18 May, 2020
40 commits
-
To enable dynamic partition feature, system partition will be a logic
parition in "super" partition, uboot can't access system partition
anymore.In i.MX Android use case, only vbmeta partition is used to verify other
imags. boot and system are not used. so there is no need to access
system partition to get avb device info, remove system partition from
avb lib.Now, standard Android will boot with ramdisk in boot.img, there is no
need to provide root info to kernel for standard Android. so only
Android Auto will provide this info.Change-Id: I99a43eb8f7aa1dc635e3937c93266f881c9b3655
Signed-off-by: faqiang.zhu
(cherry picked from commit 3a2418a1cc097cd956347fc12b0b4e0566652bfd) -
Add mmc board level implementation for imx8mp, so we can support
boot from mmc besides ROMAPI.Test: eMMC/SD boot.
Change-Id: Ie3c28e5622dd819583e2146557ac75f89dbe19ef
Signed-off-by: Ji Luo -
Only limited heap memory is available on imx8q platforms due
to some memory is reserved for m4 image. Commit cd67414 will
free avb verify data and thus help decrease the heap memory
consumption.But when the device is locked, avb will try to verify one slot
first, it will continue to verify another if the first slot
returns failure. Function load_full_partition() will alloc memory
to load boot/dtbo images from heap (which is a big and continuous
memory region), this memory will be freed if the first slot returns
verify failure. but because part of the continous memory region
will be used in following verify process, even total available memory
is enough, u-boot can't find a continous memory region to load the
boot/dtbo image for another slot and will return error "Failed to
allocate memory".Instead, this commit use fixed memory region start from 96MB offset of
CONFIG_FASTBOOT_BUF_ADDR to load the boot/dtbo images.Test: slot verify and A/B slot switch.
Change-Id: Ifc83bed5a6be37196c0fd109d942eaf9b07b6a74
Signed-off-by: Ji Luo
(cherry picked from commit d13752e831957fb84c71f8ca24fd1979d3605cde) -
Address 0x8880_0000 is reserved for M4 image on imx8q, which
leaves limited memory region for the malloc pool. The avb
will consume much heap memory to verify the kernel and dtbo
image, memory conflicts may happen as the kernel/dtbo image
size is getting larger.As the avb will load kernel/dtbo in every avb_slot_verify(), but
will only free the memory after both slots are checked(if needed).
And for trusty enabled platforms, extra heap memory will be used
to do the hash calculation.This commit will free the slot memory once it's marked as unbootable
and will use fixed memory started from CONFIG_FASTBOOT_BUF_ADDR to
help store the data to do the hash calculation. With above change,
we get a chance to decrease the malloc pool size.Test: boot on imx8qxp and imx8mm.
Change-Id: Ia5cdaf9962ae1cb8b8e9bee5305205ec6d90b84a
Signed-off-by: Ji Luo
(cherry picked from commit 0a299eb1a4c8c929d069cb4a0d58a096c04f09f7) -
"is-logical" is used to check whether the partition to be flashed is
dynamic partition, if it is, a partition resize command will be issued
by host fastboot. this can be well processed in fastbootd.process this "is-logical" in uboot, now there is no logical partition,
for every partition found in u-boot, returns "no".Signed-off-by: faqiang.zhu
Change-Id: I4d93a0c7b32fed9fe5a5ac846bc4e97bfbe69e67
(cherry picked from commit 7b27a2290aec78b49ce7c2aed497db858f436eb4) -
Guard oem unlock permission protection feature with new config
'CONFIG_TRUSTY_UNLOCK_PERMISSION', so we can enable or disable
it as needed.Test: build and boot on imx8mm.
Signed-off-by: Ji Luo
(cherry picked from commit c664d8e8b94e9b6f66b2bf04d1be47e9b8a22978)Change-Id: If1db4b46ecac21b8f187854531704eaff2df30c4
-
Target mmc dev is not properly switched when the device enters
fastboot mode via uuu "-i" parameter, which causes "erase"
operation doesn't work.Get and switch the target mmc dev every time before erase operations
happen.Test: "fastboot erase boot_a" in uuu fastboot mode.
