Merge "project: msm8952: Add compilation flag for backward compatible verified boot"
diff --git a/app/aboot/aboot.c b/app/aboot/aboot.c
index 7b8861b..c25f3b3 100644
--- a/app/aboot/aboot.c
+++ b/app/aboot/aboot.c
@@ -167,9 +167,9 @@
static const char *warmboot_cmdline = " qpnp-power-on.warm_boot=1";
#if VERIFIED_BOOT
+#if !VBOOT_MOTA
static const char *verity_mode = " androidboot.veritymode=";
static const char *verified_state= " androidboot.verifiedbootstate=";
-
//indexed based on enum values, green is 0 by default
struct verified_boot_verity_mode vbvm[] =
@@ -185,6 +185,7 @@
{RED,"red" },
};
#endif
+#endif
static unsigned page_size = 0;
static unsigned page_mask = 0;
@@ -197,8 +198,11 @@
/* Assuming unauthorized kernel image by default */
static int auth_kernel_img = 0;
-
+#if VBOOT_MOTA
+static device_info device = {DEVICE_MAGIC, 0, 0, 0, 0, {0}, {0},{0}};
+#else
static device_info device = {DEVICE_MAGIC, 0, 0, 0, 0, {0}, {0},{0}, 1};
+#endif
static bool is_allow_unlock = 0;
static char frp_ptns[2][8] = {"config","frp"};
@@ -313,8 +317,10 @@
char *boot_dev_buf = NULL;
bool is_mdtp_activated = 0;
#if VERIFIED_BOOT
+#if !VBOOT_MOTA
uint32_t boot_state = boot_verify_get_state();
#endif
+#endif
#ifdef MDTP_SUPPORT
mdtp_activated(&is_mdtp_activated);
@@ -338,6 +344,7 @@
cmdline_len += strlen(sn_buf);
#if VERIFIED_BOOT
+#if !VBOOT_MOTA
cmdline_len += strlen(verified_state) + strlen(vbsn[boot_state].name);
if ((device.verity_mode != 0 ) && (device.verity_mode != 1))
{
@@ -346,6 +353,7 @@
}
cmdline_len += strlen(verity_mode) + strlen(vbvm[device.verity_mode].name);
#endif
+#endif
if (boot_into_recovery && gpt_exists)
cmdline_len += strlen(secondary_gpt_enable);
@@ -462,6 +470,7 @@
}
#if VERIFIED_BOOT
+#if !VBOOT_MOTA
src = verified_state;
if(have_cmdline) --dst;
have_cmdline = 1;
@@ -482,6 +491,7 @@
if(have_cmdline) -- dst;
while ((*dst++ = *src++));
#endif
+#endif
src = usb_sn_cmdline;
if (have_cmdline) --dst;
have_cmdline = 1;
@@ -1200,11 +1210,12 @@
}
#if VERIFIED_BOOT
+#if !VBOOT_MOTA
// send root of trust
if(!send_rot_command((uint32_t)device.is_unlocked))
ASSERT(0);
#endif
-
+#endif
/*
* Check if the kernel image is a gzip package. If yes, need to decompress it.
* If not, continue booting.
