Currently, during a 'fastboot flashall/fastboot update', the 'getvar
max-download-size' command is issued once to the device when it is in
bootloader mode and the same value is used even after the device boots
into fastbootd. If the max-download-size returned by bootloader is
greater than the max-download-size in fastbootd, this could break flash
as large images are broken down into chunks before downloading by using
the max-download-size variable. This will cause fastbootd to return
an error since it checks whether the buffer being downloaded has a size
greater than the max-download-size limit.
Test: fastboot flashall
Bug: 536870912
Change-Id: Ife7c1ec0583d80d4a31ecf01f1fc14a8365afe0d
We can't create interface iterators for all devices (e.g. the keyboard,
touchbar, etc.), so we get multiple instances of this log spam on every
command.
Demote it to a warning that only shows up on debug builds.
Test: none
Change-Id: I20581b9134c05360d5723b09ffe8de8c4cfd6a3f
Switch FindEntry and the ZipString constructor to std::string_view. This
lets us accept an over-long name so that we can reject it as too long.
Also fastboot changes to track the API change.
Bug: http://b/129068177
Test: treehugger
Change-Id: I7df7acd1fe2c46380b789c25f8909e0553e2d55e
Currently if the device is unplugged from host,
there is a lot of log spamming since fastbootd
does not not recognize that the device has been
disconnected and keeps trying to read/write to the
device.
2856 printk messages dropped ** [ 169.941904] c7 579 fastbootd: aio: got error event on
read total bufs 1: No such devie
** 2960 printk messages dropped ** [ 169.953328] c7 579 fastbootd: Fastboot command:
** 2074 printk messages dropped ** [ 169.961355] c7 579 fastbootd: aio: got error event
on read total bufs 1: No such devie
Bug: 121333158
Test: unplug device and check for log spam multiple times
Change-Id: I1d4c6f48f34e313c5ebce23d62a4fe6a6373f94f
Vendor must be a logical partition and boot must not be a logical
partition.
Test: fuzzy_fastboot --gtest_filter=*Logical*
Bug: 117220134
Change-Id: Ifc6f2f715ca92cd1fe779e8fce2d6a10a1f140b9
This is required for read() to function correctly
in Windows since it behaves differently in text mode and
binary mode and may cause unpredictable behavior depending
on the contents of the image file.
Bug: 129281908
Test: fastboot.exe flashall
Change-Id: I64370af44a050bafea60ff1b0b2be18cc531480a
The function do_for_partitions() takes a const std::string
reference, so it's inefficient to pass a std::string::c_str().
Test: TreeHugger
Change-Id: Ia84ed9ec691ee2f524c61dd25a81b2995bb0bb33
As part of a refactor, commit db511207ed
added a timeout for receving responses for commands. Unfortunately,
the timeout is optimistic as to how quickly target devices can complete
such operations. Flash and erase commands can be quite slow on devices
with traditional flash chips. The fastboot protocol is already adept
at handling such cases because it allows for sending INFO packets during
these periods. We may receive one or more INFO packets during tehse long
operations. Every time we receive an INFO packet, it proves the remote
end is alive, but busy, which should reset our timeout timer.
Change-Id: Ia3bba21c497b22639b626d89711ecd4eb02504ed
Signed-off-by: Dima Zavin <dmitriyz@waymo.com>
Previously, system_clock was used for remote command timeouts
which can get disturbed by NTP adjustments (jumps).
Change-Id: I0ffc159bf34d12e8d3713044524114d60a6a45ca
Signed-off-by: Dima Zavin <dmitriyz@waymo.com>
This command erroneously reports that no GSI is installed, because
/metadata is not mounted in recovery. To address this, temporarily mount
/metadata when the gsi command is invoked.
Bug: 122556707
Test: fastboot gsi disable
fastboot gsi wipe
Change-Id: Ib21971b49b46fd580b902ff75f01cfb96192afc0
And deprecate one more old style function that is not used after this
change.