Change-Id: I4822d2b4ecfd2d874dfbe7474d6824b8fc3a7903
Signed-off-by: Ji Luo
(cherry picked from commit 46161b62c341139dcdbb13e00634ae8ae903c5da) -
To avoid both A/B slots are marked as unbootable because
of some random failures, we will need to reset at spl stage
when current slot load/verify fail but already with flag
"successful_boot" set.imx8q can't be reset via the psci driver because the atf
is not avaiable at spl stage, porting the sc_pm_reboot()
scu api so we can do reset at spl stage for imx8qm/imx8qxp
mek boards.Test: reset on imx8qm_mek and imx8qxp_mek.
Change-Id: Ifa0bdea9393e413942a8a0188a4f937fa0aa9ab8
Signed-off-by: Ji Luo
(cherry picked from a5c5748101c383bc3afb424a3ef2689ab2664846) -
Slot will be marked as "unbootable" state if error happens during
image load/verify process, this may cause the board never boot up
if some random failures happen (like eMMC/DRAM access error at some
critical temperature).Check the "successful_boot" flag before marking the slot as "unbootable",
this will help ease the "no bootable slot" issue.Test: slot switch on imx8qm_mek.
Signed-off-by: Ji Luo
(cherry picked from commit 6db8ebe2224ab6656e8e798288bd1b3c0472c0c0)Change-Id: Ib060b11cc6687a3bacd09cecda7dd925beba6316
-
Add implementation to load hdmi rx/tx firmwares, use different config to
guide the function.Change-Id: Ibb43c2301b5f6cdc8b5103bd04cc30baefac9b9f
Signed-off-by: Ji Luo -
Refine trusty logs output to make it more
simple.Test: boots.
Change-Id: Id94fc245206c5f78e0dbcb0baf5db6475c9f744d
Signed-off-by: Ji Luo
(cherry picked from commit a50b4fca22111fe7b85b5584ff317db55d664c50) -
androidboot.storage_type has been replaced by androidboot.boot_device_root.
Change-Id: Ibec80808e6ae720be128c0a2d9e2f4d325c56716
Signed-off-by: Jindong
(cherry picked from commit 6a5534d13b9e7fe14a457c5f4664b054382d35e3) -
With Android10 code, to build GSI image for devices launching with
Android10, the target should be "aosp_$arch-user". Google releases GSI
images is so built in user mode.To do CTS-on-GSI test, a debug ramdisk containing .prop file to enable
adb root permission and GSI keys to verify the GSI image is needed, this
ramdisk is in boot image. so ramdisk in boot image need to be loaded by
uboot even in non-recovery mode.To save boot time, only standard Android use ramdisk to boot up Android,
Android Auto keeps the original way: kernel be responsible for verify
and mount system partition. Let the customers to decide whether to use
recovery ramdisk to boot the system. and under this condition, user-debug
Android Auto GSI image need to be used for VTS-on-GSI test.when use ramdisk to bootup Android, info provided by "dm=" bootarg is
not used by kernel to setup dm-verity, so it is removed from the
bootargs. The 4.19 kernel used together with this uboot does not handle
"skip_initramfs", so it's also removed.Change-Id: Ia8b8fa8b85a44acda2670b46504038a009ce01a8
Signed-off-by: faqiang.zhu
(cherry picked from commit e7d3c9ee1a713434d2948928ff0c4daea09ce3dc) -
Add commands to read oem device unlock state from
trusty avb app. Use the oem device unlock state to
determine if the device can be unlocked instead of
the state in persistdata part.Test: Read oem device unlock state from avb app.
Change-Id: Ifccaa788ba0f681c2b3a47151c8474e8da5a2559
Signed-off-by: Ji Luo
(cherry picked from commit c6eaf8e32987f120c0c5441ea39aa0f39a65b50d) -
Don't skip vbmeta public key verify for non-trusty
platforms.Test: boot on imx8mm.
