]> git.dujemihanovic.xyz Git - u-boot.git/blob
3b5092d20bd15a7a2879c13e9f64acc48d04af2d
[u-boot.git] /
1 /*
2 * Copyright (c) 2009, Google Inc.
3 * All rights reserved.
4 *
5 * Copyright (c) 2009-2014, The Linux Foundation. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions are met:
9 * * Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * * Neither the name of The Linux Foundation nor
15 * the names of its contributors may be used to endorse or promote
16 * products derived from this software without specific prior written
17 * permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
22 * NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
26 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
27 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
28 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
29 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 *
31 */
32
33 #include <app.h>
34 #include <debug.h>
35 #include <arch/arm.h>
36 #include <string.h>
37 #include <stdlib.h>
38 #include <limits.h>
39 #include <kernel/thread.h>
40 #include <arch/ops.h>
41
42 #include <dev/flash.h>
43 #include <lib/ptable.h>
44 #include <dev/keys.h>
45 #include <dev/fbcon.h>
46 #include <baseband.h>
47 #include <target.h>
48 #include <mmc.h>
49 #include <partition_parser.h>
50 #include <platform.h>
51 #include <crypto_hash.h>
52 #include <malloc.h>
53 #include <boot_stats.h>
54 #include <sha.h>
55 #include <platform/iomap.h>
56 #include <boot_device.h>
57
58 #if DEVICE_TREE
59 #include <libfdt.h>
60 #include <dev_tree.h>
61 #endif
62
63 #include "image_verify.h"
64 #include "recovery.h"
65 #include "bootimg.h"
66 #include "fastboot.h"
67 #include "sparse_format.h"
68 #include "mmc.h"
69 #include "devinfo.h"
70 #include "board.h"
71 #include "scm.h"
72
73 extern bool target_use_signed_kernel(void);
74 extern void platform_uninit(void);
75 extern void target_uninit(void);
76 extern int get_target_boot_params(const char *cmdline, const char *part,
77 char *buf, int buflen);
78
79 void write_device_info_mmc(device_info *dev);
80 void write_device_info_flash(device_info *dev);
81
82 #define EXPAND(NAME) #NAME
83 #define TARGET(NAME) EXPAND(NAME)
84
85 #ifdef MEMBASE
86 #define EMMC_BOOT_IMG_HEADER_ADDR (0xFF000+(MEMBASE))
87 #else
88 #define EMMC_BOOT_IMG_HEADER_ADDR 0xFF000
89 #endif
90
91 #ifndef MEMSIZE
92 #define MEMSIZE 1024*1024
93 #endif
94
95 #define MAX_TAGS_SIZE 1024
96
97 #define RECOVERY_MODE 0x77665502
98 #define FASTBOOT_MODE 0x77665500
99
100 /* make 4096 as default size to ensure EFS,EXT4's erasing */
101 #define DEFAULT_ERASE_SIZE 4096
102 #define MAX_PANEL_BUF_SIZE 128
103
104 #define UBI_MAGIC "UBI#"
105 #define DISPLAY_DEFAULT_PREFIX "mdss_mdp"
106 #define UBI_MAGIC_SIZE 0x04
107 #define BOOT_DEV_MAX_LEN 64
108
109 #define IS_ARM64(ptr) (ptr->magic_64 == KERNEL64_HDR_MAGIC) ? true : false
110
111 #define ADD_OF(a, b) (UINT_MAX - b > a) ? (a + b) : UINT_MAX
112
113 #if UFS_SUPPORT
114 static const char *emmc_cmdline = " androidboot.bootdevice=";
115 #else
116 static const char *emmc_cmdline = " androidboot.emmc=true";
117 #endif
118 static const char *usb_sn_cmdline = " androidboot.serialno=";
119 static const char *androidboot_mode = " androidboot.mode=";
120 static const char *loglevel = " quiet";
121 static const char *battchg_pause = " androidboot.mode=charger";
122 static const char *auth_kernel = " androidboot.authorized_kernel=true";
123 static const char *secondary_gpt_enable = " gpt";
124
125 static const char *baseband_apq = " androidboot.baseband=apq";
126 static const char *baseband_msm = " androidboot.baseband=msm";
127 static const char *baseband_csfb = " androidboot.baseband=csfb";
128 static const char *baseband_svlte2a = " androidboot.baseband=svlte2a";
129 static const char *baseband_mdm = " androidboot.baseband=mdm";
130 static const char *baseband_mdm2 = " androidboot.baseband=mdm2";
131 static const char *baseband_sglte = " androidboot.baseband=sglte";
132 static const char *baseband_dsda = " androidboot.baseband=dsda";
133 static const char *baseband_dsda2 = " androidboot.baseband=dsda2";
134 static const char *baseband_sglte2 = " androidboot.baseband=sglte2";
135 static const char *warmboot_cmdline = " qpnp-power-on.warm_boot=1";
136
137 static unsigned page_size = 0;
138 static unsigned page_mask = 0;
139 static char ffbm_mode_string[FFBM_MODE_BUF_SIZE];
140 static bool boot_into_ffbm;
141 static char target_boot_params[64];
142
143 /* Assuming unauthorized kernel image by default */
144 static int auth_kernel_img = 0;
145
146 static device_info device = {DEVICE_MAGIC, 0, 0, 0, 0};
147
148 struct atag_ptbl_entry
149 {
150 char name[16];
151 unsigned offset;
152 unsigned size;
153 unsigned flags;
154 };
155
156 /*
157 * Partition info, required to be published
158 * for fastboot
159 */
160 struct getvar_partition_info {
161 const char part_name[MAX_GPT_NAME_SIZE]; /* Partition name */
162 char getvar_size[MAX_GET_VAR_NAME_SIZE]; /* fastboot get var name for size */
163 char getvar_type[MAX_GET_VAR_NAME_SIZE]; /* fastboot get var name for type */
164 char size_response[MAX_RSP_SIZE]; /* fastboot response for size */
165 char type_response[MAX_RSP_SIZE]; /* fastboot response for type */
166 };
167
168 /*
169 * Right now, we are publishing the info for only
170 * three partitions
171 */
172 struct getvar_partition_info part_info[] =
173 {
174 { "system" , "partition-size:", "partition-type:", "", "ext4" },
175 { "userdata", "partition-size:", "partition-type:", "", "ext4" },
176 { "cache" , "partition-size:", "partition-type:", "", "ext4" },
177 };
178
179 char max_download_size[MAX_RSP_SIZE];
180 char charger_screen_enabled[MAX_RSP_SIZE];
181 char sn_buf[13];
182 char display_panel_buf[MAX_PANEL_BUF_SIZE];
183 char panel_display_mode[MAX_RSP_SIZE];
184
185 extern int emmc_recovery_init(void);
186
187 #if NO_KEYPAD_DRIVER
188 extern int fastboot_trigger(void);
189 #endif
190
191 static void update_ker_tags_rdisk_addr(struct boot_img_hdr *hdr, bool is_arm64)
192 {
193 /* overwrite the destination of specified for the project */
194 #ifdef ABOOT_IGNORE_BOOT_HEADER_ADDRS
195 if (is_arm64)
196 hdr->kernel_addr = ABOOT_FORCE_KERNEL64_ADDR;
197 else
198 hdr->kernel_addr = ABOOT_FORCE_KERNEL_ADDR;
199 hdr->ramdisk_addr = ABOOT_FORCE_RAMDISK_ADDR;
200 hdr->tags_addr = ABOOT_FORCE_TAGS_ADDR;
201 #endif
202 }
203
204 static void ptentry_to_tag(unsigned **ptr, struct ptentry *ptn)
205 {
206 struct atag_ptbl_entry atag_ptn;
207
208 memcpy(atag_ptn.name, ptn->name, 16);
209 atag_ptn.name[15] = '\0';
210 atag_ptn.offset = ptn->start;
211 atag_ptn.size = ptn->length;
212 atag_ptn.flags = ptn->flags;
213 memcpy(*ptr, &atag_ptn, sizeof(struct atag_ptbl_entry));
214 *ptr += sizeof(struct atag_ptbl_entry) / sizeof(unsigned);
215 }
216
217 unsigned char *update_cmdline(const char * cmdline)
218 {
219 int cmdline_len = 0;
220 int have_cmdline = 0;
221 unsigned char *cmdline_final = NULL;
222 int pause_at_bootup = 0;
223 bool warm_boot = false;
224 bool gpt_exists = partition_gpt_exists();
225 int have_target_boot_params = 0;
226 char *boot_dev_buf = NULL;
227
228 if (cmdline && cmdline[0]) {
229 cmdline_len = strlen(cmdline);
230 have_cmdline = 1;
231 }
232 if (target_is_emmc_boot()) {
233 cmdline_len += strlen(emmc_cmdline);
234 #if UFS_SUPPORT
235 boot_dev_buf = (char *) malloc(sizeof(char) * BOOT_DEV_MAX_LEN);
236 ASSERT(boot_dev_buf);
237 platform_boot_dev_cmdline(boot_dev_buf);
238 cmdline_len += strlen(boot_dev_buf);
239 #endif
240 }
241
242 cmdline_len += strlen(usb_sn_cmdline);
243 cmdline_len += strlen(sn_buf);
244
245 if (boot_into_recovery && gpt_exists)
246 cmdline_len += strlen(secondary_gpt_enable);
247
248 if (boot_into_ffbm) {
249 cmdline_len += strlen(androidboot_mode);
250 cmdline_len += strlen(ffbm_mode_string);
251 /* reduce kernel console messages to speed-up boot */
252 cmdline_len += strlen(loglevel);
253 } else if (device.charger_screen_enabled &&
254 target_pause_for_battery_charge()) {
255 pause_at_bootup = 1;
256 cmdline_len += strlen(battchg_pause);
257 }
258
259 if(target_use_signed_kernel() && auth_kernel_img) {
260 cmdline_len += strlen(auth_kernel);
261 }
262
263 if (get_target_boot_params(cmdline, boot_into_recovery ? "recoveryfs" :
264 "system",
265 target_boot_params,
266 sizeof(target_boot_params)) == 0) {
267 have_target_boot_params = 1;
