1 /*
2  * Copyright (C) 2008 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef _BOOTLOADER_MESSAGE_H
18 #define _BOOTLOADER_MESSAGE_H
19 
20 #include <assert.h>
21 #include <stddef.h>
22 #include <stdint.h>
23 
24 // Spaces used by misc partition are as below:
25 // 0   - 2K     For bootloader_message
26 // 2K  - 16K    Used by Vendor's bootloader (the 2K - 4K range may be optionally used
27 //              as bootloader_message_ab struct)
28 // 16K - 32K    Used by uncrypt and recovery to store wipe_package for A/B devices
29 // 32K - 64K    System space, used for miscellanious AOSP features. See below.
30 // Note that these offsets are admitted by bootloader,recovery and uncrypt, so they
31 // are not configurable without changing all of them.
32 constexpr size_t BOOTLOADER_MESSAGE_OFFSET_IN_MISC = 0;
33 constexpr size_t VENDOR_SPACE_OFFSET_IN_MISC = 2 * 1024;
34 constexpr size_t WIPE_PACKAGE_OFFSET_IN_MISC = 16 * 1024;
35 constexpr size_t SYSTEM_SPACE_OFFSET_IN_MISC = 32 * 1024;
36 constexpr size_t SYSTEM_SPACE_SIZE_IN_MISC = 32 * 1024;
37 
38 /* Bootloader Message (2-KiB)
39  *
40  * This structure describes the content of a block in flash
41  * that is used for recovery and the bootloader to talk to
42  * each other.
43  *
44  * The command field is updated by linux when it wants to
45  * reboot into recovery or to update radio or bootloader firmware.
46  * It is also updated by the bootloader when firmware update
47  * is complete (to boot into recovery for any final cleanup)
48  *
49  * The status field was used by the bootloader after the completion
50  * of an "update-radio" or "update-hboot" command, which has been
51  * deprecated since Froyo.
52  *
53  * The recovery field is only written by linux and used
54  * for the system to send a message to recovery or the
55  * other way around.
56  *
57  * The stage field is written by packages which restart themselves
58  * multiple times, so that the UI can reflect which invocation of the
59  * package it is.  If the value is of the format "#/#" (eg, "1/3"),
60  * the UI will add a simple indicator of that status.
61  *
62  * We used to have slot_suffix field for A/B boot control metadata in
63  * this struct, which gets unintentionally cleared by recovery or
64  * uncrypt. Move it into struct bootloader_message_ab to avoid the
65  * issue.
66  */
67 struct bootloader_message {
68     char command[32];
69     char status[32];
70     char recovery[768];
71 
72     // The 'recovery' field used to be 1024 bytes.  It has only ever
73     // been used to store the recovery command line, so 768 bytes
74     // should be plenty.  We carve off the last 256 bytes to store the
75     // stage string (for multistage packages) and possible future
76     // expansion.
77     char stage[32];
78 
79     // The 'reserved' field used to be 224 bytes when it was initially
80     // carved off from the 1024-byte recovery field. Bump it up to
81     // 1184-byte so that the entire bootloader_message struct rounds up
82     // to 2048-byte.
83     char reserved[1184];
84 };
85 
86 // Holds Virtual A/B merge status information. Current version is 1. New fields
87 // must be added to the end.
88 struct misc_virtual_ab_message {
89   uint8_t version;
90   uint32_t magic;
91   uint8_t merge_status;  // IBootControl 1.1, MergeStatus enum.
92   uint8_t source_slot;   // Slot number when merge_status was written.
93   uint8_t reserved[57];
94 } __attribute__((packed));
95 
96 struct misc_memtag_message {
97   uint8_t version;
98   uint32_t magic; // magic string for treble compat
99   uint32_t memtag_mode;
100   uint8_t reserved[55];
101 } __attribute__((packed));
102 
103 struct misc_kcmdline_message {
104   uint8_t version;
105   uint32_t magic;
106   uint64_t kcmdline_flags;
107   uint8_t reserved[51];
108 } __attribute__((packed));
109 
110 // holds generic platform info, managed by misctrl
111 struct misc_control_message {
112   uint8_t version;
113   uint32_t magic;
114   uint64_t misctrl_flags;
115   uint8_t reserved[51];
116 } __attribute__((packed));
117 
118 #define MISC_VIRTUAL_AB_MESSAGE_VERSION 2
119 #define MISC_VIRTUAL_AB_MAGIC_HEADER 0x56740AB0
120 
121 #define MISC_MEMTAG_MESSAGE_VERSION 1
122 #define MISC_MEMTAG_MAGIC_HEADER 0x5afefe5a
123 #define MISC_MEMTAG_MODE_MEMTAG 0x1
124 #define MISC_MEMTAG_MODE_MEMTAG_ONCE 0x2
125 #define MISC_MEMTAG_MODE_MEMTAG_KERNEL 0x4
126 #define MISC_MEMTAG_MODE_MEMTAG_KERNEL_ONCE 0x8
127 #define MISC_MEMTAG_MODE_MEMTAG_OFF 0x10
128 // This is set when the state was overridden forcibly. This does not need to be
129 // interpreted by the bootloader but is only for bookkeeping purposes so
130 // userspace knows what to do when the override is undone.
131 // See system/extras/mtectrl in AOSP for more information.
