18 May, 2020
40 commits
-
Add board level support and configs for standard android and android automotive,
each board has android/android auto specific header files include.Test: boot/fastboot/avb/AB switch/trusty test.
Change-Id: I3beb84f251451d0003f0ef44d0cba51d0d773ca3
Signed-off-by: Ji Luo -
Include correct header files to avoid build warning:
common/image-android.c:151:68: warning: implicit declaration
of function ‘mmc_get_env_dev’ [-Wimplicit-function-declaration]
" androidboot.boot_device_root=mmcblk%d", mmc_map_to_kernel_blk(mmc_get_env_dev()));Change-Id: I932a178500e7397f72d717efae0dd2d954a909d8
Signed-off-by: Ji Luo -
camera sometime can't been open once run M4 image.
ISI-CH0 probe funtion is not called when meet issue.The root cause is:
M4 image set assign resource SC_R_ISI_CH0 into m4 partition
when open camera in m4 side.
Uboot will call update_fdt_with_owned_resources to check
the pd in current dts node. it will call sc_rm_is_resource_owned to
check the pd whether in other partition, if yes, it will delete
the dts node. uboot delete isi_0 node whose pd is SC_R_ISI_CH0.add CONFIG_SKIP_RESOURCE_CHECKING to skip checking resource when load
dtb.Change-Id: Iaf9a5eda07074c45c15c43f23cb6ad6b5a77de47
Signed-off-by: zhang sanshan -
dynamic partition feature is not enabled on automotive, so there is
system partition in GPT, uboot for automotive need to get the info of
this partition to generate the correct bootargs.And also, there is no commandline descriptor as "dm=***" in vbmeta image
for standard Android after dynamic partition feature is enabled, so
there is no need to use "strstr" to eleminate this from the bootargs.Change-Id: I51b3b92f5a22550602335cfc212831b263526f42
Signed-off-by: faqiang.zhu -
With this patch, the macro MAX_KERNEL_LEN will be set for non-imx8
SoC and will pass the build.Change-Id: I15599546127b843e171b2f177aaf3b3dc33b8baa
Signed-off-by: Haoran.Wang
(cherry picked from commit a72c79bc17c0ed3bd3385f8195f3cd35ee223af6) -
boot_buf was used to point to the memory allocated in do_boota function
to save boot partition data. now boot partition is loaded by AVB, this
boot_buf should be removed.Change-Id: I614c412b5f7ed980d29106b364a8193c56db13dc
Signed-off-by: faqiang.zhu
(cherry picked from commit 2a27f021798e31a8bab37804b053d2b9ebaea928) -
Android use AVB to verify the kernel, hab authentication is
not necessary for boot image.For imx8m, don't authenticate the kernel image when AVB
(CONFIG_AVB_SUPPORT) is enabled. For imx8q, as android uses
different 'CONFIG_EXTRA_ENV_SETTINGS' and 'CONFIG_BOOTCOMMAND'
with linux bsp, so it won't try to do kernel hab authentication.
by default.Test: boot imx8mp with "CONFIG_IMX_HAB" and imx8qxp with
'CONFIG_AHAB_BOOT'.Change-Id: I1b2087ce7d8f9795422a053b6b68a694c86f0b3d
Signed-off-by: Ji Luo
(cherry picked from commit f907e4ac090e960ba5110b8039cccc4296841595) -
The Kernel image will get bigger with some debug configs,
48MB memory is not enough to hold the kernel image and its
.bss segment now.For imx8m, we will reserve 64MB for kernel, 2MB for fdt and
16MB for ramdisk. For imx8q, we will reserve 60MB for kernel,
1.5MB for fdt and 16MB for ramdisk.Test: boots with 'kasan' enabled.
Change-Id: I79d8e76c89f4add51bea1a16486c94c0b9f017db
Signed-off-by: Ji Luo
(cherry picked from commit 7ee2b20c22242f61e2595dffcb525ebdd54f9257) -
We use the 'second_addr' in boot image header to store the
fdt load address which is set by '--second_offset' parameter,
but actually we don't pass any 'second' image to it. Now the
mkbootimg.py will check the 'second' image size and set the
'second_addr' as 0x0 if no 'second' image is specified.Since we don't store dtbs in the boot.img (except recovery dtb
for legacy platforms), so set the dtb load offset in bootloader.
