[U-Boot] [PATCH v2] include: android_bl_msg.h: Initial import

[U-Boot] [PATCH v2] include: android_bl_msg.h: Initial import

[Sam Protsenko]

From: Eugeniu Rosca <roscaeugeniu@gmail.com>

Import the bootloader_message.h (former bootloader.h) from AOSP.

The bootloader_message.h basically defines the flash layout of a
dedicated partition (usually called 'misc') and is needed in U-Boot
in order to be able to implement a subset of Android Bootloader
Requirements [1], specifically dealing with:
 - Communication between the bootloader and recovery
 - Handling of A/B (Seamless) System Updates [2]
 - Passing the reboot reason [3]

With respect to the in-tree vs out-of-tree file differences:
 - license matches https://patchwork.ozlabs.org/patch/1003998/
 - filename is changed to android_bl_msg.h, as per Simon's comment [4]
 - minimize the future integration/update efforts from the source.
   Particularly, the __UBOOT__ macro helps with isolating the
   U-Boot-unrelated parts (e.g. includes/function prototypes/etc)

[1] https://source.android.com/devices/bootloader
[2] https://source.android.com/devices/tech/ota/ab/
[3] https://source.android.com/devices/bootloader/boot-reason
[4] https://patchwork.ozlabs.org/patch/1003998/#2046141

Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
---
Changes in v2:
 * Remove struct typedefs, as it breaks Linux kernel style outside of
   this file, it bloats namespace (old struct names still remain in the
   namespace) and increases the delta w.r.t. AOSP file version
 * Add specific AOSP commit-id where this file was imported from
   (as per Tom's comment)
 * Update this file to the most recent version from AOSP

 include/android_bl_msg.h | 264 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 264 insertions(+)
 create mode 100644 include/android_bl_msg.h

