git.sur5r.net Git - u-boot/blob

1 /*

4 *

6 *

7 * Redistribution and use in source and binary forms, with or without

8 * modification, are permitted provided that the following conditions are met:

9 * * Redistributions of source code must retain the above copyright

10 * notice, this list of conditions and the following disclaimer.

11 * * Redistributions in binary form must reproduce the above copyright

12 * notice, this list of conditions and the following disclaimer in the

13 * documentation and/or other materials provided with the distribution.

14 * * Neither the name of The Linux Foundation nor

15 * the names of its contributors may be used to endorse or promote

16 * products derived from this software without specific prior written

17 * permission.

18 *

19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"

20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

21 * IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND

22 * NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR

23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;

26 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,

27 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR

28 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF

29 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

30 *

31 */

32

33 #include <app.h>

34 #include <debug.h>

35 #include <arch/arm.h>

36 #include <string.h>

37 #include <stdlib.h>

38 #include <limits.h>

39 #include <kernel/thread.h>

40 #include <arch/ops.h>

41

42 #include <dev/flash.h>

43 #include <lib/ptable.h>

44 #include <dev/keys.h>

45 #include <dev/fbcon.h>

46 #include <baseband.h>

47 #include <target.h>

48 #include <mmc.h>

49 #include <partition_parser.h>

50 #include <platform.h>

51 #include <crypto_hash.h>

52 #include <malloc.h>

53 #include <boot_stats.h>

54 #include <sha.h>

55 #include <platform/iomap.h>

56 #include <boot_device.h>

57

58 #if DEVICE_TREE

59 #include <libfdt.h>

60 #include <dev_tree.h>

61 #endif

62

63 #include "image_verify.h"

64 #include "recovery.h"

65 #include "bootimg.h"

66 #include "fastboot.h"

67 #include "sparse_format.h"

68 #include "mmc.h"

69 #include "devinfo.h"

70 #include "board.h"

71 #include "scm.h"

72

73 extern bool target_use_signed_kernel(void);

74 extern void platform_uninit(void);

75 extern void target_uninit(void);

76 extern int get_target_boot_params(const char *cmdline, const char *part,

77 char *buf, int buflen);

78

79 void write_device_info_mmc(device_info *dev);

80 void write_device_info_flash(device_info *dev);

81

82 #define EXPAND(NAME) #NAME

83 #define TARGET(NAME) EXPAND(NAME)

84

85 #ifdef MEMBASE

86 #define EMMC_BOOT_IMG_HEADER_ADDR (0xFF000+(MEMBASE))

87 #else

88 #define EMMC_BOOT_IMG_HEADER_ADDR 0xFF000

89 #endif

90

91 #ifndef MEMSIZE

92 #define MEMSIZE 1024*1024

93 #endif

94

95 #define MAX_TAGS_SIZE 1024

96

97 #define RECOVERY_MODE 0x77665502

98 #define FASTBOOT_MODE 0x77665500

99

100 /* make 4096 as default size to ensure EFS,EXT4's erasing */

101 #define DEFAULT_ERASE_SIZE 4096

102 #define MAX_PANEL_BUF_SIZE 128

103

104 #define UBI_MAGIC "UBI#"

105 #define DISPLAY_DEFAULT_PREFIX "mdss_mdp"

106 #define UBI_MAGIC_SIZE 0x04

107 #define BOOT_DEV_MAX_LEN 64

108

109 #define IS_ARM64(ptr) (ptr->magic_64 == KERNEL64_HDR_MAGIC) ? true : false

110

111 #define ADD_OF(a, b) (UINT_MAX - b > a) ? (a + b) : UINT_MAX

112

113 #if UFS_SUPPORT

114 static const char *emmc_cmdline = " androidboot.bootdevice=";

115 #else

116 static const char *emmc_cmdline = " androidboot.emmc=true";

117 #endif

118 static const char *usb_sn_cmdline = " androidboot.serialno=";

119 static const char *androidboot_mode = " androidboot.mode=";

120 static const char *loglevel = " quiet";

121 static const char *battchg_pause = " androidboot.mode=charger";

122 static const char *auth_kernel = " androidboot.authorized_kernel=true";

123 static const char *secondary_gpt_enable = " gpt";

124

125 static const char *baseband_apq = " androidboot.baseband=apq";

126 static const char *baseband_msm = " androidboot.baseband=msm";

127 static const char *baseband_csfb = " androidboot.baseband=csfb";

128 static const char *baseband_svlte2a = " androidboot.baseband=svlte2a";

129 static const char *baseband_mdm = " androidboot.baseband=mdm";

130 static const char *baseband_mdm2 = " androidboot.baseband=mdm2";

131 static const char *baseband_sglte = " androidboot.baseband=sglte";

132 static const char *baseband_dsda = " androidboot.baseband=dsda";

133 static const char *baseband_dsda2 = " androidboot.baseband=dsda2";

134 static const char *baseband_sglte2 = " androidboot.baseband=sglte2";

135 static const char *warmboot_cmdline = " qpnp-power-on.warm_boot=1";

136

137 static unsigned page_size = 0;

138 static unsigned page_mask = 0;

139 static char ffbm_mode_string[FFBM_MODE_BUF_SIZE];

140 static bool boot_into_ffbm;

141 static char target_boot_params[64];

142

143 /* Assuming unauthorized kernel image by default */

144 static int auth_kernel_img = 0;

145

146 static device_info device = {DEVICE_MAGIC, 0, 0, 0, 0};

147

148 struct atag_ptbl_entry

149 {

150 char name[16];

151 unsigned offset;

152 unsigned size;

153 unsigned flags;

154 };

155

156 /*

157 * Partition info, required to be published

158 * for fastboot

159 */

160 struct getvar_partition_info {

161 const char part_name[MAX_GPT_NAME_SIZE]; /* Partition name */

162 char getvar_size[MAX_GET_VAR_NAME_SIZE]; /* fastboot get var name for size */

163 char getvar_type[MAX_GET_VAR_NAME_SIZE]; /* fastboot get var name for type */

164 char size_response[MAX_RSP_SIZE]; /* fastboot response for size */

165 char type_response[MAX_RSP_SIZE]; /* fastboot response for type */

166 };

167

168 /*

169 * Right now, we are publishing the info for only

170 * three partitions

171 */

172 struct getvar_partition_info part_info[] =

173 {

174 { "system" , "partition-size:", "partition-type:", "", "ext4" },

175 { "userdata", "partition-size:", "partition-type:", "", "ext4" },

176 { "cache" , "partition-size:", "partition-type:", "", "ext4" },

177 };

178

179 char max_download_size[MAX_RSP_SIZE];

180 char charger_screen_enabled[MAX_RSP_SIZE];

181 char sn_buf[13];

182 char display_panel_buf[MAX_PANEL_BUF_SIZE];

183 char panel_display_mode[MAX_RSP_SIZE];

184

185 extern int emmc_recovery_init(void);

186

187 #if NO_KEYPAD_DRIVER

188 extern int fastboot_trigger(void);

189 #endif

190

191 static void update_ker_tags_rdisk_addr(struct boot_img_hdr *hdr, bool is_arm64)

192 {

193 /* overwrite the destination of specified for the project */

194 #ifdef ABOOT_IGNORE_BOOT_HEADER_ADDRS

195 if (is_arm64)

196 hdr->kernel_addr = ABOOT_FORCE_KERNEL64_ADDR;

197 else

198 hdr->kernel_addr = ABOOT_FORCE_KERNEL_ADDR;

199 hdr->ramdisk_addr = ABOOT_FORCE_RAMDISK_ADDR;

200 hdr->tags_addr = ABOOT_FORCE_TAGS_ADDR;

201 #endif

202 }

203

204 static void ptentry_to_tag(unsigned **ptr, struct ptentry *ptn)

205 {

206 struct atag_ptbl_entry atag_ptn;

207

208 memcpy(atag_ptn.name, ptn->name, 16);

209 atag_ptn.name[15] = '\0';

210 atag_ptn.offset = ptn->start;

211 atag_ptn.size = ptn->length;

212 atag_ptn.flags = ptn->flags;

213 memcpy(*ptr, &atag_ptn, sizeof(struct atag_ptbl_entry));

214 *ptr += sizeof(struct atag_ptbl_entry) / sizeof(unsigned);

215 }

216

217 unsigned char *update_cmdline(const char * cmdline)

218 {

219 int cmdline_len = 0;

220 int have_cmdline = 0;

221 unsigned char *cmdline_final = NULL;

222 int pause_at_bootup = 0;

223 bool warm_boot = false;

224 bool gpt_exists = partition_gpt_exists();

225 int have_target_boot_params = 0;

226 char *boot_dev_buf = NULL;

227

228 if (cmdline && cmdline[0]) {

229 cmdline_len = strlen(cmdline);

230 have_cmdline = 1;

231 }

232 if (target_is_emmc_boot()) {

233 cmdline_len += strlen(emmc_cmdline);

234 #if UFS_SUPPORT

235 boot_dev_buf = (char *) malloc(sizeof(char) * BOOT_DEV_MAX_LEN);

236 ASSERT(boot_dev_buf);

237 platform_boot_dev_cmdline(boot_dev_buf);

238 cmdline_len += strlen(boot_dev_buf);

239 #endif

240 }

241

242 cmdline_len += strlen(usb_sn_cmdline);

243 cmdline_len += strlen(sn_buf);

244

245 if (boot_into_recovery && gpt_exists)

246 cmdline_len += strlen(secondary_gpt_enable);

247

248 if (boot_into_ffbm) {

249 cmdline_len += strlen(androidboot_mode);

250 cmdline_len += strlen(ffbm_mode_string);

251 /* reduce kernel console messages to speed-up boot */

252 cmdline_len += strlen(loglevel);

253 } else if (device.charger_screen_enabled &&

254 target_pause_for_battery_charge()) {

255 pause_at_bootup = 1;

256 cmdline_len += strlen(battchg_pause);

257 }

258

259 if(target_use_signed_kernel() && auth_kernel_img) {

260 cmdline_len += strlen(auth_kernel);

261 }

262

263 if (get_target_boot_params(cmdline, boot_into_recovery ? "recoveryfs" :

264 "system",

265 target_boot_params,

266 sizeof(target_boot_params)) == 0) {

267 have_target_boot_params = 1;

268 cmdline_len += strlen(target_boot_params);

269 }

270

271 /* Determine correct androidboot.baseband to use */

272 switch(target_baseband())

273 {

274 case BASEBAND_APQ:

275 cmdline_len += strlen(baseband_apq);

276 break;

277

278 case BASEBAND_MSM:

279 cmdline_len += strlen(baseband_msm);

280 break;

281

282 case BASEBAND_CSFB:

283 cmdline_len += strlen(baseband_csfb);

284 break;

285

286 case BASEBAND_SVLTE2A:

287 cmdline_len += strlen(baseband_svlte2a);

288 break;

289

290 case BASEBAND_MDM:

291 cmdline_len += strlen(baseband_mdm);

292 break;

293

294 case BASEBAND_MDM2:

295 cmdline_len += strlen(baseband_mdm2);

296 break;

297

298 case BASEBAND_SGLTE:

299 cmdline_len += strlen(baseband_sglte);

300 break;

301

302 case BASEBAND_SGLTE2:

303 cmdline_len += strlen(baseband_sglte2);

304 break;

305

306 case BASEBAND_DSDA:

307 cmdline_len += strlen(baseband_dsda);

308 break;

309

310 case BASEBAND_DSDA2:

311 cmdline_len += strlen(baseband_dsda2);

312 break;

313 }

314

315 if (cmdline) {

316 if ((strstr(cmdline, DISPLAY_DEFAULT_PREFIX) == NULL) &&

317 target_display_panel_node(device.display_panel,

318 display_panel_buf, MAX_PANEL_BUF_SIZE) &&

319 strlen(display_panel_buf)) {

320 cmdline_len += strlen(display_panel_buf);

321 }

322 }

323

324 if (target_warm_boot()) {

325 warm_boot = true;

326 cmdline_len += strlen(warmboot_cmdline);

