// SPDX-License-Identifier: GPL-2.0+ /* * Copyright (c) 2011 Sebastian Andrzej Siewior */ #include #include #include #include #include #include #include #include #include #include #define ANDROID_IMAGE_DEFAULT_KERNEL_ADDR 0x10008000 static char andr_tmp_str[ANDR_BOOT_ARGS_SIZE + 1]; static ulong android_image_get_kernel_addr(const struct andr_img_hdr *hdr) { /* * All the Android tools that generate a boot.img use this * address as the default. * * Even though it doesn't really make a lot of sense, and it * might be valid on some platforms, we treat that adress as * the default value for this field, and try to execute the * kernel in place in such a case. * * Otherwise, we will return the actual value set by the user. */ if (hdr->kernel_addr == ANDROID_IMAGE_DEFAULT_KERNEL_ADDR) return (ulong)hdr + hdr->page_size; /* * abootimg creates images where all load addresses are 0 * and we need to fix them. */ if (hdr->kernel_addr == 0 && hdr->ramdisk_addr == 0) return env_get_ulong("kernel_addr_r", 16, 0); return hdr->kernel_addr; } /** * android_image_get_kernel() - processes kernel part of Android boot images * @hdr: Pointer to image header, which is at the start * of the image. * @verify: Checksum verification flag. Currently unimplemented. * @os_data: Pointer to a ulong variable, will hold os data start * address. * @os_len: Pointer to a ulong variable, will hold os data length. * * This function returns the os image's start address and length. Also, * it appends the kernel command line to the bootargs env variable. * * Return: Zero, os start address and length on success, * otherwise on failure. */ int android_image_get_kernel(const struct andr_img_hdr *hdr, int verify, ulong *os_data, ulong *os_len) { u32 kernel_addr = android_image_get_kernel_addr(hdr); const struct image_header *ihdr = (const struct image_header *) ((uintptr_t)hdr + hdr->page_size); /* * Not all Android tools use the id field for signing the image with * sha1 (or anything) so we don't check it. It is not obvious that the * string is null terminated so we take care of this. */ strncpy(andr_tmp_str, hdr->name, ANDR_BOOT_NAME_SIZE); andr_tmp_str[ANDR_BOOT_NAME_SIZE] = '\0'; if (strlen(andr_tmp_str)) printf("Android's image name: %s\n", andr_tmp_str); printf("Kernel load addr 0x%08x size %u KiB\n", kernel_addr, DIV_ROUND_UP(hdr->kernel_size, 1024)); int len = 0; if (*hdr->cmdline) { printf("Kernel command line: %s\n", hdr->cmdline); len += strlen(hdr->cmdline); } char *bootargs = env_get("bootargs"); if (bootargs) len += strlen(bootargs); char *newbootargs = malloc(len + 2); if (!newbootargs) { puts("Error: malloc in android_image_get_kernel failed!\n"); return -ENOMEM; } *newbootargs = '\0'; if (bootargs) { strcpy(newbootargs, bootargs); strcat(newbootargs, " "); } if (*hdr->cmdline) strcat(newbootargs, hdr->cmdline); env_set("bootargs", newbootargs); if (os_data) { if (image_get_magic(ihdr) == IH_MAGIC) { *os_data = image_get_data(ihdr); } else { *os_data = (ulong)hdr; *os_data += hdr->page_size; } } if (os_len) { if (image_get_magic(ihdr) == IH_MAGIC) *os_len = image_get_data_size(ihdr); else *os_len = hdr->kernel_size; } return 0; } int android_image_check_header(const struct andr_img_hdr *hdr) { return memcmp(ANDR_BOOT_MAGIC, hdr->magic, ANDR_BOOT_MAGIC_SIZE); } ulong android_image_get_end(const struct andr_img_hdr *hdr) { ulong end; /* * The header takes a full page, the remaining components are aligned * on page boundary */ end = (ulong)hdr; end += hdr->page_size; end += ALIGN(hdr->kernel_size, hdr->page_size); end += ALIGN(hdr->ramdisk_size, hdr->page_size); end += ALIGN(hdr->second_size, hdr->page_size); if (hdr->header_version >= 1) end += ALIGN(hdr->recovery_dtbo_size, hdr->page_size); if (hdr->header_version >= 2) end += ALIGN(hdr->dtb_size, hdr->page_size); return end; } ulong android_image_get_kload(const struct andr_img_hdr *hdr) { return android_image_get_kernel_addr(hdr); } ulong android_image_get_kcomp(const struct andr_img_hdr *hdr) { const void *p = (void *)((uintptr_t)hdr + hdr->page_size); if (image_get_magic((image_header_t *)p) == IH_MAGIC) return image_get_comp((image_header_t *)p); else if (get_unaligned_le32(p) == LZ4F_MAGIC) return IH_COMP_LZ4; else return IH_COMP_NONE; } int android_image_get_ramdisk(const struct andr_img_hdr *hdr, ulong *rd_data, ulong *rd_len) { if (!hdr->ramdisk_size) { *rd_data = *rd_len = 0; return -1; } printf("RAM disk load addr 0x%08x size %u KiB\n", hdr->ramdisk_addr, DIV_ROUND_UP(hdr->ramdisk_size, 1024)); *rd_data = (unsigned long)hdr; *rd_data += hdr->page_size; *rd_data += ALIGN(hdr->kernel_size, hdr->page_size); *rd_len = hdr->ramdisk_size; return 0; } int android_image_get_second(const struct andr_img_hdr *hdr, ulong *second_data, ulong *second_len) { if (!hdr->second_size) { *second_data = *second_len = 0; return -1; } *second_data = (unsigned long)hdr; *second_data += hdr->page_size; *second_data += ALIGN(hdr->kernel_size, hdr->page_size); *second_data += ALIGN(hdr->ramdisk_size, hdr->page_size); printf("second address is 0x%lx\n",*second_data); *second_len = hdr->second_size; return 0; } /** * android_image_get_dtbo() - Get address and size of recovery DTBO image. * @hdr_addr: Boot image header address * @addr: If not NULL, will contain address of recovery DTBO image * @size: If not NULL, will contain size of recovery DTBO image * * Get the address and size of DTBO image in "Recovery DTBO" area of Android * Boot Image in RAM. The format of this image is Android DTBO (see * corresponding "DTB/DTBO Partitions" AOSP documentation for details). Once * the address is obtained from this function, one can use 'adtimg' U-Boot * command or android_dt_*() functions to extract desired DTBO blob. * * This DTBO (included in boot image) is only needed for non-A/B devices, and it * only can be found in recovery image. On A/B devices we can always rely on * "dtbo" partition. See "Including DTBO in Recovery for Non-A/B Devices" in * AOSP documentation for details. * * Return: true on success or false on error. */ bool android_image_get_dtbo(ulong hdr_addr, ulong *addr, u32 *size) { const struct andr_img_hdr *hdr; ulong dtbo_img_addr; bool ret = true; hdr = map_sysmem(hdr_addr, sizeof(*hdr)); if (android_image_check_header(hdr)) { printf("Error: Boot Image header is incorrect\n"); ret = false; goto exit; } if (hdr->header_version < 1) { printf("Error: header_version must be >= 1 to get dtbo\n"); ret = false; goto exit; } if (hdr->recovery_dtbo_size == 0) { printf("Error: recovery_dtbo_size is 0\n"); ret = false; goto exit; } /* Calculate the address of DTB area in boot image */ dtbo_img_addr = hdr_addr; dtbo_img_addr += hdr->page_size; dtbo_img_addr += ALIGN(hdr->kernel_size, hdr->page_size); dtbo_img_addr += ALIGN(hdr->ramdisk_size, hdr->page_size); dtbo_img_addr += ALIGN(hdr->second_size, hdr->page_size); if (addr) *addr = dtbo_img_addr; if (size) *size = hdr->recovery_dtbo_size; exit: unmap_sysmem(hdr); return ret; } /** * android_image_get_dtb_img_addr() - Get the address of DTB area in boot image. * @hdr_addr: Boot image header address * @addr: Will contain the address of