diff --git a/include/android_bl_msg.h b/include/android_bl_msg.h
new file mode 100644
index 0000000000..7bb69ef431
--- /dev/null
+++ b/include/android_bl_msg.h
@@ -0,0 +1,264 @@
+// SPDX-License-Identifier: BSD-2-Clause
+/*
+ * This file was taken from the AOSP Project.
+ * Repository: https://android.googlesource.com/platform/bootable/recovery/
+ * File: bootloader_message/include/bootloader_message/bootloader_message.h
+ * Commit: 9423d2f6b7ef ("Merge "Track libziparchive API change."")
+ *
+ * Please keep this file with minimal changes with respect to AOSP version!
+ *
+ * Copyright (C) 2008 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _BOOTLOADER_MESSAGE_H
+#define _BOOTLOADER_MESSAGE_H
+
+#ifndef __UBOOT__
+#include <assert.h>
+#include <stddef.h>
+#include <stdint.h>
+#else
+#include <compiler.h>
+#endif
+
+// Spaces used by misc partition are as below:
+// 0   - 2K     For bootloader_message
+// 2K  - 16K    Used by Vendor's bootloader (the 2K - 4K range may be optionally used
+//              as bootloader_message_ab struct)
+// 16K - 64K    Used by uncrypt and recovery to store wipe_package for A/B devices
+// Note that these offsets are admitted by bootloader,recovery and uncrypt, so they
+// are not configurable without changing all of them.
+static const size_t BOOTLOADER_MESSAGE_OFFSET_IN_MISC = 0;
+static const size_t WIPE_PACKAGE_OFFSET_IN_MISC = 16 * 1024;
+
+/* Bootloader Message (2-KiB)
+ *
+ * This structure describes the content of a block in flash
+ * that is used for recovery and the bootloader to talk to
+ * each other.
+ *
+ * The command field is updated by linux when it wants to
+ * reboot into recovery or to update radio or bootloader firmware.
+ * It is also updated by the bootloader when firmware update
+ * is complete (to boot into recovery for any final cleanup)
+ *
+ * The status field was used by the bootloader after the completion
+ * of an "update-radio" or "update-hboot" command, which has been
+ * deprecated since Froyo.
+ *
+ * The recovery field is only written by linux and used
+ * for the system to send a message to recovery or the
+ * other way around.
+ *
+ * The stage field is written by packages which restart themselves
+ * multiple times, so that the UI can reflect which invocation of the
+ * package it is.  If the value is of the format "#/#" (eg, "1/3"),
+ * the UI will add a simple indicator of that status.
+ *
+ * We used to have slot_suffix field for A/B boot control metadata in
+ * this struct, which gets unintentionally cleared by recovery or
+ * uncrypt. Move it into struct bootloader_message_ab to avoid the
+ * issue.
+ */
+struct bootloader_message {
+    char command[32];
+    char status[32];
+    char recovery[768];
+
+    // The 'recovery' field used to be 1024 bytes.  It has only ever
+    // been used to store the recovery command line, so 768 bytes
+    // should be plenty.  We carve off the last 256 bytes to store the
+    // stage string (for multistage packages) and possible future
+    // expansion.
+    char stage[32];
+
+    // The 'reserved' field used to be 224 bytes when it was initially
+    // carved off from the 1024-byte recovery field. Bump it up to
+    // 1184-byte so that the entire bootloader_message struct rounds up
+    // to 2048-byte.
+    char reserved[1184];
+};
+
+/**
+ * We must be cautious when changing the bootloader_message struct size,
+ * because A/B-specific fields may end up with different offsets.
+ */
+#ifndef __UBOOT__
+#if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
+static_assert(sizeof(struct bootloader_message) == 2048,
+              "struct bootloader_message size changes, which may break A/B devices");
+#endif
+#endif
+
+/**
+ * The A/B-specific bootloader message structure (4-KiB).
+ *
+ * We separate A/B boot control metadata from the regular bootloader
+ * message struct and keep it here. Everything that's A/B-specific
+ * stays after struct bootloader_message, which should be managed by
+ * the A/B-bootloader or boot control HAL.
+ *
+ * The slot_suffix field is used for A/B implementations where the
+ * bootloader does not set the androidboot.ro.boot.slot_suffix kernel
+ * commandline parameter. This is used by fs_mgr to mount /system and
+ * other partitions with the slotselect flag set in fstab. A/B
+ * implementations are free to use all 32 bytes and may store private
+ * data past the first NUL-byte in this field. It is encouraged, but
+ * not mandatory, to use 'struct bootloader_control' described below.
+ *
+ * The update_channel field is used to store the Omaha update channel
+ * if update_engine is compiled with Omaha support.
+ */
+struct bootloader_message_ab {
+    struct bootloader_message message;
+    char slot_suffix[32];
+    char update_channel[128];
+
+    // Round up the entire struct to 4096-byte.
+    char reserved[1888];
+};
+
+/**
+ * Be cautious about the struct size change, in case we put anything post
+ * bootloader_message_ab struct (b/29159185).
+ */
+#ifndef __UBOOT__