327 }

328

329 if (cmdline_len > 0) {

330 const char *src;

331 unsigned char *dst = (unsigned char*) malloc((cmdline_len + 4) & (~3));

332 ASSERT(dst != NULL);

333

334 /* Save start ptr for debug print */

335 cmdline_final = dst;

336 if (have_cmdline) {

337 src = cmdline;

338 while ((*dst++ = *src++));

339 }

340 if (target_is_emmc_boot()) {

341 src = emmc_cmdline;

342 if (have_cmdline) --dst;

343 have_cmdline = 1;

344 while ((*dst++ = *src++));

345 #if UFS_SUPPORT

346 src = boot_dev_buf;

347 if (have_cmdline) --dst;

348 while ((*dst++ = *src++));

349 #endif

350 }

351

352 src = usb_sn_cmdline;

353 if (have_cmdline) --dst;

354 have_cmdline = 1;

355 while ((*dst++ = *src++));

356 src = sn_buf;

357 if (have_cmdline) --dst;

358 have_cmdline = 1;

359 while ((*dst++ = *src++));

360 if (warm_boot) {

361 if (have_cmdline) --dst;

362 src = warmboot_cmdline;

363 while ((*dst++ = *src++));

364 }

365

366 if (boot_into_recovery && gpt_exists) {

367 src = secondary_gpt_enable;

368 if (have_cmdline) --dst;

369 while ((*dst++ = *src++));

370 }

371

372 if (boot_into_ffbm) {

373 src = androidboot_mode;

374 if (have_cmdline) --dst;

375 while ((*dst++ = *src++));

376 src = ffbm_mode_string;

377 if (have_cmdline) --dst;

378 while ((*dst++ = *src++));

379 src = loglevel;

380 if (have_cmdline) --dst;

381 while ((*dst++ = *src++));

382 } else if (pause_at_bootup) {

383 src = battchg_pause;

384 if (have_cmdline) --dst;

385 while ((*dst++ = *src++));

386 }

387

388 if(target_use_signed_kernel() && auth_kernel_img) {

389 src = auth_kernel;

390 if (have_cmdline) --dst;

391 while ((*dst++ = *src++));

392 }

393

394 switch(target_baseband())

395 {

396 case BASEBAND_APQ:

397 src = baseband_apq;

398 if (have_cmdline) --dst;

399 while ((*dst++ = *src++));

400 break;

401

402 case BASEBAND_MSM:

403 src = baseband_msm;

404 if (have_cmdline) --dst;

405 while ((*dst++ = *src++));

406 break;

407

408 case BASEBAND_CSFB:

409 src = baseband_csfb;

410 if (have_cmdline) --dst;

411 while ((*dst++ = *src++));

412 break;

413

414 case BASEBAND_SVLTE2A:

415 src = baseband_svlte2a;

416 if (have_cmdline) --dst;

417 while ((*dst++ = *src++));

418 break;

419

420 case BASEBAND_MDM:

421 src = baseband_mdm;

422 if (have_cmdline) --dst;

423 while ((*dst++ = *src++));

424 break;

425

426 case BASEBAND_MDM2:

427 src = baseband_mdm2;

428 if (have_cmdline) --dst;

429 while ((*dst++ = *src++));

430 break;

431

432 case BASEBAND_SGLTE:

433 src = baseband_sglte;

434 if (have_cmdline) --dst;

435 while ((*dst++ = *src++));

436 break;

437

438 case BASEBAND_SGLTE2:

439 src = baseband_sglte2;

440 if (have_cmdline) --dst;

441 while ((*dst++ = *src++));

442 break;

443

444 case BASEBAND_DSDA:

445 src = baseband_dsda;

446 if (have_cmdline) --dst;

447 while ((*dst++ = *src++));

448 break;

449

450 case BASEBAND_DSDA2:

451 src = baseband_dsda2;

452 if (have_cmdline) --dst;

453 while ((*dst++ = *src++));

454 break;

455 }

456

457 if (strlen(display_panel_buf)) {

458 src = display_panel_buf;

459 if (have_cmdline) --dst;

460 while ((*dst++ = *src++));

461 }

462

463 if (have_target_boot_params) {

464 if (have_cmdline) --dst;

465 src = target_boot_params;

466 while ((*dst++ = *src++));

467 }

468 }

469

470

471 if (boot_dev_buf)

472 free(boot_dev_buf);

473

474 dprintf(INFO, "cmdline: %s\n", cmdline_final);

475 return cmdline_final;

476 }

477

478 unsigned *atag_core(unsigned *ptr)

479 {

480 /* CORE */

481 *ptr++ = 2;

482 *ptr++ = 0x54410001;

483

484 return ptr;

485

486 }

487

488 unsigned *atag_ramdisk(unsigned *ptr, void *ramdisk,

489 unsigned ramdisk_size)

490 {

491 if (ramdisk_size) {

492 *ptr++ = 4;

493 *ptr++ = 0x54420005;

494 *ptr++ = (unsigned)ramdisk;

495 *ptr++ = ramdisk_size;

496 }

497

498 return ptr;

499 }

500

501 unsigned *atag_ptable(unsigned **ptr_addr)

502 {

503 int i;

504 struct ptable *ptable;

505

506 if ((ptable = flash_get_ptable()) && (ptable->count != 0)) {

507 *(*ptr_addr)++ = 2 + (ptable->count * (sizeof(struct atag_ptbl_entry) /

508 sizeof(unsigned)));

509 *(*ptr_addr)++ = 0x4d534d70;

510 for (i = 0; i < ptable->count; ++i)

511 ptentry_to_tag(ptr_addr, ptable_get(ptable, i));

512 }

513

514 return (*ptr_addr);

515 }

516

517 unsigned *atag_cmdline(unsigned *ptr, const char *cmdline)

518 {

519 int cmdline_length = 0;

520 int n;

521 char *dest;

522

523 cmdline_length = strlen((const char*)cmdline);

524 n = (cmdline_length + 4) & (~3);

525

526 *ptr++ = (n / 4) + 2;

527 *ptr++ = 0x54410009;

528 dest = (char *) ptr;

529 while ((*dest++ = *cmdline++));

530 ptr += (n / 4);

531

532 return ptr;

533 }

534

535 unsigned *atag_end(unsigned *ptr)

536 {

537 /* END */

538 *ptr++ = 0;

539 *ptr++ = 0;

540

541 return ptr;

542 }

543

544 void generate_atags(unsigned *ptr, const char *cmdline,

545 void *ramdisk, unsigned ramdisk_size)

546 {

547

548 ptr = atag_core(ptr);

549 ptr = atag_ramdisk(ptr, ramdisk, ramdisk_size);

550 ptr = target_atag_mem(ptr);

551

552 /* Skip NAND partition ATAGS for eMMC boot */

553 if (!target_is_emmc_boot()){

554 ptr = atag_ptable(&ptr);

555 }

556

557 ptr = atag_cmdline(ptr, cmdline);

558 ptr = atag_end(ptr);

559 }

560

561 typedef void entry_func_ptr(unsigned, unsigned, unsigned*);

562 void boot_linux(void *kernel, unsigned *tags,

563 const char *cmdline, unsigned machtype,

564 void *ramdisk, unsigned ramdisk_size)

565 {

566 unsigned char *final_cmdline;

567 #if DEVICE_TREE

568 int ret = 0;

569 #endif

570

571 void (*entry)(unsigned, unsigned, unsigned*) = (entry_func_ptr*)(PA((addr_t)kernel));

572 uint32_t tags_phys = PA((addr_t)tags);

573 struct kernel64_hdr *kptr = (struct kernel64_hdr*)kernel;

574

575 ramdisk = PA(ramdisk);

576

577 final_cmdline = update_cmdline((const char*)cmdline);

578

579 #if DEVICE_TREE

580 dprintf(INFO, "Updating device tree: start\n");

581

582 /* Update the Device Tree */

583 ret = update_device_tree((void *)tags, final_cmdline, ramdisk, ramdisk_size);

584 if(ret)

585 {

586 dprintf(CRITICAL, "ERROR: Updating Device Tree Failed \n");

587 ASSERT(0);

588 }

589 dprintf(INFO, "Updating device tree: done\n");

590 #else

591 /* Generating the Atags */

592 generate_atags(tags, final_cmdline, ramdisk, ramdisk_size);

593 #endif

594

595 /* Perform target specific cleanup */

596 target_uninit();

597

598 /* Turn off splash screen if enabled */

599 #if DISPLAY_SPLASH_SCREEN

600 target_display_shutdown();

601 #endif

602

603

604 dprintf(INFO, "booting linux @ %p, ramdisk @ %p (%d), tags/device tree @ %p\n",

605 entry, ramdisk, ramdisk_size, tags_phys);

606

607 enter_critical_section();

608

609 /* do any platform specific cleanup before kernel entry */

610 platform_uninit();

611

612 arch_disable_cache(UCACHE);

613

614 #if ARM_WITH_MMU

615 arch_disable_mmu();

616 #endif

617 bs_set_timestamp(BS_KERNEL_ENTRY);

618

619 if (IS_ARM64(kptr))

620 /* Jump to a 64bit kernel */

621 scm_elexec_call((paddr_t)kernel, tags_phys);

622 else

623 /* Jump to a 32bit kernel */

624 entry(0, machtype, (unsigned*)tags_phys);

625 }

626

627 /* Function to check if the memory address range falls within the aboot

628 * boundaries.

629 * start: Start of the memory region

630 * size: Size of the memory region

631 */

632 int check_aboot_addr_range_overlap(uint32_t start, uint32_t size)

633 {

634 /* Check for boundary conditions. */

635 if ((UINT_MAX - start) < size)

636 return -1;

637

638 /* Check for memory overlap. */

639 if ((start < MEMBASE) && ((start + size) <= MEMBASE))

640 return 0;

641 else if (start >= (MEMBASE + MEMSIZE))

642 return 0;

643 else

644 return -1;

645 }

646

647 #define ROUND_TO_PAGE(x,y) (((x) + (y)) & (~(y)))

648

649 BUF_DMA_ALIGN(buf, BOOT_IMG_MAX_PAGE_SIZE); //Equal to max-supported pagesize

650 #if DEVICE_TREE

651 BUF_DMA_ALIGN(dt_buf, BOOT_IMG_MAX_PAGE_SIZE);

652 #endif

653

654 static void verify_signed_bootimg(uint32_t bootimg_addr, uint32_t bootimg_size)

655 {

656 int ret;

657 #if IMAGE_VERIF_ALGO_SHA1

658 uint32_t auth_algo = CRYPTO_AUTH_ALG_SHA1;

659 #else

660 uint32_t auth_algo = CRYPTO_AUTH_ALG_SHA256;

661 #endif

662

663 /* Assume device is rooted at this time. */

664 device.is_tampered = 1;

665

666 dprintf(INFO, "Authenticating boot image (%d): start\n", bootimg_size);

667

668 ret = image_verify((unsigned char *)bootimg_addr,

669 (unsigned char *)(bootimg_addr + bootimg_size),

670 bootimg_size,

671 auth_algo);

672

673 dprintf(INFO, "Authenticating boot image: done return value = %d\n", ret);

674

675 if (ret)

676 {

677 /* Authorized kernel */

678 device.is_tampered = 0;

679 auth_kernel_img = 1;

680 }

681

682 #if USE_PCOM_SECBOOT

683 set_tamper_flag(device.is_tampered);

684 #endif

685

686 if(device.is_tampered)

687 {

688 write_device_info_mmc(&device);

689 #ifdef TZ_TAMPER_FUSE

690 set_tamper_fuse_cmd();

691 #endif

692 #ifdef ASSERT_ON_TAMPER

693 dprintf(CRITICAL, "Device is tampered. Asserting..\n");

694 ASSERT(0);

695 #endif

696 }

697 }

698

699 static bool check_format_bit()

700 {

701 bool ret = false;

702 int index;

703 uint64_t offset;

704 struct boot_selection_info *in = NULL;

705 char *buf = NULL;

706

707 index = partition_get_index("bootselect");