Change-Id: I4712e5dd6e5c8848468e9d85c6b38eb5fb11377f
Signed-off-by: Ji Luo
(cherry picked from commit 9b8264c89ccb3e9179a438e428ad79d72c7efe9b) -
Decrypt and verify the secure credential in keymaster TA, unlock
operation can only be allowed after secure credential verify pass.Since the mppubk can only be generated on hab closed imx8q, so secure
unlock feature can only supported when hab is closed.Test: secure unlock credential verify on hab closed imx8mm_evk.
Change-Id: I1ab5e24df28d1e75ff853de3adf29f34da1d0a71
Signed-off-by: Ji Luo
(cherry picked from commit 631149fc0fc8ce035311949db643c2708e41435a) -
Add commands to support extract serial number from device.
Commands:
$ fastboot oem get-serial-number
$ fastboot get_stagedTest: serial number upload on imx8mm.
Change-Id: I5c905ab797d4fd28d76c8403914f191eaf2ef687
Signed-off-by: Ji Luo
(cherry picked from commit 250ef119c1dc02908046113893df5eeb9ef40605) -
MMC device id remap function "board_mmc_get_env_dev()" was
removed in u-boot v2019 because we add the mmc device aliases
in dts file. But we still need to remap the mmc device id in
spl or read/write rpmb keyslot package will fail.This patch adds mmc device id remap function in spl to get the
correct device id.Test: boot on imx8mm with trusty enabled.
Change-Id: I41c46494326d9eb2658d2cda692968fb895d0292
Signed-off-by: Ji Luo
(cherry picked from commit c079188d06b3669df7836e1b8c6126558b1fa39e) -
The A/B slot selection is moved to spl, it may lead to hang
if no bootable slots found. The only way to recover the board
is re-flash images with uuu tool, which is quite inconvenient
for some customers who can't enter serial download mode.This patch will set "spl recovery mode" which will give us a
chance to re-flash images with fastboot commands.Test: Enter spl recovery mode and flash images when no bootable
slots found.Change-Id: I31278f5212bde7609fe2f49e77b3849e92c0c516
Signed-off-by: Ji Luo
(cherry picked from commit 46cc755cf3f42422ee1d7783394e14e8125df2b6) -
when conduct fastboot lock/unlock operations, erase the userdata first
and then set lock/unlock status to improve security level.Change-Id: I74c571c35b88afd6fdd4c287463f7209da8c15ff
Signed-off-by: faqiang.zhu
(cherry picked from commit b81f0b617d23548cd30953b94aca4ff8cc4da723) -
It can be dangerous to export some hwcrypto commands to Linux,
add commands to limit some commands within bootloader.Test: hwcrypto commands can't be used after locking boot state.
Change-Id: Ib0a96a87f661778c133178840d8dccf49f151c22
Signed-off-by: Ji Luo
(cherry picked from commit 3fc3f521957677b1f363624494ed866985a25505) -
Add new command to generate bkek from trusty.
Test: generate and dump bkek.
Change-Id: I6b2a30b87c755eecd00ced7c53cfb86e432040de
Signed-off-by: Ji Luo
(cherry picked from commit 6c1087c030de491a12b7f1be9d332f30ba27d183) -
Add sha256 hmac support in u-boot.
Test: hmac calculation.
Change-Id: I0f1438fed8290620a1bb0663d19c21e20098eb5a
Signed-off-by: Ji Luo
(cherry picked from 1e06de6ef23c1ae9d51383f3c57bb045ea180c03) -
In host end, need encrypt the attestation keys and certs
by manufacture protection public key though AES-128-ECB.
Then use below 4 set of commands to provision encrypted
RSA attestation and EC attestation:
* $fastboot stage atte_rsa_key.bin
* $fastboot oem set-rsa-atte-key-enc
* $fastboot stage atte_rsa_cert.bin
* $fastboot oem append-rsa-atte-cert-enc
* $fastboot stage atte_ec_key.bin
* $fastboot oem set-ec-atte-key-enc
* $fastboot stage atte_ec_cert.bin
* $fastboot oem append-ec-atte-cert-encChange-Id: I8a7c64004a17f7dde89f28c3123a2e2b1a6d3346
Signed-off-by: Haoran.Wang
(cherry picked from commit 58965915dd69050429142d3d180c75e98ad14788) -
Add new keymaster commands to get Manufacure Production key (mppubk).