+#if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
+static_assert(sizeof(struct bootloader_message_ab) == 4096,
+              "struct bootloader_message_ab size changes");
+#endif
+#endif
+
+#define BOOT_CTRL_MAGIC   0x42414342 /* Bootloader Control AB */
+#define BOOT_CTRL_VERSION 1
+
+struct slot_metadata {
+    // Slot priority with 15 meaning highest priority, 1 lowest
+    // priority and 0 the slot is unbootable.
+    uint8_t priority : 4;
+    // Number of times left attempting to boot this slot.
+    uint8_t tries_remaining : 3;
+    // 1 if this slot has booted successfully, 0 otherwise.
+    uint8_t successful_boot : 1;
+    // 1 if this slot is corrupted from a dm-verity corruption, 0
+    // otherwise.
+    uint8_t verity_corrupted : 1;
+    // Reserved for further use.
+    uint8_t reserved : 7;
+} __attribute__((packed));
+
+/* Bootloader Control AB
+ *
+ * This struct can be used to manage A/B metadata. It is designed to
+ * be put in the 'slot_suffix' field of the 'bootloader_message'
+ * structure described above. It is encouraged to use the
+ * 'bootloader_control' structure to store the A/B metadata, but not
+ * mandatory.
+ */
+struct bootloader_control {
+    // NUL terminated active slot suffix.
+    char slot_suffix[4];
+    // Bootloader Control AB magic number (see BOOT_CTRL_MAGIC).
+    uint32_t magic;
+    // Version of struct being used (see BOOT_CTRL_VERSION).
+    uint8_t version;
+    // Number of slots being managed.
+    uint8_t nb_slot : 3;
+    // Number of times left attempting to boot recovery.
+    uint8_t recovery_tries_remaining : 3;
+    // Ensure 4-bytes alignment for slot_info field.
+    uint8_t reserved0[2];
+    // Per-slot information.  Up to 4 slots.
+    struct slot_metadata slot_info[4];
+    // Reserved for further use.
+    uint8_t reserved1[8];
+    // CRC32 of all 28 bytes preceding this field (little endian
+    // format).
+    uint32_t crc32_le;
+} __attribute__((packed));
+
+#ifndef __UBOOT__
+#if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
+static_assert(sizeof(struct bootloader_control) ==
+              sizeof(((struct bootloader_message_ab *)0)->slot_suffix),
+              "struct bootloader_control has wrong size");
+#endif
+#endif
+
+#ifdef __cplusplus
+
+#include <string>
+#include <vector>
+
+// Return the block device name for the bootloader message partition and waits
+// for the device for up to 10 seconds. In case of error returns the empty
+// string.
+std::string get_bootloader_message_blk_device(std::string* err);
+
+// Read bootloader message into boot. Error message will be set in err.
+bool read_bootloader_message(bootloader_message* boot, std::string* err);
+
+// Read bootloader message from the specified misc device into boot.
+bool read_bootloader_message_from(bootloader_message* boot, const std::string& misc_blk_device,
+                                  std::string* err);
+
+// Write bootloader message to BCB.
+bool write_bootloader_message(const bootloader_message& boot, std::string* err);
+
+// Write bootloader message to the specified BCB device.
+bool write_bootloader_message_to(const bootloader_message& boot,
+                                 const std::string& misc_blk_device, std::string* err);
+
+// Write bootloader message (boots into recovery with the options) to BCB. Will
+// set the command and recovery fields, and reset the rest.
+bool write_bootloader_message(const std::vector<std::string>& options, std::string* err);
+
+// Write bootloader message (boots into recovery with the options) to the specific BCB device. Will
+// set the command and recovery fields, and reset the rest.
+bool write_bootloader_message_to(const std::vector<std::string>& options,
+                                 const std::string& misc_blk_device, std::string* err);
+
+// Update bootloader message (boots into recovery with the options) to BCB. Will
+// only update the command and recovery fields.
+bool update_bootloader_message(const std::vector<std::string>& options, std::string* err);
+
+// Update bootloader message (boots into recovery with the |options|) in |boot|. Will only update
+// the command and recovery fields.
+bool update_bootloader_message_in_struct(bootloader_message* boot,
+                                         const std::vector<std::string>& options);
+
+// Clear BCB.
+bool clear_bootloader_message(std::string* err);
+
+// Writes the reboot-bootloader reboot reason to the bootloader_message.
+bool write_reboot_bootloader(std::string* err);
+
+// Read the wipe package from BCB (from offset WIPE_PACKAGE_OFFSET_IN_MISC).
+bool read_wipe_package(std::string* package_data, size_t size, std::string* err);
+
+// Write the wipe package into BCB (to offset WIPE_PACKAGE_OFFSET_IN_MISC).
+bool write_wipe_package(const std::string& package_data, std::string* err);
+
+#else
+
+#include <stdbool.h>
+
+// C Interface.
+bool write_bootloader_message(const char* options);
+bool write_reboot_bootloader(void);
+
+#endif  // ifdef __cplusplus
+
+#endif  // _BOOTLOADER_MESSAGE_H
-- 
2.20.1