708 if (index == INVALID_PTN)

709 {

710 dprintf(INFO, "Unable to locate /bootselect partition\n");

711 return ret;

712 }

713 offset = partition_get_offset(index);

714 if(!offset)

715 {

716 dprintf(INFO, "partition /bootselect doesn't exist\n");

717 return ret;

718 }

719 buf = (char *) memalign(CACHE_LINE, ROUNDUP(page_size, CACHE_LINE));

720 ASSERT(buf);

721 if (mmc_read(offset, (unsigned int *)buf, page_size))

722 {

723 dprintf(INFO, "mmc read failure /bootselect %d\n", page_size);

724 free(buf);

725 return ret;

726 }

727 in = (struct boot_selection_info *) buf;

728 if ((in->signature == BOOTSELECT_SIGNATURE) &&

729 (in->version == BOOTSELECT_VERSION)) {

730 if ((in->state_info & BOOTSELECT_FORMAT) &&

731 !(in->state_info & BOOTSELECT_FACTORY))

732 ret = true;

733 } else {

734 dprintf(CRITICAL, "Signature: 0x%08x or version: 0x%08x mismatched of /bootselect\n",

735 in->signature, in->version);

736 ASSERT(0);

737 }

738 free(buf);

739 return ret;

740 }

741

742 int boot_linux_from_mmc(void)

743 {

744 struct boot_img_hdr *hdr = (void*) buf;

745 struct boot_img_hdr *uhdr;

746 unsigned offset = 0;

747 int rcode;

748 unsigned long long ptn = 0;

749 int index = INVALID_PTN;

750

751 unsigned char *image_addr = 0;

752 unsigned kernel_actual;

753 unsigned ramdisk_actual;

754 unsigned imagesize_actual;

755 unsigned second_actual = 0;

756

757 #if DEVICE_TREE

758 struct dt_table *table;

759 struct dt_entry dt_entry;

760 unsigned dt_table_offset;

761 uint32_t dt_actual;

762 uint32_t dt_hdr_size;

763 #endif

764 BUF_DMA_ALIGN(kbuf, BOOT_IMG_MAX_PAGE_SIZE);

765 struct kernel64_hdr *kptr = (void*) kbuf;

766

767 if (check_format_bit())

768 boot_into_recovery = 1;

769

770 if (!boot_into_recovery) {

771 memset(ffbm_mode_string, '\0', sizeof(ffbm_mode_string));

772 rcode = get_ffbm(ffbm_mode_string, sizeof(ffbm_mode_string));

773 if (rcode <= 0) {

774 boot_into_ffbm = false;

775 if (rcode < 0)

776 dprintf(CRITICAL,"failed to get ffbm cookie");

777 } else

778 boot_into_ffbm = true;

779 } else

780 boot_into_ffbm = false;

781 uhdr = (struct boot_img_hdr *)EMMC_BOOT_IMG_HEADER_ADDR;

782 if (!memcmp(uhdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE)) {

783 dprintf(INFO, "Unified boot method!\n");

784 hdr = uhdr;

785 goto unified_boot;

786 }

787 if (!boot_into_recovery) {

788 index = partition_get_index("boot");

789 ptn = partition_get_offset(index);

790 if(ptn == 0) {

791 dprintf(CRITICAL, "ERROR: No boot partition found\n");

792 return -1;

793 }

794 }

795 else {

796 index = partition_get_index("recovery");

797 ptn = partition_get_offset(index);

798 if(ptn == 0) {

799 dprintf(CRITICAL, "ERROR: No recovery partition found\n");

800 return -1;

801 }

802 }

803

804 if (mmc_read(ptn + offset, (unsigned int *) buf, page_size)) {

805 dprintf(CRITICAL, "ERROR: Cannot read boot image header\n");

806 return -1;

807 }

808

809 if (memcmp(hdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE)) {

810 dprintf(CRITICAL, "ERROR: Invalid boot image header\n");

811 return -1;

812 }

813

814 if (hdr->page_size && (hdr->page_size != page_size)) {

815

816 if (hdr->page_size > BOOT_IMG_MAX_PAGE_SIZE) {

817 dprintf(CRITICAL, "ERROR: Invalid page size\n");

818 return -1;

819 }

820 page_size = hdr->page_size;

821 page_mask = page_size - 1;

822 }

823

824 /* Read the next page to get kernel Image header

825 * which lives in the second page for arm64 targets.

826 */

827

828 if (mmc_read(ptn + page_size, (unsigned int *) kbuf, page_size)) {

829 dprintf(CRITICAL, "ERROR: Cannot read boot image header\n");

830 return -1;

831 }

832

833 /*

834 * Update the kernel/ramdisk/tags address if the boot image header

835 * has default values, these default values come from mkbootimg when

836 * the boot image is flashed using fastboot flash:raw

837 */

838 update_ker_tags_rdisk_addr(hdr, IS_ARM64(kptr));

839

840 /* Get virtual addresses since the hdr saves physical addresses. */

841 hdr->kernel_addr = VA((addr_t)(hdr->kernel_addr));

842 hdr->ramdisk_addr = VA((addr_t)(hdr->ramdisk_addr));

843 hdr->tags_addr = VA((addr_t)(hdr->tags_addr));

844

845 kernel_actual = ROUND_TO_PAGE(hdr->kernel_size, page_mask);

846 ramdisk_actual = ROUND_TO_PAGE(hdr->ramdisk_size, page_mask);

847

848 /* Check if the addresses in the header are valid. */

849 if (check_aboot_addr_range_overlap(hdr->kernel_addr, kernel_actual) ||

850 check_aboot_addr_range_overlap(hdr->ramdisk_addr, ramdisk_actual))

851 {

852 dprintf(CRITICAL, "kernel/ramdisk addresses overlap with aboot addresses.\n");

853 return -1;

854 }

855

856 #ifndef DEVICE_TREE

857 if (check_aboot_addr_range_overlap(hdr->tags_addr, MAX_TAGS_SIZE))

858 {

859 dprintf(CRITICAL, "Tags addresses overlap with aboot addresses.\n");

860 return -1;

861 }

862 #endif

863

864 /* Authenticate Kernel */

865 dprintf(INFO, "use_signed_kernel=%d, is_unlocked=%d, is_tampered=%d.\n",

866 (int) target_use_signed_kernel(),

867 device.is_unlocked,

868 device.is_tampered);

869

870 if(target_use_signed_kernel() && (!device.is_unlocked))

871 {

872 offset = 0;

873

874 image_addr = (unsigned char *)target_get_scratch_address();

875

876 #if DEVICE_TREE

877 dt_actual = ROUND_TO_PAGE(hdr->dt_size, page_mask);

878 imagesize_actual = (page_size + kernel_actual + ramdisk_actual + dt_actual);

879

880 if (check_aboot_addr_range_overlap(hdr->tags_addr, dt_actual))

881 {

882 dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n");

883 return -1;

884 }

885 #else

886 imagesize_actual = (page_size + kernel_actual + ramdisk_actual);

887

888 #endif

889

890 dprintf(INFO, "Loading boot image (%d): start\n", imagesize_actual);

891 bs_set_timestamp(BS_KERNEL_LOAD_START);

892

893 if (check_aboot_addr_range_overlap(image_addr, imagesize_actual))

894 {

895 dprintf(CRITICAL, "Boot image buffer address overlaps with aboot addresses.\n");

896 return -1;

897 }

898

899 /* Read image without signature */

900 if (mmc_read(ptn + offset, (void *)image_addr, imagesize_actual))

901 {

902 dprintf(CRITICAL, "ERROR: Cannot read boot image\n");

903 return -1;

904 }

905

906 dprintf(INFO, "Loading boot image (%d): done\n", imagesize_actual);

907 bs_set_timestamp(BS_KERNEL_LOAD_DONE);

908

909 offset = imagesize_actual;

910

911 if (check_aboot_addr_range_overlap(image_addr + offset, page_size))

912 {

913 dprintf(CRITICAL, "Signature read buffer address overlaps with aboot addresses.\n");

914 return -1;

915 }

916

917 /* Read signature */

918 if(mmc_read(ptn + offset, (void *)(image_addr + offset), page_size))

919 {

920 dprintf(CRITICAL, "ERROR: Cannot read boot image signature\n");

921 return -1;

922 }

923

924 verify_signed_bootimg(image_addr, imagesize_actual);

925

926 /* Move kernel, ramdisk and device tree to correct address */

927 memmove((void*) hdr->kernel_addr, (char *)(image_addr + page_size), hdr->kernel_size);

928 memmove((void*) hdr->ramdisk_addr, (char *)(image_addr + page_size + kernel_actual), hdr->ramdisk_size);

929

930 #if DEVICE_TREE

931 if(hdr->dt_size) {

932 dt_table_offset = ((uint32_t)image_addr + page_size + kernel_actual + ramdisk_actual + second_actual);

933 table = (struct dt_table*) dt_table_offset;

934

935 if (dev_tree_validate(table, hdr->page_size, &dt_hdr_size) != 0) {

936 dprintf(CRITICAL, "ERROR: Cannot validate Device Tree Table \n");

937 return -1;

938 }

939

940 /* Find index of device tree within device tree table */

941 if(dev_tree_get_entry_info(table, &dt_entry) != 0){

942 dprintf(CRITICAL, "ERROR: Device Tree Blob cannot be found\n");

943 return -1;

944 }

945

946 /* Validate and Read device device tree in the "tags_add */

947 if (check_aboot_addr_range_overlap(hdr->tags_addr, dt_entry.size))

948 {

949 dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n");

950 return -1;

951 }

952

953 memmove((void *)hdr->tags_addr, (char *)dt_table_offset + dt_entry.offset, dt_entry.size);

954 } else {

955 /*

956 * If appended dev tree is found, update the atags with

957 * memory address to the DTB appended location on RAM.

958 * Else update with the atags address in the kernel header

959 */

960 void *dtb;

961 dtb = dev_tree_appended((void*) hdr->kernel_addr,

962 hdr->kernel_size,

963 (void *)hdr->tags_addr);

964 if (!dtb) {

965 dprintf(CRITICAL, "ERROR: Appended Device Tree Blob not found\n");

966 return -1;

967 }

968 }

969 #endif

970 }

971 else

972 {

973 second_actual = ROUND_TO_PAGE(hdr->second_size, page_mask);

974

975 dprintf(INFO, "Loading boot image (%d): start\n",

976 kernel_actual + ramdisk_actual);

977 bs_set_timestamp(BS_KERNEL_LOAD_START);

978

979 offset = page_size;

980

981 /* Load kernel */

982 if (mmc_read(ptn + offset, (void *)hdr->kernel_addr, kernel_actual)) {

983 dprintf(CRITICAL, "ERROR: Cannot read kernel image\n");

984 return -1;

985 }

986 offset += kernel_actual;

987

988 /* Load ramdisk */

989 if(ramdisk_actual != 0)

990 {

991 if (mmc_read(ptn + offset, (void *)hdr->ramdisk_addr, ramdisk_actual)) {

992 dprintf(CRITICAL, "ERROR: Cannot read ramdisk image\n");

993 return -1;

994 }

995 }

996 offset += ramdisk_actual;

997

998 dprintf(INFO, "Loading boot image (%d): done\n",

999 kernel_actual + ramdisk_actual);

1000 bs_set_timestamp(BS_KERNEL_LOAD_DONE);

1001

1002 if(hdr->second_size != 0) {

1003 offset += second_actual;

1004 /* Second image loading not implemented. */

1005 ASSERT(0);

1006 }

1007

1008 #if DEVICE_TREE

1009 if(hdr->dt_size != 0) {

1010 /* Read the first page of device tree table into buffer */

1011 if(mmc_read(ptn + offset,(unsigned int *) dt_buf, page_size)) {

1012 dprintf(CRITICAL, "ERROR: Cannot read the Device Tree Table\n");

1013 return -1;

1014 }

1015 table = (struct dt_table*) dt_buf;

1016

1017 if (dev_tree_validate(table, hdr->page_size, &dt_hdr_size) != 0) {

1018 dprintf(CRITICAL, "ERROR: Cannot validate Device Tree Table \n");

