change-Id: If73d04007d54193527e11e11c6ef326110e899b6
07 Nov, 2018
1 commit
-
When booting from NAND/SPINOR/WEIMNOR boot devices, the fastboot will
print "unsupported boot device". This warning is used by android fastboot
when setting its "bootcmd". Since android does not support these devices.
so it gives the warning correctly.
But for BSP normal boot, this warning will bring confuse to users. So
change to check the "bootcmd" before giving such warning.Signed-off-by: Ye Li
Reviewed-by: Peng Fan
03 Nov, 2018
2 commits
-
On iMX8 platforms like 8QM/QXP, we must power up the USB PHY resource
before accessing the PHY. However, current init flow access the USB PHY
in ehci_mx6_common_init prior than ehci_usb_phy_mode where the PHY is power
up.Fix the issue by adding ehci_get_usb_phy function to parse the PHY address
from DTB and power up the PHY before ehci_mx6_common_init.Signed-off-by: Ye Li
-
Type "ulong" will be 32 bits long on imx6/7 but we may have
userdate partition more than 4G on 32 bits platforms. Use
"uint64_t" instead of "ulong" here to fix this issue.Test: Get correct userdata partition size on both imx6dl
and imx8qxp.Change-Id: Ia6b242f3998a65b157737e83da0ad3126b689713
Signed-off-by: Ji Luo
26 Oct, 2018
1 commit
-
Currently the clocks and power of USB controller and USB PHY are both
controlled by ehci-mx6 driver in device probe. However, the function
"ehci_usb_ofdata_to_platdata" calls "ehci_usb_phy_mode"
to access PHY registers when "dr_mode" is set to OTG, both "dr_mode" and
"extcon" properties are not set in DTB. This may cause hang at accessing
USB PHY registers if the power and clocks are not enabled.Change the usb type logic to more clear way:
1. plat->init_type: The requested USB mode type from uplayers
2. priv->init_type: The USB mode type specified by DTB or by the USB ID pin or
by external controller like tcpc or GPIO.
3. If two init_type are not same, return failure. Align with non-DM driver.
4. USB PHY access is moved after power and clock enabled.Signed-off-by: Ye Li
12 Oct, 2018
1 commit
-
Add fastboot command "fastboot oem set-rpmb-key" to program the rpmb
key which should be staged first.
Usage:
1. fastboot stage my-rpmb-key.bin
2. fastboot oem set-rpmb-keyTest: rpmb key programed successfully on imx8qxp.
Change-Id: I95474a6367eb8ef0db16bb38680975b8c45b84f1
Signed-off-by: Ji Luo
29 Sep, 2018
1 commit
-
For imx8 chips, if boot from usb, lock status will be ignored for the
convenience of using uuu. For imx6 and imx7, the presistdata partition
is ignored, so unlock operation can alway succeed.Change-Id: I842bab9fd2c04f8a864f4a134b63efc4436f71a4
Signed-off-by: faqiang.zhu
13 Sep, 2018
1 commit
-
Assign security features to specific config.
Now, use AVB_RPMB to enable RPMB stored rollback
index.After this refine,
for imx6/7/8 Android release, use no AVB_RPMB,
for imx6/7 AndroidThings, use AVB_RPMB.This patch also fix below build error for imx6/7:
vendor/nxp-opensource/uboot-imx/lib/avb/fsl/fsl_avbkey.c:711:2: error:
implicit declaration of function 'fsl_fuse_read'
[-Werror=implicit-function-declaration]
if (fsl_fuse_read((uint32_t *)blob, RPMBKEY_FUSE_LENW,
RPMBKEY_FUSE_OFFSET)){Change-Id: I734479f0627901f372f4b211b2e710bd103eb244
Signed-off-by: Haoran.Wang
12 Sep, 2018
1 commit
-
Align the callback to ARM64 environment for
Trusty OS.TEST: AIY-3G & AIY-1G board's TIPC and AVB handler
works.Change-Id: I65806f56267a4a9278db04a462e351da181618cb
Signed-off-by: Haoran.Wang
10 Sep, 2018
2 commits
-
- fix the blksize is 0 bug when boot device is sata
- add the sparse image support in the process flash sataSigned-off-by: Richard Zhu
Signed-off-by: Ye Li -
for 8qm B0, bootloader in eMMC boot partition should be 0, it is
different from 8qm A0, which need to be 33K.Change-Id: I3606aaee733b3a159bc818ac4938c34ec65f5896
Signed-off-by: faqiang.zhu
07 Sep, 2018
1 commit
-
Non-A/B devices should include dtbo in recovery.img to prevent mismatch
with recovery if OTA failure. Load dtbo from recovery.img for Non-A/B
devices in recovery mode.Change-Id: Ie8b12aeb562b80a172769af0b163df3c672c9af0
Signed-off-by: Ji Luo
28 Aug, 2018
1 commit
-
After executing each ucmd, the ucmd callback function always call fastboot_setup
to setup some enviroments.Because the mmc will be switched to user area by calling blk_get_dev in _fastboot_load_partitions.
When running "mmc partconf" by ucmd, the PART_CONFIG EXTCSD is updated, but the part_config and
hwpart variables in mmc and blk structure are not synced. So the old value will write to
PART_CONFIG EXTCSD again when switch to user area.This patch changes the fastboot_setup, only load the partitions when the storage device is changed.
