diff --git a/doc/android/fastboot.rst b/doc/android/fastboot.rst index 7611f07038e..1ad8a897c85 100644 --- a/doc/android/fastboot.rst +++ b/doc/android/fastboot.rst @@ -28,6 +28,7 @@ The following OEM commands are supported (if enabled): - ``oem partconf`` - this executes ``mmc partconf %x 0`` to configure eMMC with = boot_ack boot_partition - ``oem bootbus`` - this executes ``mmc bootbus %x %s`` to configure eMMC +- ``oem run`` - this executes an arbitrary U-Boot command Support for both eMMC and NAND devices is included. @@ -227,6 +228,23 @@ and on the U-Boot side you should see:: Starting kernel ... +Running Shell Commands +^^^^^^^^^^^^^^^^^^^^^^ + +Normally, arbitrary U-Boot command execution is not enabled. This is so +fastboot can be used to update systems using verified boot. However, such +functionality can be useful for production or when verified boot is not in use. +Enable ``CONFIG_FASTBOOT_OEM_RUN`` to use this functionality. This will enable +``oem run`` command, which can be used with the fastboot client. For example, +to print "Hello at 115200 baud" (or whatever ``CONFIG_BAUDRATE`` is), run:: + + $ fastboot oem run:'echo Hello at $baudrate baud' + +You can run any command you would normally run on the U-Boot command line, +including multiple commands (using e.g. ``;`` or ``&&``) and control structures +(``if``, ``while``, etc.). The exit code of ``fastboot`` will reflect the exit +code of the command you ran. + References ---------- diff --git a/drivers/fastboot/Kconfig b/drivers/fastboot/Kconfig index b97c67bf609..eefa34779c4 100644 --- a/drivers/fastboot/Kconfig +++ b/drivers/fastboot/Kconfig @@ -80,12 +80,13 @@ config FASTBOOT_FLASH this to enable the "fastboot flash" command. config FASTBOOT_UUU_SUPPORT - bool "Enable FASTBOOT i.MX UUU special command" + bool "Enable UUU support" help - The fastboot protocol includes "UCmd" and "ACmd" command. - Be aware that you provide full access to any U-Boot command, - including working with memory and may open a huge backdoor, - when enabling this option. + This extends the fastboot protocol with the "UCmd" and "ACmd" + commands, which are used by NXP's "universal update utility" (UUU). + These commands allow running any shell command. Do not enable this + feature if you are using verified boot, as it will allow an attacker + to bypass any restrictions you have in place. choice prompt "Flash provider for FASTBOOT" @@ -218,6 +219,14 @@ config FASTBOOT_CMD_OEM_BOOTBUS Add support for the "oem bootbus" command from a client. This set the mmc boot configuration for the selecting eMMC device. +config FASTBOOT_OEM_RUN + bool "Enable the 'oem run' command" + help + This extends the fastboot protocol with an "oem run" command. This + command allows running arbitrary U-Boot shell commands. Do not enable + this feature if you are using verified boot, as it will allow an + attacker to bypass any restrictions you have in place. + endif # FASTBOOT endmenu diff --git a/drivers/fastboot/fb_command.c b/drivers/fastboot/fb_command.c index f0fd605854d..67a94798287 100644 --- a/drivers/fastboot/fb_command.c +++ b/drivers/fastboot/fb_command.c @@ -102,6 +102,10 @@ static const struct { .command = "oem bootbus", .dispatch = CONFIG_IS_ENABLED(FASTBOOT_CMD_OEM_BOOTBUS, (oem_bootbus), (NULL)) }, + [FASTBOOT_COMMAND_OEM_RUN] = { + .command = "oem run", + .dispatch = CONFIG_IS_ENABLED(FASTBOOT_OEM_RUN, (run_ucmd), (NULL)) + }, [FASTBOOT_COMMAND_UCMD] = { .command = "UCmd", .dispatch = CONFIG_IS_ENABLED(FASTBOOT_UUU_SUPPORT, (run_ucmd), (NULL)) diff --git a/include/fastboot.h b/include/fastboot.h index d062a3469ef..07f4c8fa711 100644 --- a/include/fastboot.h +++ b/include/fastboot.h @@ -36,6 +36,7 @@ enum { FASTBOOT_COMMAND_OEM_FORMAT, FASTBOOT_COMMAND_OEM_PARTCONF, FASTBOOT_COMMAND_OEM_BOOTBUS, + FASTBOOT_COMMAND_OEM_RUN, FASTBOOT_COMMAND_ACMD, FASTBOOT_COMMAND_UCMD, FASTBOOT_COMMAND_COUNT