1019 return -1;

1020 }

1021

1022 table = (struct dt_table*) memalign(CACHE_LINE, dt_hdr_size);

1023 if (!table)

1024 return -1;

1025

1026 /* Read the entire device tree table into buffer */

1027 if(mmc_read(ptn + offset,(unsigned int *) table, dt_hdr_size)) {

1028 dprintf(CRITICAL, "ERROR: Cannot read the Device Tree Table\n");

1029 return -1;

1030 }

1031

1032 /* Find index of device tree within device tree table */

1033 if(dev_tree_get_entry_info(table, &dt_entry) != 0){

1034 dprintf(CRITICAL, "ERROR: Getting device tree address failed\n");

1035 return -1;

1036 }

1037

1038 /* Validate and Read device device tree in the "tags_add */

1039 if (check_aboot_addr_range_overlap(hdr->tags_addr, dt_entry.size))

1040 {

1041 dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n");

1042 return -1;

1043 }

1044

1045 if(mmc_read(ptn + offset + dt_entry.offset,

1046 (void *)hdr->tags_addr, dt_entry.size)) {

1047 dprintf(CRITICAL, "ERROR: Cannot read device tree\n");

1048 return -1;

1049 }

1050 #ifdef TZ_SAVE_KERNEL_HASH

1051 aboot_save_boot_hash_mmc(hdr->kernel_addr, kernel_actual,

1052 hdr->ramdisk_addr, ramdisk_actual,

1053 ptn, offset, hdr->dt_size);

1054 #endif /* TZ_SAVE_KERNEL_HASH */

1055

1056 } else {

1057

1058 /* Validate the tags_addr */

1059 if (check_aboot_addr_range_overlap(hdr->tags_addr, kernel_actual))

1060 {

1061 dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n");

1062 return -1;

1063 }

1064 /*

1065 * If appended dev tree is found, update the atags with

1066 * memory address to the DTB appended location on RAM.

1067 * Else update with the atags address in the kernel header

1068 */

1069 void *dtb;

1070 dtb = dev_tree_appended((void*) hdr->kernel_addr,

1071 kernel_actual,

1072 (void *)hdr->tags_addr);

1073 if (!dtb) {

1074 dprintf(CRITICAL, "ERROR: Appended Device Tree Blob not found\n");

1075 return -1;

1076 }

1077 }

1078 #endif

1079 }

1080

1081 if (boot_into_recovery && !device.is_unlocked && !device.is_tampered)

1082 target_load_ssd_keystore();

1083

1084 unified_boot:

1085

1086 boot_linux((void *)hdr->kernel_addr, (void *)hdr->tags_addr,

1087 (const char *)hdr->cmdline, board_machtype(),

1088 (void *)hdr->ramdisk_addr, hdr->ramdisk_size);

1089

1090 return 0;

1091 }

1092

1093 int boot_linux_from_flash(void)

1094 {

1095 struct boot_img_hdr *hdr = (void*) buf;

1096 struct ptentry *ptn;

1097 struct ptable *ptable;

1098 unsigned offset = 0;

1099

1100 unsigned char *image_addr = 0;

1101 unsigned kernel_actual;

1102 unsigned ramdisk_actual;

1103 unsigned imagesize_actual;

1104 unsigned second_actual;

1105

1106 #if DEVICE_TREE

1107 struct dt_table *table;

1108 struct dt_entry dt_entry;

1109 uint32_t dt_actual;

1110 uint32_t dt_hdr_size;

1111 #endif

1112

1113 if (target_is_emmc_boot()) {

1114 hdr = (struct boot_img_hdr *)EMMC_BOOT_IMG_HEADER_ADDR;

1115 if (memcmp(hdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE)) {

1116 dprintf(CRITICAL, "ERROR: Invalid boot image header\n");

1117 return -1;

1118 }

1119 goto continue_boot;

1120 }

1121

1122 ptable = flash_get_ptable();

1123 if (ptable == NULL) {

1124 dprintf(CRITICAL, "ERROR: Partition table not found\n");

1125 return -1;

1126 }

1127

1128 if(!boot_into_recovery)

1129 {

1130 ptn = ptable_find(ptable, "boot");

1131

1132 if (ptn == NULL) {

1133 dprintf(CRITICAL, "ERROR: No boot partition found\n");

1134 return -1;

1135 }

1136 }

1137 else

1138 {

1139 ptn = ptable_find(ptable, "recovery");

1140 if (ptn == NULL) {

1141 dprintf(CRITICAL, "ERROR: No recovery partition found\n");

1142 return -1;

1143 }

1144 }

1145

1146 if (flash_read(ptn, offset, buf, page_size)) {

1147 dprintf(CRITICAL, "ERROR: Cannot read boot image header\n");

1148 return -1;

1149 }

1150

1151 if (memcmp(hdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE)) {

1152 dprintf(CRITICAL, "ERROR: Invalid boot image header\n");

1153 return -1;

1154 }

1155

1156 if (hdr->page_size != page_size) {

1157 dprintf(CRITICAL, "ERROR: Invalid boot image pagesize. Device pagesize: %d, Image pagesize: %d\n",page_size,hdr->page_size);

1158 return -1;

1159 }

1160

1161 /*

1162 * Update the kernel/ramdisk/tags address if the boot image header

1163 * has default values, these default values come from mkbootimg when

1164 * the boot image is flashed using fastboot flash:raw

1165 */

1166 update_ker_tags_rdisk_addr(hdr, false);

1167

1168 /* Get virtual addresses since the hdr saves physical addresses. */

1169 hdr->kernel_addr = VA((addr_t)(hdr->kernel_addr));

1170 hdr->ramdisk_addr = VA((addr_t)(hdr->ramdisk_addr));

1171 hdr->tags_addr = VA((addr_t)(hdr->tags_addr));

1172

1173 kernel_actual = ROUND_TO_PAGE(hdr->kernel_size, page_mask);

1174 ramdisk_actual = ROUND_TO_PAGE(hdr->ramdisk_size, page_mask);

1175

1176 /* Check if the addresses in the header are valid. */

1177 if (check_aboot_addr_range_overlap(hdr->kernel_addr, kernel_actual) ||

1178 check_aboot_addr_range_overlap(hdr->ramdisk_addr, ramdisk_actual))

1179 {

1180 dprintf(CRITICAL, "kernel/ramdisk addresses overlap with aboot addresses.\n");

1181 return -1;

1182 }

1183

1184 #ifndef DEVICE_TREE

1185 if (check_aboot_addr_range_overlap(hdr->tags_addr, MAX_TAGS_SIZE))

1186 {

1187 dprintf(CRITICAL, "Tags addresses overlap with aboot addresses.\n");

1188 return -1;

1189 }

1190 #endif

1191

1192 /* Authenticate Kernel */

1193 if(target_use_signed_kernel() && (!device.is_unlocked))

1194 {

1195 image_addr = (unsigned char *)target_get_scratch_address();

1196 offset = 0;

1197

1198 #if DEVICE_TREE

1199 dt_actual = ROUND_TO_PAGE(hdr->dt_size, page_mask);

1200 imagesize_actual = (page_size + kernel_actual + ramdisk_actual + dt_actual);

1201

1202 if (check_aboot_addr_range_overlap(hdr->tags_addr, hdr->dt_size))

1203 {

1204 dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n");

1205 return -1;

1206 }

1207 #else

1208 imagesize_actual = (page_size + kernel_actual + ramdisk_actual);

1209 #endif

1210

1211 dprintf(INFO, "Loading boot image (%d): start\n", imagesize_actual);

1212 bs_set_timestamp(BS_KERNEL_LOAD_START);

1213

1214 /* Read image without signature */

1215 if (flash_read(ptn, offset, (void *)image_addr, imagesize_actual))

1216 {

1217 dprintf(CRITICAL, "ERROR: Cannot read boot image\n");

1218 return -1;

1219 }

1220

1221 dprintf(INFO, "Loading boot image (%d): done\n", imagesize_actual);

1222 bs_set_timestamp(BS_KERNEL_LOAD_DONE);

1223

1224 offset = imagesize_actual;

1225 /* Read signature */

1226 if (flash_read(ptn, offset, (void *)(image_addr + offset), page_size))

1227 {

1228 dprintf(CRITICAL, "ERROR: Cannot read boot image signature\n");

1229 return -1;

1230 }

1231

1232 verify_signed_bootimg(image_addr, imagesize_actual);

1233

1234 /* Move kernel and ramdisk to correct address */

1235 memmove((void*) hdr->kernel_addr, (char *)(image_addr + page_size), hdr->kernel_size);

1236 memmove((void*) hdr->ramdisk_addr, (char *)(image_addr + page_size + kernel_actual), hdr->ramdisk_size);

1237 #if DEVICE_TREE

1238 /* Validate and Read device device tree in the "tags_add */

1239 if (check_aboot_addr_range_overlap(hdr->tags_addr, dt_entry.size))

1240 {

1241 dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n");

1242 return -1;

1243 }

1244

1245 memmove((void*) hdr->tags_addr, (char *)(image_addr + page_size + kernel_actual + ramdisk_actual), hdr->dt_size);

1246 #endif

1247

1248 /* Make sure everything from scratch address is read before next step!*/

1249 if(device.is_tampered)

1250 {

1251 write_device_info_flash(&device);

1252 }

1253 #if USE_PCOM_SECBOOT

1254 set_tamper_flag(device.is_tampered);

1255 #endif

1256 }

1257 else

1258 {

1259 offset = page_size;

1260

1261 kernel_actual = ROUND_TO_PAGE(hdr->kernel_size, page_mask);

1262 ramdisk_actual = ROUND_TO_PAGE(hdr->ramdisk_size, page_mask);

1263 second_actual = ROUND_TO_PAGE(hdr->second_size, page_mask);

1264

1265 dprintf(INFO, "Loading boot image (%d): start\n",

1266 kernel_actual + ramdisk_actual);

1267 bs_set_timestamp(BS_KERNEL_LOAD_START);

1268

1269 if (flash_read(ptn, offset, (void *)hdr->kernel_addr, kernel_actual)) {

1270 dprintf(CRITICAL, "ERROR: Cannot read kernel image\n");

1271 return -1;

1272 }

1273 offset += kernel_actual;

1274

1275 if (flash_read(ptn, offset, (void *)hdr->ramdisk_addr, ramdisk_actual)) {

1276 dprintf(CRITICAL, "ERROR: Cannot read ramdisk image\n");

1277 return -1;

1278 }

1279 offset += ramdisk_actual;

1280

1281 dprintf(INFO, "Loading boot image (%d): done\n",

1282 kernel_actual + ramdisk_actual);

1283 bs_set_timestamp(BS_KERNEL_LOAD_DONE);

1284

1285 if(hdr->second_size != 0) {

1286 offset += second_actual;

1287 /* Second image loading not implemented. */

1288 ASSERT(0);

1289 }

1290

1291 #if DEVICE_TREE

1292 if(hdr->dt_size != 0) {

1293

1294 /* Read the device tree table into buffer */

1295 if(flash_read(ptn, offset, (void *) dt_buf, page_size)) {

1296 dprintf(CRITICAL, "ERROR: Cannot read the Device Tree Table\n");

1297 return -1;

1298 }

1299

1300 table = (struct dt_table*) dt_buf;

1301

1302 if (dev_tree_validate(table, hdr->page_size, &dt_hdr_size) != 0) {

1303 dprintf(CRITICAL, "ERROR: Cannot validate Device Tree Table \n");

1304 return -1;

1305 }

1306

1307 table = (struct dt_table*) memalign(CACHE_LINE, dt_hdr_size);

1308 if (!table)

1309 return -1;

1310

1311 /* Read the entire device tree table into buffer */

1312 if(flash_read(ptn, offset, (void *)table, dt_hdr_size)) {

1313 dprintf(CRITICAL, "ERROR: Cannot read the Device Tree Table\n");

1314 return -1;

