Add a misctrl specific message with its first use.
Future platform flags can go here for any purpose,
without needing to add separate utilities.
Check if a device has ever been in 16KB before so that
we are able to tell if 16KB causes any issues.
Bug: 317262681
Test: boot, bugreport
Change-Id: I21299ded1520020768462950713cbe49ca3c438f
Generic binary for managing the /misc partition.
This CL only uses it to do a basic health check for the /misc
partition, but the idea is this is a single place that can manage
misc partition operations for the Android platform, rather than
having to write a new tool each time.
Bug: 317262681
Test: boot, check bugreport
Change-Id: I29a4189e2e9aee57cf66520207297d39d666f7a4
Define a new struct in the misc partition for telling the bootloader to
set kcmdline flags for enabling experimental dogfood features in the
kernel.
Test: Verified that a custom bootloader is able to read the data
Bug: 278052745
Change-Id: I5f13a9bdff940517cb7b880815dfb8f396fc3844
Signed-off-by: Alice Ryhl <aliceryhl@google.com>
This will be used by mtectrl to remember whether the MTE state was
overriden using the force_on / force_off flags or set by the user. We
need that information when the force_on / force_off flag is reset.
Bug: 291106070
Change-Id: I6178f0b88b718e96e5c8ee39113848f422e5fb6d
This reverts commit d43ec47f3b.
Bug: 245680635
Reason for revert: SoC specific solution, not standardized and documented for use by other OEMs.
Change-Id: Ide437e0db9d072c1199a715bac8014bc3f041ceb
[Description]
1. In the current code, when tv enter recovery mode, it will
write "boot-recovery" into the BCB command field by default.
This is a protection mechanism to ensure that tv can re-enter
recovery mode continues OTA upgrade after power cut/power restoration.
So, when re-enter recovery mode, since there is no "quiescent"
in the boot parameters, the screen will turn on.
2. And we hope the screen will be turned off when tv re-enter
recovery mode to continue OTA upgrade.
3. We made the following modify:
In reocvery mode,According to GetBoolProperty
"ro.boot.quiescent"to determine whether it is a quiescent
boot this time,and then write "boot-recovery, quiescent"
or"boot-recovery" accordingly.
[Test Report]
1.boot up ok.
2.silent update ok.
(the screen is turned off when interrupting/
resume or complete the upgrade)
3.OTA update ok.
(the screen is turned on when interrupting/
resume or complete the upgrade)
Change-Id: Ic68898f1a8e9ab176556ee2b61efec4d8d5d36e2
We can use this interface to instruct the bootloader to either
permanently or only for the next reboot enable MTE for userspace
or kernel.
Bug: 206895651
Change-Id: I7330e43b7c4f94fc5913a7bc0f667b6eab06e111
It should belong to the default /misc implementation of boot control
1.1. Right now, it's only used by cuttlefish. So move it over to reduce
confusion in bootloader_message.
Bug: 131775112
Test: build
Change-Id: If09bc6f4cc8adf74c8798048c8e54ec94566abaa
This adds a sanity check in addition to the version number in case misc
contains random bits.
Bug: 139156011
Test: manual test
Change-Id: Ie4f3731d2b1795340881c88e0c4eec9cd4432653
The layout of the vendor space /misc partition was pretty confusing and
lead to some usage conflicts. To formalize the layout, we create a pixel
specific library with the definition & offset of various flags. The new
library also handles the R/W. As a result, we will leave system domain
/misc definitions in the libbootloader_message.
We also switch the misc_writer binary to use more specific options
instead of writing an arbitrary hex string. So we can avoid redefining
the string & offset in both init script and recovery ui.
Bug: 131775112
Test: unit tests pass, run misc_writer and check contents of /misc
Change-Id: I00f8842a81d1929e31a1de4d5eb09575ffad47c0
Move merge_status from bootloader_control_ab, which is in vendor space,
to a new generic AOSP struct in system space. This will allow more
devices to share the same HAL implementation.
This patch also changes libboot_control to compensate for merge_status
moving out of vendor space. The reference HAL library now also provides
separate helper functions for managing the merge status, so devices
using a custom boot control HAL can still take advantage of the new misc
implementation.
