xref: /aosp_15_r20/hardware/interfaces/boot/1.1/default/boot_control/include/private/boot_control_definition.h (revision 4d7e907c777eeecc4c5bd7cf640a754fac206ff7) 
1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <stdint.h>
18 
19 #include <bootloader_message/bootloader_message.h>
20 
21 /**
22  * The A/B-specific bootloader message structure (4-KiB).
23  *
24  * We separate A/B boot control metadata from the regular bootloader
25  * message struct and keep it here. Everything that's A/B-specific
26  * stays after struct bootloader_message, which belongs to the vendor
27  * space of /misc partition. Also, the A/B-specific contents should be
28  * managed by the A/B-bootloader or boot control HAL.
29  *
30  * The slot_suffix field is used for A/B implementations where the
31  * bootloader does not set the androidboot.ro.boot.slot_suffix kernel
32  * commandline parameter. This is used by fs_mgr to mount /system and
33  * other partitions with the slotselect flag set in fstab. A/B
34  * implementations are free to use all 32 bytes and may store private
35  * data past the first NUL-byte in this field. It is encouraged, but
36  * not mandatory, to use 'struct bootloader_control' described below.
37  *
38  * The update_channel field is used to store the Omaha update channel
39  * if update_engine is compiled with Omaha support.
40  */
41 struct bootloader_message_ab {
42     struct bootloader_message message;
43     char slot_suffix[32];
44     char update_channel[128];
45 
46     // Round up the entire struct to 4096-byte.
47     char reserved[1888];
48 };
49 
50 /**
51  * Be cautious about the struct size change, in case we put anything post
52  * bootloader_message_ab struct (b/29159185).
53  */
54 #if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
55 static_assert(sizeof(struct bootloader_message_ab) == 4096,
56               "struct bootloader_message_ab size changes");
57 #endif
58 
59 #define BOOT_CTRL_MAGIC   0x42414342 /* Bootloader Control AB */
60 #define BOOT_CTRL_VERSION 1
61 
62 struct slot_metadata {
63     // Slot priority with 15 meaning highest priority, 1 lowest
64     // priority and 0 the slot is unbootable.
65     uint8_t priority : 4;
66     // Number of times left attempting to boot this slot.
67     uint8_t tries_remaining : 3;
68     // 1 if this slot has booted successfully, 0 otherwise.
69     uint8_t successful_boot : 1;
70     // 1 if this slot is corrupted from a dm-verity corruption, 0
71     // otherwise.
72     uint8_t verity_corrupted : 1;
73     // Reserved for further use.
74     uint8_t reserved : 7;
75 } __attribute__((packed));
76 
77 /* Bootloader Control AB
78  *
79  * This struct can be used to manage A/B metadata. It is designed to
80  * be put in the 'slot_suffix' field of the 'bootloader_message'
81  * structure described above. It is encouraged to use the
82  * 'bootloader_control' structure to store the A/B metadata, but not
83  * mandatory.
84  */
85 struct bootloader_control {
86     // NUL terminated active slot suffix.
87     char slot_suffix[4];
88     // Bootloader Control AB magic number (see BOOT_CTRL_MAGIC).
89     uint32_t magic;
90     // Version of struct being used (see BOOT_CTRL_VERSION).
91     uint8_t version;
92     // Number of slots being managed.
93     uint8_t nb_slot : 3;
94     // Number of times left attempting to boot recovery.
95     uint8_t recovery_tries_remaining : 3;
96     // Status of any pending snapshot merge of dynamic partitions.
97     uint8_t merge_status : 3;
98     // Ensure 4-bytes alignment for slot_info field.
99     uint8_t reserved0[1];
100     // Per-slot information.  Up to 4 slots.
101     struct slot_metadata slot_info[4];
102     // Reserved for further use.
103     uint8_t reserved1[8];
104     // CRC32 of all 28 bytes preceding this field (little endian
105     // format).
106     uint32_t crc32_le;
107 } __attribute__((packed));
108 
109 #if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
110 static_assert(sizeof(struct bootloader_control) ==
111               sizeof(((struct bootloader_message_ab *)0)->slot_suffix),
112               "struct bootloader_control has wrong size");
113 #endif
114 
115