DTB area in boot image * * Return: true on success or false on fail. */ static bool android_image_get_dtb_img_addr(ulong hdr_addr, ulong *addr) { const struct andr_img_hdr *hdr; ulong dtb_img_addr; bool ret = true; hdr = map_sysmem(hdr_addr, sizeof(*hdr)); if (android_image_check_header(hdr)) { printf("Error: Boot Image header is incorrect\n"); ret = false; goto exit; } if (hdr->header_version < 2) { printf("Error: header_version must be >= 2 to get dtb\n"); ret = false; goto exit; } if (hdr->dtb_size == 0) { printf("Error: dtb_size is 0\n"); ret = false; goto exit; } /* Calculate the address of DTB area in boot image */ dtb_img_addr = hdr_addr; dtb_img_addr += hdr->page_size; dtb_img_addr += ALIGN(hdr->kernel_size, hdr->page_size); dtb_img_addr += ALIGN(hdr->ramdisk_size, hdr->page_size); dtb_img_addr += ALIGN(hdr->second_size, hdr->page_size); dtb_img_addr += ALIGN(hdr->recovery_dtbo_size, hdr->page_size); *addr = dtb_img_addr; exit: unmap_sysmem(hdr); return ret; } /** * android_image_get_dtb_by_index() - Get address and size of blob in DTB area. * @hdr_addr: Boot image header address * @index: Index of desired DTB in DTB area (starting from 0) * @addr: If not NULL, will contain address to specified DTB * @size: If not NULL, will contain size of specified DTB * * Get the address and size of DTB blob by its index in DTB area of Android * Boot Image in RAM. * * Return: true on success or false on error. */ bool android_image_get_dtb_by_index(ulong hdr_addr, u32 index, ulong *addr, u32 *size) { const struct andr_img_hdr *hdr; bool res; ulong dtb_img_addr; /* address of DTB part in boot image */ u32 dtb_img_size; /* size of DTB payload in boot image */ ulong dtb_addr; /* address of DTB blob with specified index */ u32 i; /* index iterator */ res = android_image_get_dtb_img_addr(hdr_addr, &dtb_img_addr); if (!res) return false; /* Check if DTB area of boot image is in DTBO format */ if (android_dt_check_header(dtb_img_addr)) { return android_dt_get_fdt_by_index(dtb_img_addr, index, addr, size); } /* Find out the address of DTB with specified index in concat blobs */ hdr = map_sysmem(hdr_addr, sizeof(*hdr)); dtb_img_size = hdr->dtb_size; unmap_sysmem(hdr); i = 0; dtb_addr = dtb_img_addr; while (dtb_addr < dtb_img_addr + dtb_img_size) { const struct fdt_header *fdt; u32 dtb_size; fdt = map_sysmem(dtb_addr, sizeof(*fdt)); if (fdt_check_header(fdt) != 0) { unmap_sysmem(fdt); printf("Error: Invalid FDT header for index %u\n", i); return false; } dtb_size = fdt_totalsize(fdt); unmap_sysmem(fdt); if (i == index) { if (size) *size = dtb_size; if (addr) *addr = dtb_addr; return true; } dtb_addr += dtb_size; ++i; } printf("Error: Index is out of bounds (%u/%u)\n", index, i); return false; } #if !defined(CONFIG_SPL_BUILD) /** * android_print_contents - prints out the contents of the Android format image * @hdr: pointer to the Android format image header * * android_print_contents() formats a multi line Android image contents * description. * The routine prints out Android image properties * * returns: * no returned results */ void android_print_contents(const struct andr_img_hdr *hdr) { const char * const p = IMAGE_INDENT_STRING; /* os_version = ver << 11 | lvl */ u32 os_ver = hdr->os_version >> 11; u32 os_lvl = hdr->os_version & ((1U << 11) - 1); printf("%skernel size: %x\n", p, hdr->kernel_size); printf("%skernel address: %x\n", p, hdr->kernel_addr); printf("%sramdisk size: %x\n", p, hdr->ramdisk_size); printf("%sramdisk address: %x\n", p, hdr->ramdisk_addr); printf("%ssecond size: %x\n", p, hdr->second_size); printf("%ssecond address: %x\n", p, hdr->second_addr); printf("%stags address: %x\n", p, hdr->tags_addr); printf("%spage size: %x\n", p, hdr->page_size); /* ver = A << 14 | B << 7 | C (7 bits for each of A, B, C) * lvl = ((Y - 2000) & 127) << 4 | M (7 bits for Y, 4 bits for M) */ printf("%sos_version: %x (ver: %u.