[U-Boot] [PATCH v2] include: android_bl_msg.h: Initial import

[Sam Protsenko]

Hi Eugeniu,

Sent this patch on behalf of you (authorship is preserved), hope you
don't mind. All comments are addressed (please check "Changes in v2"
section). Please let me know what you think. If it's ok with you,
please add your "Reviewed-by" tag, so that it can be merged and we can
continue with BCB/AB efforts.

Thanks!

On Fri, May 10, 2019 at 4:12 PM Sam Protsenko
<semen.protsenko@linaro.org> wrote:
>
> From: Eugeniu Rosca <roscaeugeniu@gmail.com>
>
> Import the bootloader_message.h (former bootloader.h) from AOSP.
>
> The bootloader_message.h basically defines the flash layout of a
> dedicated partition (usually called 'misc') and is needed in U-Boot
> in order to be able to implement a subset of Android Bootloader
> Requirements [1], specifically dealing with:
>  - Communication between the bootloader and recovery
>  - Handling of A/B (Seamless) System Updates [2]
>  - Passing the reboot reason [3]
>
> With respect to the in-tree vs out-of-tree file differences:
>  - license matches https://patchwork.ozlabs.org/patch/1003998/
>  - filename is changed to android_bl_msg.h, as per Simon's comment [4]
>  - minimize the future integration/update efforts from the source.
>    Particularly, the __UBOOT__ macro helps with isolating the
>    U-Boot-unrelated parts (e.g. includes/function prototypes/etc)
>
> [1] https://source.android.com/devices/bootloader
> [2] https://source.android.com/devices/tech/ota/ab/
> [3] https://source.android.com/devices/bootloader/boot-reason
> [4] https://patchwork.ozlabs.org/patch/1003998/#2046141
>
> Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
> Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
> ---
> Changes in v2:
>  * Remove struct typedefs, as it breaks Linux kernel style outside of
>    this file, it bloats namespace (old struct names still remain in the
>    namespace) and increases the delta w.r.t. AOSP file version
>  * Add specific AOSP commit-id where this file was imported from
>    (as per Tom's comment)
>  * Update this file to the most recent version from AOSP
>
>  include/android_bl_msg.h | 264 +++++++++++++++++++++++++++++++++++++++
>  1 file changed, 264 insertions(+)
>  create mode 100644 include/android_bl_msg.h
>
> diff --git a/include/android_bl_msg.h b/include/android_bl_msg.h
> new file mode 100644
> index 0000000000..7bb69ef431
> --- /dev/null
> +++ b/include/android_bl_msg.h
> @@ -0,0 +1,264 @@
> +// SPDX-License-Identifier: BSD-2-Clause
> +/*
> + * This file was taken from the AOSP Project.
> + * Repository: https://android.googlesource.com/platform/bootable/recovery/
> + * File: bootloader_message/include/bootloader_message/bootloader_message.h
> + * Commit: 9423d2f6b7ef ("Merge "Track libziparchive API change."")
> + *
> + * Please keep this file with minimal changes with respect to AOSP version!
> + *
> + * Copyright (C) 2008 The Android Open Source Project
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + *      http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +#ifndef _BOOTLOADER_MESSAGE_H
> +#define _BOOTLOADER_MESSAGE_H
> +
> +#ifndef __UBOOT__
> +#include <assert.h>
> +#include <stddef.h>
> +#include <stdint.h>
> +#else
> +#include <compiler.h>
> +#endif
> +
> +// Spaces used by misc partition are as below:
> +// 0   - 2K     For bootloader_message
> +// 2K  - 16K    Used by Vendor's bootloader (the 2K - 4K range may be optionally used
> +//              as bootloader_message_ab struct)
> +// 16K - 64K    Used by uncrypt and recovery to store wipe_package for A/B devices
> +// Note that these offsets are admitted by bootloader,recovery and uncrypt, so they
> +// are not configurable without changing all of them.
> +static const size_t BOOTLOADER_MESSAGE_OFFSET_IN_MISC = 0;
> +static const size_t WIPE_PACKAGE_OFFSET_IN_MISC = 16 * 1024;
> +
> +/* Bootloader Message (2-KiB)
> + *
> + * This structure describes the content of a block in flash
> + * that is used for recovery and the bootloader to talk to
> + * each other.
> + *
> + * The command field is updated by linux when it wants to
> + * reboot into recovery or to update radio or bootloader firmware.
> + * It is also updated by the bootloader when firmware update
> + * is complete (to boot into recovery for any final cleanup)
> + *