132 #define MISC_MEMTAG_MODE_FORCED 0x20
133 
134 #define MISC_KCMDLINE_MESSAGE_VERSION 1
135 #define MISC_KCMDLINE_MAGIC_HEADER 0x6ab5110c
136 #define MISC_KCMDLINE_BINDER_RUST 0x1
137 
138 #define MISC_CONTROL_MESSAGE_VERSION 1
139 #define MISC_CONTROL_MAGIC_HEADER 0x736d6f72
140 #define MISC_CONTROL_16KB_BEFORE 0x1
141 
142 #if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
143 static_assert(sizeof(struct misc_virtual_ab_message) == 64,
144               "struct misc_virtual_ab_message has wrong size");
145 static_assert(sizeof(struct misc_memtag_message) == 64,
146               "struct misc_memtag_message has wrong size");
147 static_assert(sizeof(struct misc_kcmdline_message) == 64,
148               "struct misc_kcmdline_message has wrong size");
149 static_assert(sizeof(struct misc_control_message) == 64,
150               "struct misc_control_message has wrong size");
151 #endif
152 
153 // This struct is not meant to be used directly, rather, it is to make
154 // computation of offsets easier. New fields must be added to the end.
155 struct misc_system_space_layout {
156   misc_virtual_ab_message virtual_ab_message;
157   misc_memtag_message memtag_message;
158   misc_kcmdline_message kcmdline_message;
159   misc_control_message control_message;
160 } __attribute__((packed));
161 
162 #if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
163 static_assert(sizeof(struct misc_system_space_layout) % 64 == 0,
164               "prefer to extend by 64 byte chunks, for consistency");
165 #endif
166 
167 #ifdef __cplusplus
168 
169 #include <string>
170 #include <vector>
171 
172 // Gets the block device name of /misc partition.
173 std::string get_misc_blk_device(std::string* err);
174 // Return the block device name for the bootloader message partition and waits
175 // for the device for up to 10 seconds. In case of error returns the empty
176 // string.
177 std::string get_bootloader_message_blk_device(std::string* err);
178 
179 // Writes |size| bytes of data from buffer |p| to |misc_blk_device| at |offset|. If the write fails,
180 // sets the error message in |err|.
181 bool write_misc_partition(const void* p, size_t size, const std::string& misc_blk_device,
182                           size_t offset, std::string* err);
183 
184 // Read bootloader message into boot. Error message will be set in err.
185 bool read_bootloader_message(bootloader_message* boot, std::string* err);
186 
187 // Read bootloader message from the specified misc device into boot.
188 bool read_bootloader_message_from(bootloader_message* boot, const std::string& misc_blk_device,
189                                   std::string* err);
190 
191 // Write bootloader message to BCB.
192 bool write_bootloader_message(const bootloader_message& boot, std::string* err);
193 
194 // Write bootloader message to the specified BCB device.
195 bool write_bootloader_message_to(const bootloader_message& boot,
196                                  const std::string& misc_blk_device, std::string* err);
197 
198 // Write bootloader message (boots into recovery with the options) to BCB. Will
199 // set the command and recovery fields, and reset the rest.
200 bool write_bootloader_message(const std::vector<std::string>& options, std::string* err);
201 
202 // Write bootloader message (boots into recovery with the options) to the specific BCB device. Will
203 // set the command and recovery fields, and reset the rest.
204 bool write_bootloader_message_to(const std::vector<std::string>& options,
205                                  const std::string& misc_blk_device, std::string* err);
206 
207 // Update bootloader message (boots into recovery with the options) to BCB. Will
208 // only update the command and recovery fields.
209 bool update_bootloader_message(const std::vector<std::string>& options, std::string* err);
210 
211 // Update bootloader message (boots into recovery with the |options|) in |boot|. Will only update
212 // the command and recovery fields.
213 bool update_bootloader_message_in_struct(bootloader_message* boot,
214                                          const std::vector<std::string>& options);
215 
216 // Clear BCB.
217 bool clear_bootloader_message(std::string* err);
218 
219 // Writes the reboot-bootloader reboot reason to the bootloader_message.
220 bool write_reboot_bootloader(std::string* err);
221 
222 // Read the wipe package from BCB (from offset WIPE_PACKAGE_OFFSET_IN_MISC).
223 bool read_wipe_package(std::string* package_data, size_t size, std::string* err);
224 
225 // Write the wipe package into BCB (to offset WIPE_PACKAGE_OFFSET_IN_MISC).
226 bool write_wipe_package(const std::string& package_data, std::string* err);
227 
228 // Read or write the Virtual A/B message from system space in /misc.
229 bool ReadMiscVirtualAbMessage(misc_virtual_ab_message* message, std::string* err);
230 bool WriteMiscVirtualAbMessage(const misc_virtual_ab_message& message, std::string* err);
231 
232 // Read or write the memtag message from system space in /misc.
233 bool ReadMiscMemtagMessage(misc_memtag_message* message, std::string* err);
234 bool WriteMiscMemtagMessage(const misc_memtag_message& message, std::string* err);
235 
236 // Read or write the kcmdline message from system space in /misc.
237 bool ReadMiscKcmdlineMessage(misc_kcmdline_message* message, std::string* err);
238 bool WriteMiscKcmdlineMessage(const misc_kcmdline_message& message, std::string* err);
239 
240 // Read or write the kcmdline message from system space in /misc.
241 bool ReadMiscControlMessage(misc_control_message* message, std::string* err);
242 bool WriteMiscControlMessage(const misc_control_message& message, std::string* err);
243 
244 // Check reserved system space.
245 bool CheckReservedSystemSpaceEmpty(bool* empty, std::string* err);
246 
247 #else
248 
249 #include <stdbool.h>
250 
251 // C Interface.
252 bool write_bootloader_message(const char* options);
253 bool write_reboot_bootloader(void);
254 
255 #endif  // ifdef __cplusplus
256 
257 #endif  // _BOOTLOADER_MESSAGE_H
258