1 /* 2 * Copyright (C) 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <stdint.h> 18 19 #include <bootloader_message/bootloader_message.h> 20 21 /** 22 * The A/B-specific bootloader message structure (4-KiB). 23 * 24 * We separate A/B boot control metadata from the regular bootloader 25 * message struct and keep it here. Everything that's A/B-specific 26 * stays after struct bootloader_message, which belongs to the vendor 27 * space of /misc partition. Also, the A/B-specific contents should be 28 * managed by the A/B-bootloader or boot control HAL. 29 * 30 * The slot_suffix field is used for A/B implementations where the 31 * bootloader does not set the androidboot.ro.boot.slot_suffix kernel 32 * commandline parameter. This is used by fs_mgr to mount /system and 33 * other partitions with the slotselect flag set in fstab. A/B 34 * implementations are free to use all 32 bytes and may store private 35 * data past the first NUL-byte in this field. It is encouraged, but 36 * not mandatory, to use 'struct bootloader_control' described below. 37 * 38 * The update_channel field is used to store the Omaha update channel 39 * if update_engine is compiled with Omaha support. 40 */ 41 struct bootloader_message_ab { 42 struct bootloader_message message; 43 char slot_suffix[32]; 44 char update_channel[128]; 45 46 // Round up the entire struct to 4096-byte. 47 char reserved[1888]; 48 }; 49 50 /** 51 * Be cautious about the struct size change, in case we put anything post 52 * bootloader_message_ab struct (b/29159185). 53 */ 54 #if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus) 55 static_assert(sizeof(struct bootloader_message_ab) == 4096, 56 "struct bootloader_message_ab size changes"); 57 #endif 58 59 #define BOOT_CTRL_MAGIC 0x42414342 /* Bootloader Control AB */ 60 #define BOOT_CTRL_VERSION 1 61 62 struct slot_metadata { 63 // Slot priority with 15 meaning highest priority, 1 lowest 64 // priority and 0 the slot is unbootable. 65 uint8_t priority : 4; 66 // Number of times left attempting to boot this slot. 67 uint8_t tries_remaining : 3; 68 // 1 if this slot has booted successfully, 0 otherwise. 69 uint8_t successful_boot : 1; 70 // 1 if this slot is corrupted from a dm-verity corruption, 0 71 // otherwise. 72 uint8_t verity_corrupted : 1; 73 // Reserved for further use. 74 uint8_t reserved : 7; 75 } __attribute__((packed)); 76 77 /* Bootloader Control AB 78 * 79 * This struct can be used to manage A/B metadata. It is designed to 80 * be put in the 'slot_suffix' field of the 'bootloader_message' 81 * structure described above. It is encouraged to use the 82 * 'bootloader_control' structure to store the A/B metadata, but not 83 * mandatory. 84 */ 85 struct bootloader_control { 86 // NUL terminated active slot suffix. 87 char slot_suffix[4]; 88 // Bootloader Control AB magic number (see BOOT_CTRL_MAGIC). 89 uint32_t magic; 90 // Version of struct being used (see BOOT_CTRL_VERSION). 91 uint8_t version; 92 // Number of slots being managed. 93 uint8_t nb_slot : 3; 94 // Number of times left attempting to boot recovery. 95 uint8_t recovery_tries_remaining : 3; 96 // Status of any pending snapshot merge of dynamic partitions. 97 uint8_t merge_status : 3; 98 // Ensure 4-bytes alignment for slot_info field. 99 uint8_t reserved0[1]; 100 // Per-slot information. Up to 4 slots. 101 struct slot_metadata slot_info[4]; 102 // Reserved for further use. 103 uint8_t reserved1[8]; 104 // CRC32 of all 28 bytes preceding this field (little endian 105 // format). 106 uint32_t crc32_le; 107 } __attribute__((packed)); 108 109 #if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus) 110 static_assert(sizeof(struct bootloader_control) == 111 sizeof(((struct bootloader_message_ab *)0)->slot_suffix), 112 "struct bootloader_control has wrong size"); 113 #endif 114 115