> + * The status field was used by the bootloader after the completion
> + * of an "update-radio" or "update-hboot" command, which has been
> + * deprecated since Froyo.
> + *
> + * The recovery field is only written by linux and used
> + * for the system to send a message to recovery or the
> + * other way around.
> + *
> + * The stage field is written by packages which restart themselves
> + * multiple times, so that the UI can reflect which invocation of the
> + * package it is.  If the value is of the format "#/#" (eg, "1/3"),
> + * the UI will add a simple indicator of that status.
> + *
> + * We used to have slot_suffix field for A/B boot control metadata in
> + * this struct, which gets unintentionally cleared by recovery or
> + * uncrypt. Move it into struct bootloader_message_ab to avoid the
> + * issue.
> + */
> +struct bootloader_message {
> +    char command[32];
> +    char status[32];
> +    char recovery[768];
> +
> +    // The 'recovery' field used to be 1024 bytes.  It has only ever
> +    // been used to store the recovery command line, so 768 bytes
> +    // should be plenty.  We carve off the last 256 bytes to store the
> +    // stage string (for multistage packages) and possible future
> +    // expansion.
> +    char stage[32];
> +
> +    // The 'reserved' field used to be 224 bytes when it was initially
> +    // carved off from the 1024-byte recovery field. Bump it up to
> +    // 1184-byte so that the entire bootloader_message struct rounds up
> +    // to 2048-byte.
> +    char reserved[1184];
> +};
> +
> +/**
> + * We must be cautious when changing the bootloader_message struct size,
> + * because A/B-specific fields may end up with different offsets.
> + */
> +#ifndef __UBOOT__
> +#if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
> +static_assert(sizeof(struct bootloader_message) == 2048,
> +              "struct bootloader_message size changes, which may break A/B devices");
> +#endif
> +#endif
> +
> +/**
> + * The A/B-specific bootloader message structure (4-KiB).
> + *
> + * We separate A/B boot control metadata from the regular bootloader
> + * message struct and keep it here. Everything that's A/B-specific
> + * stays after struct bootloader_message, which should be managed by
> + * the A/B-bootloader or boot control HAL.
> + *
> + * The slot_suffix field is used for A/B implementations where the
> + * bootloader does not set the androidboot.ro.boot.slot_suffix kernel
> + * commandline parameter. This is used by fs_mgr to mount /system and
> + * other partitions with the slotselect flag set in fstab. A/B
> + * implementations are free to use all 32 bytes and may store private
> + * data past the first NUL-byte in this field. It is encouraged, but
> + * not mandatory, to use 'struct bootloader_control' described below.
> + *
> + * The update_channel field is used to store the Omaha update channel
> + * if update_engine is compiled with Omaha support.
> + */
> +struct bootloader_message_ab {
> +    struct bootloader_message message;
> +    char slot_suffix[32];
> +    char update_channel[128];
> +
> +    // Round up the entire struct to 4096-byte.
> +    char reserved[1888];
> +};
> +
> +/**
> + * Be cautious about the struct size change, in case we put anything post
> + * bootloader_message_ab struct (b/29159185).
> + */
> +#ifndef __UBOOT__
> +#if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
> +static_assert(sizeof(struct bootloader_message_ab) == 4096,
> +              "struct bootloader_message_ab size changes");
> +#endif
> +#endif
> +
> +#define BOOT_CTRL_MAGIC   0x42414342 /* Bootloader Control AB */
> +#define BOOT_CTRL_VERSION 1
> +
> +struct slot_metadata {
> +    // Slot priority with 15 meaning highest priority, 1 lowest
> +    // priority and 0 the slot is unbootable.
> +    uint8_t priority : 4;
> +    // Number of times left attempting to boot this slot.
> +    uint8_t tries_remaining : 3;
> +    // 1 if this slot has booted successfully, 0 otherwise.
> +    uint8_t successful_boot : 1;
> +    // 1 if this slot is corrupted from a dm-verity corruption, 0
> +    // otherwise.
> +    uint8_t verity_corrupted : 1;
> +    // Reserved for further use.
> +    uint8_t reserved : 7;
> +} __attribute__((packed));
> +
> +/* Bootloader Control AB
> + *
> + * This struct can be used to manage A/B metadata. It is designed to