Test: boot, disable and enable verity
Change-Id: Id509f479850120352b4ea4dc3b6c40f6e8e2e53e
New arguments 'dtb' and 'dtb-offset' have been added to
support boot image header version 2 for the 'fastboot boot'
and 'fastboot flash:raw boot' commands.
Test: fastboot boot Image.lz4 --dtb <dtb_path> --header-version 2
Test: fastboot flash:raw boot Image.lz4 --dtb <dtb_path>
--header-version 2
Bug: 111136242
Change-Id: Idf5c2eb138609dc7e915e80c4db64677c89f24b6
Note: this only removes the bootable marker, since we're unable to
remove the userdata files within recovery.
Bug: 121210348
Test: fastboot gsi wipe
fastboot gsi disable
Change-Id: I64fe848c787d426ae9d18a1557a9d6b340bfc2cf
On non-DAP devices, fastboot flash <partition> will spam error messages
about not being able to read super_empty.img. We should check that
super_empty.img exists before trying to read it.
Bug: 120429424
Test: fastboot flash system on non-DAP device
Change-Id: I6c4eec19cb3ef8d24595a75e072e1d75baaa8cdd
When the update-super command is issued, we want overlayfs overrides
to disappear without a doubt, which includes non-A/B utilizing
/cache/overlay/ tree. Call fs_mgr_overlayfs_teardown() on successful
return.
Test: adb-remount-test.sh
Bug: 120034852
Change-Id: Ia5cdb797f7e8350b5591a51fc8ae5f323901aee4
On retrofit devices, if both slots contain dynamic partition builds,
then "flashall" will attempt to write secondary images to dynamic
partitions in the other slot. At worst, this can fail with an error. At
best, it will result in the "other" partition not being mounted on first
boot.
This patch therefore deletes logical partitions for secondary images, on
retrofit devices only. On a Pixel device on the "b" slot, this means
"system_a" and "vendor_a" will be deleted before flashing, and therefore
system_other and vendor_other will be flashed to physical partitions
instead.
Bug: 120034852
Test: fastboot set_active a
fastboot flashall
fastboot set_active b
fastboot flashall
Change-Id: I6affe9a6c639b0495bffc77fcf20f329b86ad159
When checking for existence of "super_empty.img" to determine if
flash image product set is meant for logical partitions, we die if
ANDROID_PRODUCT_OUT environment is unset or empty. This check
is done before we look at the flash image name to determine if it
is a candidate to look at the logical metadata.
Instead, allow this check to conservatively fail for now.
Test: export ANDROID_PRODUCT_OUT=
fastboot flash bootloader
Bug: 120041144
Change-Id: I43f124015f9d26c79a0feb9123522432fe937343
Merged-In: I43f124015f9d26c79a0feb9123522432fe937343
Retrofit devices will have two super partitions, spanning the A and B
slots separately. By design an OTA will never cause "A" or "B"
partitions to be assigned to the wrong super. However, the same is not
true of fastbootd, where it is possible to flash the inactive slot. We
do not want, for example, logical "system_a" flashing to super_b.
When interacting with partitions, fastbootd now extracts the slot suffix
from a GetSuperSlotSuffix() helper. On retrofit devices, if the partition
name has a slot, that slot will override FastbootDevice::GetCurrentSlot.
This forces partitions in the inactive slot to be assigned to the correct
super.
There are two consequences of this. First, partitions with no slot
suffix will default to the current slot. That means it is possible to
wind up with two "scratch" partitions, if "adb remount" is used on both
the "A" and "B" slots. However, only the active slot's "scratch" will be
visible to the user (either through adb or fastboot).
Second, if one slot does not have dynamic partitions, flashing will
default to fixed partitions. For example, if the A slot is logical and B
is not, flashing "system_a" will be logical and "system_b" will be
fixed. This works no matter which slot is active. We do not try to
upgrade the inactive slot to dynamic partitions.