The dtb load address will be 'kernel_addr + FDT_OFFSET_TO_KERNEL'
(48MB memory reserved).Test: Boots on imx8mq.
Change-Id: Ie597731992107ec2343e5ab6db0cab0e123f009c
Signed-off-by: Ji Luo
(cherry picked from commit efb9b0c9322f531c15ceedccd2fa9c6c170003a2) -
Android implement the userspace fastboot in Android Recovery.
Follow Google's spec, added below 2 fastboot command support:
* fastboot getvar is-userspace
* fastboot reboot fastbootTEST: fastboot commands.
Change-Id: Ib6047413be0a45b3c00626cdb8594809eb8a2b6b
Signed-off-by: Haoran.Wang
(cherry picked from commit 314bded076dfc3e544cc7094ce3f6c4c330be4dd) -
To enable dynamic partition feature, system partition will be a logic
parition in "super" partition, uboot can't access system partition
anymore.In i.MX Android use case, only vbmeta partition is used to verify other
imags. boot and system are not used. so there is no need to access
system partition to get avb device info, remove system partition from
avb lib.Now, standard Android will boot with ramdisk in boot.img, there is no
need to provide root info to kernel for standard Android. so only
Android Auto will provide this info.Change-Id: I99a43eb8f7aa1dc635e3937c93266f881c9b3655
Signed-off-by: faqiang.zhu
(cherry picked from commit 3a2418a1cc097cd956347fc12b0b4e0566652bfd) -
Add mmc board level implementation for imx8mp, so we can support
boot from mmc besides ROMAPI.Test: eMMC/SD boot.
Change-Id: Ie3c28e5622dd819583e2146557ac75f89dbe19ef
Signed-off-by: Ji Luo -
Only limited heap memory is available on imx8q platforms due
to some memory is reserved for m4 image. Commit cd67414 will
free avb verify data and thus help decrease the heap memory
consumption.But when the device is locked, avb will try to verify one slot
first, it will continue to verify another if the first slot
returns failure. Function load_full_partition() will alloc memory
to load boot/dtbo images from heap (which is a big and continuous
memory region), this memory will be freed if the first slot returns
verify failure. but because part of the continous memory region
will be used in following verify process, even total available memory
is enough, u-boot can't find a continous memory region to load the
boot/dtbo image for another slot and will return error "Failed to
allocate memory".Instead, this commit use fixed memory region start from 96MB offset of
CONFIG_FASTBOOT_BUF_ADDR to load the boot/dtbo images.Test: slot verify and A/B slot switch.
Change-Id: Ifc83bed5a6be37196c0fd109d942eaf9b07b6a74
Signed-off-by: Ji Luo
(cherry picked from commit d13752e831957fb84c71f8ca24fd1979d3605cde) -
Address 0x8880_0000 is reserved for M4 image on imx8q, which
leaves limited memory region for the malloc pool. The avb
will consume much heap memory to verify the kernel and dtbo
image, memory conflicts may happen as the kernel/dtbo image
size is getting larger.As the avb will load kernel/dtbo in every avb_slot_verify(), but
will only free the memory after both slots are checked(if needed).
And for trusty enabled platforms, extra heap memory will be used
to do the hash calculation.This commit will free the slot memory once it's marked as unbootable
and will use fixed memory started from CONFIG_FASTBOOT_BUF_ADDR to
help store the data to do the hash calculation. With above change,
we get a chance to decrease the malloc pool size.Test: boot on imx8qxp and imx8mm.