268 cmdline_len += strlen(target_boot_params);
269 }
270
271 /* Determine correct androidboot.baseband to use */
272 switch(target_baseband())
273 {
274 case BASEBAND_APQ:
275 cmdline_len += strlen(baseband_apq);
276 break;
277
278 case BASEBAND_MSM:
279 cmdline_len += strlen(baseband_msm);
280 break;
281
282 case BASEBAND_CSFB:
283 cmdline_len += strlen(baseband_csfb);
284 break;
285
286 case BASEBAND_SVLTE2A:
287 cmdline_len += strlen(baseband_svlte2a);
288 break;
289
290 case BASEBAND_MDM:
291 cmdline_len += strlen(baseband_mdm);
292 break;
293
294 case BASEBAND_MDM2:
295 cmdline_len += strlen(baseband_mdm2);
296 break;
297
298 case BASEBAND_SGLTE:
299 cmdline_len += strlen(baseband_sglte);
300 break;
301
302 case BASEBAND_SGLTE2:
303 cmdline_len += strlen(baseband_sglte2);
304 break;
305
306 case BASEBAND_DSDA:
307 cmdline_len += strlen(baseband_dsda);
308 break;
309
310 case BASEBAND_DSDA2:
311 cmdline_len += strlen(baseband_dsda2);
312 break;
313 }
314
315 if (cmdline) {
316 if ((strstr(cmdline, DISPLAY_DEFAULT_PREFIX) == NULL) &&
317 target_display_panel_node(device.display_panel,
318 display_panel_buf, MAX_PANEL_BUF_SIZE) &&
319 strlen(display_panel_buf)) {
320 cmdline_len += strlen(display_panel_buf);
321 }
322 }
323
324 if (target_warm_boot()) {
325 warm_boot = true;
326 cmdline_len += strlen(warmboot_cmdline);
327 }
328
329 if (cmdline_len > 0) {
330 const char *src;
331 unsigned char *dst = (unsigned char*) malloc((cmdline_len + 4) & (~3));
332 ASSERT(dst != NULL);
333
334 /* Save start ptr for debug print */
335 cmdline_final = dst;
336 if (have_cmdline) {
337 src = cmdline;
338 while ((*dst++ = *src++));
339 }
340 if (target_is_emmc_boot()) {
341 src = emmc_cmdline;
342 if (have_cmdline) --dst;
343 have_cmdline = 1;
344 while ((*dst++ = *src++));
345 #if UFS_SUPPORT
346 src = boot_dev_buf;
347 if (have_cmdline) --dst;
348 while ((*dst++ = *src++));
349 #endif
350 }
351
352 src = usb_sn_cmdline;
353 if (have_cmdline) --dst;
354 have_cmdline = 1;
355 while ((*dst++ = *src++));
356 src = sn_buf;
357 if (have_cmdline) --dst;
358 have_cmdline = 1;
359 while ((*dst++ = *src++));
360 if (warm_boot) {
361 if (have_cmdline) --dst;
362 src = warmboot_cmdline;
363 while ((*dst++ = *src++));
364 }
365
366 if (boot_into_recovery && gpt_exists) {
367 src = secondary_gpt_enable;
368 if (have_cmdline) --dst;
369 while ((*dst++ = *src++));
370 }
371
372 if (boot_into_ffbm) {
373 src = androidboot_mode;
374 if (have_cmdline) --dst;
375 while ((*dst++ = *src++));
376 src = ffbm_mode_string;
377 if (have_cmdline) --dst;
378 while ((*dst++ = *src++));
379 src = loglevel;
380 if (have_cmdline) --dst;
381 while ((*dst++ = *src++));
382 } else if (pause_at_bootup) {
383 src = battchg_pause;
384 if (have_cmdline) --dst;
385 while ((*dst++ = *src++));
386 }
387
388 if(target_use_signed_kernel() && auth_kernel_img) {
389 src = auth_kernel;
390 if (have_cmdline) --dst;
391 while ((*dst++ = *src++));
392 }
393
394 switch(target_baseband())
395 {
396 case BASEBAND_APQ:
397 src = baseband_apq;
398 if (have_cmdline) --dst;
399 while ((*dst++ = *src++));
400 break;
401
402 case BASEBAND_MSM:
403 src = baseband_msm;
404 if (have_cmdline) --dst;
405 while ((*dst++ = *src++));
406 break;
407
408 case BASEBAND_CSFB:
409 src = baseband_csfb;
410 if (have_cmdline) --dst;
411 while ((*dst++ = *src++));
412 break;
413
414 case BASEBAND_SVLTE2A:
415 src = baseband_svlte2a;
416 if (have_cmdline) --dst;
417 while ((*dst++ = *src++));
418 break;
419
420 case BASEBAND_MDM:
421 src = baseband_mdm;
422 if (have_cmdline) --dst;
423 while ((*dst++ = *src++));
424 break;
425
426 case BASEBAND_MDM2:
427 src = baseband_mdm2;
428 if (have_cmdline) --dst;
429 while ((*dst++ = *src++));
430 break;
431
432 case BASEBAND_SGLTE:
433 src = baseband_sglte;
434 if (have_cmdline) --dst;
435 while ((*dst++ = *src++));
436 break;
437
438 case BASEBAND_SGLTE2:
439 src = baseband_sglte2;
440 if (have_cmdline) --dst;
441 while ((*dst++ = *src++));
442 break;
443
444 case BASEBAND_DSDA:
445 src = baseband_dsda;
446 if (have_cmdline) --dst;
447 while ((*dst++ = *src++));
448 break;
449
450 case BASEBAND_DSDA2:
451 src = baseband_dsda2;
452 if (have_cmdline) --dst;
453 while ((*dst++ = *src++));
454 break;
455 }
456
457 if (strlen(display_panel_buf)) {
458 src = display_panel_buf;
459 if (have_cmdline) --dst;
460 while ((*dst++ = *src++));
461 }
462
463 if (have_target_boot_params) {
464 if (have_cmdline) --dst;
465 src = target_boot_params;
466 while ((*dst++ = *src++));
467 }
468 }
469
470
471 if (boot_dev_buf)
472 free(boot_dev_buf);
473
474 dprintf(INFO, "cmdline: %s\n", cmdline_final);
475 return cmdline_final;
476 }
477
478 unsigned *atag_core(unsigned *ptr)
479 {
480 /* CORE */
481 *ptr++ = 2;
482 *ptr++ = 0x54410001;
483
484 return ptr;
485
486 }
487
488 unsigned *atag_ramdisk(unsigned *ptr, void *ramdisk,
489 unsigned ramdisk_size)
490 {
491 if (ramdisk_size) {
492 *ptr++ = 4;
493 *ptr++ = 0x54420005;
494 *ptr++ = (unsigned)ramdisk;
495 *ptr++ = ramdisk_size;
496 }
497
498 return ptr;
499 }
500
501 unsigned *atag_ptable(unsigned **ptr_addr)
502 {
503 int i;
504 struct ptable *ptable;
505
506 if ((ptable = flash_get_ptable()) && (ptable->count != 0)) {
507 *(*ptr_addr)++ = 2 + (ptable->count * (sizeof(struct atag_ptbl_entry) /
508 sizeof(unsigned)));
509 *(*ptr_addr)++ = 0x4d534d70;
510 for (i = 0; i < ptable->count; ++i)
511 ptentry_to_tag(ptr_addr, ptable_get(ptable, i));
512 }
513
514 return (*ptr_addr);
515 }
516
517 unsigned *atag_cmdline(unsigned *ptr, const char *cmdline)
518 {
519 int cmdline_length = 0;
520 int n;
521 char *dest;
522
523 cmdline_length = strlen((const char*)cmdline);
524 n = (cmdline_length + 4) & (~3);
525
526 *ptr++ = (n / 4) + 2;
527 *ptr++ = 0x54410009;
528 dest = (char *) ptr;
529 while ((*dest++ = *cmdline++));
530 ptr += (n / 4);
531
532 return ptr;
533 }
534
535 unsigned *atag_end(unsigned *ptr)
536 {
537 /* END */
538 *ptr++ = 0;
539 *ptr++ = 0;
540
541 return ptr;
542 }
543
544 void generate_atags(unsigned *ptr, const char *cmdline,
545 void *ramdisk, unsigned ramdisk_size)
546 {
547
548 ptr = atag_core(ptr);
549 ptr = atag_ramdisk(ptr, ramdisk, ramdisk_size);
550 ptr = target_atag_mem(ptr);
551
552 /* Skip NAND partition ATAGS for eMMC boot */
553 if (!target_is_emmc_boot()){
554 ptr = atag_ptable(&ptr);
555 }
556
557 ptr = atag_cmdline(ptr, cmdline);
558 ptr = atag_end(ptr);
559 }
560
561 typedef void entry_func_ptr(unsigned, unsigned, unsigned*);
562 void boot_linux(void *kernel, unsigned *tags,
563 const char *cmdline, unsigned machtype,
564 void *ramdisk, unsigned ramdisk_size)
565 {
566 unsigned char *final_cmdline;
567 #if DEVICE_TREE
568 int ret = 0;
569 #endif
570
571 void (*entry)(unsigned, unsigned, unsigned*) = (entry_func_ptr*)(PA((addr_t)kernel));
572 uint32_t tags_phys = PA((addr_t)tags);
573 struct kernel64_hdr *kptr = (struct kernel64_hdr*)kernel;
574
575 ramdisk = PA(ramdisk);
576
577 final_cmdline = update_cmdline((const char*)cmdline);
578
579 #if DEVICE_TREE
580 dprintf(INFO, "Updating device tree: start\n");
581
582 /* Update the Device Tree */
583 ret = update_device_tree((void *)tags, final_cmdline, ramdisk, ramdisk_size);
584 if(ret)
585 {
586 dprintf(CRITICAL, "ERROR: Updating Device Tree Failed \n");
587 ASSERT(0);
588 }
589 dprintf(INFO, "Updating device tree: done\n");
590 #else
591 /* Generating the Atags */
592 generate_atags(tags, final_cmdline, ramdisk, ramdisk_size);
593 #endif
594
595 /* Perform target specific cleanup */
596 target_uninit();
597
598 /* Turn off splash screen if enabled */
599 #if DISPLAY_SPLASH_SCREEN
600 target_display_shutdown();
601 #endif
602
603
604 dprintf(INFO, "booting linux @ %p, ramdisk @ %p (%d), tags/device tree @ %p\n",
605 entry, ramdisk, ramdisk_size, tags_phys);
606
607 enter_critical_section();
608
609 /* do any platform specific cleanup before kernel entry */
610 platform_uninit();
611
612 arch_disable_cache(UCACHE);
613
614 #if ARM_WITH_MMU
615 arch_disable_mmu();
616 #endif
617 bs_set_timestamp(BS_KERNEL_ENTRY);
618
619 if (IS_ARM64(kptr))
620 /* Jump to a 64bit kernel */
621 scm_elexec_call((paddr_t)kernel, tags_phys);
622 else
623 /* Jump to a 32bit kernel */
624 entry(0, machtype, (unsigned*)tags_phys);
625 }
626
627 /* Function to check if the memory address range falls within the aboot
628 * boundaries.
