Gitiles
Code Review Sign In
gerrit.omnirom.org / android_device_google_gs-common / 4d47ef8e8a70072922f9869f268e75e9a4bc5820 / . / bootctrl / 1.2 / BootControl.cpp
blob: 54764a054038ea3643b8585e8bd984cbc0b17c50 [file] [log] [blame]
Jason Chiu5d247d12023-11-27 16:42:44 +0800[diff] [blame]1/*
2 * Copyright (C) 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "bootcontrolhal"
18
19#include "BootControl.h"
20
21#include <android-base/file.h>
Steven Tsaic984d652024-07-04 20:08:40 +0800[diff] [blame]22#include <android-base/properties.h>
Jason Chiu5d247d12023-11-27 16:42:44 +0800[diff] [blame]23#include <android-base/unique_fd.h>
24#include <bootloader_message/bootloader_message.h>
25#include <cutils/properties.h>
26#include <libboot_control/libboot_control.h>
27#include <log/log.h>
28#include <trusty/tipc.h>
29
30#include "DevInfo.h"
31#include "GptUtils.h"
32
33namespace android {
34namespace hardware {
35namespace boot {
36namespace V1_2 {
37namespace implementation {
38
39using android::bootable::GetMiscVirtualAbMergeStatus;
40using android::bootable::InitMiscVirtualAbMessageIfNeeded;
41using android::bootable::SetMiscVirtualAbMergeStatus;
42using android::hardware::boot::V1_0::BoolResult;
43using android::hardware::boot::V1_0::CommandResult;
44using android::hardware::boot::V1_1::MergeStatus;
45
46namespace {
47
48// clang-format off
49
50#define BOOT_A_PATH "/dev/block/by-name/boot_a"
51#define BOOT_B_PATH "/dev/block/by-name/boot_b"
52#define DEVINFO_PATH "/dev/block/by-name/devinfo"
53
Jason Chiuec2a9a02023-11-30 22:25:57 +0800[diff] [blame]54#define BLOW_AR_PATH "/sys/kernel/boot_control/blow_ar"
55
Jason Chiu5d247d12023-11-27 16:42:44 +0800[diff] [blame]56// slot flags
57#define AB_ATTR_PRIORITY_SHIFT 52
58#define AB_ATTR_PRIORITY_MASK (3UL << AB_ATTR_PRIORITY_SHIFT)
59#define AB_ATTR_ACTIVE_SHIFT 54
60#define AB_ATTR_ACTIVE (1UL << AB_ATTR_ACTIVE_SHIFT)
61#define AB_ATTR_RETRY_COUNT_SHIFT (55)
62#define AB_ATTR_RETRY_COUNT_MASK (7UL << AB_ATTR_RETRY_COUNT_SHIFT)
63#define AB_ATTR_SUCCESSFUL (1UL << 58)
64#define AB_ATTR_UNBOOTABLE (1UL << 59)
65
66#define AB_ATTR_MAX_PRIORITY 3UL
67#define AB_ATTR_MAX_RETRY_COUNT 3UL
68
69// clang-format on
70
71static std::string getDevPath(uint32_t slot) {
72 char real_path[PATH_MAX];
73
74 const char *path = slot == 0 ? BOOT_A_PATH : BOOT_B_PATH;
75
76 int ret = readlink(path, real_path, sizeof real_path);
77 if (ret < 0) {
78 ALOGE("readlink failed for boot device %s\n", strerror(errno));
79 return std::string();
80 }
81
82 std::string dp(real_path);
83 // extract /dev/sda.. part
84 return dp.substr(0, sizeof "/dev/block/sdX" - 1);
85}
86
87static bool isSlotFlagSet(uint32_t slot, uint64_t flag) {
88 std::string dev_path = getDevPath(slot);
89 if (dev_path.empty()) {
90 ALOGI("Could not get device path for slot %d\n", slot);
91 return false;
92 }
93
94 GptUtils gpt(dev_path);
95 if (gpt.Load()) {
96 ALOGI("failed to load gpt data\n");
97 return false;
98 }
99
100 gpt_entry *e = gpt.GetPartitionEntry(slot ? "boot_b" : "boot_a");
101 if (e == nullptr) {
102 ALOGI("failed to get gpt entry\n");
103 return false;
104 }
105