Also force to re-init mmc before loading the partitions to sync mmc variables.Signed-off-by: Ye Li
(cherry picked from commit c9cd93b25586ecd4ce9178da7b8141f60cdd9deb)
27 Aug, 2018
1 commit
-
make the case of USB_BOOT won't execute to the case of default.
Change-Id: I6393d1532df6fe75e81b0ee0a88ca83427378e5c
Signed-off-by: faqiang.zhu
24 Aug, 2018
1 commit
-
For Android, /data, misc, cache, presistdata, RBK are erased
when lock/unlock.
For Android Things, above partitions except misc are erased.Change-Id: I4c9f5b81f15bf46322d6aea8d535d80f9ae7ca8b
Signed-off-by: Ji Luo
22 Aug, 2018
2 commits
-
Add some message prompt when the device will enter recovery
mode.Change-Id: I3b1829594998f146fd973e15a418cd4c9f52f771
Signed-off-by: Ji Luo -
Blob buffer size is 48 bytes larger than the plain text buffer,
set correct range when flush the dcache. Also use cache aligned
buffer for the blob/plain_text to avoid failure in CAAM.Change-Id: I3b377cfeb8f5bd9c76233827b2c9c7bd0d788c9b
Signed-off-by: Ji Luo
21 Aug, 2018
6 commits
-
Legacy platform (imx6/7) don't support A/B slot so the fdt
partition name should be 'dtbo' instead of 'dtbo_a/dtbo_b'.Test: build and boot ok on imx6q_sabresd.
Change-Id: I282594289d78ffac6d7f503a0e471e050724efea
Signed-off-by: Ji Luo -
Some configs and definations changed from imx_v2017.03 to
imx_v2018.03, refine related codes to make pico-imx7d work.Test: pico-imx7d boots ok.
Change-Id: I10e5a1849964a62259e0d6c353e5588c1529a840
Signed-off-by: Ji Luo -
Change bootcmd to "fastboot 0" directly when detect
booted from USB. By this the u-boot which booted by
uuu will enter fastboot mode and ready for the
remain commands.Change-Id: I937c07f770e68568dcb3ea67130ee6634feea47a
Signed-off-by: Haoran.Wang -
Sometimes we don't need to dump the whole partition table when
some partition can't be found, only dump the partition table
when it's needed.Test: Build and boot ok.
Change-Id: I52407f0117b73f4b3656fe2435b08dfc7a349939
Signed-off-by: Ji Luo -
Remove CONFIG_LOAD_FDT_FROM_PART and decide the fdt
location at run time.Test: build and build ok on both Android and Android Things.
Change-Id: Ice49e71b54db33468e49298705a714e4acb333e3
Signed-off-by: Ji Luo -
The oem_bootloader partition is critical and should be verified. All
necessary verify data has been added (hash footer in oem_bootloader
and descriptors in vbmeta), verify the oem_bootloader by libavb at
u-boot stage.
Since the oem_bootloader will be loaded by libavb, use it directly
instead of loading it from disk again.Test: oem_bootloader verify ok and boot ok for both imx7d and imx8m.
Change-Id: Ic37d2555f800385a982f6664b3858b9c83b9c484
Signed-off-by: Luo Ji
20 Aug, 2018
3 commits
-
Add 1G DDR support, distinguish different boards by the
Board ID, They are:
SAI5_MCLK: Board_id[6]
SAI5_RXFS: Board_id[5]
SAI5_RXC: Board_id[4]
SAI5_RXD3: Board_id[3]
SAI5_RXD2: Board_id[2]
SAI5_RXD1: Board_id[1]
SAI5_RXD0: Board_id[0]
Current Board ID for imx8m boards are:
AIY Micron 1G: 0x5c
AIY Hynix 1G: 0x56
AIY Mirconb 3G: 0x40
Wibo 3G: 0x00
imx8m_ref 3G: 0x00Test: Boot ok on all imx8m boards.
Change-Id: I3d65931483f369c545632b660f04fc9da120547d
Signed-off-by: Luo Ji
Reviewed-on: http://androidsource.ap.freescale.net/project/5093
Reviewed-by: guoyin.chen
Reviewed-by: Wang Haoran -
Unlocked device maybe locked when gpt overlay changed, unlock the device
after valid gpt is flashed, erase the userdata to ensure safety.Test: device unlocked after valid gpt flashed.
Change-Id: I7b0306606c632b7dc5668ea1ff8aad63428f278f
Signed-off-by: Luo Ji -
"fastboot reboot bootloader" fails to transmit "OKAY" back to host on
imx8qm because fastboot_tx_write_str() will dequeue the IN request
first before queue it, cdns3 usb driver will always invoke the complete
callback in dequeue, so if we are going to do_reset() in the complete
callback, the device will reboot before we can transmit "OKAY" back to
host in queue.
Check the request status in dequeue first before invoke the complete
callback, this is basically ported from kernel.Test: No error messages when run "fastboot reboot bootloader" on
imx8qm_mek.Change-Id: I085df3bd0f37480b8636585cc1068d5fcae331c1
Signed-off-by: Luo Ji