Change-Id: Ia5cdaf9962ae1cb8b8e9bee5305205ec6d90b84a
Signed-off-by: Ji Luo
(cherry picked from commit 0a299eb1a4c8c929d069cb4a0d58a096c04f09f7) -
"is-logical" is used to check whether the partition to be flashed is
dynamic partition, if it is, a partition resize command will be issued
by host fastboot. this can be well processed in fastbootd.process this "is-logical" in uboot, now there is no logical partition,
for every partition found in u-boot, returns "no".Signed-off-by: faqiang.zhu
Change-Id: I4d93a0c7b32fed9fe5a5ac846bc4e97bfbe69e67
(cherry picked from commit 7b27a2290aec78b49ce7c2aed497db858f436eb4) -
Guard oem unlock permission protection feature with new config
'CONFIG_TRUSTY_UNLOCK_PERMISSION', so we can enable or disable
it as needed.Test: build and boot on imx8mm.
Signed-off-by: Ji Luo
(cherry picked from commit c664d8e8b94e9b6f66b2bf04d1be47e9b8a22978)Change-Id: If1db4b46ecac21b8f187854531704eaff2df30c4
-
Target mmc dev is not properly switched when the device enters
fastboot mode via uuu "-i" parameter, which causes "erase"
operation doesn't work.Get and switch the target mmc dev every time before erase operations
happen.Test: "fastboot erase boot_a" in uuu fastboot mode.
Change-Id: I4822d2b4ecfd2d874dfbe7474d6824b8fc3a7903
Signed-off-by: Ji Luo
(cherry picked from commit 46161b62c341139dcdbb13e00634ae8ae903c5da) -
To avoid both A/B slots are marked as unbootable because
of some random failures, we will need to reset at spl stage
when current slot load/verify fail but already with flag
"successful_boot" set.imx8q can't be reset via the psci driver because the atf
is not avaiable at spl stage, porting the sc_pm_reboot()
scu api so we can do reset at spl stage for imx8qm/imx8qxp
mek boards.Test: reset on imx8qm_mek and imx8qxp_mek.
Change-Id: Ifa0bdea9393e413942a8a0188a4f937fa0aa9ab8
Signed-off-by: Ji Luo
(cherry picked from a5c5748101c383bc3afb424a3ef2689ab2664846) -
Slot will be marked as "unbootable" state if error happens during
image load/verify process, this may cause the board never boot up
if some random failures happen (like eMMC/DRAM access error at some
critical temperature).Check the "successful_boot" flag before marking the slot as "unbootable",
this will help ease the "no bootable slot" issue.Test: slot switch on imx8qm_mek.
Signed-off-by: Ji Luo
(cherry picked from commit 6db8ebe2224ab6656e8e798288bd1b3c0472c0c0)Change-Id: Ib060b11cc6687a3bacd09cecda7dd925beba6316
-
Add implementation to load hdmi rx/tx firmwares, use different config to
guide the function.Change-Id: Ibb43c2301b5f6cdc8b5103bd04cc30baefac9b9f
Signed-off-by: Ji Luo -
Refine trusty logs output to make it more
simple.Test: boots.
Change-Id: Id94fc245206c5f78e0dbcb0baf5db6475c9f744d
Signed-off-by: Ji Luo
(cherry picked from commit a50b4fca22111fe7b85b5584ff317db55d664c50) -
androidboot.storage_type has been replaced by androidboot.boot_device_root.
Change-Id: Ibec80808e6ae720be128c0a2d9e2f4d325c56716
Signed-off-by: Jindong
(cherry picked from commit 6a5534d13b9e7fe14a457c5f4664b054382d35e3) -
With Android10 code, to build GSI image for devices launching with
Android10, the target should be "aosp_$arch-user". Google releases GSI
images is so built in user mode.To do CTS-on-GSI test, a debug ramdisk containing .prop file to enable
adb root permission and GSI keys to verify the GSI image is needed, this
ramdisk is in boot image. so ramdisk in boot image need to be loaded by
uboot even in non-recovery mode.To save boot time, only standard Android use ramdisk to boot up Android,
Android Auto keeps the original way: kernel be responsible for verify
and mount system partition. Let the customers to decide whether to use
recovery ramdisk to boot the system. and under this condition, user-debug
Android Auto GSI image need to be used for VTS-on-GSI test.when use ramdisk to bootup Android, info provided by "dm=" bootarg is
not used by kernel to setup dm-verity, so it is removed from the
bootargs. The 4.19 kernel used together with this uboot does not handle
"skip_initramfs", so it's also removed.Change-Id: Ia8b8fa8b85a44acda2670b46504038a009ce01a8
Signed-off-by: faqiang.zhu
(cherry picked from commit e7d3c9ee1a713434d2948928ff0c4daea09ce3dc) -
Add commands to read oem device unlock state from
trusty avb app. Use the oem device unlock state to
determine if the device can be unlocked instead of
the state in persistdata part.Test: Read oem device unlock state from avb app.