106 return !!(e->attr & flag);
107}
108
109static bool setSlotFlag(uint32_t slot, uint64_t flag) {
110 std::string dev_path = getDevPath(slot);
111 if (dev_path.empty()) {
112 ALOGI("Could not get device path for slot %d\n", slot);
113 return false;
114 }
115
116 GptUtils gpt(dev_path);
117 if (gpt.Load()) {
118 ALOGI("failed to load gpt data\n");
119 return false;
120 }
121
122 gpt_entry *e = gpt.GetPartitionEntry(slot ? "boot_b" : "boot_a");
123 if (e == nullptr) {
124 ALOGI("failed to get gpt entry\n");
125 return false;
126 }
127
128 e->attr |= flag;
129 gpt.Sync();
130
131 return true;
132}
133
134static bool is_devinfo_valid;
135static bool is_devinfo_initialized;
136static std::mutex devinfo_lock;
137static devinfo_t devinfo;
138
139static bool isDevInfoValid() {
140 const std::lock_guard<std::mutex> lock(devinfo_lock);
141
142 if (is_devinfo_initialized) {
143 return is_devinfo_valid;
144 }
145
146 is_devinfo_initialized = true;
147
148 android::base::unique_fd fd(open(DEVINFO_PATH, O_RDONLY));
149 android::base::ReadFully(fd, &devinfo, sizeof devinfo);
150
151 if (devinfo.magic != DEVINFO_MAGIC) {
152 return is_devinfo_valid;
153 }
154
155 uint32_t version = ((uint32_t)devinfo.ver_major << 16) | devinfo.ver_minor;
156 // only version 3.3+ supports A/B data
157 if (version >= 0x0003'0003) {
158 is_devinfo_valid = true;
159 }
160
161 return is_devinfo_valid;
162}
163
164static bool DevInfoSync() {
165 if (!isDevInfoValid()) {
166 return false;
167 }
168
169 android::base::unique_fd fd(open(DEVINFO_PATH, O_WRONLY | O_DSYNC));
170 return android::base::WriteFully(fd, &devinfo, sizeof devinfo);
171}
172
173static void DevInfoInitSlot(devinfo_ab_slot_data_t &slot_data) {
174 slot_data.retry_count = AB_ATTR_MAX_RETRY_COUNT;
175 slot_data.unbootable = 0;
176 slot_data.successful = 0;
177 slot_data.active = 1;
178 slot_data.fastboot_ok = 0;
179}
180
181static int blow_otp_AR(bool secure) {
182 static const char *dev_name = "/dev/trusty-ipc-dev0";
183 static const char *otp_name = "com.android.trusty.otp_manager.tidl";
184 int fd = 1, ret = 0;
185 uint32_t cmd = secure? OTP_CMD_write_antirbk_secure_ap : OTP_CMD_write_antirbk_non_secure_ap;
186 fd = tipc_connect(dev_name, otp_name);
187 if (fd < 0) {
188 ALOGI("Failed to connect to OTP_MGR ns TA - is it missing?\n");
189 ret = -1;
190 return ret;
191 }
192
193 struct otp_mgr_req_base req = {
194 .command = cmd,
195 .resp_payload_size = 0,
196 };
197 struct iovec iov[] = {
198 {
199 .iov_base = &req,
200 .iov_len = sizeof(req),
201 },
202 };
203
204 int rc = tipc_send(fd, iov, 1, NULL, 0);
205 if (rc != sizeof(req)) {
206 ALOGI("Send fail! %x\n", rc);
207 return rc;
208 }
209
210 struct otp_mgr_rsp_base resp;
211 rc = read(fd, &resp, sizeof(resp));
212 if (rc < 0) {
213 ALOGI("Read fail! %x\n", rc);
214 return rc;
215 }
216
217 if (rc < sizeof(resp)) {
218 ALOGI("Not enough data! %x\n", rc);
219 return -EIO;
220 }
221
222 if (resp.command != (cmd | OTP_RESP_BIT)) {
223 ALOGI("Wrong command! %x\n", resp.command);
224 return -EINVAL;
225 }
226
227 if (resp.result != 0) {
228 fprintf(stderr, "AR writing error! %x\n", resp.result);