1315 }

1316

1317

1318 /* Find index of device tree within device tree table */

1319 if(dev_tree_get_entry_info(table, &dt_entry) != 0){

1320 dprintf(CRITICAL, "ERROR: Getting device tree address failed\n");

1321 return -1;

1322 }

1323

1324 /* Validate and Read device device tree in the "tags_add */

1325 if (check_aboot_addr_range_overlap(hdr->tags_addr, dt_entry.size))

1326 {

1327 dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n");

1328 return -1;

1329 }

1330

1331 /* Read device device tree in the "tags_add */

1332 if(flash_read(ptn, offset + dt_entry.offset,

1333 (void *)hdr->tags_addr, dt_entry.size)) {

1334 dprintf(CRITICAL, "ERROR: Cannot read device tree\n");

1335 return -1;

1336 }

1337 }

1338 #endif

1339

1340 }

1341 continue_boot:

1342

1343 /* TODO: create/pass atags to kernel */

1344

1345 boot_linux((void *)hdr->kernel_addr, (void *)hdr->tags_addr,

1346 (const char *)hdr->cmdline, board_machtype(),

1347 (void *)hdr->ramdisk_addr, hdr->ramdisk_size);

1348

1349 return 0;

1350 }

1351

1352 BUF_DMA_ALIGN(info_buf, BOOT_IMG_MAX_PAGE_SIZE);

1353 void write_device_info_mmc(device_info *dev)

1354 {

1355 struct device_info *info = (void*) info_buf;

1356 unsigned long long ptn = 0;

1357 unsigned long long size;

1358 int index = INVALID_PTN;

1359 uint32_t blocksize;

1360 uint8_t lun = 0;

1361

1362 index = partition_get_index("aboot");

1363 ptn = partition_get_offset(index);

1364 if(ptn == 0)

1365 {

1366 return;

1367 }

1368

1369 lun = partition_get_lun(index);

1370 mmc_set_lun(lun);

1371

1372 size = partition_get_size(index);

1373

1374 memcpy(info, dev, sizeof(device_info));

1375

1376 blocksize = mmc_get_device_blocksize();

1377

1378 if(mmc_write((ptn + size - blocksize), blocksize, (void *)info_buf))

1379 {

1380 dprintf(CRITICAL, "ERROR: Cannot write device info\n");

1381 return;

1382 }

1383 }

1384

1385 void read_device_info_mmc(device_info *dev)

1386 {

1387 struct device_info *info = (void*) info_buf;

1388 unsigned long long ptn = 0;

1389 unsigned long long size;

1390 int index = INVALID_PTN;

1391 uint32_t blocksize;

1392

1393 index = partition_get_index("aboot");

1394 ptn = partition_get_offset(index);

1395 if(ptn == 0)

1396 {

1397 return;

1398 }

1399

1400 size = partition_get_size(index);

1401

1402 blocksize = mmc_get_device_blocksize();

1403

1404 if(mmc_read((ptn + size - blocksize), (void *)info_buf, blocksize))

1405 {

1406 dprintf(CRITICAL, "ERROR: Cannot read device info\n");

1407 return;

1408 }

1409

1410 if (memcmp(info->magic, DEVICE_MAGIC, DEVICE_MAGIC_SIZE))

1411 {

1412 memcpy(info->magic, DEVICE_MAGIC, DEVICE_MAGIC_SIZE);

1413 info->is_unlocked = 0;

1414 info->is_tampered = 0;

1415 info->charger_screen_enabled = 0;

1416

1417 write_device_info_mmc(info);

1418 }

1419 memcpy(dev, info, sizeof(device_info));

1420 }

1421

1422 void write_device_info_flash(device_info *dev)

1423 {

1424 struct device_info *info = (void *) info_buf;

1425 struct ptentry *ptn;

1426 struct ptable *ptable;

1427

1428 ptable = flash_get_ptable();

1429 if (ptable == NULL)

1430 {

1431 dprintf(CRITICAL, "ERROR: Partition table not found\n");

1432 return;

1433 }

1434

1435 ptn = ptable_find(ptable, "devinfo");

1436 if (ptn == NULL)

1437 {

1438 dprintf(CRITICAL, "ERROR: No boot partition found\n");

1439 return;

1440 }

1441

1442 memcpy(info, dev, sizeof(device_info));

1443

1444 if (flash_write(ptn, 0, (void *)info_buf, page_size))

1445 {

1446 dprintf(CRITICAL, "ERROR: Cannot write device info\n");

1447 return;

1448 }

1449 }

1450

1451 void read_device_info_flash(device_info *dev)

1452 {

1453 struct device_info *info = (void*) info_buf;

1454 struct ptentry *ptn;

1455 struct ptable *ptable;

1456

1457 ptable = flash_get_ptable();

1458 if (ptable == NULL)

1459 {

1460 dprintf(CRITICAL, "ERROR: Partition table not found\n");

1461 return;

1462 }

1463

1464 ptn = ptable_find(ptable, "devinfo");

1465 if (ptn == NULL)

1466 {

1467 dprintf(CRITICAL, "ERROR: No boot partition found\n");

1468 return;

1469 }

1470

1471 if (flash_read(ptn, 0, (void *)info_buf, page_size))

1472 {

1473 dprintf(CRITICAL, "ERROR: Cannot write device info\n");

1474 return;

1475 }

1476

1477 if (memcmp(info->magic, DEVICE_MAGIC, DEVICE_MAGIC_SIZE))

1478 {

1479 memcpy(info->magic, DEVICE_MAGIC, DEVICE_MAGIC_SIZE);

1480 info->is_unlocked = 0;

1481 info->is_tampered = 0;

1482 write_device_info_flash(info);

1483 }

1484 memcpy(dev, info, sizeof(device_info));

1485 }

1486

1487 void write_device_info(device_info *dev)

1488 {

1489 if(target_is_emmc_boot())

1490 {

1491 write_device_info_mmc(dev);

1492 }

1493 else

1494 {

1495 write_device_info_flash(dev);

1496 }

1497 }

1498

1499 void read_device_info(device_info *dev)

1500 {

1501 if(target_is_emmc_boot())

1502 {

1503 read_device_info_mmc(dev);

1504 }

1505 else

1506 {

1507 read_device_info_flash(dev);

1508 }

1509 }

1510

1511 void reset_device_info()

1512 {

1513 dprintf(ALWAYS, "reset_device_info called.");

1514 device.is_tampered = 0;

1515 write_device_info(&device);

1516 }

1517

1518 void set_device_root()

1519 {

1520 dprintf(ALWAYS, "set_device_root called.");

1521 device.is_tampered = 1;

1522 write_device_info(&device);

1523 }

1524

1525 #if DEVICE_TREE

1526 int copy_dtb(uint8_t *boot_image_start)

1527 {

1528 uint32 dt_image_offset = 0;

1529 uint32_t n;

1530 struct dt_table *table;

1531 struct dt_entry dt_entry;

1532 uint32_t dt_hdr_size;

1533

1534 struct boot_img_hdr *hdr = (struct boot_img_hdr *) (boot_image_start);

1535

1536 if(hdr->dt_size != 0) {

1537

1538 /* add kernel offset */

1539 dt_image_offset += page_size;

1540 n = ROUND_TO_PAGE(hdr->kernel_size, page_mask);

1541 dt_image_offset += n;

1542

1543 /* add ramdisk offset */

1544 n = ROUND_TO_PAGE(hdr->ramdisk_size, page_mask);

1545 dt_image_offset += n;

1546

1547 /* add second offset */

1548 if(hdr->second_size != 0) {

1549 n = ROUND_TO_PAGE(hdr->second_size, page_mask);

1550 dt_image_offset += n;

1551 }

1552

1553 /* offset now point to start of dt.img */

1554 table = (struct dt_table*)(boot_image_start + dt_image_offset);

1555

1556 if (dev_tree_validate(table, hdr->page_size, &dt_hdr_size) != 0) {

1557 dprintf(CRITICAL, "ERROR: Cannot validate Device Tree Table \n");

1558 return -1;

1559 }

1560 /* Find index of device tree within device tree table */

1561 if(dev_tree_get_entry_info(table, &dt_entry) != 0){

1562 dprintf(CRITICAL, "ERROR: Getting device tree address failed\n");

1563 return -1;

1564 }

1565

1566 /* Validate and Read device device tree in the "tags_add */

1567 if (check_aboot_addr_range_overlap(hdr->tags_addr, dt_entry.size))

1568 {

1569 dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n");

1570 return -1;

1571 }

1572

1573 /* Read device device tree in the "tags_add */

1574 memmove((void*) hdr->tags_addr,

1575 boot_image_start + dt_image_offset + dt_entry.offset,

1576 dt_entry.size);

1577 } else

1578 return -1;

1579

1580 /* Everything looks fine. Return success. */

1581 return 0;

1582 }

1583 #endif

1584

1585 void cmd_boot(const char *arg, void *data, unsigned sz)

1586 {

1587 unsigned kernel_actual;

1588 unsigned ramdisk_actual;

1589 uint32_t image_actual;

1590 uint32_t dt_actual = 0;

1591 uint32_t sig_actual = SIGNATURE_SIZE;

1592 struct boot_img_hdr *hdr;

1593 struct kernel64_hdr *kptr;

1594 char *ptr = ((char*) data);

1595 int ret = 0;

1596 uint8_t dtb_copied = 0;

1597

1598 if (sz < sizeof(hdr)) {

1599 fastboot_fail("invalid bootimage header");

1600 return;

1601 }

1602

1603 hdr = (struct boot_img_hdr *)data;

1604

1605 /* ensure commandline is terminated */

1606 hdr->cmdline[BOOT_ARGS_SIZE-1] = 0;

1607

1608 if(target_is_emmc_boot() && hdr->page_size) {

1609 page_size = hdr->page_size;

1610 page_mask = page_size - 1;

1611 }

1612

1613 kernel_actual = ROUND_TO_PAGE(hdr->kernel_size, page_mask);

1614 ramdisk_actual = ROUND_TO_PAGE(hdr->ramdisk_size, page_mask);

1615 #if DEVICE_TREE

1616 dt_actual = ROUND_TO_PAGE(hdr->dt_size, page_mask);

1617 #endif

1618

1619 image_actual = ADD_OF(page_size, kernel_actual);

1620 image_actual = ADD_OF(image_actual, ramdisk_actual);

1621 image_actual = ADD_OF(image_actual, dt_actual);

1622

1623 if (target_use_signed_kernel() && (!device.is_unlocked))

1624 image_actual = ADD_OF(image_actual, sig_actual);

1625

1626 /* sz should have atleast raw boot image */

1627 if (image_actual > sz) {

1628 fastboot_fail("bootimage: incomplete or not signed");

1629 return;

1630 }

1631

1632 /* Verify the boot image

1633 * device & page_size are initialized in aboot_init

1634 */

1635 if (target_use_signed_kernel() && (!device.is_unlocked))

1636 /* Pass size excluding signature size, otherwise we would try to

1637 * access signature beyond its length

1638 */

1639 verify_signed_bootimg((uint32_t)data, (image_actual - sig_actual));

1640

1641 /*

1642 * Update the kernel/ramdisk/tags address if the boot image header

1643 * has default values, these default values come from mkbootimg when

1644 * the boot image is flashed using fastboot flash:raw

1645 */

1646 kptr = (struct kernel64_hdr*)((char*) data + page_size);

1647 update_ker_tags_rdisk_addr(hdr, IS_ARM64(kptr));

1648

1649 /* Get virtual addresses since the hdr saves physical addresses. */

1650 hdr->kernel_addr = VA(hdr->kernel_addr);

1651 hdr->ramdisk_addr = VA(hdr->ramdisk_addr);

1652 hdr->tags_addr = VA(hdr->tags_addr);

1653

1654 /* Check if the addresses in the header are valid. */

1655 if (check_aboot_addr_range_overlap(hdr->kernel_addr, kernel_actual) ||

1656 check_aboot_addr_range_overlap(hdr->ramdisk_addr, ramdisk_actual))

1657 {

1658 dprintf(CRITICAL, "kernel/ramdisk addresses overlap with aboot addresses.\n");

1659 return;

1660 }

1661

1662 #if DEVICE_TREE

1663 /* find correct dtb and copy it to right location */

1664 ret = copy_dtb(data);

1665

1666 dtb_copied = !ret ? 1 : 0;

1667 #else

1668 if (check_aboot_addr_range_overlap(hdr->tags_addr, MAX_TAGS_SIZE))

1669 {

1670 dprintf(CRITICAL, "Tags addresses overlap with aboot addresses.\n");

1671 return;

1672 }

1673 #endif

1674

1675 /* Load ramdisk & kernel */

1676 memmove((void*) hdr->ramdisk_addr, ptr + page_size + kernel_actual, hdr->ramdisk_size);

1677 memmove((void*) hdr->kernel_addr, ptr + page_size, hdr->kernel_size);

1678

1679 #if DEVICE_TREE

1680 /*

1681 * If dtb is not found look for appended DTB in the kernel.