> + * be put in the 'slot_suffix' field of the 'bootloader_message'
> + * structure described above. It is encouraged to use the
> + * 'bootloader_control' structure to store the A/B metadata, but not
> + * mandatory.
> + */
> +struct bootloader_control {
> +    // NUL terminated active slot suffix.
> +    char slot_suffix[4];
> +    // Bootloader Control AB magic number (see BOOT_CTRL_MAGIC).
> +    uint32_t magic;
> +    // Version of struct being used (see BOOT_CTRL_VERSION).
> +    uint8_t version;
> +    // Number of slots being managed.
> +    uint8_t nb_slot : 3;
> +    // Number of times left attempting to boot recovery.
> +    uint8_t recovery_tries_remaining : 3;
> +    // Ensure 4-bytes alignment for slot_info field.
> +    uint8_t reserved0[2];
> +    // Per-slot information.  Up to 4 slots.
> +    struct slot_metadata slot_info[4];
> +    // Reserved for further use.
> +    uint8_t reserved1[8];
> +    // CRC32 of all 28 bytes preceding this field (little endian
> +    // format).
> +    uint32_t crc32_le;
> +} __attribute__((packed));
> +
> +#ifndef __UBOOT__
> +#if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
> +static_assert(sizeof(struct bootloader_control) ==
> +              sizeof(((struct bootloader_message_ab *)0)->slot_suffix),
> +              "struct bootloader_control has wrong size");
> +#endif
> +#endif
> +
> +#ifdef __cplusplus
> +
> +#include <string>
> +#include <vector>
> +
> +// Return the block device name for the bootloader message partition and waits
> +// for the device for up to 10 seconds. In case of error returns the empty
> +// string.
> +std::string get_bootloader_message_blk_device(std::string* err);
> +
> +// Read bootloader message into boot. Error message will be set in err.
> +bool read_bootloader_message(bootloader_message* boot, std::string* err);
> +
> +// Read bootloader message from the specified misc device into boot.
> +bool read_bootloader_message_from(bootloader_message* boot, const std::string& misc_blk_device,
> +                                  std::string* err);
> +
> +// Write bootloader message to BCB.
> +bool write_bootloader_message(const bootloader_message& boot, std::string* err);
> +
> +// Write bootloader message to the specified BCB device.
> +bool write_bootloader_message_to(const bootloader_message& boot,
> +                                 const std::string& misc_blk_device, std::string* err);
> +
> +// Write bootloader message (boots into recovery with the options) to BCB. Will
> +// set the command and recovery fields, and reset the rest.
> +bool write_bootloader_message(const std::vector<std::string>& options, std::string* err);
> +
> +// Write bootloader message (boots into recovery with the options) to the specific BCB device. Will
> +// set the command and recovery fields, and reset the rest.
> +bool write_bootloader_message_to(const std::vector<std::string>& options,
> +                                 const std::string& misc_blk_device, std::string* err);
> +
> +// Update bootloader message (boots into recovery with the options) to BCB. Will
> +// only update the command and recovery fields.
> +bool update_bootloader_message(const std::vector<std::string>& options, std::string* err);
> +
> +// Update bootloader message (boots into recovery with the |options|) in |boot|. Will only update
> +// the command and recovery fields.
> +bool update_bootloader_message_in_struct(bootloader_message* boot,
> +                                         const std::vector<std::string>& options);
> +
> +// Clear BCB.
> +bool clear_bootloader_message(std::string* err);
> +
> +// Writes the reboot-bootloader reboot reason to the bootloader_message.
> +bool write_reboot_bootloader(std::string* err);
> +
> +// Read the wipe package from BCB (from offset WIPE_PACKAGE_OFFSET_IN_MISC).
> +bool read_wipe_package(std::string* package_data, size_t size, std::string* err);
> +
> +// Write the wipe package into BCB (to offset WIPE_PACKAGE_OFFSET_IN_MISC).
> +bool write_wipe_package(const std::string& package_data, std::string* err);
> +
> +#else
> +
> +#include <stdbool.h>
> +
> +// C Interface.
> +bool write_bootloader_message(const char* options);
> +bool write_reboot_bootloader(void);
> +
> +#endif  // ifdef __cplusplus
> +
> +#endif  // _BOOTLOADER_MESSAGE_H
> --
> 2.20.1
>

