[PATCH] android_ab: Try backup booloader_message
Joshua Watt
jpewhacker at gmail.com
Mon Jul 3 17:07:13 CEST 2023
Some devices keep 2 copies of the bootloader_message in the misc
partition and write each in sequence when updating. This ensures that
there is always one valid copy of the bootloader_message. Teach u-boot
to optionally try a backup bootloader_message from a specified offset if
the primary one fails its CRC check.
Signed-off-by: Joshua Watt <JPEWhacker at gmail.com>
---
boot/android_ab.c | 77 ++++++++++++++++++++++++++++++++++++++--------
common/Kconfig | 9 ++++++
doc/android/ab.rst | 6 ++++
3 files changed, 80 insertions(+), 12 deletions(-)
diff --git a/boot/android_ab.c b/boot/android_ab.c
index 60ae002978..73b55c196c 100644
--- a/boot/android_ab.c
+++ b/boot/android_ab.c
@@ -85,11 +85,13 @@ static int ab_control_default(struct bootloader_control *abc)
*/
static int ab_control_create_from_disk(struct blk_desc *dev_desc,
const struct disk_partition *part_info,
- struct bootloader_control **abc)
+ struct bootloader_control **abc,
+ ulong offset)
{
ulong abc_offset, abc_blocks, ret;
- abc_offset = offsetof(struct bootloader_message_ab, slot_suffix);
+ abc_offset = offset +
+ offsetof(struct bootloader_message_ab, slot_suffix);
if (abc_offset % part_info->blksz) {
log_err("ANDROID: Boot control block not block aligned.\n");
return -EINVAL;
@@ -135,11 +137,12 @@ static int ab_control_create_from_disk(struct blk_desc *dev_desc,
*/
static int ab_control_store(struct blk_desc *dev_desc,
const struct disk_partition *part_info,
- struct bootloader_control *abc)
+ struct bootloader_control *abc, ulong offset)
{
ulong abc_offset, abc_blocks, ret;
- abc_offset = offsetof(struct bootloader_message_ab, slot_suffix) /
+ abc_offset = offset +
+ offsetof(struct bootloader_message_ab, slot_suffix) /
part_info->blksz;
abc_blocks = DIV_ROUND_UP(sizeof(struct bootloader_control),
part_info->blksz);
@@ -189,8 +192,11 @@ int ab_select_slot(struct blk_desc *dev_desc, struct disk_partition *part_info,
int slot, i, ret;
bool store_needed = false;
char slot_suffix[4];
+#if ANDROID_AB_BACKUP_OFFSET
+ struct bootloader_control *backup_abc = NULL;
+#endif
- ret = ab_control_create_from_disk(dev_desc, part_info, &abc);
+ ret = ab_control_create_from_disk(dev_desc, part_info, &abc, 0);
if (ret < 0) {
/*
* This condition represents an actual problem with the code or
@@ -200,22 +206,53 @@ int ab_select_slot(struct blk_desc *dev_desc, struct disk_partition *part_info,
return ret;
}
+#if ANDROID_AB_BACKUP_OFFSET
+ ret = ab_control_create_from_disk(dev_desc, part_info, &backup_abc,
+ ANDROID_AB_BACKUP_OFFSET);
+ if (ret < 0) {
+ free(abc);
+ return ret;
+ }
+#endif
+
crc32_le = ab_control_compute_crc(abc);
if (abc->crc32_le != crc32_le) {
log_err("ANDROID: Invalid CRC-32 (expected %.8x, found %.8x),",
crc32_le, abc->crc32_le);
- log_err("re-initializing A/B metadata.\n");
-
- ret = ab_control_default(abc);
- if (ret < 0) {
- free(abc);
- return -ENODATA;
+#if ANDROID_AB_BACKUP_OFFSET
+ crc32_le = ab_control_compute_crc(backup_abc);
+ if (backup_abc->crc32_le != crc32_le) {
+ log_err("ANDROID: Invalid backup CRC-32 ")
+ log_err("expected %.8x, found %.8x),",
+ crc32_le, backup_abc->crc32_le);
+#endif
+
+ log_err("re-initializing A/B metadata.\n");
+
+ ret = ab_control_default(abc);
+ if (ret < 0) {
+#if ANDROID_AB_BACKUP_OFFSET
+ free(backup_abc);
+#endif
+ free(abc);
+ return -ENODATA;
+ }
+#if ANDROID_AB_BACKUP_OFFSET
+ } else {
+ /*
+ * Backup is valid. Copy it to the primary
+ */
+ memcpy(abc, backup_abc, sizeof(*abc));
}
+#endif
store_needed = true;
}
if (abc->magic != BOOT_CTRL_MAGIC) {
log_err("ANDROID: Unknown A/B metadata: %.8x\n", abc->magic);
+#if ANDROID_AB_BACKUP_OFFSET
+ free(backup_abc);
+#endif
free(abc);
return -ENODATA;
}
@@ -223,6 +260,9 @@ int ab_select_slot(struct blk_desc *dev_desc, struct disk_partition *part_info,
if (abc->version > BOOT_CTRL_VERSION) {
log_err("ANDROID: Unsupported A/B metadata version: %.8x\n",
abc->version);
+#if ANDROID_AB_BACKUP_OFFSET
+ free(backup_abc);
+#endif
free(abc);
return -ENODATA;
}
@@ -297,8 +337,21 @@ int ab_select_slot(struct blk_desc *dev_desc, struct disk_partition *part_info,
if (store_needed) {
abc->crc32_le = ab_control_compute_crc(abc);
- ab_control_store(dev_desc, part_info, abc);
+ ab_control_store(dev_desc, part_info, abc, 0);
}
+
+#if ANDROID_AB_BACKUP_OFFSET
+ /*
+ * If the backup doesn't match the primary, write the primary
+ * to the backup offset
+ */
+ if (memcmp(backup_abc, abc, sizeof(*abc)) != 0) {
+ ab_control_store(dev_desc, part_info, abc,
+ ANDROID_AB_BACKUP_OFFSET);
+ }
+ free(backup_abc);
+#endif
+
free(abc);
if (slot < 0)
diff --git a/common/Kconfig b/common/Kconfig
index bbabadb35e..ed30bd48cd 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -935,6 +935,15 @@ config ANDROID_AB
allows a bootloader to try a new version of the system but roll back
to previous version if the new one didn't boot all the way.
+config ANDROID_AB_BACKUP_OFFSET
+ hex "Offset of backup bootloader control"
+ depends on ANDROID_AB
+ default 0x0
+ help
+ If non-zero, a backup bootloader message starting at this offset in
+ the partition will tried in the event that the primary one (starting
+ at offset 0) fails its checksum.
+
endmenu
menu "Blob list"
diff --git a/doc/android/ab.rst b/doc/android/ab.rst
index 961895c32e..2adf88781d 100644
--- a/doc/android/ab.rst
+++ b/doc/android/ab.rst
@@ -31,6 +31,12 @@ boot script. This command analyzes and processes A/B metadata stored on a
special partition (e.g. ``misc``) and determines which slot should be used for
booting up.
+If the A/B metadata partition has a backup bootloader_message block that is used
+to ensure one is always valid even in the event of interruption when writing, it
+can be enabled in your board configuration file::
+
+ CONFIG_ANDROID_AB_BACKUP_OFFSET=0x1000
+
Command usage
-------------
--
2.33.0
More information about the U-Boot
mailing list