Bug: 139156011
Test: manual test
Change-Id: I5cd824e25f9d07aad1476301def5cdc3f506b029
This reduces the wipe space from 32K to 16K. The wipe space is now
at the 16K-32K region. The 32K-64K region is now "system space", to
complement the vendor space, for generic AOSP usage.
Bug: 139156011
Test: manual test
Change-Id: I1474bfa65a5f21049ab64ec0aee2f4585b55f60f
A global std::string, even if not used, pollutes the bss section
unnecessarily. Since this object is only there for testing, make it
std::optional<std::string>, which is constexpr constructible.
Bug: 138856262
Test: Along with a fix in fs_mgr, see that the bss section for
libbootloader_message.so is now clean on cuttlefish for several
processes.
Change-Id: I6df837dded88d979ffe14d5b2770b120bcf87341
bootloader_message.h currently divides /misc into four segments. The
space between 2K and 16K is reserved for vendor use (e.g. bootloader
persists flags). This CL adds a vendor tool "misc_writer", to allow
writing data to the vendor space in /misc, before getting a dedicated
HAL for accessing /misc partition (b/131775112).
Targets need to explicitly include the module, then invoke the
executable to write data. For example, the following command will write
3-byte data ("0xABCDEF") to offset 4 in vendor space (i.e. 2048 + 4 in
/misc).
$ /vendor/bin/misc_writer --vendor-space-offset 4 --hex-string 0xABCDEF
Bug: 132906936
Test: Run recovery_unit_test on crosshatch.
Test: Call the command via init.hardware.rc on crosshatch. Check that
the call finishes successfully. Then check the contents written to
/misc (`dd bs=1 skip=2048 if=/dev/block/sda2 count=32 | xxd`).
Change-Id: I79548fc63fc79b705a0320868690569c3106949f
libfstab is not built for darwin, don't build libbootloader_message
either.
Bug: 131709594
Test: m PRODUCT-sdk-sdk sdk_repo
Change-Id: I6e3b04f1c3e97d5aa6ac0452bf13e714f8dae437
Also, strlcat is not available on host, so use
std::string::operator+= instead.
Test: cuttlefish
Bug: 79094284
Change-Id: I1e69daeb522ca73f43e0c4855cf099a021ed4d47
Also add libfstab dependencies where needed. Previously the
`typedef struct FstabEntry Volume;` line served to both define a
`struct FstabEntry` as well as alias Volume to it. With the new
namespace for android::fs_mgr::FstabEntry, `struct FstabEntry` isn't
compatible anymore, so we need to alias Volume to the real
android::fs_mgr::FstabEntry.
In doing so, we need to include <fstab/fstab.h> and this requires
libfstab as a library, which a few modules did not have before.
Test: treehugger
Change-Id: I655209a0efb304b3e0568db0748bd5cf7cecbdb7
And uses the shared lib version of libbase and libfs_mgr.
Bug: 78793464
Test: `m dist`
Test: Run recovery_{unit,component}_test on marlin.
Change-Id: I750c02d0bfccd6e58fb01f641de02532ace52e00
Libraries that are direct or indirect dependencies of modules installed
to recovery partition (e.g. adbd) are marked as recovery_available:
true. This allows a recovery variant of the lib is created when it is
depended by other recovery or recovery_available modules.
Bug: 79146551
Test: m -j
Change-Id: I9ca07ef53fbd89e7c86c0ba269fa52bb48d6deb4
The update_channel field is used to store the Omaha update channel
if update_engine is compiled with Omaha support.
We need it to be in misc to persist through factory reset.
Bug: 72332119
Test: mma
Change-Id: Ied4fecc6e78cc69d33a36ba4d101d675100f9d82
We encountered segfaults in Imgdiff host tests due to the failure to
reset states of getopt. The problem can be solved by switching to use
bionic's gtest where a new process is forked for each test.
Also modify the recovery_component_test to make sure it runs in parallel.
Changes include:
1. Merge the writes to misc partition into one single test.
2. Change the hard coded location "/cache/saved.file" into a configurable
variable.
