bootloader_messages merges bootloader_message_writer
and bootloader.cpp, so we can use the same library to
manage bootloader_message in normal boot and recovery mode.
Bug: 29582118
Change-Id: I9efdf776ef8f02b53911ff43a518e035e0c29618
Increase the number of attempts of an OTA update from 3 to 5 in case
an I/O error happened. This should increase the success rate of the
update.
Bug: 29619468
Change-Id: I88a067d9debd55a07be22ed981f395f6e47ec28f
To increase the security of wiping A/B devices, let uncrypt write
wipe package in misc partition. Then recovery verifies the wipe
package before wiping the device.
Bug: 29159185
Change-Id: I186691bab1928d3dc036bc5542abd64a81bc2168
When recovery starts with --brick, it tries to brick the device by
securely wiping all the partitions as listed in /etc/recovery.brick.
This is designed to support bricking lost devices.
Bug: 27253717
Change-Id: Ib0bd4f0a3bdaca4febc91fce6b682e3ec74354e2
(cherry picked from commit 862a4c1119)
Write error code, cause code, and retry count into last_install. So we
can have more information about the reason of a failed OTA.
Example of new last_install:
@/cache/recovery/block.map package name
0 install result
retry: 1 retry count (new)
error: 30 error code (new)
cause: 12 error cause (new)
Details in:
go/android-ota-errorcode
Bug: 28471955
Change-Id: I00e7153c821e7355c1be81a86c7f228108f3dc37
An OTA may be skipped due to low battery. But we should always log it to
understand why an update _fails_ to apply.
Bug: 27893175
Change-Id: I50a3fbbb3e51035e0ac5f1cca150e283852825c3
Add a new command "--security" to boot commands. If this command is
observed as part of BCB, choose a different background text picture
for installing stage in recovery UI. As a result, users will see
"installing security update" instead of "installing system update"
when applying a security update package.
Bug: 27837319
Change-Id: I2e2253a124993ecc24804fa1ee0b918ac96837c5
Switch to a Wear-like intro/loop system. We don't have an intro yet,
but hopefully this will let Wear delete more code when they move to N.
Unlike them, we don't hard-code the number of frames: we just look to
see what we have available. We do hard-code the fps though.
Also add a graphics test mode so you can see a demo of the UI components
without having to actually apply an OTA.
Also fix a bug where default locale is null rather than en-US: it's
more useful to show _some_ text if we don't have a locale (which should
only be during development anyway).
Bug: http://b/26548285
Change-Id: I63422e3fef3c41109f924d96fb5ded0b3ae7815d
(cherry-pick from commit a4f701af93)
- Add call to __android_log_pmsg_file_write for recovery logging.
- Add call to refresh pmsg if we reboot back into recovery and then
allow overwrite of those logs.
- Add a new one-time executable recovery-refresh that refreshes pmsg
in post-fs phase of init. We rely on pmsg eventually scrolling off
to age the content after recovery-persist has done its job.
- Add a new one-time executable recovery-persist that transfers from
pmsg to /data/misc/recovery/ directory if /cache is not mounted
in post-fs-data phase of init.
- Build and appropriately trigger the above two as required if
BOARD_CACHEIMAGE_PARTITION_SIZE is undefined.
- Add some simple unit tests
NB: Test failure is expected on systems that do not deliver either
the recovery-persist or recovery-refresh executables, e.g. systems
with /cache. Tests also require a timely reboot sequence of test
to truly verify, tests provide guidance on stderr to direct.
Bug: 27176738
Change-Id: I17bb95980234984f6b2087fd5941b0a3126b706b
When I/O error happens, reboot and retry installation two times
before we abort this OTA update.
Bug: 25633753
Change-Id: Iba6d4203a343a725aa625a41d237606980d62f69
(cherry picked from commit 3c62b67faf)
Since we may not have /cache partition on A/B devices, let recovery
handle /cache related operations gracefully if /cache doesn't exist.
(1) Disable the wipe for /cache partition.
(2) Skip wiping /cache while wiping /data (i.e. factory reset).
(3) Disable logging-related features, until we figure out better
ways / places to store recovery logs (mainly for factory resets on A/B
devices).
Bug: 27176738
Change-Id: I7b14e53ce18960fe801ddfc15380dac6ceef1198
(cherry picked from commit 26112e5870)
For applying update from SD card, we used to use a thread to serve the
file with fuse. Since accessing through fuse involves going from kernel
to userspace to kernel, it may run into deadlock (e.g. for mmap_sem)
when a page fault occurs. Switch to using a process instead.
