/* get the duration of avb */
metrics.avb = get_timer(avb_metric);
- if (avb_result == AVB_AB_FLOW_RESULT_OK) {
+ if ((avb_result == AVB_AB_FLOW_RESULT_OK) ||
+ (avb_result == AVB_AB_FLOW_RESULT_OK_WITH_VERIFICATION_ERROR)) {
assert(avb_out_data != NULL);
/* load the first partition */
avb_loadpart = avb_out_data->loaded_partitions;
/* we should use avb_part_data->data as boot image */
/* boot image is already read by avb */
hdr = (struct andr_img_hdr *)avb_loadpart->data;
- if (android_image_check_header(hdr)) {
- printf("boota: bad boot image magic\n");
- goto fail;
+ if (avb_result == AVB_AB_FLOW_RESULT_OK)
+ printf(" verify OK, boot '%s%s'\n",
+ avb_loadpart->partition_name, avb_out_data->ab_suffix);
+ else {
+ printf(" verify FAIL, state: UNLOCK\n");
+ printf(" boot '%s%s' still\n",
+ avb_loadpart->partition_name, avb_out_data->ab_suffix);
}
- printf(" verify OK, boot '%s%s'\n", avb_loadpart->partition_name, avb_out_data->ab_suffix);
/* The dm-verity commandline has conflicts with system bootargs and we can't
* determine whether dm-verity is opened by the commandline for now. */
char bootargs_sec[ANDR_BOOT_ARGS_SIZE];
fastboot_setup_system_boot_args(avb_out_data->ab_suffix);
#endif
image_size = avb_loadpart->data_size;
- memcpy((void *)(ulong)(hdr->kernel_addr - hdr->page_size), (void *)hdr, image_size);
} else if (lock_status == FASTBOOT_LOCK) { /* && verify fail */
/* if in lock state, verify enforce fail */
printf(" verify FAIL, state: LOCK\n");
goto fail;
- } else { /* lock_status == FASTBOOT_UNLOCK && verify fail */
+ } else { /* lock_status == FASTBOOT_UNLOCK && get unacceptable verify fail */
/* if in unlock state, log the verify state */
printf(" verify FAIL, state: UNLOCK\n");
#endif
if (!is_recovery_mode)
boot_args[2] = NULL;
#endif
-
+ /* we should free the avb_out_data but should not free the bootimage */
if (avb_out_data != NULL)
- avb_slot_verify_data_free(avb_out_data);
+ avb_slot_verify_data_free_fast(avb_out_data);
#ifdef CONFIG_IMX_TRUSTY_OS
/* put ql-tipc to release resource for Linux */
#include "avb_vbmeta_image.h"
#include "avb_version.h"
#include <common.h>
+#include "android_image.h"
/* Maximum allow length (in bytes) of a partition name, including
* ab_suffix.
return false;
}
+static struct andr_img_hdr boothdr __aligned(ARCH_DMA_MINALIGN);
+
static AvbSlotVerifyResult load_and_verify_hash_partition(
AvbOps* ops,
const char* const* requested_partitions,
goto out;
}
- image_buf = avb_malloc(hash_desc.image_size);
- if (image_buf == NULL) {
+ /* If we are going to load bootimage, load it to
+ * hdr->kernel_addr - hdr->page_size address directly,
+ * so we don't need to copy it again!*/
+ if (strstr(part_name, "boot") != NULL) {
+ struct andr_img_hdr *hdr = &boothdr;
+ /* read boot header first so we can get the address */
+ if (ops->read_from_partition(ops, part_name,
+ 0, sizeof(boothdr), hdr, &part_num_read) != AVB_IO_RESULT_OK &&
+ part_num_read != sizeof(boothdr)) {
+ printf("Error! read bootimage head error\n");
+ ret = AVB_SLOT_VERIFY_RESULT_ERROR_IO;
+ goto out;
+ }
+ /* check bootimg header to make sure we have a vaild bootimage */
+ if (android_image_check_header(hdr)) {
+ printf("Error! bad boot image magic\n");
+ /* bad boot image magic is critical so we will return
+ * AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA here,
+ * it will make this slot be marked as unbootable.*/
+ ret = AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA;
+ goto out;
+ }
+
+ image_buf = (uint8_t*)(unsigned long)(hdr->kernel_addr - hdr->page_size);
+ } else {
+ image_buf = avb_malloc(hash_desc.image_size);
+ if (image_buf == NULL) {
ret = AVB_SLOT_VERIFY_RESULT_ERROR_OOM;
goto out;
+ }
}
io_ret = ops->read_from_partition(ops,
}
avb_free(data);
}
+void avb_slot_verify_data_free_fast(AvbSlotVerifyData* data) {
+ if (data->ab_suffix != NULL) {
+ avb_free(data->ab_suffix);
+ }
+ if (data->cmdline != NULL) {
+ avb_free(data->cmdline);
+ }
+ if (data->vbmeta_images != NULL) {
+ size_t n;
+ for (n = 0; n < data->num_vbmeta_images; n++) {
+ AvbVBMetaData* vbmeta_image = &data->vbmeta_images[n];
+ if (vbmeta_image->partition_name != NULL) {
+ avb_free(vbmeta_image->partition_name);
+ }
+ if (vbmeta_image->vbmeta_data != NULL) {
+ avb_free(vbmeta_image->vbmeta_data);
+ }
+ }
+ avb_free(data->vbmeta_images);
+ }
+ if (data->loaded_partitions != NULL) {
+ size_t n;
+ for (n = 0; n < data->num_loaded_partitions; n++) {
+ AvbPartitionData* loaded_partition = &data->loaded_partitions[n];
+ if (loaded_partition->partition_name != NULL) {
+ /* the address of bootimage isn't alloced by malloc, we don't
+ * need to free it. */
+ if (strstr(loaded_partition->partition_name, "boot") != NULL)
+ continue;
+ else
+ avb_free(loaded_partition->partition_name);
+ }
+ if (loaded_partition->data != NULL) {
+ avb_free(loaded_partition->data);
+ }
+ }
+ avb_free(data->loaded_partitions);
+ }
+ avb_free(data);
+}
const char* avb_slot_verify_result_to_string(AvbSlotVerifyResult result) {
const char* ret = NULL;
projects / u-boot.git / commitdiff