629 * start: Start of the memory region
630 * size: Size of the memory region
631 */
632 int check_aboot_addr_range_overlap(uint32_t start, uint32_t size)
633 {
634 /* Check for boundary conditions. */
635 if ((UINT_MAX - start) < size)
636 return -1;
637
638 /* Check for memory overlap. */
639 if ((start < MEMBASE) && ((start + size) <= MEMBASE))
640 return 0;
641 else if (start >= (MEMBASE + MEMSIZE))
642 return 0;
643 else
644 return -1;
645 }
646
647 #define ROUND_TO_PAGE(x,y) (((x) + (y)) & (~(y)))
648
649 BUF_DMA_ALIGN(buf, BOOT_IMG_MAX_PAGE_SIZE); //Equal to max-supported pagesize
650 #if DEVICE_TREE
651 BUF_DMA_ALIGN(dt_buf, BOOT_IMG_MAX_PAGE_SIZE);
652 #endif
653
654 static void verify_signed_bootimg(uint32_t bootimg_addr, uint32_t bootimg_size)
655 {
656 int ret;
657 #if IMAGE_VERIF_ALGO_SHA1
658 uint32_t auth_algo = CRYPTO_AUTH_ALG_SHA1;
659 #else
660 uint32_t auth_algo = CRYPTO_AUTH_ALG_SHA256;
661 #endif
662
663 /* Assume device is rooted at this time. */
664 device.is_tampered = 1;
665
666 dprintf(INFO, "Authenticating boot image (%d): start\n", bootimg_size);
667
668 ret = image_verify((unsigned char *)bootimg_addr,
669 (unsigned char *)(bootimg_addr + bootimg_size),
670 bootimg_size,
671 auth_algo);
672
673 dprintf(INFO, "Authenticating boot image: done return value = %d\n", ret);
674
675 if (ret)
676 {
677 /* Authorized kernel */
678 device.is_tampered = 0;
679 auth_kernel_img = 1;
680 }
681
682 #if USE_PCOM_SECBOOT
683 set_tamper_flag(device.is_tampered);
684 #endif
685
686 if(device.is_tampered)
687 {
688 write_device_info_mmc(&device);
689 #ifdef TZ_TAMPER_FUSE
690 set_tamper_fuse_cmd();
691 #endif
692 #ifdef ASSERT_ON_TAMPER
693 dprintf(CRITICAL, "Device is tampered. Asserting..\n");
694 ASSERT(0);
695 #endif
696 }
697 }
698
699 static bool check_format_bit()
700 {
701 bool ret = false;
702 int index;
703 uint64_t offset;
704 struct boot_selection_info *in = NULL;
705 char *buf = NULL;
706
707 index = partition_get_index("bootselect");
708 if (index == INVALID_PTN)
709 {
710 dprintf(INFO, "Unable to locate /bootselect partition\n");
711 return ret;
712 }
713 offset = partition_get_offset(index);
714 if(!offset)
715 {
716 dprintf(INFO, "partition /bootselect doesn't exist\n");
717 return ret;
718 }
719 buf = (char *) memalign(CACHE_LINE, ROUNDUP(page_size, CACHE_LINE));
720 ASSERT(buf);
721 if (mmc_read(offset, (unsigned int *)buf, page_size))
722 {
723 dprintf(INFO, "mmc read failure /bootselect %d\n", page_size);
724 free(buf);
725 return ret;
726 }
727 in = (struct boot_selection_info *) buf;
728 if ((in->signature == BOOTSELECT_SIGNATURE) &&
729 (in->version == BOOTSELECT_VERSION)) {
730 if ((in->state_info & BOOTSELECT_FORMAT) &&
731 !(in->state_info & BOOTSELECT_FACTORY))
732 ret = true;
733 } else {
734 dprintf(CRITICAL, "Signature: 0x%08x or version: 0x%08x mismatched of /bootselect\n",
735 in->signature, in->version);
736 ASSERT(0);
737 }
738 free(buf);
739 return ret;
740 }
741
742 int boot_linux_from_mmc(void)
743 {
744 struct boot_img_hdr *hdr = (void*) buf;
745 struct boot_img_hdr *uhdr;
746 unsigned offset = 0;
747 int rcode;
748 unsigned long long ptn = 0;
749 int index = INVALID_PTN;
750
751 unsigned char *image_addr = 0;
752 unsigned kernel_actual;
753 unsigned ramdisk_actual;
754 unsigned imagesize_actual;
755 unsigned second_actual = 0;
756
757 #if DEVICE_TREE
758 struct dt_table *table;
759 struct dt_entry dt_entry;
760 unsigned dt_table_offset;
761 uint32_t dt_actual;
762 uint32_t dt_hdr_size;
763 #endif
764 BUF_DMA_ALIGN(kbuf, BOOT_IMG_MAX_PAGE_SIZE);
765 struct kernel64_hdr *kptr = (void*) kbuf;
766
767 if (check_format_bit())
768 boot_into_recovery = 1;
769
770 if (!boot_into_recovery) {
771 memset(ffbm_mode_string, '\0', sizeof(ffbm_mode_string));
772 rcode = get_ffbm(ffbm_mode_string, sizeof(ffbm_mode_string));
773 if (rcode <= 0) {
774 boot_into_ffbm = false;
775 if (rcode < 0)
776 dprintf(CRITICAL,"failed to get ffbm cookie");
777 } else
778 boot_into_ffbm = true;
779 } else
780 boot_into_ffbm = false;
781 uhdr = (struct boot_img_hdr *)EMMC_BOOT_IMG_HEADER_ADDR;
782 if (!memcmp(uhdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE)) {
783 dprintf(INFO, "Unified boot method!\n");
784 hdr = uhdr;
785 goto unified_boot;
786 }
787 if (!boot_into_recovery) {
788 index = partition_get_index("boot");
789 ptn = partition_get_offset(index);
790 if(ptn == 0) {
791 dprintf(CRITICAL, "ERROR: No boot partition found\n");
792 return -1;
793 }
794 }
795 else {
796 index = partition_get_index("recovery");
797 ptn = partition_get_offset(index);
798 if(ptn == 0) {
799 dprintf(CRITICAL, "ERROR: No recovery partition found\n");
800 return -1;
801 }
802 }
803
804 if (mmc_read(ptn + offset, (unsigned int *) buf, page_size)) {
805 dprintf(CRITICAL, "ERROR: Cannot read boot image header\n");
806 return -1;
807 }
808
809 if (memcmp(hdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE)) {
810 dprintf(CRITICAL, "ERROR: Invalid boot image header\n");
811 return -1;
812 }
813
814 if (hdr->page_size && (hdr->page_size != page_size)) {
815
816 if (hdr->page_size > BOOT_IMG_MAX_PAGE_SIZE) {
817 dprintf(CRITICAL, "ERROR: Invalid page size\n");
818 return -1;
819 }
820 page_size = hdr->page_size;
821 page_mask = page_size - 1;
822 }
823
824 /* Read the next page to get kernel Image header
825 * which lives in the second page for arm64 targets.
826 */
827
828 if (mmc_read(ptn + page_size, (unsigned int *) kbuf, page_size)) {
829 dprintf(CRITICAL, "ERROR: Cannot read boot image header\n");
830 return -1;
831 }
832
833 /*
834 * Update the kernel/ramdisk/tags address if the boot image header
835 * has default values, these default values come from mkbootimg when
836 * the boot image is flashed using fastboot flash:raw
837 */
838 update_ker_tags_rdisk_addr(hdr, IS_ARM64(kptr));
839
840 /* Get virtual addresses since the hdr saves physical addresses. */
841 hdr->kernel_addr = VA((addr_t)(hdr->kernel_addr));
842 hdr->ramdisk_addr = VA((addr_t)(hdr->ramdisk_addr));
843 hdr->tags_addr = VA((addr_t)(hdr->tags_addr));
844
845 kernel_actual = ROUND_TO_PAGE(hdr->kernel_size, page_mask);
846 ramdisk_actual = ROUND_TO_PAGE(hdr->ramdisk_size, page_mask);
847
848 /* Check if the addresses in the header are valid. */
849 if (check_aboot_addr_range_overlap(hdr->kernel_addr, kernel_actual) ||
850 check_aboot_addr_range_overlap(hdr->ramdisk_addr, ramdisk_actual))
851 {
852 dprintf(CRITICAL, "kernel/ramdisk addresses overlap with aboot addresses.\n");
853 return -1;
854 }
855
856 #ifndef DEVICE_TREE
857 if (check_aboot_addr_range_overlap(hdr->tags_addr, MAX_TAGS_SIZE))
858 {
859 dprintf(CRITICAL, "Tags addresses overlap with aboot addresses.\n");
860 return -1;
861 }
862 #endif
863
864 /* Authenticate Kernel */
865 dprintf(INFO, "use_signed_kernel=%d, is_unlocked=%d, is_tampered=%d.\n",
866 (int) target_use_signed_kernel(),
867 device.is_unlocked,
868 device.is_tampered);
869
870 if(target_use_signed_kernel() && (!device.is_unlocked))
871 {
872 offset = 0;
873
874 image_addr = (unsigned char *)target_get_scratch_address();
875
876 #if DEVICE_TREE
877 dt_actual = ROUND_TO_PAGE(hdr->dt_size, page_mask);
878 imagesize_actual = (page_size + kernel_actual + ramdisk_actual + dt_actual);
879
880 if (check_aboot_addr_range_overlap(hdr->tags_addr, dt_actual))
881 {
882 dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n");
883 return -1;
884 }
885 #else
886 imagesize_actual = (page_size + kernel_actual + ramdisk_actual);
887
888 #endif
889
890 dprintf(INFO, "Loading boot image (%d): start\n", imagesize_actual);
891 bs_set_timestamp(BS_KERNEL_LOAD_START);
892
893 if (check_aboot_addr_range_overlap(image_addr, imagesize_actual))
894 {
895 dprintf(CRITICAL, "Boot image buffer address overlaps with aboot addresses.\n");
896 return -1;
897 }
898
899 /* Read image without signature */
900 if (mmc_read(ptn + offset, (void *)image_addr, imagesize_actual))
901 {
902 dprintf(CRITICAL, "ERROR: Cannot read boot image\n");
903 return -1;
904 }
905
906 dprintf(INFO, "Loading boot image (%d): done\n", imagesize_actual);
907 bs_set_timestamp(BS_KERNEL_LOAD_DONE);
908
909 offset = imagesize_actual;
910
911 if (check_aboot_addr_range_overlap(image_addr + offset, page_size))
912 {
913 dprintf(CRITICAL, "Signature read buffer address overlaps with aboot addresses.\n");
914 return -1;
915 }
916
917 /* Read signature */
918 if(mmc_read(ptn + offset, (void *)(image_addr + offset), page_size))
919 {
920 dprintf(CRITICAL, "ERROR: Cannot read boot image signature\n");
921 return -1;
922 }
923
924 verify_signed_bootimg(image_addr, imagesize_actual);
925
926 /* Move kernel, ramdisk and device tree to correct address */
927 memmove((void*) hdr->kernel_addr, (char *)(image_addr + page_size), hdr->kernel_size);
928 memmove((void*) hdr->ramdisk_addr, (char *)(image_addr + page_size + kernel_actual), hdr->ramdisk_size);
929
930 #if DEVICE_TREE
931 if(hdr->dt_size) {
932 dt_table_offset = ((uint32_t)image_addr + page_size + kernel_actual + ramdisk_actual + second_actual);
933 table = (struct dt_table*) dt_table_offset;
934
935 if (dev_tree_validate(table, hdr->page_size, &dt_hdr_size) != 0) {
936 dprintf(CRITICAL, "ERROR: Cannot validate Device Tree Table \n");
937 return -1;
938 }
939
940 /* Find index of device tree within device tree table */
941 if(dev_tree_get_entry_info(table, &dt_entry) != 0){
942 dprintf(CRITICAL, "ERROR: Device Tree Blob cannot be found\n");
943 return -1;
944 }
945
946 /* Validate and Read device device tree in the "tags_add */
947 if (check_aboot_addr_range_overlap(hdr->tags_addr, dt_entry.size))
948 {
949 dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n");
950 return -1;
951 }
952
953 memmove((void *)hdr->tags_addr, (char *)dt_table_offset + dt_entry.offset, dt_entry.size);
954 } else {
955 /*
956 * If appended dev tree is found, update the atags with
957 * memory address to the DTB appended location on RAM.
958 * Else update with the atags address in the kernel header
959 */
960 void *dtb;
961 dtb = dev_tree_appended((void*) hdr->kernel_addr,
962 hdr->kernel_size,
963 (void *)hdr->tags_addr);
964 if (!dtb) {
965 dprintf(CRITICAL, "ERROR: Appended Device Tree Blob not found\n");
966 return -1;
967 }
968 }
969 #endif
970 }
971 else
972 {
973 second_actual = ROUND_TO_PAGE(hdr->second_size, page_mask);
974
975 dprintf(INFO, "Loading boot image (%d): start\n",
976 kernel_actual + ramdisk_actual);
977 bs_set_timestamp(BS_KERNEL_LOAD_START);
978
979 offset = page_size;
980
981 /* Load kernel */
982 if (mmc_read(ptn + offset, (void *)hdr->kernel_addr, kernel_actual)) {
983 dprintf(CRITICAL, "ERROR: Cannot read kernel image\n");
984 return -1;
985 }
986 offset += kernel_actual;
987
988 /* Load ramdisk */
989 if(ramdisk_actual != 0)
990 {
991 if (mmc_read(ptn + offset, (void *)hdr->ramdisk_addr, ramdisk_actual)) {
992 dprintf(CRITICAL, "ERROR: Cannot read ramdisk image\n");
993 return -1;
994 }
995 }
996 offset += ramdisk_actual;
997
998 dprintf(INFO, "Loading boot image (%d): done\n",
999 kernel_actual + ramdisk_actual);
1000 bs_set_timestamp(BS_KERNEL_LOAD_DONE);
1001
1002 if(hdr->second_size != 0) {
1003 offset += second_actual;
1004 /* Second image loading not implemented. */
1005 ASSERT(0);
1006 }
1007
1008 #if DEVICE_TREE
1009 if(hdr->dt_size != 0) {
1010 /* Read the first page of device tree table into buffer */
1011 if(mmc_read(ptn + offset,(unsigned int *) dt_buf, page_size)) {
1012 dprintf(CRITICAL, "ERROR: Cannot read the Device Tree Table\n");
1013 return -1;
1014 }
1015 table = (struct dt_table*) dt_buf;
1016
1017 if (dev_tree_validate(table, hdr->page_size, &dt_hdr_size) != 0) {
1018 dprintf(CRITICAL, "ERROR: Cannot validate Device Tree Table \n");
1019 return -1;
1020 }
1021
1022 table = (struct dt_table*) memalign(CACHE_LINE, dt_hdr_size);
1023 if (!table)
1024 return -1;
1025
1026 /* Read the entire device tree table into buffer */
1027 if(mmc_read(ptn + offset,(unsigned int *) table, dt_hdr_size)) {
1028 dprintf(CRITICAL, "ERROR: Cannot read the Device Tree Table\n");
1029 return -1;
1030 }
1031
1032 /* Find index of device tree within device tree table */
1033 if(dev_tree_get_entry_info(table, &dt_entry) != 0){
1034 dprintf(CRITICAL, "ERROR: Getting device tree address failed\n");
1035 return -1;
1036 }
1037
1038 /* Validate and Read device device tree in the "tags_add */
1039 if (check_aboot_addr_range_overlap(hdr->tags_addr, dt_entry.size))
1040 {
1041 dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n");
1042 return -1;
1043 }
1044
1045 if(mmc_read(ptn + offset + dt_entry.offset,
1046 (void *)hdr->tags_addr, dt_entry.size)) {
1047 dprintf(CRITICAL, "ERROR: Cannot read device tree\n");
1048 return -1;
1049 }
1050 #ifdef TZ_SAVE_KERNEL_HASH
1051 aboot_save_boot_hash_mmc(hdr->kernel_addr, kernel_actual,
1052 hdr->ramdisk_addr, ramdisk_actual,
1053 ptn, offset, hdr->dt_size);
1054 #endif /* TZ_SAVE_KERNEL_HASH */
1055
1056 } else {
1057
1058 /* Validate the tags_addr */
1059 if (check_aboot_addr_range_overlap(hdr->tags_addr, kernel_actual))
1060 {
1061 dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n");
1062 return -1;
1063 }
1064 /*
1065 * If appended dev tree is found, update the atags with
1066 * memory address to the DTB appended location on RAM.