Bug: 23783099
Bug: 26313124
Change-Id: Iac0f55b1bdb078cadb520cfe1133e70fbb26eadd
Fork a logger process and send over the log lines through a pipe.
Prepend a timestamp to each line for debugging purpose. Timestamps are
relative to the start of the logger.
Example lines with the change in this CL:
[ 445.948393] Verifying update package...
[ 446.279139] I:comment is 1738 bytes; signature 1720 bytes from end
[ 449.463652] I:whole-file signature verified against RSA key 0
[ 449.463704] I:verify_file returned 0
Change-Id: I139d02ed8f2e944c1618c91d5cc43282efd50b99
When calling ScreenRecoveryUI::ShowFile(), the only thing that gets
inadequately logged is the progress bar. Replace the call to
ScreenRecoveryUI::Print() with ScreenRecoveryUI::PrintOnScreenOnly() for
the progress bar, so we can avoid calling redirect_stdio().
Change-Id: I4d7c5d5b39bebe0d5880a99d7a72cee4f0b8f325
Malloc might fail when replacing package path. In this case, print a
clear error message in the logs and let the OTA fails.
Change-Id: I7209d95edc025e3ee1b4478f5e04f6e852d97205
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Signed-off-by: Gaelle Nassiet <gaellex.nassiet@intel.com>
When system images contain the root directory, there is no entry of
"/system" in the fstab. Change it to look for "/" instead if
ro.build.system_root_image is true. We actually mount the partition
to /system_root instead, and create a symlink to /system_root/system
for /system. This allows "adb shell" to work properly.
Bug: 22855115
Change-Id: Ibac493a5a9320c98ee3b60bd2cc635b925f5454a
This makes it easier to go back and forth without losing current output.
Also make the display more like regular more(1).
Bug: http://b/20834540
Change-Id: Icc5703e9c8a378cc7072d8ebb79e34451267ee1b
Currently we are keeping one copy of the kernel log (LAST_KMSG_FILE).
This CL changes to keep up to KEEP_LOG_COUNT copies for kernel logs.
Bug: http://b/18092237
Change-Id: I1bf5e230de3efd6a48a5b2ae5a34241cb4d9ca90
For userdebug and eng builds, turn on the text display automatically
if no command is specified.
Bug: http://b/17489952
Change-Id: I3d42ba2848b968da12164ddfda915ca69dcecba1
This makes it easier for us to deal with arbitrary information at the
top, and means that headers added by specific commands don't overwrite
the default ones.
Add the fingerprint back, but broken up so it fits even on sprout's
display.
Change-Id: Id71da79ab1aa455a611d72756a3100a97ceb4c1c
Currently we are keeping one copy of the kernel log (LAST_KMSG_FILE).
This CL changes to append it to the recovery log.
Bug: 18092237
Change-Id: I06ad5629016846927153064f1663753a90296f79
Currently fugu has a custom subclass to handle this. The default code
supports devices with trackballs but not all shipping Nexus devices?
That's just silly.
Change-Id: Id2779c91284899a26b4bb1af41e7033aa889df10
Rather than add code to wrap menu items, let's just put output the
recovery version to the log. It'll be visible at the bottom of the
screen and automatically wrap.
Change-Id: I158fe2d85bc56b195e00619fba455321743923bd
The original attempt missed the fact that Print is a member function,
so the first argument is the implicit 'this'.
Change-Id: I963b668c5432804c767f0a2e3ef7dea5978a1218
Currently it rotates the log files every time it boots into the recovery
mode. We lose useful logs after ten times. This CL changes the rotation
condition so that it will rotate only if it performs some actual
operations that modify the flash (installs, wipes, sideloads and etc).
Bug: 19695622
Change-Id: Ie708ad955ef31aa500b6590c65faa72391705940
It also changes the return type of wipe_data/wipe_cache to bool, so the
caller can get the status accordingly.
Change-Id: I3022dcdadd6504dac757a52c2932d1176ffd1918
This now gets done at the framework level.
Doing it here breaks the signature on the partition.
This reverts commit ee19387905.
Bug: 19967123
Change-Id: I2a977cb0f0ba94defa1bf9091219398ddc1d3528
(cherry picked from commit 037444642b)