229 return -EINVAL;
230 }
231
232 tipc_close(fd);
233 return 0;
234}
235
Jason Chiuec2a9a02023-11-30 22:25:57 +0800[diff] [blame]236static bool blowAR_zuma() {
Jason Chiu5d247d12023-11-27 16:42:44 +0800[diff] [blame]237 int ret = blow_otp_AR(true);
238 if (ret) {
239 ALOGI("Blow secure anti-rollback OTP failed");
240 return false;
241 }
242
243 ret = blow_otp_AR(false);
244 if (ret) {
245 ALOGI("Blow non-secure anti-rollback OTP failed");
246 return false;
247 }
248
249 return true;
250}
Jason Chiuec2a9a02023-11-30 22:25:57 +0800[diff] [blame]251
252static bool blowAR_gs101() {
253 android::base::unique_fd fd(open(BLOW_AR_PATH, O_WRONLY | O_DSYNC));
254 return android::base::WriteStringToFd("1", fd);
255}
256
257static bool blowAR() {
Steven Tsaic984d652024-07-04 20:08:40 +0800[diff] [blame]258 const auto& platform = ::android::base::GetProperty("ro.boot.hardware.platform", "");
Jason Chiuec2a9a02023-11-30 22:25:57 +0800[diff] [blame]259
Steven Tsaic984d652024-07-04 20:08:40 +0800[diff] [blame]260 if (platform == "gs101") {
Jason Chiuec2a9a02023-11-30 22:25:57 +0800[diff] [blame]261 return blowAR_gs101();
Steven Tsaic984d652024-07-04 20:08:40 +0800[diff] [blame]262 } else if (platform == "gs201" || platform == "zuma" || platform == "zumapro") {
Jason Chiuec2a9a02023-11-30 22:25:57 +0800[diff] [blame]263 return blowAR_zuma();
264 }
265
Steven Tsaic984d652024-07-04 20:08:40 +0800[diff] [blame]266 return false;
Jason Chiuec2a9a02023-11-30 22:25:57 +0800[diff] [blame]267}
268
Jason Chiu5d247d12023-11-27 16:42:44 +0800[diff] [blame]269} // namespace
270
271// Methods from ::android::hardware::boot::V1_0::IBootControl follow.
272Return<uint32_t> BootControl::getNumberSlots() {
273 uint32_t slots = 0;
274
275 if (access(BOOT_A_PATH, F_OK) == 0)
276 slots++;
277
278 if (access(BOOT_B_PATH, F_OK) == 0)
279 slots++;
280
281 return slots;
282}
283
284Return<uint32_t> BootControl::getCurrentSlot() {
285 char suffix[PROPERTY_VALUE_MAX];
286 property_get("ro.boot.slot_suffix", suffix, "_a");
287 return std::string(suffix) == "_b" ? 1 : 0;
288}
289
290Return<void> BootControl::markBootSuccessful(markBootSuccessful_cb _hidl_cb) {
291 if (getNumberSlots() == 0) {
292 // no slots, just return true otherwise Android keeps trying
293 _hidl_cb({true, ""});
294 return Void();
295 }
296
297 bool ret;
298 if (isDevInfoValid()) {
299 auto const slot = getCurrentSlot();
300 devinfo.ab_data.slots[slot].successful = 1;
301 ret = DevInfoSync();
302 } else {
303 ret = setSlotFlag(getCurrentSlot(), AB_ATTR_SUCCESSFUL);
304 }
305
306 if (!ret) {
307 _hidl_cb({false, "Failed to set successful flag"});
308 return Void();
309 }
310
311 if (!blowAR()) {
312 ALOGE("Failed to blow anti-rollback counter");
313 // Ignore the error, since ABL will re-trigger it on reboot
314 }
315
316 _hidl_cb({true, ""});
317 return Void();
318}
319
320Return<void> BootControl::setActiveBootSlot(uint32_t slot, setActiveBootSlot_cb _hidl_cb) {
321 if (slot >= 2) {
322 _hidl_cb({false, "Invalid slot"});
323 return Void();
324 }
325
326 if (isDevInfoValid()) {
327 auto &active_slot_data = devinfo.ab_data.slots[slot];