Since the mppubk can only be generated in OEM CLOSED imx8q board, so
we can only use this command when the board is HAB/AHAB closed.Commands to extract the mppubk:
* $fastboot oem get-mppubk
* $fastboot get_staged mppubk.binTest: Generate and dump the mppubk.bin
Change-Id: Idc59e78ca6345497e744162664b8293f50d1eda4
Signed-off-by: Ji Luo
(cherry picked from commit 52300d644a275dfa4fe73ecb51601a8efaff8ab7) -
Align using emmc loader when there is no Trusty OS for Android standard
boot in SD/EMMC.Add hook for getting correct offset when load uboot.
Change-Id: I5898cf196e734ffaca1a513918a049ce504b14e9
Signed-off-by: Haoran.Wang
(cherry picked from commit c5151ab339c9a37a6c95cabebe328aeba88636f9) -
Follow Bootloader requirement spec in
https://source.android.com/devices/bootloader/unlock-trusty.
Need to pass the flash lock status by androidboot.flash.locked.This patch fixed the GTS failure
com.google.android.gts.persistentdata.PersistentDataHostTest#testTestGetFlashLockState.Change-Id: I9a3508f7546b02c998e7668df2a33f864a58db75
Signed-off-by: Haoran.Wang
(cherry picked from commit 3f2c4d49fe147637e61309421e5817b3e574ed56) -
Do not pass BDADDR from uboot cmdline when
serial is all zero, and instead btmacaddr
will be set from persist.service.bdroid.bdaddr
which is set in device's init.freescale.rcChange-Id: I429c6f369d0b7aaca643443fe505d943a3901215
Signed-off-by: yang.tian
(cherry picked from c23398fb379131ad3c5c17c3d762c582796698fb) -
new imx8mn chips have Cortex-M7 inside, not like any other existing
multi-core i.MX MPU, users may manually flash mcu firmware with
fastboot, partition name need to be specified at the same time, so the
mcu firmware partition name need to be changed. related enum and
variable names are also modified.Change-Id: Ia801e76fb3a20d0074dbbc1433258358c1a53907
Signed-off-by: faqiang.zhu
Signed-off-by: Ji Luo
(cherry picked from commit dc25b7b27fa5c2293d09789a338a1aed2e3a010f) -
new imx8mn chips have Cortex-M7 inside, not like other imx8m devices
of imx8mm and imx8mq which have Cortex-M4 inside. the names of MACROs
used to boot MCU on imx8m devices is modified to make them more common
to cover M4 and M7.
annotations are also modified based on the differences between M4 and
M7.Change-Id: Ida272e6ecdf577eeaadb9f1242f4524bd1014cac
Signed-off-by: faqiang.zhu
(cherry picked from commit eb825f8d4fbc2289b9ccf8f457fcba04922c8259) -
imx-regs-imx8mm.h is used both for imx8mm and imx8mn, while mcu in
imx8mn is Cortex-M7, it's different from Cortex-M4 in imx8mm, change
the MACRO name of mcu TCM base address from M4_BOOTROM_BASE_ADDR to
MCU_BOOTROM_BASE_ADDR.
since this MACRO will be used in common code for i.MX chips, the same
MACRO name in other files are also modified.Change-Id: I433dd78d11c485d0f4cb82bab299f61cb29dce45
Signed-off-by: faqiang.zhu
(cherry picked from commit e2eb616fdbc4ce6475b084ab11b77cd5dcaa6fd2) -
Due SPL doesn't have env, so cannot use mmc_get_env_dev() get
the mmc index.