Bug: 116802789
Test: fastboot set_active a
fastboot flashall # dynamic partitions
fastboot getvar is-logical:system_a # true
fastboot getvar is-logical:system_b # false
fastboot set_active b
fastboot flashall --skip-secondary
fastboot getvar is-logical:system_a # true
fastboot getvar is-logical:system_b # true
Booting both slots works.
Change-Id: Ib3c91944aaee1a96b2f5ad69c90e215bd6c5a2e8
On retrofit devices, it is easy to accidentally overwrite
system/vendor/product by flashing system in the bootloader. The reason
is that GPT system_a is really the super partition, and the bootloader
doesn't know it.
Addressing this in bootloaders would require two separate commands: one
that rejects flashing system/vendor/product, and another for
expert/factory use that would allow direct flashing.
This patch introduces protection into the host fastboot tool instead.
It's not mutually exclusive with bootloader changes; having protection
in the host tool affords us better and consistent UI. However it does
rely on users having newer builds.
With this change, the following will not work in the bootloader:
fastboot flash system # or vendor, product, etc
The message is the same whether or not the device is a retrofit. To
continue anyway, you can do:
fastboot flash --force system
If we decide on bootloader protection as well, the --force flag can be
re-used.
Bug: 119689480
Test: fastboot flash system # disallowed in bootloader, allowed in fastbootd
fastboot flash --force system # allowed in bootloader
Change-Id: I0861e3f28a15be925886d5c30c7ebd4b20c477cf
Removes a few more Android.mk files.
Test: check for adb, mkbootfs, and fastboot in the build artifacts
Change-Id: Ie4e50a363a734d0b9207f0d0098c54719f038e76
Similar to the change to adb in Id26760bc62c89a1f7ef67511b21f9d9252ab69f3,
pin the interface version to IOUSBFamily 5.0.0.
Bug: 119264733
Test: Manual
Change-Id: Ied9164532c0ba6f20415dafecb0c774578aa5c57
This patch adds a new variable, "super-partition-name", to query the
name of the super partition (with a slot suffix if it has one). The
fastboot flashing tool has been updated to query this variable.
Since the super partition name can no longer be determined without
fastbootd, the presence of super_empty.img is used to test for
dynamic partition support rather than the presence of a super partition.
Bug: 116802789
Test: fastboot flashall on retrofit device
Change-Id: If830768eba6de7f31ac3183c64167fae973c77a4
When updating the super partition, attempt to preserve partitions from
the other slot. If any partition can't be preserved, fail and require a
wipe (-w) to proceed. This allows two bootable builds to be flashed to
both slots.
The preserve operation can fail if the metadata is not compatible with
the old partition layout. For example, if the partition references a
group that no longer exists, or a group changed its capacity, or the
metadata's block device list or list contents changed.
Bug: N/A
Test: liblp_test gtest
fastboot flashall --skip-secondary
Change-Id: I53fdd29bc1f0ef132005a93d3cf1cdcd7f2fc05f
Without this, it is much more difficult to ensure that the "a" and "b"
slots are both bootable during development. We already update all
metadata slots for update-super, so we should here as well.
Bug: N/A
Test: fastboot flashall
fastboot set_active other
fastboot flashall
Change-Id: Ib661e35fa89171a68a0b1da195dc5ba0375d72e4
Arrange to delete the overlayfs backing when a specified partition
has been flashed.
Test: manual
Bug: 109821005
Bug: 117605276
Change-Id: I1c6a0341c6cd2ecfbb7c71bec5679a74d579aadd
The purpose of this code was to support preserving partitions across a
flashall operation. Since we are not supporting persistent read-write
partitions, this merging code is effectively useless - it is preserving
only partitions that will be deleted.
Additionally, this code does not merge partition group changes, since
doing so accurately is difficult. Partition size changes aren't sent
until after update-super resolves, so a valid re-grouping could be
rejected during update-super if the existing partitions are too big.
This patch removes the update-super merging code until a use case comes
along and we can properly evaluate how it should work.
Bug: N/A
Test: fastboot flashall
Change-Id: I1d622b23dabdf031897be9de49f59fc8cf3caf3b
The libziparchive public headers that refer to `off64_t` also need the
Mac workaround.