328 auto &inactive_slot_data = devinfo.ab_data.slots[!slot];
329
330 inactive_slot_data.active = 0;
331 DevInfoInitSlot(active_slot_data);
332
333 if (!DevInfoSync()) {
334 _hidl_cb({false, "Could not update DevInfo data"});
335 return Void();
336 }
337 } else {
338 std::string dev_path = getDevPath(slot);
339 if (dev_path.empty()) {
340 _hidl_cb({false, "Could not get device path for slot"});
341 return Void();
342 }
343
344 GptUtils gpt(dev_path);
345 if (gpt.Load()) {
346 _hidl_cb({false, "failed to load gpt data"});
347 return Void();
348 }
349
350 gpt_entry *active_entry = gpt.GetPartitionEntry(slot == 0 ? "boot_a" : "boot_b");
351 gpt_entry *inactive_entry = gpt.GetPartitionEntry(slot == 0 ? "boot_b" : "boot_a");
352 if (active_entry == nullptr || inactive_entry == nullptr) {
353 _hidl_cb({false, "failed to get entries for boot partitions"});
354 return Void();
355 }
356
357 ALOGV("slot active attributes %lx\n", active_entry->attr);
358 ALOGV("slot inactive attributes %lx\n", inactive_entry->attr);
359
360 // update attributes for active and inactive
361 inactive_entry->attr &= ~AB_ATTR_ACTIVE;
362 active_entry->attr = AB_ATTR_ACTIVE | (AB_ATTR_MAX_PRIORITY << AB_ATTR_PRIORITY_SHIFT) |
363 (AB_ATTR_MAX_RETRY_COUNT << AB_ATTR_RETRY_COUNT_SHIFT);
364 }
365
366 char boot_dev[PROPERTY_VALUE_MAX];
367 property_get("ro.boot.bootdevice", boot_dev, "");
368 if (boot_dev[0] == '\0') {
Jason Chiu2a201a72023-11-25 02:53:02 +0800[diff] [blame]369 ALOGI("failed to get ro.boot.bootdevice. try ro.boot.boot_devices\n");
370 property_get("ro.boot.boot_devices", boot_dev, "");
371 if (boot_dev[0] == '\0') {
372 _hidl_cb({false, "invalid ro.boot.bootdevice and ro.boot.boot_devices prop"});
373 return Void();
374 }
Jason Chiu5d247d12023-11-27 16:42:44 +0800[diff] [blame]375 }
376
377 std::string boot_lun_path =
378 std::string("/sys/devices/platform/") + boot_dev + "/pixel/boot_lun_enabled";
379 int fd = open(boot_lun_path.c_str(), O_RDWR | O_DSYNC);
380 if (fd < 0) {
381 // Try old path for kernels < 5.4
382 // TODO: remove once kernel 4.19 support is deprecated
383 std::string boot_lun_path =
384 std::string("/sys/devices/platform/") + boot_dev + "/attributes/boot_lun_enabled";
385 fd = open(boot_lun_path.c_str(), O_RDWR | O_DSYNC);
386 if (fd < 0) {
387 _hidl_cb({false, "failed to open ufs attr boot_lun_enabled"});
388 return Void();
389 }
390 }
391
392 //
393 // bBootLunEn
394 // 0x1 => Boot LU A = enabled, Boot LU B = disable
395 // 0x2 => Boot LU A = disable, Boot LU B = enabled
396 //
397 int ret = android::base::WriteStringToFd(slot == 0 ? "1" : "2", fd);
398 close(fd);
399 if (ret < 0) {
400 _hidl_cb({false, "faied to write boot_lun_enabled attribute"});
401 return Void();
402 }
403
404 _hidl_cb({true, ""});
405 return Void();
406}
407
408Return<void> BootControl::setSlotAsUnbootable(uint32_t slot, setSlotAsUnbootable_cb _hidl_cb) {
409 if (slot >= 2) {
410 _hidl_cb({false, "Invalid slot"});
411 return Void();
412 }
413
414 if (isDevInfoValid()) {
415 auto &slot_data = devinfo.ab_data.slots[slot];
416 slot_data.unbootable = 1;
417 if (!DevInfoSync()) {