%u.%u, level: %u.%u)\n", p, hdr->os_version, (os_ver >> 7) & 0x7F, (os_ver >> 14) & 0x7F, os_ver & 0x7F, (os_lvl >> 4) + 2000, os_lvl & 0x0F); printf("%sname: %s\n", p, hdr->name); printf("%scmdline: %s\n", p, hdr->cmdline); printf("%sheader_version: %d\n", p, hdr->header_version); if (hdr->header_version >= 1) { printf("%srecovery dtbo size: %x\n", p, hdr->recovery_dtbo_size); printf("%srecovery dtbo offset: %llx\n", p, hdr->recovery_dtbo_offset); printf("%sheader size: %x\n", p, hdr->header_size); } if (hdr->header_version >= 2) { printf("%sdtb size: %x\n", p, hdr->dtb_size); printf("%sdtb addr: %llx\n", p, hdr->dtb_addr); } } /** * android_image_print_dtb_info - Print info for one DTB blob in DTB area. * @fdt: DTB header * @index: Number of DTB blob in DTB area. * * Return: true on success or false on error. */ static bool android_image_print_dtb_info(const struct fdt_header *fdt, u32 index) { int root_node_off; u32 fdt_size; const char *model; const char *compatible; root_node_off = fdt_path_offset(fdt, "/"); if (root_node_off < 0) { printf("Error: Root node not found\n"); return false; } fdt_size = fdt_totalsize(fdt); compatible = fdt_getprop(fdt, root_node_off, "compatible", NULL); model = fdt_getprop(fdt, root_node_off, "model", NULL); printf(" - DTB #%u:\n", index); printf(" (DTB)size = %d\n", fdt_size); printf(" (DTB)model = %s\n", model ? model : "(unknown)"); printf(" (DTB)compatible = %s\n", compatible ? compatible : "(unknown)"); return true; } /** * android_image_print_dtb_contents() - Print info for DTB blobs in DTB area. * @hdr_addr: Boot image header address * * DTB payload in Android Boot Image v2+ can be in one of following formats: * 1. Concatenated DTB blobs * 2. Android DTBO format (see CONFIG_CMD_ADTIMG for details) * * This function does next: * 1. Prints out the format used in DTB area * 2. Iterates over all DTB blobs in DTB area and prints out the info for * each blob. * * Return: true on success or false on error. */ bool android_image_print_dtb_contents(ulong hdr_addr) { const struct andr_img_hdr *hdr; bool res; ulong dtb_img_addr; /* address of DTB part in boot image */ u32 dtb_img_size; /* size of DTB payload in boot image */ ulong dtb_addr; /* address of DTB blob with specified index */ u32 i; /* index iterator */ res = android_image_get_dtb_img_addr(hdr_addr, &dtb_img_addr); if (!res) return false; /* Check if DTB area of boot image is in DTBO format */ if (android_dt_check_header(dtb_img_addr)) { printf("## DTB area contents (DTBO format):\n"); android_dt_print_contents(dtb_img_addr); return true; } printf("## DTB area contents (concat format):\n"); /* Iterate over concatenated DTB blobs */ hdr = map_sysmem(hdr_addr, sizeof(*hdr)); dtb_img_size = hdr->dtb_size; unmap_sysmem(hdr); i = 0; dtb_addr = dtb_img_addr; while (dtb_addr < dtb_img_addr + dtb_img_size) { const struct fdt_header *fdt; u32 dtb_size; fdt = map_sysmem(dtb_addr, sizeof(*fdt)); if (fdt_check_header(fdt) != 0) { unmap_sysmem(fdt); printf("Error: Invalid FDT header for index %u\n", i); return false; } res = android_image_print_dtb_info(fdt, i); if (!res) { unmap_sysmem(fdt); return false; } dtb_size = fdt_totalsize(fdt); unmap_sysmem(fdt); dtb_addr += dtb_size; ++i; } return true; } #endif