Bug: 67849209
Test: recovery tests pass
Change-Id: I165d313f32b83393fb7922c5078636ac40b50bc2
Turn on -Wall for all modules. Also remove the obsolete file_cmp() in
apply_patch test and now() in wear_ui.
The only exception is lib_edify due to the unused functions in the
intermediate cpp files generated from the lex files. It will be handled
in a seperate CL.
Bug: 64939312
Test: mma, unit tests pass
Change-Id: Ic53f76b60b6401ab20db3d98130d674c08e3702f
The added bootctrl.bcb module implement the legacy interface for the
bootctrl HAL based on the Boot Control Block (BCB) and the headers
already specified in the booloader_message library.
This serves as a reference implementation of the boot_control HAL.
Bug: 32707546
Test: Tested internally that a device can use this HAL to flip slots and
recovery from a /misc wipe.
Change-Id: Ic02e5aaf4de7d0a1780eac4e8705dae20d0b3e10
This reverts commit 37bd44174b.
The logic here is better to be moved into fs_mgr, not fs_mgr clients.
Bug: 35811655
Bug: 36502022
Change-Id: Iae79bd8f7131516ad223f3323f1bc1d805206d51
Test: normal boot sailfish, go to Settings > System & tap
on "Factory Data reset"
Test: recovery boot sailfish
libbootloader_message is used by both normal boot and recovery boot.
It needs to use different fstab paths, respectively. Otherwise, factory
reset will fail when we move /fstab.{ro.hardware} to /vendor/etc/.
Recovery boot: fs_mgr_read_fstab_with_dt("/etc/recovery.fstab")
Normal boot: fs_mgr_read_fstab_default()
Bug: 35811655
Bug: 36502022
Test: normal boot sailfish, go to Settings > System & tap on
"Factory Data reset"
Test: recovery boot sailfish
Change-Id: I253f5bdfb9be8a01f80856eb1194f85cdf992bbd
The fstab settings of early-mounted partitions (e.g., /vendor) will be in
kernel device tree. Switch to the new API to get the whole settings with
those in device tree:
fs_mgr_read_fstab_with_dt("/etc/recovery.fstab")
The original default /fstab.{ro.hardware} might be moved to
/vendor/etc/. or /odm/etc/. Use another new API to get the default fstab
instead of using the hard-coded /fstab.{ro.hardware}. This API also
includes the settings from device tree:
fs_mgr_read_fstab_default()
Bug: 35811655
Test: boot sailfish recovery
Change-Id: Iaa56ac7f7b4c4dfc7180c65f03e9a37b94f1de09
This is a retry of commit 7e31f421a5.
Commit bd56f1590c switches to calling
write_bootloader_message(<options>) in get_args(), which
unintentionally resets the stage field thus breaks two-step OTAs.
This CL adds update_bootloader_message(<options>), which only sets
the command field (to "boot-recovery") and the recovery field (with
the specified options).
Bug: 33534933
Test: Apply a two-step package.
Test: recovery_component_test passes.
Change-Id: Ie0b1ed4053d2d3c97d9cb84310d616b28fcfc72e
Commit bd56f1590c switches to calling
write_bootloader_message(<options>) in get_args(), which
unintentionally resets the stage field thus breaks two-step OTAs.
This CL changes write_bootloader_message(<options>) to only set the
command field (to "boot-recovery") and the recovery field (with the
specified options).
Test: Apply a two-step package.
Change-Id: I6905918812c7d3402cc1524688079066a4d22d29
This single blank line was introduced by some cherry-pick, which is
causing merge conflicts.
Test: N/A
Change-Id: Ida527b76fca7cc916499c5f888476c8e51ba3eaa
Add read_bootloader_message_from() and write_bootloader_message_to() to
allow specifying the BCB device (/misc).
Also add testcases for set_stage() and get_stage().
Test: recovery_component_test passes.
Test: Build a recovery image and apply a two-step OTA package.
Change-Id: If5ab06a1aaaea168d2a9e5dd63c07c0a3190e4ae