1067 * Else update with the atags address in the kernel header
1068 */
1069 void *dtb;
1070 dtb = dev_tree_appended((void*) hdr->kernel_addr,
1071 kernel_actual,
1072 (void *)hdr->tags_addr);
1073 if (!dtb) {
1074 dprintf(CRITICAL, "ERROR: Appended Device Tree Blob not found\n");
1075 return -1;
1076 }
1077 }
1078 #endif
1079 }
1080
1081 if (boot_into_recovery && !device.is_unlocked && !device.is_tampered)
1082 target_load_ssd_keystore();
1083
1084 unified_boot:
1085
1086 boot_linux((void *)hdr->kernel_addr, (void *)hdr->tags_addr,
1087 (const char *)hdr->cmdline, board_machtype(),
1088 (void *)hdr->ramdisk_addr, hdr->ramdisk_size);
1089
1090 return 0;
1091 }
1092
1093 int boot_linux_from_flash(void)
1094 {
1095 struct boot_img_hdr *hdr = (void*) buf;
1096 struct ptentry *ptn;
1097 struct ptable *ptable;
1098 unsigned offset = 0;
1099
1100 unsigned char *image_addr = 0;
1101 unsigned kernel_actual;
1102 unsigned ramdisk_actual;
1103 unsigned imagesize_actual;
1104 unsigned second_actual;
1105
1106 #if DEVICE_TREE
1107 struct dt_table *table;
1108 struct dt_entry dt_entry;
1109 uint32_t dt_actual;
1110 uint32_t dt_hdr_size;
1111 #endif
1112
1113 if (target_is_emmc_boot()) {
1114 hdr = (struct boot_img_hdr *)EMMC_BOOT_IMG_HEADER_ADDR;
1115 if (memcmp(hdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE)) {
1116 dprintf(CRITICAL, "ERROR: Invalid boot image header\n");
1117 return -1;
1118 }
1119 goto continue_boot;
1120 }
1121
1122 ptable = flash_get_ptable();
1123 if (ptable == NULL) {
1124 dprintf(CRITICAL, "ERROR: Partition table not found\n");
1125 return -1;
1126 }
1127
1128 if(!boot_into_recovery)
1129 {
1130 ptn = ptable_find(ptable, "boot");
1131
1132 if (ptn == NULL) {
1133 dprintf(CRITICAL, "ERROR: No boot partition found\n");
1134 return -1;
1135 }
1136 }
1137 else
1138 {
1139 ptn = ptable_find(ptable, "recovery");
1140 if (ptn == NULL) {
1141 dprintf(CRITICAL, "ERROR: No recovery partition found\n");
1142 return -1;
1143 }
1144 }
1145
1146 if (flash_read(ptn, offset, buf, page_size)) {
1147 dprintf(CRITICAL, "ERROR: Cannot read boot image header\n");
1148 return -1;
1149 }
1150
1151 if (memcmp(hdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE)) {
1152 dprintf(CRITICAL, "ERROR: Invalid boot image header\n");
1153 return -1;
1154 }
1155
1156 if (hdr->page_size != page_size) {
1157 dprintf(CRITICAL, "ERROR: Invalid boot image pagesize. Device pagesize: %d, Image pagesize: %d\n",page_size,hdr->page_size);
1158 return -1;
1159 }
1160
1161 /*
1162 * Update the kernel/ramdisk/tags address if the boot image header
1163 * has default values, these default values come from mkbootimg when
1164 * the boot image is flashed using fastboot flash:raw
1165 */
1166 update_ker_tags_rdisk_addr(hdr, false);
1167
1168 /* Get virtual addresses since the hdr saves physical addresses. */
1169 hdr->kernel_addr = VA((addr_t)(hdr->kernel_addr));
1170 hdr->ramdisk_addr = VA((addr_t)(hdr->ramdisk_addr));
1171 hdr->tags_addr = VA((addr_t)(hdr->tags_addr));
1172
1173 kernel_actual = ROUND_TO_PAGE(hdr->kernel_size, page_mask);
1174 ramdisk_actual = ROUND_TO_PAGE(hdr->ramdisk_size, page_mask);
1175
1176 /* Check if the addresses in the header are valid. */
1177 if (check_aboot_addr_range_overlap(hdr->kernel_addr, kernel_actual) ||
1178 check_aboot_addr_range_overlap(hdr->ramdisk_addr, ramdisk_actual))
1179 {
1180 dprintf(CRITICAL, "kernel/ramdisk addresses overlap with aboot addresses.\n");
1181 return -1;
1182 }
1183
1184 #ifndef DEVICE_TREE
1185 if (check_aboot_addr_range_overlap(hdr->tags_addr, MAX_TAGS_SIZE))
1186 {
1187 dprintf(CRITICAL, "Tags addresses overlap with aboot addresses.\n");
1188 return -1;
1189 }
1190 #endif
1191
1192 /* Authenticate Kernel */
1193 if(target_use_signed_kernel() && (!device.is_unlocked))
1194 {
1195 image_addr = (unsigned char *)target_get_scratch_address();
1196 offset = 0;
1197
1198 #if DEVICE_TREE
1199 dt_actual = ROUND_TO_PAGE(hdr->dt_size, page_mask);
1200 imagesize_actual = (page_size + kernel_actual + ramdisk_actual + dt_actual);
1201
1202 if (check_aboot_addr_range_overlap(hdr->tags_addr, hdr->dt_size))
1203 {
1204 dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n");
1205 return -1;
1206 }
1207 #else
1208 imagesize_actual = (page_size + kernel_actual + ramdisk_actual);
1209 #endif
1210
1211 dprintf(INFO, "Loading boot image (%d): start\n", imagesize_actual);
1212 bs_set_timestamp(BS_KERNEL_LOAD_START);
1213
1214 /* Read image without signature */
1215 if (flash_read(ptn, offset, (void *)image_addr, imagesize_actual))
1216 {
1217 dprintf(CRITICAL, "ERROR: Cannot read boot image\n");
1218 return -1;
1219 }
1220
1221 dprintf(INFO, "Loading boot image (%d): done\n", imagesize_actual);
1222 bs_set_timestamp(BS_KERNEL_LOAD_DONE);
1223
1224 offset = imagesize_actual;
1225 /* Read signature */
1226 if (flash_read(ptn, offset, (void *)(image_addr + offset), page_size))
1227 {
1228 dprintf(CRITICAL, "ERROR: Cannot read boot image signature\n");
1229 return -1;
1230 }
1231
1232 verify_signed_bootimg(image_addr, imagesize_actual);
1233
1234 /* Move kernel and ramdisk to correct address */
1235 memmove((void*) hdr->kernel_addr, (char *)(image_addr + page_size), hdr->kernel_size);
1236 memmove((void*) hdr->ramdisk_addr, (char *)(image_addr + page_size + kernel_actual), hdr->ramdisk_size);
1237 #if DEVICE_TREE
1238 /* Validate and Read device device tree in the "tags_add */
1239 if (check_aboot_addr_range_overlap(hdr->tags_addr, dt_entry.size))
1240 {
1241 dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n");
1242 return -1;
1243 }
1244
1245 memmove((void*) hdr->tags_addr, (char *)(image_addr + page_size + kernel_actual + ramdisk_actual), hdr->dt_size);
1246 #endif
1247
1248 /* Make sure everything from scratch address is read before next step!*/
1249 if(device.is_tampered)
1250 {
1251 write_device_info_flash(&device);
1252 }
1253 #if USE_PCOM_SECBOOT
1254 set_tamper_flag(device.is_tampered);
1255 #endif
1256 }
1257 else
1258 {
1259 offset = page_size;
1260
1261 kernel_actual = ROUND_TO_PAGE(hdr->kernel_size, page_mask);
1262 ramdisk_actual = ROUND_TO_PAGE(hdr->ramdisk_size, page_mask);
1263 second_actual = ROUND_TO_PAGE(hdr->second_size, page_mask);
1264
1265 dprintf(INFO, "Loading boot image (%d): start\n",
1266 kernel_actual + ramdisk_actual);
1267 bs_set_timestamp(BS_KERNEL_LOAD_START);
1268
1269 if (flash_read(ptn, offset, (void *)hdr->kernel_addr, kernel_actual)) {
1270 dprintf(CRITICAL, "ERROR: Cannot read kernel image\n");
1271 return -1;
1272 }
1273 offset += kernel_actual;
1274
1275 if (flash_read(ptn, offset, (void *)hdr->ramdisk_addr, ramdisk_actual)) {
1276 dprintf(CRITICAL, "ERROR: Cannot read ramdisk image\n");
1277 return -1;
1278 }
1279 offset += ramdisk_actual;
1280
1281 dprintf(INFO, "Loading boot image (%d): done\n",
1282 kernel_actual + ramdisk_actual);
1283 bs_set_timestamp(BS_KERNEL_LOAD_DONE);
1284
1285 if(hdr->second_size != 0) {
1286 offset += second_actual;
1287 /* Second image loading not implemented. */
1288 ASSERT(0);
1289 }
1290
1291 #if DEVICE_TREE
1292 if(hdr->dt_size != 0) {
1293
1294 /* Read the device tree table into buffer */
1295 if(flash_read(ptn, offset, (void *) dt_buf, page_size)) {
1296 dprintf(CRITICAL, "ERROR: Cannot read the Device Tree Table\n");
1297 return -1;
1298 }
1299
1300 table = (struct dt_table*) dt_buf;
1301
1302 if (dev_tree_validate(table, hdr->page_size, &dt_hdr_size) != 0) {
1303 dprintf(CRITICAL, "ERROR: Cannot validate Device Tree Table \n");
1304 return -1;
1305 }
1306
1307 table = (struct dt_table*) memalign(CACHE_LINE, dt_hdr_size);
1308 if (!table)
1309 return -1;
1310
1311 /* Read the entire device tree table into buffer */
1312 if(flash_read(ptn, offset, (void *)table, dt_hdr_size)) {
1313 dprintf(CRITICAL, "ERROR: Cannot read the Device Tree Table\n");
1314 return -1;
1315 }
1316
1317
1318 /* Find index of device tree within device tree table */
1319 if(dev_tree_get_entry_info(table, &dt_entry) != 0){
1320 dprintf(CRITICAL, "ERROR: Getting device tree address failed\n");
1321 return -1;
1322 }
1323
1324 /* Validate and Read device device tree in the "tags_add */
1325 if (check_aboot_addr_range_overlap(hdr->tags_addr, dt_entry.size))
1326 {
1327 dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n");
1328 return -1;
1329 }
1330
1331 /* Read device device tree in the "tags_add */
1332 if(flash_read(ptn, offset + dt_entry.offset,
1333 (void *)hdr->tags_addr, dt_entry.size)) {
1334 dprintf(CRITICAL, "ERROR: Cannot read device tree\n");
1335 return -1;
1336 }
1337 }
1338 #endif
1339
1340 }
1341 continue_boot:
1342
1343 /* TODO: create/pass atags to kernel */
1344
1345 boot_linux((void *)hdr->kernel_addr, (void *)hdr->tags_addr,
1346 (const char *)hdr->cmdline, board_machtype(),
1347 (void *)hdr->ramdisk_addr, hdr->ramdisk_size);
1348
1349 return 0;
1350 }
1351
1352 BUF_DMA_ALIGN(info_buf, BOOT_IMG_MAX_PAGE_SIZE);
1353 void write_device_info_mmc(device_info *dev)
1354 {
1355 struct device_info *info = (void*) info_buf;