[U-Boot] [PATCH v2] include: android_bl_msg.h: Initial import

[Heinrich Schuchardt]

On 5/10/19 3:12 PM, Sam Protsenko wrote:
> From: Eugeniu Rosca <roscaeugeniu@gmail.com>
>
> Import the bootloader_message.h (former bootloader.h) from AOSP.
>
> The bootloader_message.h basically defines the flash layout of a
> dedicated partition (usually called 'misc') and is needed in U-Boot
> in order to be able to implement a subset of Android Bootloader
> Requirements [1], specifically dealing with:
>   - Communication between the bootloader and recovery
>   - Handling of A/B (Seamless) System Updates [2]
>   - Passing the reboot reason [3]

We have a similar requirement for the UEFI sub-system.

We would need to persist a numerical reset status (type size_t) and a
UTF-16 string describing the reason for rebooting to comply with the
UEFI specification.

>
> With respect to the in-tree vs out-of-tree file differences:
>   - license matches https://patchwork.ozlabs.org/patch/1003998/
>   - filename is changed to android_bl_msg.h, as per Simon's comment [4]
>   - minimize the future integration/update efforts from the source.
>     Particularly, the __UBOOT__ macro helps with isolating the
>     U-Boot-unrelated parts (e.g. includes/function prototypes/etc)
>
> [1] https://source.android.com/devices/bootloader
> [2] https://source.android.com/devices/tech/ota/ab/
> [3] https://source.android.com/devices/bootloader/boot-reason
> [4] https://patchwork.ozlabs.org/patch/1003998/#2046141
>
> Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
> Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>

Cc: Takahiro Akashi <takahiro.akashi@linaro.org>

Takahiro is currently looking at the implementation of UEFI secure boot
and persisting variables.

