On 12/28/23 10:25, Alexey Romanov wrote:
Currently, fastboot protocol in U-Boot has no opportunity to execute vendor custom code with verifed boot.
Well, I would say the most conventional way to do this would be something like
=> fastboot 0 => source # CONFIG_FASTBOOT_BUF_ADDR
and on your host machine,
$ fastboot stage my_script.itb
where my_script.its looks like
/dts-v1/;
/ { description = "my script"; #address-cells = <1>;
images { my-script { data = /incbin/("my_script.scr"); type = "script"; arch = "arm64"; compression = "none"; hash-1 { algo = "sha256"; }; }; };
configurations { default = "conf"; conf { description = "Load my script"; script = "my-script"; signature { algo = "sha256,rsa2048"; key-name-hint = "vboot"; sign-images = "script"; }; }; }; };
This method is especially useful to pass complex parameters to your command. This method of course requires commit bcc85b96b5f ("cmd: source: Support specifying config name").
Would it be possible to use the above method for your use case?
--Sean
This patch introduce new fastboot subcommand fastboot oem board:<cmd>, which allow to run custom oem_board function. = Default implementation is __weak. Vendor must redefine it in board/ folder with his own logic.
For example, some vendors have their custom nand/emmc partition flashing or erasing. Here some typical command for such use cases:
flashing:
$ fastboot stage bootloader.img $ fastboot oem board:write_bootloader
erasing:
$ fastboot oem board:erase_env
Signed-off-by: Alexey Romanov avromanov@salutedevices.com
drivers/fastboot/Kconfig | 7 +++++++ drivers/fastboot/fb_command.c | 15 +++++++++++++++ include/fastboot.h | 1 + 3 files changed, 23 insertions(+)
diff --git a/drivers/fastboot/Kconfig b/drivers/fastboot/Kconfig index 3cfeea4837..4c955cabab 100644 --- a/drivers/fastboot/Kconfig +++ b/drivers/fastboot/Kconfig @@ -241,6 +241,13 @@ config FASTBOOT_OEM_RUN this feature if you are using verified boot, as it will allow an attacker to bypass any restrictions you have in place.
+config FASTBOOT_OEM_BOARD
- bool "Enable the 'oem board' command"
- help
This extends the fastboot protocol with an "oem board" command. Thiscommand allows running vendor custom code defined in board/ files.Otherwise, it will do nothing and send fastboot fail.endif # FASTBOOT
endmenu diff --git a/drivers/fastboot/fb_command.c b/drivers/fastboot/fb_command.c index 71cfaec6e9..4d2b451f46 100644 --- a/drivers/fastboot/fb_command.c +++ b/drivers/fastboot/fb_command.c @@ -39,6 +39,7 @@ static void reboot_recovery(char *, char *); static void oem_format(char *, char *); static void oem_partconf(char *, char *); static void oem_bootbus(char *, char *); +static void oem_board(char *, char *); static void run_ucmd(char *, char *); static void run_acmd(char *, char *);
@@ -106,6 +107,10 @@ static const struct { .command = "oem run", .dispatch = CONFIG_IS_ENABLED(FASTBOOT_OEM_RUN, (run_ucmd), (NULL)) },
- [FASTBOOT_COMMAND_OEM_BOARD] = {
.command = "oem board",.dispatch = CONFIG_IS_ENABLED(FASTBOOT_OEM_BOARD, (oem_board), (NULL))- }, [FASTBOOT_COMMAND_UCMD] = { .command = "UCmd", .dispatch = CONFIG_IS_ENABLED(FASTBOOT_UUU_SUPPORT, (run_ucmd), (NULL))
@@ -489,3 +494,13 @@ static void __maybe_unused oem_bootbus(char *cmd_parameter, char *response) else fastboot_okay(NULL, response); }
+void __weak fastboot_oem_board(char *cmd_parameter, void *data, u32 size, char *response) +{
- fastboot_fail("oem board function not defined", response);
+}
+static void __maybe_unused oem_board(char *cmd_parameter, char *response) +{
- fastboot_oem_board(cmd_parameter, fastboot_buf_addr, image_size, response);
+} diff --git a/include/fastboot.h b/include/fastboot.h index 296451f89d..06c1f26b6c 100644 --- a/include/fastboot.h +++ b/include/fastboot.h @@ -37,6 +37,7 @@ enum { FASTBOOT_COMMAND_OEM_PARTCONF, FASTBOOT_COMMAND_OEM_BOOTBUS, FASTBOOT_COMMAND_OEM_RUN,
- FASTBOOT_COMMAND_OEM_BOARD, FASTBOOT_COMMAND_ACMD, FASTBOOT_COMMAND_UCMD, FASTBOOT_COMMAND_COUNT