Change-Id: Ifccaa788ba0f681c2b3a47151c8474e8da5a2559
Signed-off-by: Ji Luo
(cherry picked from commit c6eaf8e32987f120c0c5441ea39aa0f39a65b50d) -
Don't skip vbmeta public key verify for non-trusty
platforms.Test: boot on imx8mm.
Change-Id: I4712e5dd6e5c8848468e9d85c6b38eb5fb11377f
Signed-off-by: Ji Luo
(cherry picked from commit 9b8264c89ccb3e9179a438e428ad79d72c7efe9b) -
Decrypt and verify the secure credential in keymaster TA, unlock
operation can only be allowed after secure credential verify pass.Since the mppubk can only be generated on hab closed imx8q, so secure
unlock feature can only supported when hab is closed.Test: secure unlock credential verify on hab closed imx8mm_evk.
Change-Id: I1ab5e24df28d1e75ff853de3adf29f34da1d0a71
Signed-off-by: Ji Luo
(cherry picked from commit 631149fc0fc8ce035311949db643c2708e41435a) -
Add commands to support extract serial number from device.
Commands:
$ fastboot oem get-serial-number
$ fastboot get_stagedTest: serial number upload on imx8mm.
Change-Id: I5c905ab797d4fd28d76c8403914f191eaf2ef687
Signed-off-by: Ji Luo
(cherry picked from commit 250ef119c1dc02908046113893df5eeb9ef40605) -
MMC device id remap function "board_mmc_get_env_dev()" was
removed in u-boot v2019 because we add the mmc device aliases
in dts file. But we still need to remap the mmc device id in
spl or read/write rpmb keyslot package will fail.This patch adds mmc device id remap function in spl to get the
correct device id.Test: boot on imx8mm with trusty enabled.
Change-Id: I41c46494326d9eb2658d2cda692968fb895d0292
Signed-off-by: Ji Luo
(cherry picked from commit c079188d06b3669df7836e1b8c6126558b1fa39e) -
The A/B slot selection is moved to spl, it may lead to hang
if no bootable slots found. The only way to recover the board
is re-flash images with uuu tool, which is quite inconvenient
for some customers who can't enter serial download mode.This patch will set "spl recovery mode" which will give us a
chance to re-flash images with fastboot commands.Test: Enter spl recovery mode and flash images when no bootable
slots found.Change-Id: I31278f5212bde7609fe2f49e77b3849e92c0c516
Signed-off-by: Ji Luo
(cherry picked from commit 46cc755cf3f42422ee1d7783394e14e8125df2b6) -
when conduct fastboot lock/unlock operations, erase the userdata first
and then set lock/unlock status to improve security level.Change-Id: I74c571c35b88afd6fdd4c287463f7209da8c15ff
Signed-off-by: faqiang.zhu
(cherry picked from commit b81f0b617d23548cd30953b94aca4ff8cc4da723) -
It can be dangerous to export some hwcrypto commands to Linux,
add commands to limit some commands within bootloader.Test: hwcrypto commands can't be used after locking boot state.
Change-Id: Ib0a96a87f661778c133178840d8dccf49f151c22
Signed-off-by: Ji Luo
(cherry picked from commit 3fc3f521957677b1f363624494ed866985a25505) -
Add new command to generate bkek from trusty.
Test: generate and dump bkek.
Change-Id: I6b2a30b87c755eecd00ced7c53cfb86e432040de
Signed-off-by: Ji Luo
(cherry picked from commit 6c1087c030de491a12b7f1be9d332f30ba27d183) -
Add sha256 hmac support in u-boot.