1682 * If appended dev tree is found, update the atags with

1683 * memory address to the DTB appended location on RAM.

1684 * Else update with the atags address in the kernel header

1685 */

1686 if (!dtb_copied) {

1687 void *dtb;

1688 dtb = dev_tree_appended((void *)hdr->kernel_addr, hdr->kernel_size,

1689 (void *)hdr->tags_addr);

1690 if (!dtb) {

1691 fastboot_fail("dtb not found");

1692 return;

1693 }

1694 }

1695 #endif

1696

1697 #ifndef DEVICE_TREE

1698 if (check_aboot_addr_range_overlap(hdr->tags_addr, MAX_TAGS_SIZE))

1699 {

1700 dprintf(CRITICAL, "Tags addresses overlap with aboot addresses.\n");

1701 return;

1702 }

1703 #endif

1704

1705 fastboot_okay("");

1706 fastboot_stop();

1707

1708 boot_linux((void*) hdr->kernel_addr, (void*) hdr->tags_addr,

1709 (const char*) hdr->cmdline, board_machtype(),

1710 (void*) hdr->ramdisk_addr, hdr->ramdisk_size);

1711 }

1712

1713 void cmd_erase(const char *arg, void *data, unsigned sz)

1714 {

1715 struct ptentry *ptn;

1716 struct ptable *ptable;

1717

1718 ptable = flash_get_ptable();

1719 if (ptable == NULL) {

1720 fastboot_fail("partition table doesn't exist");

1721 return;

1722 }

1723

1724 ptn = ptable_find(ptable, arg);

1725 if (ptn == NULL) {

1726 fastboot_fail("unknown partition name");

1727 return;

1728 }

1729

1730 if (flash_erase(ptn)) {

1731 fastboot_fail("failed to erase partition");

1732 return;

1733 }

1734 fastboot_okay("");

1735 }

1736

1737

1738 void cmd_erase_mmc(const char *arg, void *data, unsigned sz)

1739 {

1740 BUF_DMA_ALIGN(out, DEFAULT_ERASE_SIZE);

1741 unsigned long long ptn = 0;

1742 unsigned long long size = 0;

1743 int index = INVALID_PTN;

1744 uint8_t lun = 0;

1745

1746 index = partition_get_index(arg);

1747 ptn = partition_get_offset(index);

1748 size = partition_get_size(index);

1749

1750 if(ptn == 0) {

1751 fastboot_fail("Partition table doesn't exist\n");

1752 return;

1753 }

1754

1755 lun = partition_get_lun(index);

1756 mmc_set_lun(lun);

1757

1758 #if MMC_SDHCI_SUPPORT

1759 if (mmc_erase_card(ptn, size)) {

1760 fastboot_fail("failed to erase partition\n");

1761 return;

1762 }

1763 #else

1764 size = partition_get_size(index);

1765 if (size > DEFAULT_ERASE_SIZE)

1766 size = DEFAULT_ERASE_SIZE;

1767

1768 /* Simple inefficient version of erase. Just writing

1769 0 in first several blocks */

1770 if (mmc_write(ptn , size, (unsigned int *)out)) {

1771 fastboot_fail("failed to erase partition");

1772 return;

1773 }

1774 #endif

1775 fastboot_okay("");

1776 }

1777

1778

1779 void cmd_flash_mmc_img(const char *arg, void *data, unsigned sz)

1780 {

1781 unsigned long long ptn = 0;

1782 unsigned long long size = 0;

1783 int index = INVALID_PTN;

1784 char *token = NULL;

1785 char *pname = NULL;

1786 uint8_t lun = 0;

1787 bool lun_set = false;

1788

1789 token = strtok(arg, ":");

1790 pname = token;

1791 token = strtok(NULL, ":");

1792 if(token)

1793 {

1794 lun = atoi(token);

1795 mmc_set_lun(lun);

1796 lun_set = true;

1797 }

1798

1799 if (pname)

1800 {

1801 if (!strcmp(pname, "partition"))

1802 {

1803 dprintf(INFO, "Attempt to write partition image.\n");

1804 if (write_partition(sz, (unsigned char *) data)) {

1805 fastboot_fail("failed to write partition");

1806 return;

1807 }

1808 }

1809 else

1810 {

1811 index = partition_get_index(pname);

1812 ptn = partition_get_offset(index);

1813 if(ptn == 0) {

1814 fastboot_fail("partition table doesn't exist");

1815 return;

1816 }

1817

1818 if (!strcmp(pname, "boot") || !strcmp(pname, "recovery")) {

1819 if (memcmp((void *)data, BOOT_MAGIC, BOOT_MAGIC_SIZE)) {

1820 fastboot_fail("image is not a boot image");

1821 return;

1822 }

1823 }

1824

1825 if(!lun_set)

1826 {

1827 lun = partition_get_lun(index);

1828 mmc_set_lun(lun);

1829 }

1830

1831 size = partition_get_size(index);

1832 if (ROUND_TO_PAGE(sz,511) > size) {

1833 fastboot_fail("size too large");

1834 return;

1835 }

1836 else if (mmc_write(ptn , sz, (unsigned int *)data)) {

1837 fastboot_fail("flash write failure");

1838 return;

1839 }

1840 }

1841 }

1842 fastboot_okay("");

1843 return;

1844 }

1845

1846 void cmd_flash_mmc_sparse_img(const char *arg, void *data, unsigned sz)

1847 {

1848 unsigned int chunk;

1849 unsigned int chunk_data_sz;

1850 uint32_t *fill_buf = NULL;

1851 uint32_t fill_val;

1852 uint32_t chunk_blk_cnt = 0;

1853 sparse_header_t *sparse_header;

1854 chunk_header_t *chunk_header;

1855 uint32_t total_blocks = 0;

1856 unsigned long long ptn = 0;

1857 unsigned long long size = 0;

1858 int index = INVALID_PTN;

1859 int i;

1860 uint8_t lun = 0;

1861

1862 index = partition_get_index(arg);

1863 ptn = partition_get_offset(index);

1864 if(ptn == 0) {

1865 fastboot_fail("partition table doesn't exist");

1866 return;

1867 }

1868

1869 size = partition_get_size(index);

1870 if (ROUND_TO_PAGE(sz,511) > size) {

1871 fastboot_fail("size too large");

1872 return;

1873 }

1874

1875 lun = partition_get_lun(index);

1876 mmc_set_lun(lun);

1877

1878 /* Read and skip over sparse image header */

1879 sparse_header = (sparse_header_t *) data;

1880 if ((sparse_header->total_blks * sparse_header->blk_sz) > size) {

1881 fastboot_fail("size too large");

1882 return;

1883 }

1884

1885 data += sparse_header->file_hdr_sz;

1886 if(sparse_header->file_hdr_sz > sizeof(sparse_header_t))

1887 {

1888 /* Skip the remaining bytes in a header that is longer than

1889 * we expected.

1890 */

1891 data += (sparse_header->file_hdr_sz - sizeof(sparse_header_t));

1892 }

1893

1894 dprintf (SPEW, "=== Sparse Image Header ===\n");

1895 dprintf (SPEW, "magic: 0x%x\n", sparse_header->magic);

1896 dprintf (SPEW, "major_version: 0x%x\n", sparse_header->major_version);

1897 dprintf (SPEW, "minor_version: 0x%x\n", sparse_header->minor_version);

1898 dprintf (SPEW, "file_hdr_sz: %d\n", sparse_header->file_hdr_sz);

1899 dprintf (SPEW, "chunk_hdr_sz: %d\n", sparse_header->chunk_hdr_sz);

1900 dprintf (SPEW, "blk_sz: %d\n", sparse_header->blk_sz);

1901 dprintf (SPEW, "total_blks: %d\n", sparse_header->total_blks);

1902 dprintf (SPEW, "total_chunks: %d\n", sparse_header->total_chunks);

1903

1904 /* Start processing chunks */

1905 for (chunk=0; chunk<sparse_header->total_chunks; chunk++)

1906 {

1907 /* Read and skip over chunk header */

1908 chunk_header = (chunk_header_t *) data;

1909 data += sizeof(chunk_header_t);

1910

1911 dprintf (SPEW, "=== Chunk Header ===\n");

1912 dprintf (SPEW, "chunk_type: 0x%x\n", chunk_header->chunk_type);

1913 dprintf (SPEW, "chunk_data_sz: 0x%x\n", chunk_header->chunk_sz);

1914 dprintf (SPEW, "total_size: 0x%x\n", chunk_header->total_sz);

1915

1916 if(sparse_header->chunk_hdr_sz > sizeof(chunk_header_t))

1917 {

1918 /* Skip the remaining bytes in a header that is longer than

1919 * we expected.

1920 */

1921 data += (sparse_header->chunk_hdr_sz - sizeof(chunk_header_t));

1922 }

1923

1924 chunk_data_sz = sparse_header->blk_sz * chunk_header->chunk_sz;

1925 switch (chunk_header->chunk_type)

1926 {

1927 case CHUNK_TYPE_RAW:

1928 if(chunk_header->total_sz != (sparse_header->chunk_hdr_sz +

1929 chunk_data_sz))

1930 {

1931 fastboot_fail("Bogus chunk size for chunk type Raw");

1932 return;

1933 }

1934

1935 if(mmc_write(ptn + ((uint64_t)total_blocks*sparse_header->blk_sz),

1936 chunk_data_sz,

1937 (unsigned int*)data))

1938 {

1939 fastboot_fail("flash write failure");

1940 return;

1941 }

1942 total_blocks += chunk_header->chunk_sz;

1943 data += chunk_data_sz;

1944 break;

1945

1946 case CHUNK_TYPE_FILL:

1947 if(chunk_header->total_sz != (sparse_header->chunk_hdr_sz +

1948 sizeof(uint32_t)))

1949 {

1950 fastboot_fail("Bogus chunk size for chunk type FILL");

1951 return;

1952 }

1953

1954 fill_buf = (uint32_t *)memalign(CACHE_LINE, ROUNDUP(sparse_header->blk_sz, CACHE_LINE));

1955 if (!fill_buf)

1956 {

1957 fastboot_fail("Malloc failed for: CHUNK_TYPE_FILL");

1958 return;

1959 }

1960

1961 fill_val = *(uint32_t *)data;

1962 data = (char *) data + sizeof(uint32_t);

1963 chunk_blk_cnt = chunk_data_sz / sparse_header->blk_sz;

1964

1965 for (i = 0; i < (sparse_header->blk_sz / sizeof(fill_val)); i++)

1966 {

1967 fill_buf[i] = fill_val;

1968 }

1969

1970 for (i = 0; i < chunk_blk_cnt; i++)

1971 {

1972 if(mmc_write(ptn + ((uint64_t)total_blocks*sparse_header->blk_sz),

1973 sparse_header->blk_sz,

1974 fill_buf))

1975 {

1976 fastboot_fail("flash write failure");

1977 free(fill_buf);

1978 return;

1979 }

1980

1981 total_blocks++;

1982 }

1983

1984 free(fill_buf);

1985 break;

1986

1987 case CHUNK_TYPE_DONT_CARE:

1988 total_blocks += chunk_header->chunk_sz;

1989 break;

1990

1991 case CHUNK_TYPE_CRC:

