1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef ANDROID_INCLUDE_HARDWARE_BOOT_CONTROL_H 18 #define ANDROID_INCLUDE_HARDWARE_BOOT_CONTROL_H 19 20 #include <hardware/hardware.h> 21 22 __BEGIN_DECLS 23 24 #define BOOT_CONTROL_MODULE_API_VERSION_0_1 HARDWARE_MODULE_API_VERSION(0, 1) 25 26 /** 27 * The id of this module 28 */ 29 #define BOOT_CONTROL_HARDWARE_MODULE_ID "bootctrl" 30 31 /* 32 * The Boot Control HAL is designed to allow for managing sets of redundant 33 * partitions, called slots, that can be booted from independantly. Slots 34 * are sets of partitions whose names differ only by a given suffix. 35 * They are identified here by a 0 indexed number, and associated with their 36 * suffix, which can be appended to the base name for any particular partition 37 * to find the one associated with that slot. The bootloader must pass the suffix 38 * of the currently active slot either through a kernel command line property at 39 * androidboot.slot_suffix, or the device tree at /firmware/android/slot_suffix. 40 * The primary use of this set up is to allow for background updates while the 41 * device is running, and to provide a fallback in the event that the update fails. 42 */ 43 44 45 /** 46 * Every hardware module must have a data structure named HAL_MODULE_INFO_SYM 47 * and the fields of this data structure must begin with hw_module_t 48 * followed by module specific information. 49 */ 50 typedef struct boot_control_module { 51 struct hw_module_t common; 52 53 /* 54 * (*init)() perform any initialization tasks needed for the HAL. 55 * This is called only once. 56 */ 57 void (*init)(struct boot_control_module *module); 58 59 /* 60 * (*getNumberSlots)() returns the number of available slots. 61 * For instance, a system with a single set of partitions would return 62 * 1, a system with A/B would return 2, A/B/C -> 3... 63 */ 64 unsigned (*getNumberSlots)(struct boot_control_module *module); 65 66 /* 67 * (*getCurrentSlot)() returns the value letting the system know 68 * whether the current slot is A or B. The meaning of A and B is 69 * left up to the implementer. It is assumed that if the current slot 70 * is A, then the block devices underlying B can be accessed directly 71 * without any risk of corruption. 72 * The returned value is always guaranteed to be strictly less than the 73 * value returned by getNumberSlots. Slots start at 0 and 74 * finish at getNumberSlots() - 1 75 */ 76 unsigned (*getCurrentSlot)(struct boot_control_module *module); 77 78 /* 79 * (*markBootSuccessful)() marks the current slot 80 * as having booted successfully 81 * 82 * Returns 0 on success, -errno on error. 83 */ 84 int (*markBootSuccessful)(struct boot_control_module *module); 85 86 /* 87 * (*setActiveBootSlot)() marks the slot passed in parameter as 88 * the active boot slot (see getCurrentSlot for an explanation 89 * of the "slot" parameter). This overrides any previous call to 90 * setSlotAsUnbootable. 91 * Returns 0 on success, -errno on error. 92 */ 93 int (*setActiveBootSlot)(struct boot_control_module *module, unsigned slot); 94 95 /* 96 * (*setSlotAsUnbootable)() marks the slot passed in parameter as 97 * an unbootable. This can be used while updating the contents of the slot's 98 * partitions, so that the system will not attempt to boot a known bad set up. 99 * Returns 0 on success, -errno on error. 100 */ 101 int (*setSlotAsUnbootable)(struct boot_control_module *module, unsigned slot); 102 103 /* 104 * (*isSlotBootable)() returns if the slot passed in parameter is 105 * bootable. Note that slots can be made unbootable by both the 106 * bootloader and by the OS using setSlotAsUnbootable. 107 * Returns 1 if the slot is bootable, 0 if it's not, and -errno on 108 * error. 109 */ 110 int (*isSlotBootable)(struct boot_control_module *module, unsigned slot); 111 112 /* 113 * (*getSuffix)() returns the string suffix used by partitions that 114 * correspond to the slot number passed in parameter. The returned string 115 * is expected to be statically allocated and not need to be freed. 116 * Returns NULL if slot does not match an existing slot. 117 */ 118 const char* (*getSuffix)(struct boot_control_module *module, unsigned slot); 119 120 /* 121 * (*isSlotMarkedSucessful)() returns if the slot passed in parameter has 122 * been marked as successful using markBootSuccessful. 123 * Returns 1 if the slot has been marked as successful, 0 if it's 124 * not the case, and -errno on error. 125 */ 126 int (*isSlotMarkedSuccessful)(struct boot_control_module *module, unsigned slot); 127 128 /** 129 * Returns the active slot to boot into on the next boot. If 130 * setActiveBootSlot() has been called, the getter function should return 131 * the same slot as the one provided in the last setActiveBootSlot() call. 132 */ 133 unsigned (*getActiveBootSlot)(struct boot_control_module *module); 134 135 void* reserved[30]; 136 } boot_control_module_t; 137 138 139 __END_DECLS 140 141 #endif // ANDROID_INCLUDE_HARDWARE_BOOT_CONTROL_H 142