@@ -1900,14 +1911,20 @@
memcpy(info->magic, DEVICE_MAGIC, DEVICE_MAGIC_SIZE);
if (is_secure_boot_enable()) {
info->is_unlocked = 0;
+#if !VBOOT_MOTA
info->is_unlock_critical = 0;
+#endif
} else {
info->is_unlocked = 1;
+#if !VBOOT_MOTA
info->is_unlock_critical = 1;
+#endif
}
info->is_tampered = 0;
info->charger_screen_enabled = 0;
+#if !VBOOT_MOTA
info->verity_mode = 1; //enforcing by default
+#endif
write_device_info(info);
}
memcpy(dev, info, sizeof(device_info));
@@ -1945,9 +1962,10 @@
{
if (type == UNLOCK)
device.is_unlocked = status;
+#if !VBOOT_MOTA
else if (type == UNLOCK_CRITICAL)
device.is_unlock_critical = status;
-
+#endif
write_device_info(&device);
}
@@ -1959,9 +1977,10 @@
/* check device unlock status if it is as expected */
if (type == UNLOCK)
is_unlocked = device.is_unlocked;
+#if !VBOOT_MOTA
else if (type == UNLOCK_CRITICAL)
is_unlocked = device.is_unlock_critical;
-
+#endif
if (is_unlocked == status) {
snprintf(response, sizeof(response), "\tDevice already : %s", (status ? "unlocked!" : "locked!"));
fastboot_info(response);
@@ -2203,11 +2222,12 @@
#endif /* MDTP_SUPPORT */
#if VERIFIED_BOOT
+#if !VBOOT_MOTA
// send root of trust
if(!send_rot_command((uint32_t)device.is_unlocked))
ASSERT(0);
#endif
-
+#endif
/*
* Check if the kernel image is a gzip package. If yes, need to decompress it.
* If not, continue booting.
@@ -2384,10 +2404,12 @@
}
}
#if VERIFIED_BOOT
+#if !VBOOT_MOTA
if(!(strncmp(arg, "userdata", 8)))
if(send_delete_keys_to_tz())
ASSERT(0);
#endif
+#endif
fastboot_okay("");
}
@@ -2881,7 +2903,7 @@
fastboot_fail("Partition flashing is not allowed");
return;
}
-
+#if !VBOOT_MOTA
/* if device critical is locked:
* common partition will allow to be flashed
* critical partition will not allow to flash image.
@@ -2890,6 +2912,7 @@
fastboot_fail("Critical partition flashing is not allowed");
return;
}
+#endif
}
#endif
@@ -2903,6 +2926,7 @@
cmd_flash_mmc_img(arg, data, sz);
#if VERIFIED_BOOT
+#if !VBOOT_MOTA
if((!strncmp(arg, "system", 6)) && !device.verity_mode)
{
// reset dm_verity mode to enforcing
@@ -2910,6 +2934,7 @@
write_device_info(&device);
}
#endif
+#endif
return;
}
@@ -3141,8 +3166,10 @@
fastboot_info(response);
snprintf(response, sizeof(response), "\tDevice unlocked: %s", (device.is_unlocked ? "true" : "false"));
fastboot_info(response);
+#if !VBOOT_MOTA
snprintf(response, sizeof(response), "\tDevice critical unlocked: %s", (device.is_unlock_critical ? "true" : "false"));
fastboot_info(response);
+#endif
snprintf(response, sizeof(response), "\tCharger screen enabled: %s", (device.charger_screen_enabled ? "true" : "false"));
fastboot_info(response);
snprintf(response, sizeof(response), "\tDisplay panel: %s", (device.display_panel));
@@ -3625,6 +3652,8 @@
{
boot_reason_alarm = true;
}
+#if VERIFIED_BOOT
+#if !VBOOT_MOTA