1992 if(chunk_header->total_sz != sparse_header->chunk_hdr_sz)

1993 {

1994 fastboot_fail("Bogus chunk size for chunk type Dont Care");

1995 return;

1996 }

1997 total_blocks += chunk_header->chunk_sz;

1998 data += chunk_data_sz;

1999 break;

2000

2001 default:

2002 dprintf(CRITICAL, "Unkown chunk type: %x\n",chunk_header->chunk_type);

2003 fastboot_fail("Unknown chunk type");

2004 return;

2005 }

2006 }

2007

2008 dprintf(INFO, "Wrote %d blocks, expected to write %d blocks\n",

2009 total_blocks, sparse_header->total_blks);

2010

2011 if(total_blocks != sparse_header->total_blks)

2012 {

2013 fastboot_fail("sparse image write failure");

2014 }

2015

2016 fastboot_okay("");

2017 return;

2018 }

2019

2020 void cmd_flash_mmc(const char *arg, void *data, unsigned sz)

2021 {

2022 sparse_header_t *sparse_header;

2023 /* 8 Byte Magic + 2048 Byte xml + Encrypted Data */

2024 unsigned int *magic_number = (unsigned int *) data;

2025

2026 #ifdef SSD_ENABLE

2027 int ret=0;

2028 uint32 major_version=0;

2029 uint32 minor_version=0;

2030

2031 ret = scm_svc_version(&major_version,&minor_version);

2032 if(!ret)

2033 {

2034 if(major_version >= 2)

2035 {

2036 if( !strcmp(arg, "ssd") || !strcmp(arg, "tqs") )

2037 {

2038 ret = encrypt_scm((uint32 **) &data, &sz);

2039 if (ret != 0) {

2040 dprintf(CRITICAL, "ERROR: Encryption Failure\n");

2041 return;

2042 }

2043

2044 /* Protect only for SSD */

2045 if (!strcmp(arg, "ssd")) {

2046 ret = scm_protect_keystore((uint32 *) data, sz);

2047 if (ret != 0) {

2048 dprintf(CRITICAL, "ERROR: scm_protect_keystore Failed\n");

2049 return;

2050 }

2051 }

2052 }

2053 else

2054 {

2055 ret = decrypt_scm_v2((uint32 **) &data, &sz);

2056 if(ret != 0)

2057 {

2058 dprintf(CRITICAL,"ERROR: Decryption Failure\n");

2059 return;

2060 }

2061 }

2062 }

2063 else

2064 {

2065 if (magic_number[0] == DECRYPT_MAGIC_0 &&

2066 magic_number[1] == DECRYPT_MAGIC_1)

2067 {

2068 ret = decrypt_scm((uint32 **) &data, &sz);

2069 if (ret != 0) {

2070 dprintf(CRITICAL, "ERROR: Invalid secure image\n");

2071 return;

2072 }

2073 }

2074 else if (magic_number[0] == ENCRYPT_MAGIC_0 &&

2075 magic_number[1] == ENCRYPT_MAGIC_1)

2076 {

2077 ret = encrypt_scm((uint32 **) &data, &sz);

2078 if (ret != 0) {

2079 dprintf(CRITICAL, "ERROR: Encryption Failure\n");

2080 return;

2081 }

2082 }

2083 }

2084 }

2085 else

2086 {

2087 dprintf(CRITICAL,"INVALID SVC Version\n");

2088 return;

2089 }

2090 #endif /* SSD_ENABLE */

2091

2092 sparse_header = (sparse_header_t *) data;

2093 if (sparse_header->magic != SPARSE_HEADER_MAGIC)

2094 cmd_flash_mmc_img(arg, data, sz);

2095 else

2096 cmd_flash_mmc_sparse_img(arg, data, sz);

2097 return;

2098 }

2099

2100 void cmd_flash(const char *arg, void *data, unsigned sz)

2101 {

2102 struct ptentry *ptn;

2103 struct ptable *ptable;

2104 unsigned extra = 0;

2105

2106 ptable = flash_get_ptable();

2107 if (ptable == NULL) {

2108 fastboot_fail("partition table doesn't exist");

2109 return;

2110 }

2111

2112 ptn = ptable_find(ptable, arg);

2113 if (ptn == NULL) {

2114 fastboot_fail("unknown partition name");

2115 return;

2116 }

2117

2118 if (!strcmp(ptn->name, "boot") || !strcmp(ptn->name, "recovery")) {

2119 if (memcmp((void *)data, BOOT_MAGIC, BOOT_MAGIC_SIZE)) {

2120 fastboot_fail("image is not a boot image");

2121 return;

2122 }

2123 }

2124

2125 if (!strcmp(ptn->name, "system")

2126 || !strcmp(ptn->name, "userdata")

2127 || !strcmp(ptn->name, "persist")

2128 || !strcmp(ptn->name, "recoveryfs")

2129 || !strcmp(ptn->name, "modem"))

2130 {

2131 if (memcmp((void *)data, UBI_MAGIC, UBI_MAGIC_SIZE))

2132 extra = 1;

2133 else

2134 extra = 0;

2135 }

2136 else

2137 sz = ROUND_TO_PAGE(sz, page_mask);

2138

2139 dprintf(INFO, "writing %d bytes to '%s'\n", sz, ptn->name);

2140 if (flash_write(ptn, extra, data, sz)) {

2141 fastboot_fail("flash write failure");

2142 return;

2143 }

2144 dprintf(INFO, "partition '%s' updated\n", ptn->name);

2145 fastboot_okay("");

2146 }

2147

2148 void cmd_continue(const char *arg, void *data, unsigned sz)

2149 {

2150 fastboot_okay("");

2151 fastboot_stop();

2152 if (target_is_emmc_boot())

2153 {

2154 boot_linux_from_mmc();

2155 }

2156 else

2157 {

2158 boot_linux_from_flash();

2159 }

2160 }

2161

2162 void cmd_reboot(const char *arg, void *data, unsigned sz)

2163 {

2164 dprintf(INFO, "rebooting the device\n");

2165 fastboot_okay("");

2166 reboot_device(0);

2167 }

2168

2169 void cmd_reboot_bootloader(const char *arg, void *data, unsigned sz)

2170 {

2171 dprintf(INFO, "rebooting the device\n");

2172 fastboot_okay("");

2173 reboot_device(FASTBOOT_MODE);

2174 }

2175

2176 void cmd_oem_enable_charger_screen(const char *arg, void *data, unsigned size)

2177 {

2178 dprintf(INFO, "Enabling charger screen check\n");

2179 device.charger_screen_enabled = 1;

2180 write_device_info(&device);

2181 fastboot_okay("");

2182 }

2183

2184 void cmd_oem_disable_charger_screen(const char *arg, void *data, unsigned size)

2185 {

2186 dprintf(INFO, "Disabling charger screen check\n");

2187 device.charger_screen_enabled = 0;

2188 write_device_info(&device);

2189 fastboot_okay("");

2190 }

2191

2192 void cmd_oem_select_display_panel(const char *arg, void *data, unsigned size)

2193 {

2194 dprintf(INFO, "Selecting display panel %s\n", arg);

2195 if (arg)

2196 strlcpy(device.display_panel, arg,

2197 sizeof(device.display_panel));

2198 write_device_info(&device);

2199 fastboot_okay("");

2200 }

2201

2202 void cmd_oem_unlock(const char *arg, void *data, unsigned sz)

2203 {

2204 if(!device.is_unlocked)

2205 {

2206 device.is_unlocked = 1;

2207 write_device_info(&device);

2208 }

2209 fastboot_okay("");

2210 }

2211

2212 void cmd_oem_devinfo(const char *arg, void *data, unsigned sz)

2213 {

2214 char response[128];

2215 snprintf(response, sizeof(response), "\tDevice tampered: %s", (device.is_tampered ? "true" : "false"));

2216 fastboot_info(response);

2217 snprintf(response, sizeof(response), "\tDevice unlocked: %s", (device.is_unlocked ? "true" : "false"));

2218 fastboot_info(response);

2219 snprintf(response, sizeof(response), "\tCharger screen enabled: %s", (device.charger_screen_enabled ? "true" : "false"));

2220 fastboot_info(response);

2221 snprintf(response, sizeof(response), "\tDisplay panel: %s", (device.display_panel));

2222 fastboot_info(response);

2223 fastboot_okay("");

2224 }

2225

2226 void cmd_preflash(const char *arg, void *data, unsigned sz)

2227 {

2228 fastboot_okay("");

2229 }

2230

2231 static struct fbimage logo_header = {0};

2232 struct fbimage* splash_screen_flash();

2233

2234 int splash_screen_check_header(struct fbimage *logo)

2235 {

2236 if (memcmp(logo->header.magic, LOGO_IMG_MAGIC, 8))

2237 return -1;

2238 if (logo->header.width == 0 || logo->header.height == 0)

2239 return -1;

2240 return 0;

2241 }

2242

2243 struct fbimage* splash_screen_flash()

2244 {

2245 struct ptentry *ptn;

2246 struct ptable *ptable;

2247 struct fbcon_config *fb_display = NULL;

2248 struct fbimage *logo = &logo_header;

2249

2250

2251 ptable = flash_get_ptable();

2252 if (ptable == NULL) {

2253 dprintf(CRITICAL, "ERROR: Partition table not found\n");

2254 return NULL;

2255 }

2256 ptn = ptable_find(ptable, "splash");

2257 if (ptn == NULL) {

2258 dprintf(CRITICAL, "ERROR: splash Partition not found\n");

2259 return NULL;

2260 }

2261

2262 if (flash_read(ptn, 0,(unsigned int *) logo, sizeof(logo->header))) {

2263 dprintf(CRITICAL, "ERROR: Cannot read boot image header\n");

2264 return NULL;

2265 }

2266

2267 if (splash_screen_check_header(logo)) {

2268 dprintf(CRITICAL, "ERROR: Boot image header invalid\n");

2269 return NULL;

2270 }

2271

2272 fb_display = fbcon_display();

2273 if (fb_display) {

2274 uint8_t *base = (uint8_t *) fb_display->base;

2275 if (logo->header.width != fb_display->width || logo->header.height != fb_display->height) {

2276 base += LOGO_IMG_OFFSET;

2277 }

2278

2279 if (flash_read(ptn + sizeof(logo->header), 0,

2280 base,

2281 ((((logo->header.width * logo->header.height * fb_display->bpp/8) + 511) >> 9) << 9))) {

2282 fbcon_clear();

2283 dprintf(CRITICAL, "ERROR: Cannot read splash image\n");

2284 return NULL;

2285 }

2286 logo->image = base;

2287 }

2288

2289 return logo;

2290 }

2291

2292 struct fbimage* splash_screen_mmc()

2293 {

2294 int index = INVALID_PTN;

2295 unsigned long long ptn = 0;

2296 struct fbcon_config *fb_display = NULL;

2297 struct fbimage *logo = &logo_header;

2298

2299 index = partition_get_index("splash");

2300 if (index == 0) {

2301 dprintf(CRITICAL, "ERROR: splash Partition table not found\n");

2302 return NULL;

2303 }

2304

2305 ptn = partition_get_offset(index);

2306 if (ptn == 0) {

2307 dprintf(CRITICAL, "ERROR: splash Partition invalid\n");

2308 return NULL;

2309 }

2310

2311 if (mmc_read(ptn, (unsigned int *) logo, sizeof(logo->header))) {

2312 dprintf(CRITICAL, "ERROR: Cannot read splash image header\n");

2313 return NULL;

2314 }

2315

2316 if (splash_screen_check_header(logo)) {

2317 dprintf(CRITICAL, "ERROR: Splash image header invalid\n");

2318 return NULL;

2319 }

2320

2321 fb_display = fbcon_display();

2322 if (fb_display) {

2323 uint8_t *base = (uint8_t *) fb_display->base;

2324 if (logo->header.width != fb_display->width || logo->header.height != fb_display->height)

2325 base += LOGO_IMG_OFFSET;

2326

2327 if (mmc_read(ptn + sizeof(logo->header),

2328 base,

2329 ((((logo->header.width * logo->header.height * fb_display->bpp/8) + 511) >> 9) << 9))) {

2330 fbcon_clear();

2331 dprintf(CRITICAL, "ERROR: Cannot read splash image\n");

2332 return NULL;

2333 }

2334

2335 logo->image = base;

2336 }

2337

2338 return logo;

2339 }

2340

2341

2342 struct fbimage* fetch_image_from_partition()

2343 {

2344 if (target_is_emmc_boot()) {

2345 return splash_screen_mmc();

2346 } else {

2347 return splash_screen_flash();

2348 }

2349 }

2350

2351 /* Get the size from partiton name */

2352 static void get_partition_size(const char *arg, char *response)

2353 {

2354 uint64_t ptn = 0;

2355 uint64_t size;

2356 int index = INVALID_PTN;

2357

2358 index = partition_get_index(arg);

2359

2360 if (index == INVALID_PTN)

2361 {

2362 dprintf(CRITICAL, "Invalid partition index\n");

2363 return;

2364 }

2365

2366 ptn = partition_get_offset(index);

2367

2368 if(!ptn)

2369 {

2370 dprintf(CRITICAL, "Invalid partition name %s\n", arg);

2371 return;

2372 }

2373

2374 size = partition_get_size(index);

2375

2376 snprintf(response, MAX_RSP_SIZE, "\t 0x%llx", size);

2377 return;

2378 }

2379

2380 /*

2381 * Publish the partition type & size info

2382 * fastboot getvar will publish the required information.