Following spl_mmc.c get correct mmc index in SPL.Change-Id: I0f07a9ea35d5b3ba0d638af436238d0cfe925981
Signed-off-by: Haoran.Wang
(cherry picked from commit 6e4753b4dc0c5bde5aa573b42cb6b7caa6a95bc9) -
In Android, the reboot bootloader flag is written to misc partition, in
the boot flow, u-boot will check that message to decide whether enter
fastboot mode or not. To be compatible with the common implemention,
keep the fastboot_set_reboot_flag there and redefine it to avoid the
error return value which block the reboot process.Change-Id: Ifb55236d5a5daf3edd124d3ed01851ff6e916e1a
Signed-off-by: faqiang.zhu
(cherry picked from commit aa78cbe3d3148ab99ea039ede767e6d1152092b4) -
storage_type is emmc or sd, which is not friendly
for user space, for example android health HAL need access
/sys/block/mmcblkX/stat.Replace it with mmcblkX named as boot_device_root.
(Keep storage_type for compatibility now)Change-Id: I7486d522696e9fe3dde8bdc8834ac11d25df7d79
Signed-off-by: Jindong
(cherry picked from commit db441a89a090c46149457ee29492bc315c2bdfa9) -
Serial init in board_init_f will cost much time, skip it here
because the serial will be initialized again in board_init_r
and it's more faster (after cache is enabled). We will miss
some logs before the serial is ready but it's ok for Android Auto.
This commit will save about 190ms on imx8qm.Test: boot ok for both imx8qm and imx8qxp.
Change-Id: If6efdc19794aecda862f22b6fec7f7aba2005766
Signed-off-by: Ji Luo
Reviewed-by: Ye Li
(cherry picked from commit 690a14ed2fc64328b417a9de448f4a18cc653698) -
Blob buffer size is 48 bytes larger than the plain text buffer,
set correct range when flush the dcache. Also use cache aligned
buffer for the blob/plain_text to avoid failure in CAAM.Change-Id: I8f311b9d21fc7d26d60e9ba23dfb239d2582cedf
Signed-off-by: Ji Luo
(cherry picked from commit b3d3a85b9a23d3da3e2133301d5b58fb375946e5) -
This commit enables dual bootloader feature for imx8m/imx8q, but
as commit 'a2018ab' already brings in some dual bootloader codes
when enabling fastboot support, so this commit won't be a complete
and standalone patch to introduce the dual bootloader feature.This commit will do the following:
1. clean up dual bootloader flow and add missing implementation.
2. Merge the dual bootloader entry for fit and container to one
function 'mmc_load_image_raw_sector_dual_uboot'.Change-Id: Ic9410a48092cc05de599dd897fc912177e2a1fe1
Signed-off-by: Ji Luo -
The RPMB keyslot is stored in last block of boot1 partition which
is easily erased or tampered, set power-on write protection for this
partition to prevent corruption.Test: Power-on write protection works as expected on imx8m.
Change-Id: Ib7e1094b979f7d94c0a2817391c5b3b5f3205d76
Signed-off-by: Luo Ji
(cherry picked from commit c7e207fbbcd8618d29b1192829c630777fea5220) -
Driver Module may be used in SPL, with CONFIG_BLK enabled for U-Boot,
CONFIG_SPL_BLK will be enabled, struct mmc definition will be different.
comply with that mmc struct definition in fsl_avbkey.c file to handle
conditions when DM is used in SPL.Change-Id: I632600556e764b25228ba467a5e5141cf3fc3dfe
Signed-off-by: faqiang.zhu
(cherry picked from commit de905a8a3c6dfdf9241a188b2e22c76dbef851c1) -
The CAAM driver in u-boot will use JR0 by default, but for
imx8q, both JR0 and JR1 are assigned to SECO and A core
should never access them.
Power on the JR3 in this patchset and use it to complete
the CAAM operations for imx8q.Test: CAAM self test cases pass for imx8q.
below patches are merged to this commit:
MA-13964 imx8q: Kick the CAAM JR before kicking the SMMU
MA-13969 Fix CAAM build warningsChange-Id: Ie3d77d1f2910e7f4c257c797c12b5c8a30ad936a
Signed-off-by: Ji Luo
(cherry picked from commit d6e0fdcde5773fed4804cdacf927808bd2da3d7d)