When the bootloader is UNLOCKED, it should be possible to boot Android
even if AVB reports verification errors [1].
This allows developers to flash modified partitions on
userdebug/engineering builds.
Developers can do so on unlocked devices with:
$ fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img
In such case, bootmeth_android refuses to boot.
Allow the boot to continue when the device is UNLOCKED and AVB reports
verification errors.
[1] https://source.android.com/docs/security/features/verifiedboot/boot-flow#unlocked-devices
Fixes: 125d9f3306 ("bootstd: Add a bootmeth for Android")
Reviewed-by: Julien Masson <jmasson@baylibre.com>
Link: https://lore.kernel.org/r/20250108-avb-disable-verif-v2-2-ba7d3b0d5b6a@baylibre.com
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
When booting an Android build with AVB enabled, it's still possible to
deactivate the check for development purposes if the bootloader state is
UNLOCKED.
This is very useful for development and can be done at flashing time via:
$ fastboot flash --disable-verity --disable-verification vbmeta vbmeta.img
However, with bootmeth_android, we cannot boot this way:
Scanning bootdev 'mmc@fa10000.bootdev':
0 android ready mmc 0 mmc@fa10000.bootdev.whole
** Booting bootflow 'mmc@fa10000.bootdev.whole' with android
avb_vbmeta_image.c:188: ERROR: Hash does not match!
avb_slot_verify.c:732: ERROR: vbmeta_a: Error verifying vbmeta image: HASH_MISMATCH
get_partition: can't find partition '_a'
avb_slot_verify.c:496: ERROR: _a: Error determining partition size.
Verification failed, reason: I/O error occurred while trying to load data
Boot failed (err=-5)
No more bootdevs
From the logs we can see that avb tries to read a partition named '_a'.
It's doing so because the last element of requested_partitions implicitly is
'\0', but the doc explicitly request it to be NULL instead.
Add NULL as last element to requested_partitions to avoid this problem.
Fixes: 125d9f3306 ("bootstd: Add a bootmeth for Android")
Reviewed-by: Julien Masson <jmasson@baylibre.com>
Link: https://lore.kernel.org/r/20250108-avb-disable-verif-v2-1-ba7d3b0d5b6a@baylibre.com
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Simon Glass <sjg@chromium.org> says:
This series provides a way to keep track of the images used in bootstd,
including the type of each image.
At present this is sort-of handled by struct bootflow but in quite an
ad-hoc way. The structure has become quite large and is hard to query.
Future work will be able to reduce its size.
Ultimately the 'bootflow info' command may change to also show images as
a list, but that is left for later, as this series is already fairly
long. So for now, just introduce the concept and adjust bootstd to use
it, with a simple command to list the images.
This series includes various alist enhancements, to make use of this new
data structure a little easier.
[trini: Drop patch 18 and 19 for now due to size considerations]
Link: https://lore.kernel.org/r/20241115231926.211999-1-sjg@chromium.org
We want to record the type of each file which is loaded. Add an new
parameter for this, to the read_file() method. Update all users.
Make bootmeth_common_read_file() store information about the image that
is read.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
The current implementation is reading the whole partition for boot and
vendor_boot image which can be long following the size of the
partition or the time to read blocks (driver/SoC specific).
For example with mediatek mt8365 EVK board, we have a 64MiB boot
partition and the boot image flashed in this partition is only 42MiB.
It takes ~8-9 secs to read the boot partition.
Instead we can retrieved the boot image and vendor boot image size
with these new functions:
- android_image_get_bootimg_size
- android_image_get_vendor_bootimg_size
Use these information and read only the necessary.
By doing this with mt8365 EVK board, we read boot image in ~5 secs.
Signed-off-by: Julien Masson <jmasson@baylibre.com>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Link: https://lore.kernel.org/r/20241121-bootmeth-android-part-sizes-v1-1-25760bbd0f08@baylibre.com
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Update android bootmeth to support non-A/B image.
Enable AB support only when ANDROID_AB is enabled.
Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Signed-off-by: Guillaume La Roque <glaroque@baylibre.com>
Link: https://lore.kernel.org/r/20241126-adnroidv2-v4-2-11636106dc69@baylibre.com
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
Android boot flow is a bit different than a regular Linux distro.
Android relies on multiple partitions in order to boot.
A typical boot flow would be:
1. Parse the Bootloader Control Block (BCB, misc partition)
2. If BCB requested bootonce-bootloader, start fastboot and wait.
3. If BCB requested recovery or normal android, run the following:
3.a. Get slot (A/B) from BCB
3.b. Run AVB (Android Verified Boot) on boot partitions
3.c. Load boot and vendor_boot partitions
3.d. Load device-tree, ramdisk and boot
The AOSP documentation has more details at [1], [2], [3]
This has been implemented via complex boot scripts such as [4].
However, these boot script are neither very maintainable nor generic.
Moreover, DISTRO_DEFAULTS is being deprecated [5].
Add a generic Android bootflow implementation for bootstd.
For this initial version, only boot image v4 is supported.
[1] https://source.android.com/docs/core/architecture/bootloader
[2] https://source.android.com/docs/core/architecture/partitions
[3] https://source.android.com/docs/core/architecture/partitions/generic-boot
[4] https://source.denx.de/u-boot/u-boot/-/blob/master/include/configs/meson64_android.h
[5] https://lore.kernel.org/r/all/20230914165615.1058529-17-sjg@chromium.org/
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Julien Masson <jmasson@baylibre.com>
Tested-by: Guillaume La Roque <glaroque@baylibre.com>
Signed-off-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>