Test: hmac calculation.
Change-Id: I0f1438fed8290620a1bb0663d19c21e20098eb5a
Signed-off-by: Ji Luo
(cherry picked from 1e06de6ef23c1ae9d51383f3c57bb045ea180c03) -
In host end, need encrypt the attestation keys and certs
by manufacture protection public key though AES-128-ECB.
Then use below 4 set of commands to provision encrypted
RSA attestation and EC attestation:
* $fastboot stage atte_rsa_key.bin
* $fastboot oem set-rsa-atte-key-enc
* $fastboot stage atte_rsa_cert.bin
* $fastboot oem append-rsa-atte-cert-enc
* $fastboot stage atte_ec_key.bin
* $fastboot oem set-ec-atte-key-enc
* $fastboot stage atte_ec_cert.bin
* $fastboot oem append-ec-atte-cert-encChange-Id: I8a7c64004a17f7dde89f28c3123a2e2b1a6d3346
Signed-off-by: Haoran.Wang
(cherry picked from commit 58965915dd69050429142d3d180c75e98ad14788) -
Add new keymaster commands to get Manufacure Production key (mppubk).
Since the mppubk can only be generated in OEM CLOSED imx8q board, so
we can only use this command when the board is HAB/AHAB closed.Commands to extract the mppubk:
* $fastboot oem get-mppubk
* $fastboot get_staged mppubk.binTest: Generate and dump the mppubk.bin
Change-Id: Idc59e78ca6345497e744162664b8293f50d1eda4
Signed-off-by: Ji Luo
(cherry picked from commit 52300d644a275dfa4fe73ecb51601a8efaff8ab7) -
Align using emmc loader when there is no Trusty OS for Android standard
boot in SD/EMMC.Add hook for getting correct offset when load uboot.
Change-Id: I5898cf196e734ffaca1a513918a049ce504b14e9
Signed-off-by: Haoran.Wang
(cherry picked from commit c5151ab339c9a37a6c95cabebe328aeba88636f9) -
Follow Bootloader requirement spec in
https://source.android.com/devices/bootloader/unlock-trusty.
Need to pass the flash lock status by androidboot.flash.locked.This patch fixed the GTS failure
com.google.android.gts.persistentdata.PersistentDataHostTest#testTestGetFlashLockState.Change-Id: I9a3508f7546b02c998e7668df2a33f864a58db75
Signed-off-by: Haoran.Wang
(cherry picked from commit 3f2c4d49fe147637e61309421e5817b3e574ed56) -
Do not pass BDADDR from uboot cmdline when
serial is all zero, and instead btmacaddr
will be set from persist.service.bdroid.bdaddr
which is set in device's init.freescale.rcChange-Id: I429c6f369d0b7aaca643443fe505d943a3901215
Signed-off-by: yang.tian
(cherry picked from c23398fb379131ad3c5c17c3d762c582796698fb) -
new imx8mn chips have Cortex-M7 inside, not like any other existing
multi-core i.MX MPU, users may manually flash mcu firmware with
fastboot, partition name need to be specified at the same time, so the
mcu firmware partition name need to be changed. related enum and
variable names are also modified.Change-Id: Ia801e76fb3a20d0074dbbc1433258358c1a53907
Signed-off-by: faqiang.zhu
Signed-off-by: Ji Luo
(cherry picked from commit dc25b7b27fa5c2293d09789a338a1aed2e3a010f) -
new imx8mn chips have Cortex-M7 inside, not like other imx8m devices
of imx8mm and imx8mq which have Cortex-M4 inside. the names of MACROs
used to boot MCU on imx8m devices is modified to make them more common
to cover M4 and M7.
annotations are also modified based on the differences between M4 and
M7.Change-Id: Ida272e6ecdf577eeaadb9f1242f4524bd1014cac
Signed-off-by: faqiang.zhu
(cherry picked from commit eb825f8d4fbc2289b9ccf8f457fcba04922c8259)