In fastboot, there's a stray `lseek64` but since it's only for offset 0,
any kind of seek is fine.
Bug: N/A
Test: builds
Change-Id: I68b4f95202623ebf07ffe6c3e0e21437e7922c5b
If an image size changes slightly in between "flashall" and some change
in the build, it's inconvenient to have to reflash the whole device again.
This patch resizes partitions when using a normal flash command, to
improve the developer workflow.
Bug: N/A
Test: fastboot flash system
Change-Id: I349364a4742a0c15748f545fcfda946107720d45
After rebooting to userspace fastboot, the first command issued is
"update-super". If we wound up in the bootloader by accident (as
happened to a few users with a busted vbmeta_system), the resulting
error message will be very misleading ("update-super" will be an
unrecognized command).
Instead, this patch explicitly errors if we did not successfully boot
into fastbootd.
Bug: N/A
Test: fastboot flashall
Change-Id: I7d5bd64db540978bd0bae884f40ce8c3df48f856
This allows us to remove libziparchive's dependency on libutils.
Bug: http://b/79112958
Test: ran libbase and libziparchive tests, ran fastboot manually
Change-Id: I95c651976dad222863e5b8c37d4514b778f5dce7
Cleanup to utilize all the manifest values in constants.h.
If the cli command _and_ the protocol name match, use a common
source of convenient truth. This should set a pattern for future
additional commands. When the command and the protocol differ,
we want to introduce resistance as it results in confusion and
maintenance issues.
Test: compile
Change-Id: Idad413c63cbbfcb6e851856105a5d5a9ef53ef29
Bug: 78793464
Test: fastboot flashall
Sparse images with CRC are not supported by the Android build
system and hence the calculated CRC is unused.
Change-Id: Ia48b2f7e29f2adea26d185c5a8f2337c4cbe6dcb
Boot control HAL implementations will return the current boot
slot as the active slot. If a set_active command is issued on another
slot, it should be considered as the new active slot and subsequent
flashes should flash the same.
Test: fastboot set_active "b", fastboot getvar current-slot
Bug: 78793464
Change-Id: Ida3817670de8e74a7d7ae2a905e7ac1756c6bdf1
This is required to pass fuzzy_fastboot conformance tests.
Also, allow for zero sized partitions in fuzzy_fastboot.
Test: ./fuzzy_fastboot --gtest_filter=Conformance.Slots
Bug: 117220134
Change-Id: Ifb12994a7796b081215084cb68b37674210aaa12
Return lock status of true if unable to read kernel command line.
Test: fastboot getvar unlocked
Bug: 117275849
Change-Id: Id6c00c769bcdcdf87fcc9e88902713a8eff3e320
Sparse images with CRC are currently not supported by the
Android build system.
Test: ./fuzzy_fastboot --gtest_filter=Conformance.*
Change-Id: I6a73fb0dc5d4c77a3d1a0384c137789eb06fa956
If a device has logical partitions but does not use a partition called
"super", we will need this to be configurable. Note that the "slot"
argument is currently unused, but will be necessary for update_engine if
there are A and B super partitions.
Bug: 116608795
Test: super partition works
Change-Id: Ieb548a158faeb423f3561230f26d582325efbc6b
Replace the remnants of engine.cpp with better functionality in
FastBootDriver. Particularly, add prolog() and epilog()
callbacks to FastBootDriver for printing actions and their result to
the console. Then clean up the rest of fastboot.cpp to directly use
FastBootDriver.
Test: fastboot works
Change-Id: I0ff01d6a10f75e9dc1c82b46c6e9bb3bc4c68638
CheckRequirements() had various issues that are cleaned up here,
1) Move from C string parsing to C++
2) Moved from C data structures to C++, including fixing memory leaks.
3) Removed the 'cur_product' global and the 'query_save' function that
stores it
4) Actually writing tests for the parsing function for
android-info.txt
5) Check that a variable needs to be checked for a given product before
trying to read it. Previously, fastboot would fail if a variable
isn't recognized on a device, even if the check should be ignored.