1356 unsigned long long ptn = 0;
1357 unsigned long long size;
1358 int index = INVALID_PTN;
1359 uint32_t blocksize;
1360 uint8_t lun = 0;
1361
1362 index = partition_get_index("aboot");
1363 ptn = partition_get_offset(index);
1364 if(ptn == 0)
1365 {
1366 return;
1367 }
1368
1369 lun = partition_get_lun(index);
1370 mmc_set_lun(lun);
1371
1372 size = partition_get_size(index);
1373
1374 memcpy(info, dev, sizeof(device_info));
1375
1376 blocksize = mmc_get_device_blocksize();
1377
1378 if(mmc_write((ptn + size - blocksize), blocksize, (void *)info_buf))
1379 {
1380 dprintf(CRITICAL, "ERROR: Cannot write device info\n");
1381 return;
1382 }
1383 }
1384
1385 void read_device_info_mmc(device_info *dev)
1386 {
1387 struct device_info *info = (void*) info_buf;
1388 unsigned long long ptn = 0;
1389 unsigned long long size;
1390 int index = INVALID_PTN;
1391 uint32_t blocksize;
1392
1393 index = partition_get_index("aboot");
1394 ptn = partition_get_offset(index);
1395 if(ptn == 0)
1396 {
1397 return;
1398 }
1399
1400 size = partition_get_size(index);
1401
1402 blocksize = mmc_get_device_blocksize();
1403
1404 if(mmc_read((ptn + size - blocksize), (void *)info_buf, blocksize))
1405 {
1406 dprintf(CRITICAL, "ERROR: Cannot read device info\n");
1407 return;
1408 }
1409
1410 if (memcmp(info->magic, DEVICE_MAGIC, DEVICE_MAGIC_SIZE))
1411 {
1412 memcpy(info->magic, DEVICE_MAGIC, DEVICE_MAGIC_SIZE);
1413 info->is_unlocked = 0;
1414 info->is_tampered = 0;
1415 info->charger_screen_enabled = 0;
1416
1417 write_device_info_mmc(info);
1418 }
1419 memcpy(dev, info, sizeof(device_info));
1420 }
1421
1422 void write_device_info_flash(device_info *dev)
1423 {
1424 struct device_info *info = (void *) info_buf;
1425 struct ptentry *ptn;
1426 struct ptable *ptable;
1427
1428 ptable = flash_get_ptable();
1429 if (ptable == NULL)
1430 {
1431 dprintf(CRITICAL, "ERROR: Partition table not found\n");
1432 return;
1433 }
1434
1435 ptn = ptable_find(ptable, "devinfo");
1436 if (ptn == NULL)
1437 {
1438 dprintf(CRITICAL, "ERROR: No boot partition found\n");
1439 return;
1440 }
1441
1442 memcpy(info, dev, sizeof(device_info));
1443
1444 if (flash_write(ptn, 0, (void *)info_buf, page_size))
1445 {
1446 dprintf(CRITICAL, "ERROR: Cannot write device info\n");
1447 return;
1448 }
1449 }
1450
1451 void read_device_info_flash(device_info *dev)
1452 {
1453 struct device_info *info = (void*) info_buf;
1454 struct ptentry *ptn;
1455 struct ptable *ptable;
1456
1457 ptable = flash_get_ptable();
1458 if (ptable == NULL)
1459 {
1460 dprintf(CRITICAL, "ERROR: Partition table not found\n");
1461 return;
1462 }
1463
1464 ptn = ptable_find(ptable, "devinfo");
1465 if (ptn == NULL)
1466 {
1467 dprintf(CRITICAL, "ERROR: No boot partition found\n");
1468 return;
1469 }
1470
1471 if (flash_read(ptn, 0, (void *)info_buf, page_size))
1472 {
1473 dprintf(CRITICAL, "ERROR: Cannot write device info\n");
1474 return;
1475 }
1476
1477 if (memcmp(info->magic, DEVICE_MAGIC, DEVICE_MAGIC_SIZE))
1478 {
1479 memcpy(info->magic, DEVICE_MAGIC, DEVICE_MAGIC_SIZE);
1480 info->is_unlocked = 0;
1481 info->is_tampered = 0;
1482 write_device_info_flash(info);
1483 }
1484 memcpy(dev, info, sizeof(device_info));
1485 }
1486
1487 void write_device_info(device_info *dev)
1488 {
1489 if(target_is_emmc_boot())
1490 {
1491 write_device_info_mmc(dev);
1492 }
1493 else
1494 {
1495 write_device_info_flash(dev);
1496 }
1497 }
1498
1499 void read_device_info(device_info *dev)
1500 {
1501 if(target_is_emmc_boot())
1502 {
1503 read_device_info_mmc(dev);
1504 }
1505 else
1506 {
1507 read_device_info_flash(dev);
1508 }
1509 }
1510
1511 void reset_device_info()
1512 {
1513 dprintf(ALWAYS, "reset_device_info called.");
1514 device.is_tampered = 0;
1515 write_device_info(&device);
1516 }
1517
1518 void set_device_root()
1519 {
1520 dprintf(ALWAYS, "set_device_root called.");
1521 device.is_tampered = 1;
1522 write_device_info(&device);
1523 }
1524
1525 #if DEVICE_TREE
1526 int copy_dtb(uint8_t *boot_image_start)
1527 {
1528 uint32 dt_image_offset = 0;
1529 uint32_t n;
1530 struct dt_table *table;
1531 struct dt_entry dt_entry;
1532 uint32_t dt_hdr_size;
1533
1534 struct boot_img_hdr *hdr = (struct boot_img_hdr *) (boot_image_start);
1535
1536 if(hdr->dt_size != 0) {
1537
1538 /* add kernel offset */
1539 dt_image_offset += page_size;
1540 n = ROUND_TO_PAGE(hdr->kernel_size, page_mask);
1541 dt_image_offset += n;
1542
1543 /* add ramdisk offset */
1544 n = ROUND_TO_PAGE(hdr->ramdisk_size, page_mask);
1545 dt_image_offset += n;
1546
1547 /* add second offset */
1548 if(hdr->second_size != 0) {
1549 n = ROUND_TO_PAGE(hdr->second_size, page_mask);
1550 dt_image_offset += n;
1551 }
1552
1553 /* offset now point to start of dt.img */
1554 table = (struct dt_table*)(boot_image_start + dt_image_offset);
1555
1556 if (dev_tree_validate(table, hdr->page_size, &dt_hdr_size) != 0) {
1557 dprintf(CRITICAL, "ERROR: Cannot validate Device Tree Table \n");
1558 return -1;
1559 }
1560 /* Find index of device tree within device tree table */
1561 if(dev_tree_get_entry_info(table, &dt_entry) != 0){
1562 dprintf(CRITICAL, "ERROR: Getting device tree address failed\n");
1563 return -1;
1564 }
1565
1566 /* Validate and Read device device tree in the "tags_add */
1567 if (check_aboot_addr_range_overlap(hdr->tags_addr, dt_entry.size))
1568 {
1569 dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n");
1570 return -1;
1571 }
1572
1573 /* Read device device tree in the "tags_add */
1574 memmove((void*) hdr->tags_addr,
1575 boot_image_start + dt_image_offset + dt_entry.offset,
1576 dt_entry.size);
1577 } else
1578 return -1;
1579
1580 /* Everything looks fine. Return success. */
1581 return 0;
1582 }
1583 #endif
1584
1585 void cmd_boot(const char *arg, void *data, unsigned sz)
1586 {
1587 unsigned kernel_actual;
1588 unsigned ramdisk_actual;
1589 uint32_t image_actual;
1590 uint32_t dt_actual = 0;
1591 uint32_t sig_actual = SIGNATURE_SIZE;
1592 struct boot_img_hdr *hdr;
1593 struct kernel64_hdr *kptr;
1594 char *ptr = ((char*) data);
1595 int ret = 0;
1596 uint8_t dtb_copied = 0;
1597
1598 if (sz < sizeof(hdr)) {
1599 fastboot_fail("invalid bootimage header");
1600 return;
1601 }
1602
1603 hdr = (struct boot_img_hdr *)data;
1604
1605 /* ensure commandline is terminated */
1606 hdr->cmdline[BOOT_ARGS_SIZE-1] = 0;
1607
1608 if(target_is_emmc_boot() && hdr->page_size) {
1609 page_size = hdr->page_size;
1610 page_mask = page_size - 1;
1611 }
1612
1613 kernel_actual = ROUND_TO_PAGE(hdr->kernel_size, page_mask);
1614 ramdisk_actual = ROUND_TO_PAGE(hdr->ramdisk_size, page_mask);
1615 #if DEVICE_TREE
1616 dt_actual = ROUND_TO_PAGE(hdr->dt_size, page_mask);
1617 #endif
1618
1619 image_actual = ADD_OF(page_size, kernel_actual);
1620 image_actual = ADD_OF(image_actual, ramdisk_actual);
1621 image_actual = ADD_OF(image_actual, dt_actual);
1622
1623 if (target_use_signed_kernel() && (!device.is_unlocked))
1624 image_actual = ADD_OF(image_actual, sig_actual);
1625
1626 /* sz should have atleast raw boot image */
1627 if (image_actual > sz) {
1628 fastboot_fail("bootimage: incomplete or not signed");
1629 return;
1630 }
1631
1632 /* Verify the boot image
1633 * device & page_size are initialized in aboot_init
1634 */
1635 if (target_use_signed_kernel() && (!device.is_unlocked))
1636 /* Pass size excluding signature size, otherwise we would try to
1637 * access signature beyond its length
1638 */
1639 verify_signed_bootimg((uint32_t)data, (image_actual - sig_actual));
1640
1641 /*
1642 * Update the kernel/ramdisk/tags address if the boot image header
1643 * has default values, these default values come from mkbootimg when
1644 * the boot image is flashed using fastboot flash:raw
1645 */
1646 kptr = (struct kernel64_hdr*)((char*) data + page_size);
1647 update_ker_tags_rdisk_addr(hdr, IS_ARM64(kptr));
1648
1649 /* Get virtual addresses since the hdr saves physical addresses. */
1650 hdr->kernel_addr = VA(hdr->kernel_addr);
1651 hdr->ramdisk_addr = VA(hdr->ramdisk_addr);
1652 hdr->tags_addr = VA(hdr->tags_addr);
1653
1654 /* Check if the addresses in the header are valid. */
1655 if (check_aboot_addr_range_overlap(hdr->kernel_addr, kernel_actual) ||
1656 check_aboot_addr_range_overlap(hdr->ramdisk_addr, ramdisk_actual))
1657 {
1658 dprintf(CRITICAL, "kernel/ramdisk addresses overlap with aboot addresses.\n");
1659 return;
1660 }
1661
1662 #if DEVICE_TREE
1663 /* find correct dtb and copy it to right location */
1664 ret = copy_dtb(data);
1665
1666 dtb_copied = !ret ? 1 : 0;
1667 #else
1668 if (check_aboot_addr_range_overlap(hdr->tags_addr, MAX_TAGS_SIZE))
1669 {
1670 dprintf(CRITICAL, "Tags addresses overlap with aboot addresses.\n");
1671 return;
1672 }
1673 #endif
1674
1675 /* Load ramdisk & kernel */
1676 memmove((void*) hdr->ramdisk_addr, ptr + page_size + kernel_actual, hdr->ramdisk_size);
1677 memmove((void*) hdr->kernel_addr, ptr + page_size, hdr->kernel_size);
1678
1679 #if DEVICE_TREE
1680 /*
1681 * If dtb is not found look for appended DTB in the kernel.