2383 * fastboot getvar partition_size:<partition_name>: partition size in hex

2384 * fastboot getvar partition_type:<partition_name>: partition type (ext/fat)

2385 */

2386 static void publish_getvar_partition_info(struct getvar_partition_info *info, uint8_t num_parts)

2387 {

2388 uint8_t i;

2389

2390 for (i = 0; i < num_parts; i++) {

2391 get_partition_size(info[i].part_name, info[i].size_response);

2392

2393 if (strlcat(info[i].getvar_size, info[i].part_name, MAX_GET_VAR_NAME_SIZE) >= MAX_GET_VAR_NAME_SIZE)

2394 {

2395 dprintf(CRITICAL, "partition size name truncated\n");

2396 return;

2397 }

2398 if (strlcat(info[i].getvar_type, info[i].part_name, MAX_GET_VAR_NAME_SIZE) >= MAX_GET_VAR_NAME_SIZE)

2399 {

2400 dprintf(CRITICAL, "partition type name truncated\n");

2401 return;

2402 }

2403

2404 /* publish partition size & type info */

2405 fastboot_publish((const char *) info[i].getvar_size, (const char *) info[i].size_response);

2406 fastboot_publish((const char *) info[i].getvar_type, (const char *) info[i].type_response);

2407 }

2408 }

2409

2410 /* register commands and variables for fastboot */

2411 void aboot_fastboot_register_commands(void)

2412 {

2413 if (target_is_emmc_boot())

2414 {

2415 fastboot_register("flash:", cmd_flash_mmc);

2416 fastboot_register("erase:", cmd_erase_mmc);

2417 }

2418 else

2419 {

2420 fastboot_register("flash:", cmd_flash);

2421 fastboot_register("erase:", cmd_erase);

2422 }

2423

2424 fastboot_register("boot", cmd_boot);

2425 fastboot_register("continue", cmd_continue);

2426 fastboot_register("reboot", cmd_reboot);

2427 fastboot_register("reboot-bootloader", cmd_reboot_bootloader);

2428 fastboot_register("oem unlock", cmd_oem_unlock);

2429 fastboot_register("oem device-info", cmd_oem_devinfo);

2430 fastboot_register("preflash", cmd_preflash);

2431 fastboot_register("oem enable-charger-screen",

2432 cmd_oem_enable_charger_screen);

2433 fastboot_register("oem disable-charger-screen",

2434 cmd_oem_disable_charger_screen);

2435 fastboot_register("oem select-display-panel",

2436 cmd_oem_select_display_panel);

2437 /* publish variables and their values */

2438 fastboot_publish("product", TARGET(BOARD));

2439 fastboot_publish("kernel", "lk");

2440 fastboot_publish("serialno", sn_buf);

2441

2442 /*

2443 * partition info is supported only for emmc partitions

2444 * Calling this for NAND prints some error messages which

2445 * is harmless but misleading. Avoid calling this for NAND

2446 * devices.

2447 */

2448 if (target_is_emmc_boot())

2449 publish_getvar_partition_info(part_info, ARRAY_SIZE(part_info));

2450

2451 /* Max download size supported */

2452 snprintf(max_download_size, MAX_RSP_SIZE, "\t0x%x",

2453 target_get_max_flash_size());

2454 fastboot_publish("max-download-size", (const char *) max_download_size);

2455 /* Is the charger screen check enabled */

2456 snprintf(charger_screen_enabled, MAX_RSP_SIZE, "%d",

2457 device.charger_screen_enabled);

2458 fastboot_publish("charger-screen-enabled",

2459 (const char *) charger_screen_enabled);

2460 snprintf(panel_display_mode, MAX_RSP_SIZE, "%s",

2461 device.display_panel);

2462 fastboot_publish("display-panel",

2463 (const char *) panel_display_mode);

2464 }

2465

2466 void aboot_init(const struct app_descriptor *app)

2467 {

2468 unsigned reboot_mode = 0;

2469 bool boot_into_fastboot = false;

2470

2471 /* Setup page size information for nv storage */

2472 if (target_is_emmc_boot())

2473 {

2474 page_size = mmc_page_size();

2475 page_mask = page_size - 1;

2476 }

2477 else

2478 {

2479 page_size = flash_page_size();

2480 page_mask = page_size - 1;

2481 }

2482

2483 ASSERT((MEMBASE + MEMSIZE) > MEMBASE);

2484

2485 read_device_info(&device);

2486

2487 /* Display splash screen if enabled */

2488 #if DISPLAY_SPLASH_SCREEN

2489 dprintf(SPEW, "Display Init: Start\n");

2490 target_display_init(device.display_panel);

2491 dprintf(SPEW, "Display Init: Done\n");

2492 #endif

2493

2494

2495 target_serialno((unsigned char *) sn_buf);

2496 dprintf(SPEW,"serial number: %s\n",sn_buf);

2497

2498 memset(display_panel_buf, '\0', MAX_PANEL_BUF_SIZE);

2499

2500 /* Check if we should do something other than booting up */

2501 if (keys_get_state(KEY_VOLUMEUP) && keys_get_state(KEY_VOLUMEDOWN))

2502 {

2503 dprintf(ALWAYS,"dload mode key sequence detected\n");

2504 if (set_download_mode(EMERGENCY_DLOAD))

2505 {

2506 dprintf(CRITICAL,"dload mode not supported by target\n");

2507 }

2508 else

2509 {

2510 reboot_device(DLOAD);

2511 dprintf(CRITICAL,"Failed to reboot into dload mode\n");

2512 }

2513 boot_into_fastboot = true;

2514 }

2515 if (!boot_into_fastboot)

2516 {

2517 if (keys_get_state(KEY_HOME) || keys_get_state(KEY_VOLUMEUP))

2518 boot_into_recovery = 1;

2519 if (!boot_into_recovery &&

2520 (keys_get_state(KEY_BACK) || keys_get_state(KEY_VOLUMEDOWN)))

2521 boot_into_fastboot = true;

2522 }

2523 #if NO_KEYPAD_DRIVER

2524 if (fastboot_trigger())

2525 boot_into_fastboot = true;

2526 #endif

2527

2528 reboot_mode = check_reboot_mode();

2529 if (reboot_mode == RECOVERY_MODE) {

2530 boot_into_recovery = 1;

2531 } else if(reboot_mode == FASTBOOT_MODE) {

2532 boot_into_fastboot = true;

2533 }

2534

2535 if (!boot_into_fastboot)

2536 {

2537 if (target_is_emmc_boot())

2538 {

2539 if(emmc_recovery_init())

2540 dprintf(ALWAYS,"error in emmc_recovery_init\n");

2541 if(target_use_signed_kernel())

2542 {

2543 if((device.is_unlocked) || (device.is_tampered))

2544 {

2545 #ifdef TZ_TAMPER_FUSE

2546 set_tamper_fuse_cmd();

2547 #endif

2548 #if USE_PCOM_SECBOOT

2549 set_tamper_flag(device.is_tampered);

2550 #endif

2551 }

2552 }

2553 boot_linux_from_mmc();

2554 }

2555 else

2556 {

2557 recovery_init();

2558 #if USE_PCOM_SECBOOT

2559 if((device.is_unlocked) || (device.is_tampered))

2560 set_tamper_flag(device.is_tampered);

2561 #endif

2562 boot_linux_from_flash();

2563 }

2564 dprintf(CRITICAL, "ERROR: Could not do normal boot. Reverting "

2565 "to fastboot mode.\n");

2566 }

2567

2568 /* We are here means regular boot did not happen. Start fastboot. */

2569

2570 /* register aboot specific fastboot commands */

2571 aboot_fastboot_register_commands();

2572

2573 /* dump partition table for debug info */

2574 partition_dump();

2575

2576 /* initialize and start fastboot */

2577 fastboot_init(target_get_scratch_address(), target_get_max_flash_size());

2578 }

2579

2580 uint32_t get_page_size()

2581 {

2582 return page_size;

2583 }

2584

2585 /*

2586 * Calculated and save hash (SHA256) for non-signed boot image.

2587 *

2588 * Hash the same data that is checked on the signed boot image.

2589 * Kernel and Ramdisk are already read to memory buffers.

2590 * Need to read the entire device-tree from mmc

2591 * since non-signed image only read the DT tags of the relevant platform.

2592 *

2593 * @param kernel_addr - kernel bufer

2594 * @param kernel_actual - kernel size in bytes

2595 * @param ramdisk_addr - ramdisk buffer

2596 * @param ramdisk_actual - ramdisk size

2597 * @param ptn - partition

2598 * @param dt_offset - device tree offset on mmc partition

2599 * @param dt_size

2600 *

2601 * @return int - 0 on success, negative value on failure.

2602 */

2603 int aboot_save_boot_hash_mmc(void *kernel_addr, unsigned kernel_actual,

2604 void *ramdisk_addr, unsigned ramdisk_actual,

2605 unsigned long long ptn,

2606 unsigned dt_offset, unsigned dt_size)

2607 {

2608 SHA256_CTX sha256_ctx;

2609 char digest[32]={0};

2610 char *buf = (char *)target_get_scratch_address();

2611 unsigned dt_actual = ROUND_TO_PAGE(dt_size, page_mask);

2612 unsigned imagesize_actual = page_size + kernel_actual + ramdisk_actual + dt_actual;

2613

2614 SHA256_Init(&sha256_ctx);

2615

2616 /* Read Boot Header */

2617 if (mmc_read(ptn, buf, page_size))

2618 {

2619 dprintf(CRITICAL, "ERROR: mmc_read() fail.\n");

2620 return -1;

2621 }

2622 /* Read entire Device Tree */

2623 if (mmc_read(ptn + dt_offset, buf+page_size, dt_actual))

2624 {

2625 dprintf(CRITICAL, "ERROR: mmc_read() fail.\n");

2626 return -1;

2627 }

2628 SHA256_Update(&sha256_ctx, buf, page_size); // Boot Header

2629 SHA256_Update(&sha256_ctx, kernel_addr, kernel_actual);

2630 SHA256_Update(&sha256_ctx, ramdisk_addr, ramdisk_actual);

2631 SHA256_Update(&sha256_ctx, buf+page_size, dt_actual); // Device Tree

2632

2633 SHA256_Final(digest, &sha256_ctx);

2634

2635 save_kernel_hash_cmd(digest);

2636 dprintf(INFO, "aboot_save_boot_hash_mmc: imagesize_actual size %d bytes.\n", (int) imagesize_actual);

2637

2638 return 0;

2639 }

2640

2641 APP_START(aboot)

2642 .init = aboot_init,

2643 APP_END