418 _hidl_cb({false, "Could not update DevInfo data"});
419 return Void();
420 }
421 } else {
422 std::string dev_path = getDevPath(slot);
423 if (dev_path.empty()) {
424 _hidl_cb({false, "Could not get device path for slot"});
425 return Void();
426 }
427
428 GptUtils gpt(dev_path);
429 gpt.Load();
430
431 gpt_entry *e = gpt.GetPartitionEntry(slot ? "boot_b" : "boot_a");
432 e->attr |= AB_ATTR_UNBOOTABLE;
433
434 gpt.Sync();
435 }
436
437 _hidl_cb({true, ""});
438 return Void();
439}
440
441Return<::android::hardware::boot::V1_0::BoolResult> BootControl::isSlotBootable(uint32_t slot) {
442 if (getNumberSlots() == 0)
443 return BoolResult::FALSE;
444 if (slot >= getNumberSlots())
445 return BoolResult::INVALID_SLOT;
446
447 bool unbootable;
448 if (isDevInfoValid()) {
449 auto &slot_data = devinfo.ab_data.slots[slot];
450 unbootable = !!slot_data.unbootable;
451 } else {
452 unbootable = isSlotFlagSet(slot, AB_ATTR_UNBOOTABLE);
453 }
454
455 return unbootable ? BoolResult::FALSE : BoolResult::TRUE;
456}
457
458Return<::android::hardware::boot::V1_0::BoolResult> BootControl::isSlotMarkedSuccessful(
459 uint32_t slot) {
460 if (getNumberSlots() == 0) {
461 // just return true so that we don't we another call trying to mark it as successful
462 // when there is no slots
463 return BoolResult::TRUE;
464 }
465 if (slot >= getNumberSlots())
466 return BoolResult::INVALID_SLOT;
467
468 bool successful;
469 if (isDevInfoValid()) {
470 auto &slot_data = devinfo.ab_data.slots[slot];
471 successful = !!slot_data.successful;
472 } else {
473 successful = isSlotFlagSet(slot, AB_ATTR_SUCCESSFUL);
474 }
475
476 return successful ? BoolResult::TRUE : BoolResult::FALSE;
477}
478
479Return<void> BootControl::getSuffix(uint32_t slot, getSuffix_cb _hidl_cb) {
480 _hidl_cb(slot == 0 ? "_a" : slot == 1 ? "_b" : "");
481 return Void();
482}
483
484// Methods from ::android::hardware::boot::V1_1::IBootControl follow.
485bool BootControl::Init() {
486 return InitMiscVirtualAbMessageIfNeeded();
487}
488
489Return<bool> BootControl::setSnapshotMergeStatus(
490 ::android::hardware::boot::V1_1::MergeStatus status) {
491 return SetMiscVirtualAbMergeStatus(getCurrentSlot(), status);
492}
493
494Return<::android::hardware::boot::V1_1::MergeStatus> BootControl::getSnapshotMergeStatus() {
495 MergeStatus status;
496 if (!GetMiscVirtualAbMergeStatus(getCurrentSlot(), &status)) {
497 return MergeStatus::UNKNOWN;
498 }
499 return status;
500}
501
502// Methods from ::android::hardware::boot::V1_2::IBootControl follow.
503Return<uint32_t> BootControl::getActiveBootSlot() {
504 if (getNumberSlots() == 0)
505 return 0;
506
507 if (isDevInfoValid())
508 return devinfo.ab_data.slots[1].active ? 1 : 0;
509 return isSlotFlagSet(1, AB_ATTR_ACTIVE) ? 1 : 0;
510}
511
512// Methods from ::android::hidl::base::V1_0::IBase follow.
513
514IBootControl *HIDL_FETCH_IBootControl(const char * /* name */) {
515 auto module = new BootControl();
516
517 module->Init();
518
519 return module;
520}
521
522} // namespace implementation
523} // namespace V1_2
524} // namespace boot
525} // namespace hardware
526} // namespace android