1682 * If appended dev tree is found, update the atags with
1683 * memory address to the DTB appended location on RAM.
1684 * Else update with the atags address in the kernel header
1685 */
1686 if (!dtb_copied) {
1687 void *dtb;
1688 dtb = dev_tree_appended((void *)hdr->kernel_addr, hdr->kernel_size,
1689 (void *)hdr->tags_addr);
1690 if (!dtb) {
1691 fastboot_fail("dtb not found");
1692 return;
1693 }
1694 }
1695 #endif
1696
1697 #ifndef DEVICE_TREE
1698 if (check_aboot_addr_range_overlap(hdr->tags_addr, MAX_TAGS_SIZE))
1699 {
1700 dprintf(CRITICAL, "Tags addresses overlap with aboot addresses.\n");
1701 return;
1702 }
1703 #endif
1704
1705 fastboot_okay("");
1706 fastboot_stop();
1707
1708 boot_linux((void*) hdr->kernel_addr, (void*) hdr->tags_addr,
1709 (const char*) hdr->cmdline, board_machtype(),
1710 (void*) hdr->ramdisk_addr, hdr->ramdisk_size);
1711 }
1712
1713 void cmd_erase(const char *arg, void *data, unsigned sz)
1714 {
1715 struct ptentry *ptn;
1716 struct ptable *ptable;
1717
1718 ptable = flash_get_ptable();
1719 if (ptable == NULL) {
1720 fastboot_fail("partition table doesn't exist");
1721 return;
1722 }
1723
1724 ptn = ptable_find(ptable, arg);
1725 if (ptn == NULL) {
1726 fastboot_fail("unknown partition name");
1727 return;
1728 }
1729
1730 if (flash_erase(ptn)) {
1731 fastboot_fail("failed to erase partition");
1732 return;
1733 }
1734 fastboot_okay("");
1735 }
1736
1737
1738 void cmd_erase_mmc(const char *arg, void *data, unsigned sz)
1739 {
1740 BUF_DMA_ALIGN(out, DEFAULT_ERASE_SIZE);
1741 unsigned long long ptn = 0;
1742 unsigned long long size = 0;
1743 int index = INVALID_PTN;
1744 uint8_t lun = 0;
1745
1746 index = partition_get_index(arg);
1747 ptn = partition_get_offset(index);
1748 size = partition_get_size(index);
1749
1750 if(ptn == 0) {
1751 fastboot_fail("Partition table doesn't exist\n");
1752 return;
1753 }
1754
1755 lun = partition_get_lun(index);
1756 mmc_set_lun(lun);
1757
1758 #if MMC_SDHCI_SUPPORT
1759 if (mmc_erase_card(ptn, size)) {
1760 fastboot_fail("failed to erase partition\n");
1761 return;
1762 }
1763 #else
1764 size = partition_get_size(index);
1765 if (size > DEFAULT_ERASE_SIZE)
1766 size = DEFAULT_ERASE_SIZE;
1767
1768 /* Simple inefficient version of erase. Just writing
1769 0 in first several blocks */
1770 if (mmc_write(ptn , size, (unsigned int *)out)) {
1771 fastboot_fail("failed to erase partition");
1772 return;
1773 }
1774 #endif
1775 fastboot_okay("");
1776 }
1777
1778
1779 void cmd_flash_mmc_img(const char *arg, void *data, unsigned sz)
1780 {
1781 unsigned long long ptn = 0;
1782 unsigned long long size = 0;
1783 int index = INVALID_PTN;
1784 char *token = NULL;
1785 char *pname = NULL;
1786 uint8_t lun = 0;
1787 bool lun_set = false;
1788
1789 token = strtok(arg, ":");
1790 pname = token;
1791 token = strtok(NULL, ":");
1792 if(token)
1793 {
1794 lun = atoi(token);
1795 mmc_set_lun(lun);
1796 lun_set = true;
1797 }
1798
1799 if (pname)
1800 {
1801 if (!strcmp(pname, "partition"))
1802 {
1803 dprintf(INFO, "Attempt to write partition image.\n");
1804 if (write_partition(sz, (unsigned char *) data)) {
1805 fastboot_fail("failed to write partition");
1806 return;
1807 }
1808 }
1809 else
1810 {
1811 index = partition_get_index(pname);
1812 ptn = partition_get_offset(index);
1813 if(ptn == 0) {
1814 fastboot_fail("partition table doesn't exist");
1815 return;
1816 }
1817
1818 if (!strcmp(pname, "boot") || !strcmp(pname, "recovery")) {
1819 if (memcmp((void *)data, BOOT_MAGIC, BOOT_MAGIC_SIZE)) {
1820 fastboot_fail("image is not a boot image");
1821 return;
1822 }
1823 }
1824
1825 if(!lun_set)
1826 {
1827 lun = partition_get_lun(index);
1828 mmc_set_lun(lun);
1829 }
1830
1831 size = partition_get_size(index);
1832 if (ROUND_TO_PAGE(sz,511) > size) {
1833 fastboot_fail("size too large");
1834 return;
1835 }
1836 else if (mmc_write(ptn , sz, (unsigned int *)data)) {
1837 fastboot_fail("flash write failure");
1838 return;
1839 }
1840 }
1841 }
1842 fastboot_okay("");
1843 return;
1844 }
1845
1846 void cmd_flash_mmc_sparse_img(const char *arg, void *data, unsigned sz)
1847 {
1848 unsigned int chunk;
1849 unsigned int chunk_data_sz;
1850 uint32_t *fill_buf = NULL;
1851 uint32_t fill_val;
1852 uint32_t chunk_blk_cnt = 0;
1853 sparse_header_t *sparse_header;
1854 chunk_header_t *chunk_header;
1855 uint32_t total_blocks = 0;
1856 unsigned long long ptn = 0;
1857 unsigned long long size = 0;
1858 int index = INVALID_PTN;
1859 int i;
1860 uint8_t lun = 0;
1861
1862 index = partition_get_index(arg);
1863 ptn = partition_get_offset(index);
1864 if(ptn == 0) {
1865 fastboot_fail("partition table doesn't exist");
1866 return;
1867 }
1868
1869 size = partition_get_size(index);
1870 if (ROUND_TO_PAGE(sz,511) > size) {
1871 fastboot_fail("size too large");
1872 return;
1873 }
1874
1875 lun = partition_get_lun(index);
1876 mmc_set_lun(lun);
1877
1878 /* Read and skip over sparse image header */
1879 sparse_header = (sparse_header_t *) data;
1880 if ((sparse_header->total_blks * sparse_header->blk_sz) > size) {
1881 fastboot_fail("size too large");
1882 return;
1883 }
1884
1885 data += sparse_header->file_hdr_sz;
1886 if(sparse_header->file_hdr_sz > sizeof(sparse_header_t))
1887 {
1888 /* Skip the remaining bytes in a header that is longer than
1889 * we expected.
1890 */
1891 data += (sparse_header->file_hdr_sz - sizeof(sparse_header_t));
1892 }
1893
1894 dprintf (SPEW, "=== Sparse Image Header ===\n");
1895 dprintf (SPEW, "magic: 0x%x\n", sparse_header->magic);
1896 dprintf (SPEW, "major_version: 0x%x\n", sparse_header->major_version);
1897 dprintf (SPEW, "minor_version: 0x%x\n", sparse_header->minor_version);
1898 dprintf (SPEW, "file_hdr_sz: %d\n", sparse_header->file_hdr_sz);
1899 dprintf (SPEW, "chunk_hdr_sz: %d\n", sparse_header->chunk_hdr_sz);
1900 dprintf (SPEW, "blk_sz: %d\n", sparse_header->blk_sz);
1901 dprintf (SPEW, "total_blks: %d\n", sparse_header->total_blks);
1902 dprintf (SPEW, "total_chunks: %d\n", sparse_header->total_chunks);
1903
1904 /* Start processing chunks */
1905 for (chunk=0; chunk<sparse_header->total_chunks; chunk++)
1906 {
1907 /* Read and skip over chunk header */
1908 chunk_header = (chunk_header_t *) data;
1909 data += sizeof(chunk_header_t);
1910
1911 dprintf (SPEW, "=== Chunk Header ===\n");
1912 dprintf (SPEW, "chunk_type: 0x%x\n", chunk_header->chunk_type);
1913 dprintf (SPEW, "chunk_data_sz: 0x%x\n", chunk_header->chunk_sz);
1914 dprintf (SPEW, "total_size: 0x%x\n", chunk_header->total_sz);
1915
1916 if(sparse_header->chunk_hdr_sz > sizeof(chunk_header_t))
1917 {
1918 /* Skip the remaining bytes in a header that is longer than
1919 * we expected.