A lot of flexibility is allowed for the input strings, to keep
backwards compatibility with the previous parsers.
Test: fastboot works, unit tests
Change-Id: Idc3bba8b8fe829d8eefe5f6c495e63a9441c0b60
Note that in addition to waiting for the path to appear, we must also
wait for it to be unlinked. Otherwise, we could accidentally access an
older device when opening and closing the same partition twice in a row.
Bug: 114198005
Test: fastboot flashall works
Change-Id: Iddffc34e1ac8aa066c28e7b1a92b09b6dfd7945c
UsbTransportSniffer invokes the virtual method Close() within
its destructor. This usage is fine right now, but if a future
class inherited from UsbTransportSniffer and overrode the Close()
method, then this destructor would not act as expected.
To protect against this, we declare Close() 'final' in
UsbTransportSniffer, and add a comment.
Test: Treehugger
Change-Id: I6182d84e7caf67cb06f37c22c6203ad6d6e57f34
There is little advantage and increasingly much disadvantage to
queueing up fastboot commands before executing them. This change
removes the queue in the most simple way possible to enable further
clean up.
Test: fastboot works
Change-Id: I9abab05df07ed167dbe6a42e1eb9eab8f8d4f157
Partition sizes must be reported with an "0x" prefix for fuzzy_fastboot.
Also, with dynamic partitions, the size of a partition can be 0.
Bug: 78793464
Test: fuzzy_fastboot Conformance.PartitionInfo does not error on
partition sizes when using fastbootd
Change-Id: I4148440bd9ed420878940829618cbf8cee85bf6a
This change moves Transport ownership back out of FastBootDriver.
Callers of set_transport must ensure that the previous transport is
destroyed. In addition, deleting a transport now ensures that it is
closed.
Bug: 78793464
Test: fastboot, fuzzy_fastboot works
Change-Id: I8f9ed2f7d5b09fd0820b2677d087a027378f26db
This implements getvar all by invoking each callback and writing an INFO
status for each result. For commands that take arguments, the variable
handler can specify a function that returns all possible arguments.
Currently this only applies to partition variables.
Bug: 78793464
Test: fastboot getvar all works
Change-Id: I1cf84e06bf67614b6f56171c0ee6ca5d7ac383c9
It is easier to implement getvar all if we can invoke each variable
handler and collect their results. This change reverts the handlers to
return their messages as an outparam, rather than going through
FastbootDevice.
Bug: 78793464
Test: fastboot getvar works
Change-Id: I8544251ce517526b26435526756359ce220520cc
The Carbon framework isn't on the list of libraries that Soong allows
linking against, so this broke the Mac build. This compiles just fine
without Carbon though, and I don't see any references to Carbon in the
code.
Test: mma
Change-Id: I83044d244f7cec778c8b8b6132249c0f016c10fc
Also fix adb's version number to match.
See build/soong/README.md for more information.
Test: cd system/core/fastboot; mma
Test: fastboot --version
Test: adb --version
Test: out/host/linux-x86/nativetest/fastboot_test/fastboot_test
Test: out/host/linux-x86/nativetest64/fastboot_test/fastboot_test
Change-Id: I65ea39af9183c602e84f3bc0e4a0d066a30fc464
This patch extracts the common logic out of the flashall and update
command implementations. There is now a FlashAllTool helper class, and
an ImageSource class for commands to specify how to find built images.
With these paths merged, the update command now supports logical
partitions.
Bug: 78793464
Test: flashall works with or without a super partition
update works with or without a super partition
Change-Id: I63a8690bbc4da6ea98a07eb2c07166ddd993a7b7
This isn't sent by the fastboot client.
This isn't in our bootloader requirement document.
Neither my hikey nor sailfish respond to this.
Test: fastboot still works
Change-Id: I11ff0aed818d98f3427ed427605d99b3c76ccb06
This isn't sent by the fastboot client.
This isn't in our bootloader requirement document.
