Hi Alexey,

Thank you for the patch.

On lun., avril 08, 2024 at 13:15, Alexey Romanov avromanov@salutedevices.com wrote:

Currently, fastboot protocol in U-Boot has no opportunity to execute vendor custom code with verifed boot. This patch introduce new fastboot subcommand fastboot oem board:<cmd>, which allow to run custom oem_board function.

Default implementation is __weak. Vendor must redefine it in board/ folder with his own logic.

For example, some vendors have their custom nand/emmc partition flashing or erasing. Here some typical command for such use cases:

• flashing:

  $ fastboot stage bootloader.img $ fastboot oem board:write_bootloader

• erasing:

  $ fastboot oem board:erase_env

Signed-off-by: Alexey Romanov avromanov@salutedevices.com

Reviewed-by: Mattijs Korpershoek mkorpershoek@baylibre.com

Thank you for being patient on this topic!

I'll be awaiting 2 more days and will apply to the u-boot-dfu if no other remarks have been made.

---

doc/android/fastboot.rst | 18 ++++++++++++++++++ drivers/fastboot/Kconfig | 7 +++++++ drivers/fastboot/fb_command.c | 30 ++++++++++++++++++++++++++++++ include/fastboot.h | 1 + 4 files changed, 56 insertions(+)

diff --git a/doc/android/fastboot.rst b/doc/android/fastboot.rst index 05d8f77759..2020590657 100644 --- a/doc/android/fastboot.rst +++ b/doc/android/fastboot.rst @@ -30,6 +30,7 @@ The following OEM commands are supported (if enabled):

• ``oem bootbus`` - this executes ``mmc bootbus %x %s`` to configure eMMC
• ``oem run`` - this executes an arbitrary U-Boot command
• ``oem console`` - this dumps U-Boot console record buffer

+- ``oem board`` - this executes an custom board function which is defined by vendor

Support for both eMMC and NAND devices is included.

@@ -246,6 +247,23 @@ including multiple commands (using e.g. ``;`` or ``&&``) and control structures (``if``, ``while``, etc.). The exit code of ``fastboot`` will reflect the exit code of the command you ran.

+Running Custom Vendor Code +^^^^^^^^^^^^^^^^^^^^^^^^^^

+U-Boot allows you to execute custom fastboot logic, which can be defined +in board/ files. It can still be used for production devices with verified +boot, because vendor define logic at compile time by overriding weak +implementation of fastboot_oem_board() function. The attacker will +not able to execute his commands / code. For example, this can be useful +for custom flashing or erasing protocols::

• $ fastboot stage bootloader.img
• $ fastboot oem board:write_bootloader

+In this case, ``cmd_parameter`` argument of the function ``fastboot_oem_board()`` +will contain string "write_bootloader" and ``data`` argument is a pointer to +fastboot input buffer, which containing the contents of bootloader.img file.

References

diff --git a/drivers/fastboot/Kconfig b/drivers/fastboot/Kconfig index 5e5855a76c..937a39f54a 100644 --- a/drivers/fastboot/Kconfig +++ b/drivers/fastboot/Kconfig @@ -249,6 +249,13 @@ config FASTBOOT_CMD_OEM_CONSOLE Add support for the "oem console" command to input and read console record buffer.

+config FASTBOOT_OEM_BOARD

• bool "Enable the 'oem board' command"
• help

•  This extends the fastboot protocol with an "oem board" command. This
  

•  command allows running vendor custom code defined in board/ files.
  

•  Otherwise, it will do nothing and send fastboot fail.
  

endif # FASTBOOT

endmenu diff --git a/drivers/fastboot/fb_command.c b/drivers/fastboot/fb_command.c index f95f4e4ae1..96c27afc60 100644 --- a/drivers/fastboot/fb_command.c +++ b/drivers/fastboot/fb_command.c @@ -42,6 +42,7 @@ static void oem_format(char *, char *); static void oem_partconf(char *, char *); static void oem_bootbus(char *, char *); static void oem_console(char *, char *); +static void oem_board(char *, char *); static void run_ucmd(char *, char *); static void run_acmd(char *, char *);

@@ -113,6 +114,10 @@ static const struct { .command = "oem console", .dispatch = CONFIG_IS_ENABLED(FASTBOOT_CMD_OEM_CONSOLE, (oem_console), (NULL)) },

• [FASTBOOT_COMMAND_OEM_BOARD] = {

• .command = "oem board",
  

• .dispatch = CONFIG_IS_ENABLED(FASTBOOT_OEM_BOARD, (oem_board), (NULL))
  

• }, [FASTBOOT_COMMAND_UCMD] = { .command = "UCmd", .dispatch = CONFIG_IS_ENABLED(FASTBOOT_UUU_SUPPORT, (run_ucmd), (NULL))

@@ -542,3 +547,28 @@ static void __maybe_unused oem_console(char *cmd_parameter, char *response) else fastboot_response(FASTBOOT_MULTIRESPONSE_START, response, NULL); }

+/**

• • fastboot_oem_board() - Execute the OEM board command. This is default
• • weak implementation, which may be overwritten in board/ files.
• • @cmd_parameter: Pointer to command parameter
• • @data: Pointer to fastboot input buffer
• • @size: Size of the fastboot input buffer
• • @response: Pointer to fastboot response buffer
• */

+void __weak fastboot_oem_board(char *cmd_parameter, void *data, u32 size, char *response) +{

• fastboot_fail("oem board function not defined", response);

+}

+/**

• • oem_board() - Execute the OEM board command
• • @cmd_parameter: Pointer to command parameter
• • @response: Pointer to fastboot response buffer
• */

+static void __maybe_unused oem_board(char *cmd_parameter, char *response) +{

• fastboot_oem_board(cmd_parameter, fastboot_buf_addr, image_size, response);

+} diff --git a/include/fastboot.h b/include/fastboot.h index 1e7920eb91..2ca1b907a5 100644 --- a/include/fastboot.h +++ b/include/fastboot.h @@ -48,6 +48,7 @@ enum { FASTBOOT_COMMAND_OEM_BOOTBUS, FASTBOOT_COMMAND_OEM_RUN, FASTBOOT_COMMAND_OEM_CONSOLE,

• FASTBOOT_COMMAND_OEM_BOARD, FASTBOOT_COMMAND_ACMD, FASTBOOT_COMMAND_UCMD, FASTBOOT_COMMAND_COUNT

-- 2.34.1