1920 */
1921 data += (sparse_header->chunk_hdr_sz - sizeof(chunk_header_t));
1922 }
1923
1924 chunk_data_sz = sparse_header->blk_sz * chunk_header->chunk_sz;
1925 switch (chunk_header->chunk_type)
1926 {
1927 case CHUNK_TYPE_RAW:
1928 if(chunk_header->total_sz != (sparse_header->chunk_hdr_sz +
1929 chunk_data_sz))
1930 {
1931 fastboot_fail("Bogus chunk size for chunk type Raw");
1932 return;
1933 }
1934
1935 if(mmc_write(ptn + ((uint64_t)total_blocks*sparse_header->blk_sz),
1936 chunk_data_sz,
1937 (unsigned int*)data))
1938 {
1939 fastboot_fail("flash write failure");
1940 return;
1941 }
1942 total_blocks += chunk_header->chunk_sz;
1943 data += chunk_data_sz;
1944 break;
1945
1946 case CHUNK_TYPE_FILL:
1947 if(chunk_header->total_sz != (sparse_header->chunk_hdr_sz +
1948 sizeof(uint32_t)))
1949 {
1950 fastboot_fail("Bogus chunk size for chunk type FILL");
1951 return;
1952 }
1953
1954 fill_buf = (uint32_t *)memalign(CACHE_LINE, ROUNDUP(sparse_header->blk_sz, CACHE_LINE));
1955 if (!fill_buf)
1956 {
1957 fastboot_fail("Malloc failed for: CHUNK_TYPE_FILL");
1958 return;
1959 }
1960
1961 fill_val = *(uint32_t *)data;
1962 data = (char *) data + sizeof(uint32_t);
1963 chunk_blk_cnt = chunk_data_sz / sparse_header->blk_sz;
1964
1965 for (i = 0; i < (sparse_header->blk_sz / sizeof(fill_val)); i++)
1966 {
1967 fill_buf[i] = fill_val;
1968 }
1969
1970 for (i = 0; i < chunk_blk_cnt; i++)
1971 {
1972 if(mmc_write(ptn + ((uint64_t)total_blocks*sparse_header->blk_sz),
1973 sparse_header->blk_sz,
1974 fill_buf))
1975 {
1976 fastboot_fail("flash write failure");
1977 free(fill_buf);
1978 return;
1979 }
1980
1981 total_blocks++;
1982 }
1983
1984 free(fill_buf);
1985 break;
1986
1987 case CHUNK_TYPE_DONT_CARE:
1988 total_blocks += chunk_header->chunk_sz;
1989 break;
1990
1991 case CHUNK_TYPE_CRC:
1992 if(chunk_header->total_sz != sparse_header->chunk_hdr_sz)
1993 {
1994 fastboot_fail("Bogus chunk size for chunk type Dont Care");
1995 return;
1996 }
1997 total_blocks += chunk_header->chunk_sz;
1998 data += chunk_data_sz;
1999 break;
2000
2001 default:
2002 dprintf(CRITICAL, "Unkown chunk type: %x\n",chunk_header->chunk_type);
2003 fastboot_fail("Unknown chunk type");
2004 return;
2005 }
2006 }
2007
2008 dprintf(INFO, "Wrote %d blocks, expected to write %d blocks\n",
2009 total_blocks, sparse_header->total_blks);
2010
2011 if(total_blocks != sparse_header->total_blks)
2012 {
2013 fastboot_fail("sparse image write failure");
2014 }
2015
2016 fastboot_okay("");
2017 return;
2018 }
2019
2020 void cmd_flash_mmc(const char *arg, void *data, unsigned sz)
2021 {
2022 sparse_header_t *sparse_header;
2023 /* 8 Byte Magic + 2048 Byte xml + Encrypted Data */
2024 unsigned int *magic_number = (unsigned int *) data;
2025
2026 #ifdef SSD_ENABLE
2027 int ret=0;
2028 uint32 major_version=0;
2029 uint32 minor_version=0;
2030
2031 ret = scm_svc_version(&major_version,&minor_version);
2032 if(!ret)
2033 {
2034 if(major_version >= 2)
2035 {
2036 if( !strcmp(arg, "ssd") || !strcmp(arg, "tqs") )
2037 {
2038 ret = encrypt_scm((uint32 **) &data, &sz);
2039 if (ret != 0) {
2040 dprintf(CRITICAL, "ERROR: Encryption Failure\n");
2041 return;
2042 }
2043
2044 /* Protect only for SSD */
2045 if (!strcmp(arg, "ssd")) {
2046 ret = scm_protect_keystore((uint32 *) data, sz);
2047 if (ret != 0) {
2048 dprintf(CRITICAL, "ERROR: scm_protect_keystore Failed\n");
2049 return;
2050 }
2051 }
2052 }
2053 else
2054 {
2055 ret = decrypt_scm_v2((uint32 **) &data, &sz);
2056 if(ret != 0)
2057 {
2058 dprintf(CRITICAL,"ERROR: Decryption Failure\n");
2059 return;
2060 }
2061 }
2062 }
2063 else
2064 {
2065 if (magic_number[0] == DECRYPT_MAGIC_0 &&
2066 magic_number[1] == DECRYPT_MAGIC_1)
2067 {
2068 ret = decrypt_scm((uint32 **) &data, &sz);
2069 if (ret != 0) {
2070 dprintf(CRITICAL, "ERROR: Invalid secure image\n");
2071 return;
2072 }
2073 }
2074 else if (magic_number[0] == ENCRYPT_MAGIC_0 &&
2075 magic_number[1] == ENCRYPT_MAGIC_1)
2076 {
2077 ret = encrypt_scm((uint32 **) &data, &sz);
2078 if (ret != 0) {
2079 dprintf(CRITICAL, "ERROR: Encryption Failure\n");
2080 return;
2081 }
2082 }
2083 }
2084 }
2085 else
2086 {
2087 dprintf(CRITICAL,"INVALID SVC Version\n");
2088 return;
2089 }
2090 #endif /* SSD_ENABLE */
2091
2092 sparse_header = (sparse_header_t *) data;
2093 if (sparse_header->magic != SPARSE_HEADER_MAGIC)
2094 cmd_flash_mmc_img(arg, data, sz);
2095 else
2096 cmd_flash_mmc_sparse_img(arg, data, sz);
2097 return;
2098 }
2099
2100 void cmd_flash(const char *arg, void *data, unsigned sz)
2101 {
2102 struct ptentry *ptn;
2103 struct ptable *ptable;
2104 unsigned extra = 0;
2105
2106 ptable = flash_get_ptable();
2107 if (ptable == NULL) {
2108 fastboot_fail("partition table doesn't exist");
2109 return;
2110 }
2111
2112 ptn = ptable_find(ptable, arg);
2113 if (ptn == NULL) {
2114 fastboot_fail("unknown partition name");
2115 return;
2116 }
2117
2118 if (!strcmp(ptn->name, "boot") || !strcmp(ptn->name, "recovery")) {
2119 if (memcmp((void *)data, BOOT_MAGIC, BOOT_MAGIC_SIZE)) {
2120 fastboot_fail("image is not a boot image");
2121 return;
2122 }
2123 }
2124
2125 if (!strcmp(ptn->name, "system")
2126 || !strcmp(ptn->name, "userdata")
2127 || !strcmp(ptn->name, "persist")
2128 || !strcmp(ptn->name, "recoveryfs")
2129 || !strcmp(ptn->name, "modem"))
2130 {
2131 if (memcmp((void *)data, UBI_MAGIC, UBI_MAGIC_SIZE))
2132 extra = 1;
2133 else
2134 extra = 0;
2135 }
2136 else
2137 sz = ROUND_TO_PAGE(sz, page_mask);
2138
2139 dprintf(INFO, "writing %d bytes to '%s'\n", sz, ptn->name);
2140 if (flash_write(ptn, extra, data, sz)) {
2141 fastboot_fail("flash write failure");
2142 return;
2143 }
2144 dprintf(INFO, "partition '%s' updated\n", ptn->name);
2145 fastboot_okay("");
2146 }
2147
2148 void cmd_continue(const char *arg, void *data, unsigned sz)
2149 {
2150 fastboot_okay("");
2151 fastboot_stop();
2152 if (target_is_emmc_boot())
2153 {
2154 boot_linux_from_mmc();
2155 }
2156 else
2157 {
2158 boot_linux_from_flash();
2159 }
2160 }
2161
2162 void cmd_reboot(const char *arg, void *data, unsigned sz)
2163 {
2164 dprintf(INFO, "rebooting the device\n");
2165 fastboot_okay("");
2166 reboot_device(0);
2167 }
2168
2169 void cmd_reboot_bootloader(const char *arg, void *data, unsigned sz)
2170 {
2171 dprintf(INFO, "rebooting the device\n");
2172 fastboot_okay("");
2173 reboot_device(FASTBOOT_MODE);
2174 }
2175
2176 void cmd_oem_enable_charger_screen(const char *arg, void *data, unsigned size)
2177 {
2178 dprintf(INFO, "Enabling charger screen check\n");
2179 device.charger_screen_enabled = 1;
2180 write_device_info(&device);
2181 fastboot_okay("");
2182 }
2183
2184 void cmd_oem_disable_charger_screen(const char *arg, void *data, unsigned size)
2185 {
2186 dprintf(INFO, "Disabling charger screen check\n");
2187 device.charger_screen_enabled = 0;
2188 write_device_info(&device);
2189 fastboot_okay("");
2190 }
2191
2192 void cmd_oem_select_display_panel(const char *arg, void *data, unsigned size)
2193 {
2194 dprintf(INFO, "Selecting display panel %s\n", arg);
2195 if (arg)
2196 strlcpy(device.display_panel, arg,
2197 sizeof(device.display_panel));
2198 write_device_info(&device);
2199 fastboot_okay("");
2200 }
2201
2202 void cmd_oem_unlock(const char *arg, void *data, unsigned sz)
2203 {
2204 if(!device.is_unlocked)
2205 {
2206 device.is_unlocked = 1;
2207 write_device_info(&device);
2208 }
2209 fastboot_okay("");
2210 }
2211
2212 void cmd_oem_devinfo(const char *arg, void *data, unsigned sz)
2213 {
2214 char response[128];
2215 snprintf(response, sizeof(response), "\tDevice tampered: %s", (device.is_tampered ? "true" : "false"));
2216 fastboot_info(response);
2217 snprintf(response, sizeof(response), "\tDevice unlocked: %s", (device.is_unlocked ? "true" : "false"));
2218 fastboot_info(response);
2219 snprintf(response, sizeof(response), "\tCharger screen enabled: %s", (device.charger_screen_enabled ? "true" : "false"));
2220 fastboot_info(response);
2221 snprintf(response, sizeof(response), "\tDisplay panel: %s", (device.display_panel));
2222 fastboot_info(response);
2223 fastboot_okay("");
2224 }
2225
2226 void cmd_preflash(const char *arg, void *data, unsigned sz)
2227 {
2228 fastboot_okay("");
2229 }
2230
2231 static struct fbimage logo_header = {0};
2232 struct fbimage* splash_screen_flash();
2233
2234 int splash_screen_check_header(struct fbimage *logo)
2235 {
2236 if (memcmp(logo->header.magic, LOGO_IMG_MAGIC, 8))
2237 return -1;
2238 if (logo->header.width == 0 || logo->header.height == 0)
2239 return -1;
2240 return 0;
2241 }
2242
2243 struct fbimage* splash_screen_flash()
2244 {
2245 struct ptentry *ptn;
2246 struct ptable *ptable;
2247 struct fbcon_config *fb_display = NULL;
2248 struct fbimage *logo = &logo_header;
2249
2250
2251 ptable = flash_get_ptable();
2252 if (ptable == NULL) {
2253 dprintf(CRITICAL, "ERROR: Partition table not found\n");
2254 return NULL;
2255 }
2256 ptn = ptable_find(ptable, "splash");
2257 if (ptn == NULL) {
2258 dprintf(CRITICAL, "ERROR: splash Partition not found\n");
2259 return NULL;
2260 }
2261
2262 if (flash_read(ptn, 0,(unsigned int *) logo, sizeof(logo->header))) {
2263 dprintf(CRITICAL, "ERROR: Cannot read boot image header\n");
2264 return NULL;
2265 }
2266
2267 if (splash_screen_check_header(logo)) {
2268 dprintf(CRITICAL, "ERROR: Boot image header invalid\n");
2269 return NULL;
2270 }
2271
2272 fb_display = fbcon_display();
2273 if (fb_display) {
2274 uint8_t *base = (uint8_t *) fb_display->base;
2275 if (logo->header.width != fb_display->width || logo->header.height != fb_display->height) {
2276 base += LOGO_IMG_OFFSET;
2277 }
2278
2279 if (flash_read(ptn + sizeof(logo->header), 0,
2280 base,
2281 ((((logo->header.width * logo->header.height * fb_display->bpp/8) + 511) >> 9) << 9))) {
2282 fbcon_clear();
2283 dprintf(CRITICAL, "ERROR: Cannot read splash image\n");
2284 return NULL;
2285 }
2286 logo->image = base;
2287 }
2288
2289 return logo;
2290 }
2291
2292 struct fbimage* splash_screen_mmc()
2293 {
2294 int index = INVALID_PTN;
2295 unsigned long long ptn = 0;
2296 struct fbcon_config *fb_display = NULL;
2297 struct fbimage *logo = &logo_header;
2298
2299 index = partition_get_index("splash");
2300 if (index == 0) {
2301 dprintf(CRITICAL, "ERROR: splash Partition table not found\n");
2302 return NULL;
2303 }
2304
2305 ptn = partition_get_offset(index);
2306 if (ptn == 0) {
2307 dprintf(CRITICAL, "ERROR: splash Partition invalid\n");
2308 return NULL;
2309 }
2310
2311 if (mmc_read(ptn, (unsigned int *) logo, sizeof(logo->header))) {
2312 dprintf(CRITICAL, "ERROR: Cannot read splash image header\n");
2313 return NULL;
2314 }
2315
2316 if (splash_screen_check_header(logo)) {
2317 dprintf(CRITICAL, "ERROR: Splash image header invalid\n");
2318 return NULL;
2319 }
2320
2321 fb_display = fbcon_display();
2322 if (fb_display) {
2323 uint8_t *base = (uint8_t *) fb_display->base;
2324 if (logo->header.width != fb_display->width || logo->header.height != fb_display->height)
2325 base += LOGO_IMG_OFFSET;
2326
2327 if (mmc_read(ptn + sizeof(logo->header),
2328 base,
2329 ((((logo->header.width * logo->header.height * fb_display->bpp/8) + 511) >> 9) << 9))) {
2330 fbcon_clear();
2331 dprintf(CRITICAL, "ERROR: Cannot read splash image\n");
2332 return NULL;
2333 }
2334
2335 logo->image = base;
2336 }
2337
2338 return logo;
2339 }
2340
2341
2342 struct fbimage* fetch_image_from_partition()
2343 {
2344 if (target_is_emmc_boot()) {
2345 return splash_screen_mmc();
2346 } else {
2347 return splash_screen_flash();
2348 }
2349 }
2350
2351 /* Get the size from partiton name */
2352 static void get_partition_size(const char *arg, char *response)
2353 {
2354 uint64_t ptn = 0;
2355 uint64_t size;
2356 int index = INVALID_PTN;
2357
2358 index = partition_get_index(arg);
2359
2360 if (index == INVALID_PTN)
2361 {
2362 dprintf(CRITICAL, "Invalid partition index\n");
2363 return;
2364 }
2365
2366 ptn = partition_get_offset(index);
2367
2368 if(!ptn)
2369 {
2370 dprintf(CRITICAL, "Invalid partition name %s\n", arg);
2371 return;
2372 }
2373
2374 size = partition_get_size(index);
2375
2376 snprintf(response, MAX_RSP_SIZE, "\t 0x%llx", size);
2377 return;
2378 }
2379
2380 /*
2381 * Publish the partition type & size info
2382 * fastboot getvar will publish the required information.