Neither my hikey nor sailfish respond to this.
The README.md literally uses this as an example for 'unknown command'
Test: fastboot still works.
Change-Id: Ia442a41de517dae078dd7e73c951aadb97646c73
This makes the following changes to the images array:
* The "optional_if_no_partition" flag is removed, as it was a temporary
workaround for super.img.
* The "flashall" flag is removed.
* The "needed_for_fastbootd" flag is now an ImageType enum.
Bug: N/A
Test: fastboot builds, flashall works
Change-Id: Id000ea20cf83639cec2c9ae94f28c799b34606f1
Userspace fastboot is required when flashing logical partitions. If for
some reason userspace fastboot is broken, the user may be stuck with
bootloader fastboot. To address this scenario, we now flash "boot",
"vbmeta", "recovery", "dtbo", and "dts" before booting into userspace
fastboot, using whatever fastboot is currently active.
Bug: 78793464
Test: fastboot flashall with device in bootloader fastboot
Change-Id: I773707bbbe9235c560416c70976e32fd8e52a5a3
In order to flash logical partitions, "flashall" must be run against
userspace fastboot. When the bootloader supports the "reboot-fastboot"
command, we now attempt to automatically reboot into userspace fastboot.
We do this by closing the transport, sleeping for one second, and then
polling for a new connection until one is available. FastBootDriver is
then assigned the new transport.
Bug: 78793464
Test: fastboot flashall on device with logical partitions, while booted
into bootloader fastboot
Change-Id: I6949871b93ab5e352784cabe0963c6ecfc0af36d
Add "super" to the table of known images so that automatic file
resolution can occur. Add a flag to indicate if the image should
be flashed with flashall and set it to false for the new "super"
image, all else true.
Test: 'fastboot flash super' works.
'fastboot flashall' does not flash super
Bug: 78793464
Change-Id: I5b85536b1d4890264531af357aba84a061d6df44
Currently, fastboot flashall will try to flash every partition in the
image list. For devices with logical partitions, this will cause those
partitions to be flashed twice (once via super.img, and again for each
individual image). Additionally, super.img is needed to synchronize the
logical partition list, but it is only generated with "make dist",
making it inconvenient for most workflows.
This patch removes automatic flashing of super.img. Instead, devices
with a super partition must now generate a "super_empty.img"
describing the super geometry and logical partition layout. Before
flashing any other partitions, this image is used to ensure the device
has created all necessary logical partitions.
Additionally, before flashing (but after updating super), all logical
partitions that will be flashed are resized to 0. This ensures that
logical partitions will receive more optimal space allocation.
Finally, during flashing of individual images, logical partitions are
resized to the image size, since they do not have hardcoded sizes in the
build.
Bug: 78793464
Test: fastboot flashall can flash vendor, product, product_services
without a make dist/super.img.
Change-Id: I18c2291e0d0cb10de729c5646b75ac84dde8c871
This change introduces an "update-super" command to the fastboot
protocol. Unlike the "flash" command, which copies raw or sparse data to
a partition, the "update-super" command requires the data to be a super
image generated by lpmake.
If the super partition is not yet formatted (or is corrupt), then it
will be formatted using the given image. Otherwise, "update-super" will
preserve the existing partition layout, and only ensure that logical
partition entries exist for all the new partitions in the given image.
All new partitions added this way will have a zero size, and it is the
host's responsibility to size them as needed afterwards with the
"resize-logical-partition" command.
In addition, the "update-super" command supports a "wipe" argument,
which will force the super partition to be reformatted with the given
image, overwriting any existing partition tables.
Bug: 78793464
Test: fastboot flashall with a super partition
Change-Id: If37d839a03e396e11b6c08a9c32984106613d1dc
Attempting to reduce the number of different spellings we have for
"product services" partition in the codebase.
Bug: 112431447
Test: m
Change-Id: I1a87d7e040a8b1f91f973ac7d90d6360b5b54f71
Merged-In: I1a87d7e040a8b1f91f973ac7d90d6360b5b54f71