else if (reboot_mode == DM_VERITY_ENFORCING)
{
device.verity_mode = 1;
@@ -3640,6 +3669,8 @@
if(send_delete_keys_to_tz())
ASSERT(0);
}
+#endif
+#endif
normal_boot:
if (!boot_into_fastboot)
diff --git a/app/aboot/devinfo.h b/app/aboot/devinfo.h
index d0e4c73..12d0554 100644
--- a/app/aboot/devinfo.h
+++ b/app/aboot/devinfo.h
@@ -41,7 +41,19 @@
UNLOCK = 0,
UNLOCK_CRITICAL,
};
-
+#if VBOOT_MOTA
+struct device_info
+{
+ unsigned char magic[DEVICE_MAGIC_SIZE];
+ bool is_unlocked;
+ bool is_tampered;
+ bool is_verified;
+ bool charger_screen_enabled;
+ char display_panel[MAX_PANEL_ID_LEN];
+ char bootloader_version[MAX_VERSION_LEN];
+ char radio_version[MAX_VERSION_LEN];
+};
+#else
struct device_info
{
unsigned char magic[DEVICE_MAGIC_SIZE];
@@ -54,5 +66,5 @@
char radio_version[MAX_VERSION_LEN];
bool verity_mode; // 1 = enforcing, 0 = logging
};
-
+#endif
#endif
diff --git a/project/msm8952.mk b/project/msm8952.mk
index e808597..bb2ef5d 100644
--- a/project/msm8952.mk
+++ b/project/msm8952.mk
@@ -13,8 +13,21 @@
endif
EMMC_BOOT := 1
+
+
+ifeq ($(VERIFIED_BOOT),1)
+ENABLE_MDTP_SUPPORT := 1
+ifeq ($(ENABLE_VBOOT_MOTA_SUPPORT),1)
+DEFINES += VBOOT_MOTA=1
+else
ENABLE_SECAPP_LOADER := 1
ENABLE_RPMB_SUPPORT := 1
+#enable fbcon display menu
+ENABLE_FBCON_DISPLAY_MSG := 1
+endif
+endif
+
+
ENABLE_SMD_SUPPORT := 1
#ENABLE_PWM_SUPPORT := true
@@ -33,7 +46,10 @@
#Enable the feature of long press power on
DEFINES += LONG_PRESS_POWER_ON=1
+
+ifeq ($(ENABLE_RPMB_SUPPORT),1)
DEFINES += USE_RPMB_FOR_DEVINFO=1
+endif
#Disable thumb mode
ENABLE_THUMB := false
@@ -44,8 +60,7 @@
DEFINES += MMC_SDHCI_SUPPORT=1
endif
-#enable fbcon display menu
-ENABLE_FBCON_DISPLAY_MSG := 1
+
ifeq ($(ENABLE_FBCON_DISPLAY_MSG),1)
DEFINES += FBCON_DISPLAY_MSG=1
@@ -70,7 +85,6 @@
DEFINES += SMD_SUPPORT=1
endif
-ENABLE_MDTP_SUPPORT := 1
ifeq ($(ENABLE_MDTP_SUPPORT),1)
DEFINES += MDTP_SUPPORT=1
diff --git a/target/msm8952/init.c b/target/msm8952/init.c
index 2b19610..013700c 100644
--- a/target/msm8952/init.c
+++ b/target/msm8952/init.c
@@ -254,7 +254,12 @@
void target_init(void)
{
+#if VERIFIED_BOOT
+#if !VBOOT_MOTA
int ret = 0;
+#endif
+#endif
+
dprintf(INFO, "target_init()\n");
spmi_init(PMIC_ARB_CHANNEL_NUM, PMIC_ARB_OWNER_ID);
@@ -280,6 +285,8 @@
if (target_use_signed_kernel())
target_crypto_init_params();
+#if VERIFIED_BOOT
+#if !VBOOT_MOTA
clock_ce_enable(CE1_INSTANCE);
/* Initialize Qseecom */
@@ -314,6 +321,9 @@
dprintf(CRITICAL, "Failed to load App for verified\n");
ASSERT(0);
}
+#endif
+#endif
+
#if SMD_SUPPORT
rpm_smd_init();
#endif
@@ -497,7 +507,8 @@
if (target_is_ssd_enabled())
clock_ce_disable(CE1_INSTANCE);
-
+#if VERIFIED_BOOT
+#if !VBOOT_MOTA
if (is_sec_app_loaded())
{
if (send_milestone_call_to_tz() < 0)
@@ -514,6 +525,9 @@
}
clock_ce_disable(CE1_INSTANCE);
+#endif
+#endif
+
#if SMD_SUPPORT
rpm_smd_uninit();
#endif