2383 * fastboot getvar partition_size:<partition_name>: partition size in hex
2384 * fastboot getvar partition_type:<partition_name>: partition type (ext/fat)
2385 */
2386 static void publish_getvar_partition_info(struct getvar_partition_info *info, uint8_t num_parts)
2387 {
2388 uint8_t i;
2389
2390 for (i = 0; i < num_parts; i++) {
2391 get_partition_size(info[i].part_name, info[i].size_response);
2392
2393 if (strlcat(info[i].getvar_size, info[i].part_name, MAX_GET_VAR_NAME_SIZE) >= MAX_GET_VAR_NAME_SIZE)
2394 {
2395 dprintf(CRITICAL, "partition size name truncated\n");
2396 return;
2397 }
2398 if (strlcat(info[i].getvar_type, info[i].part_name, MAX_GET_VAR_NAME_SIZE) >= MAX_GET_VAR_NAME_SIZE)
2399 {
2400 dprintf(CRITICAL, "partition type name truncated\n");
2401 return;
2402 }
2403
2404 /* publish partition size & type info */
2405 fastboot_publish((const char *) info[i].getvar_size, (const char *) info[i].size_response);
2406 fastboot_publish((const char *) info[i].getvar_type, (const char *) info[i].type_response);
2407 }
2408 }
2409
2410 /* register commands and variables for fastboot */
2411 void aboot_fastboot_register_commands(void)
2412 {
2413 if (target_is_emmc_boot())
2414 {
2415 fastboot_register("flash:", cmd_flash_mmc);
2416 fastboot_register("erase:", cmd_erase_mmc);
2417 }
2418 else
2419 {
2420 fastboot_register("flash:", cmd_flash);
2421 fastboot_register("erase:", cmd_erase);
2422 }
2423
2424 fastboot_register("boot", cmd_boot);
2425 fastboot_register("continue", cmd_continue);
2426 fastboot_register("reboot", cmd_reboot);
2427 fastboot_register("reboot-bootloader", cmd_reboot_bootloader);
2428 fastboot_register("oem unlock", cmd_oem_unlock);
2429 fastboot_register("oem device-info", cmd_oem_devinfo);
2430 fastboot_register("preflash", cmd_preflash);
2431 fastboot_register("oem enable-charger-screen",
2432 cmd_oem_enable_charger_screen);
2433 fastboot_register("oem disable-charger-screen",
2434 cmd_oem_disable_charger_screen);
2435 fastboot_register("oem select-display-panel",
2436 cmd_oem_select_display_panel);
2437 /* publish variables and their values */
2438 fastboot_publish("product", TARGET(BOARD));
2439 fastboot_publish("kernel", "lk");
2440 fastboot_publish("serialno", sn_buf);
2441
2442 /*
2443 * partition info is supported only for emmc partitions
2444 * Calling this for NAND prints some error messages which
2445 * is harmless but misleading. Avoid calling this for NAND
2446 * devices.
2447 */
2448 if (target_is_emmc_boot())
2449 publish_getvar_partition_info(part_info, ARRAY_SIZE(part_info));
2450
2451 /* Max download size supported */
2452 snprintf(max_download_size, MAX_RSP_SIZE, "\t0x%x",
2453 target_get_max_flash_size());
2454 fastboot_publish("max-download-size", (const char *) max_download_size);
2455 /* Is the charger screen check enabled */
2456 snprintf(charger_screen_enabled, MAX_RSP_SIZE, "%d",
2457 device.charger_screen_enabled);
2458 fastboot_publish("charger-screen-enabled",
2459 (const char *) charger_screen_enabled);
2460 snprintf(panel_display_mode, MAX_RSP_SIZE, "%s",
2461 device.display_panel);
2462 fastboot_publish("display-panel",
2463 (const char *) panel_display_mode);
2464 }
2465
2466 void aboot_init(const struct app_descriptor *app)
2467 {
2468 unsigned reboot_mode = 0;
2469 bool boot_into_fastboot = false;
2470
2471 /* Setup page size information for nv storage */
2472 if (target_is_emmc_boot())
2473 {
2474 page_size = mmc_page_size();
2475 page_mask = page_size - 1;
2476 }
2477 else
2478 {
2479 page_size = flash_page_size();
2480 page_mask = page_size - 1;
2481 }
2482
2483 ASSERT((MEMBASE + MEMSIZE) > MEMBASE);
2484
2485 read_device_info(&device);
2486
2487 /* Display splash screen if enabled */
2488 #if DISPLAY_SPLASH_SCREEN
2489 dprintf(SPEW, "Display Init: Start\n");
2490 target_display_init(device.display_panel);
2491 dprintf(SPEW, "Display Init: Done\n");
2492 #endif
2493
2494
2495 target_serialno((unsigned char *) sn_buf);
2496 dprintf(SPEW,"serial number: %s\n",sn_buf);
2497
2498 memset(display_panel_buf, '\0', MAX_PANEL_BUF_SIZE);
2499
2500 /* Check if we should do something other than booting up */
2501 if (keys_get_state(KEY_VOLUMEUP) && keys_get_state(KEY_VOLUMEDOWN))
2502 {
2503 dprintf(ALWAYS,"dload mode key sequence detected\n");
2504 if (set_download_mode(EMERGENCY_DLOAD))
2505 {
2506 dprintf(CRITICAL,"dload mode not supported by target\n");
2507 }
2508 else
2509 {
2510 reboot_device(DLOAD);
2511 dprintf(CRITICAL,"Failed to reboot into dload mode\n");
2512 }
2513 boot_into_fastboot = true;
2514 }
2515 if (!boot_into_fastboot)
2516 {
2517 if (keys_get_state(KEY_HOME) || keys_get_state(KEY_VOLUMEUP))
2518 boot_into_recovery = 1;
2519 if (!boot_into_recovery &&
2520 (keys_get_state(KEY_BACK) || keys_get_state(KEY_VOLUMEDOWN)))
2521 boot_into_fastboot = true;
2522 }
2523 #if NO_KEYPAD_DRIVER
2524 if (fastboot_trigger())
2525 boot_into_fastboot = true;
2526 #endif
2527
2528 reboot_mode = check_reboot_mode();
2529 if (reboot_mode == RECOVERY_MODE) {
2530 boot_into_recovery = 1;
2531 } else if(reboot_mode == FASTBOOT_MODE) {
2532 boot_into_fastboot = true;
2533 }
2534
2535 if (!boot_into_fastboot)
2536 {
2537 if (target_is_emmc_boot())
2538 {
2539 if(emmc_recovery_init())
2540 dprintf(ALWAYS,"error in emmc_recovery_init\n");
2541 if(target_use_signed_kernel())
2542 {
2543 if((device.is_unlocked) || (device.is_tampered))
2544 {
2545 #ifdef TZ_TAMPER_FUSE
2546 set_tamper_fuse_cmd();
2547 #endif
2548 #if USE_PCOM_SECBOOT
2549 set_tamper_flag(device.is_tampered);
2550 #endif
2551 }
2552 }
2553 boot_linux_from_mmc();
2554 }
2555 else
2556 {
2557 recovery_init();
2558 #if USE_PCOM_SECBOOT
2559 if((device.is_unlocked) || (device.is_tampered))
2560 set_tamper_flag(device.is_tampered);
2561 #endif
2562 boot_linux_from_flash();
2563 }
2564 dprintf(CRITICAL, "ERROR: Could not do normal boot. Reverting "
2565 "to fastboot mode.\n");
2566 }
2567
2568 /* We are here means regular boot did not happen. Start fastboot. */
2569
2570 /* register aboot specific fastboot commands */
2571 aboot_fastboot_register_commands();
2572
2573 /* dump partition table for debug info */
2574 partition_dump();
2575
2576 /* initialize and start fastboot */
2577 fastboot_init(target_get_scratch_address(), target_get_max_flash_size());
2578 }
2579
2580 uint32_t get_page_size()
2581 {
2582 return page_size;
2583 }
2584
2585 /*
2586 * Calculated and save hash (SHA256) for non-signed boot image.
2587 *
2588 * Hash the same data that is checked on the signed boot image.
2589 * Kernel and Ramdisk are already read to memory buffers.
2590 * Need to read the entire device-tree from mmc
2591 * since non-signed image only read the DT tags of the relevant platform.
2592 *
2593 * @param kernel_addr - kernel bufer
2594 * @param kernel_actual - kernel size in bytes
2595 * @param ramdisk_addr - ramdisk buffer
2596 * @param ramdisk_actual - ramdisk size
2597 * @param ptn - partition
2598 * @param dt_offset - device tree offset on mmc partition
2599 * @param dt_size
2600 *
2601 * @return int - 0 on success, negative value on failure.
2602 */
2603 int aboot_save_boot_hash_mmc(void *kernel_addr, unsigned kernel_actual,
2604 void *ramdisk_addr, unsigned ramdisk_actual,
2605 unsigned long long ptn,
2606 unsigned dt_offset, unsigned dt_size)
2607 {
2608 SHA256_CTX sha256_ctx;
2609 char digest[32]={0};
2610 char *buf = (char *)target_get_scratch_address();
2611 unsigned dt_actual = ROUND_TO_PAGE(dt_size, page_mask);
2612 unsigned imagesize_actual = page_size + kernel_actual + ramdisk_actual + dt_actual;
2613
2614 SHA256_Init(&sha256_ctx);
2615
2616 /* Read Boot Header */
2617 if (mmc_read(ptn, buf, page_size))
2618 {
2619 dprintf(CRITICAL, "ERROR: mmc_read() fail.\n");
2620 return -1;
2621 }
2622 /* Read entire Device Tree */
2623 if (mmc_read(ptn + dt_offset, buf+page_size, dt_actual))
2624 {
2625 dprintf(CRITICAL, "ERROR: mmc_read() fail.\n");
2626 return -1;
2627 }
2628 SHA256_Update(&sha256_ctx, buf, page_size); // Boot Header
2629 SHA256_Update(&sha256_ctx, kernel_addr, kernel_actual);
2630 SHA256_Update(&sha256_ctx, ramdisk_addr, ramdisk_actual);
2631 SHA256_Update(&sha256_ctx, buf+page_size, dt_actual); // Device Tree
2632
2633 SHA256_Final(digest, &sha256_ctx);
2634
2635 save_kernel_hash_cmd(digest);
2636 dprintf(INFO, "aboot_save_boot_hash_mmc: imagesize_actual size %d bytes.\n", (int) imagesize_actual);
2637
2638 return 0;
2639 }
2640
2641 APP_START(aboot)
2642 .init = aboot_init,
2643 APP_END