Best regards

Heinrich

> ---
> Changes in v2:
>   * Remove struct typedefs, as it breaks Linux kernel style outside of
>     this file, it bloats namespace (old struct names still remain in the
>     namespace) and increases the delta w.r.t. AOSP file version
>   * Add specific AOSP commit-id where this file was imported from
>     (as per Tom's comment)
>   * Update this file to the most recent version from AOSP
>
>   include/android_bl_msg.h | 264 +++++++++++++++++++++++++++++++++++++++
>   1 file changed, 264 insertions(+)
>   create mode 100644 include/android_bl_msg.h
>
> diff --git a/include/android_bl_msg.h b/include/android_bl_msg.h
> new file mode 100644
> index 0000000000..7bb69ef431
> --- /dev/null
> +++ b/include/android_bl_msg.h
> @@ -0,0 +1,264 @@
> +// SPDX-License-Identifier: BSD-2-Clause
> +/*
> + * This file was taken from the AOSP Project.
> + * Repository: https://android.googlesource.com/platform/bootable/recovery/
> + * File: bootloader_message/include/bootloader_message/bootloader_message.h
> + * Commit: 9423d2f6b7ef ("Merge "Track libziparchive API change."")
> + *
> + * Please keep this file with minimal changes with respect to AOSP version!
> + *
> + * Copyright (C) 2008 The Android Open Source Project
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");
> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + *      http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +#ifndef _BOOTLOADER_MESSAGE_H
> +#define _BOOTLOADER_MESSAGE_H
> +
> +#ifndef __UBOOT__
> +#include <assert.h>
> +#include <stddef.h>
> +#include <stdint.h>
> +#else
> +#include <compiler.h>
> +#endif
> +
> +// Spaces used by misc partition are as below:
> +// 0   - 2K     For bootloader_message
> +// 2K  - 16K    Used by Vendor's bootloader (the 2K - 4K range may be optionally used
> +//              as bootloader_message_ab struct)
> +// 16K - 64K    Used by uncrypt and recovery to store wipe_package for A/B devices
> +// Note that these offsets are admitted by bootloader,recovery and uncrypt, so they
> +// are not configurable without changing all of them.
> +static const size_t BOOTLOADER_MESSAGE_OFFSET_IN_MISC = 0;
> +static const size_t WIPE_PACKAGE_OFFSET_IN_MISC = 16 * 1024;
> +
> +/* Bootloader Message (2-KiB)
> + *
> + * This structure describes the content of a block in flash
> + * that is used for recovery and the bootloader to talk to
> + * each other.
> + *
> + * The command field is updated by linux when it wants to
> + * reboot into recovery or to update radio or bootloader firmware.
> + * It is also updated by the bootloader when firmware update
> + * is complete (to boot into recovery for any final cleanup)
> + *
> + * The status field was used by the bootloader after the completion
> + * of an "update-radio" or "update-hboot" command, which has been
> + * deprecated since Froyo.
> + *
> + * The recovery field is only written by linux and used
> + * for the system to send a message to recovery or the
> + * other way around.
> + *
> + * The stage field is written by packages which restart themselves
> + * multiple times, so that the UI can reflect which invocation of the
> + * package it is.  If the value is of the format "#/#" (eg, "1/3"),
> + * the UI will add a simple indicator of that status.
> + *
> + * We used to have slot_suffix field for A/B boot control metadata in
> + * this struct, which gets unintentionally cleared by recovery or
> + * uncrypt. Move it into struct bootloader_message_ab to avoid the
> + * issue.
> + */
> +struct bootloader_message {
> +    char command[32];
> +    char status[32];
> +    char recovery[768];
> +
> +    // The 'recovery' field used to be 1024 bytes.  It has only ever
> +    // been used to store the recovery command line, so 768 bytes
> +    // should be plenty.  We carve off the last 256 bytes to store the
> +    // stage string (for multistage packages) and possible future
> +    // expansion.
> +    char stage[32];
> +
> +    // The 'reserved' field used to be 224 bytes when it was initially
> +    // carved off from the 1024-byte recovery field. Bump it up to
> +    // 1184-byte so that the entire bootloader_message struct rounds up
> +    // to 2048-byte.
> +    char reserved[1184];
> +};
> +
> +/**
> + * We must be cautious when changing the bootloader_message struct size,
> + * because A/B-specific fields may end up with different offsets.
> + */
> +#ifndef __UBOOT__
> +#if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
> +static_assert(sizeof(struct bootloader_message) == 2048,
> +              "struct bootloader_message size changes, which may break A/B devices");
> +#endif
> +#endif
> +
> +/**
> + * The A/B-specific bootloader message structure (4-KiB).
> + *
> + * We separate A/B boot control metadata from the regular bootloader
> + * message struct and keep it here. Everything that's A/B-specific
> + * stays after struct bootloader_message, which should be managed by
> + * the A/B-bootloader or boot control HAL.
> + *
> + * The slot_suffix field is used for A/B implementations where the
> + * bootloader does not set the androidboot.ro.boot.slot_suffix kernel
> + * commandline parameter. This is used by fs_mgr to mount /system and
> + * other partitions with the slotselect flag set in fstab. A/B
> + * implementations are free to use all 32 bytes and may store private
> + * data past the first NUL-byte in this field. It is encouraged, but
> + * not mandatory, to use 'struct bootloader_control' described below.
> + *
> + * The update_channel field is used to store the Omaha update channel
> + * if update_engine is compiled with Omaha support.
> + */
> +struct bootloader_message_ab {
> +    struct bootloader_message message;
> +    char slot_suffix[32];
> +    char update_channel[128];
> +
> +    // Round up the entire struct to 4096-byte.
> +    char reserved[1888];
> +};
> +
> +/**
> + * Be cautious about the struct size change, in case we put anything post
> + * bootloader_message_ab struct (b/29159185).
> + */
> +#ifndef __UBOOT__
> +#if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
> +static_assert(sizeof(struct bootloader_message_ab) == 4096,
> +              "struct bootloader_message_ab size changes");
> +#endif
> +#endif
> +
> +#define BOOT_CTRL_MAGIC   0x42414342 /* Bootloader Control AB */
> +#define BOOT_CTRL_VERSION 1
> +
> +struct slot_metadata {
> +    // Slot priority with 15 meaning highest priority, 1 lowest
> +    // priority and 0 the slot is unbootable.
> +    uint8_t priority : 4;
> +    // Number of times left attempting to boot this slot.
> +    uint8_t tries_remaining : 3;
> +    // 1 if this slot has booted successfully, 0 otherwise.
> +    uint8_t successful_boot : 1;
> +    // 1 if this slot is corrupted from a dm-verity corruption, 0
> +    // otherwise.
> +    uint8_t verity_corrupted : 1;
> +    // Reserved for further use.
> +    uint8_t reserved : 7;
> +} __attribute__((packed));
> +
> +/* Bootloader Control AB
> + *
> + * This struct can be used to manage A/B metadata. It is designed to
> + * be put in the 'slot_suffix' field of the 'bootloader_message'
> + * structure described above. It is encouraged to use the
> + * 'bootloader_control' structure to store the A/B metadata, but not
> + * mandatory.
> + */
> +struct bootloader_control {
> +    // NUL terminated active slot suffix.
> +    char slot_suffix[4];
> +    // Bootloader Control AB magic number (see BOOT_CTRL_MAGIC).
> +    uint32_t magic;
> +    // Version of struct being used (see BOOT_CTRL_VERSION).
> +    uint8_t version;
> +    // Number of slots being managed.
> +    uint8_t nb_slot : 3;
> +    // Number of times left attempting to boot recovery.
> +    uint8_t recovery_tries_remaining : 3;
> +    // Ensure 4-bytes alignment for slot_info field.
> +    uint8_t reserved0[2];
> +    // Per-slot information.  Up to 4 slots.
> +    struct slot_metadata slot_info[4];
> +    // Reserved for further use.
> +    uint8_t reserved1[8];
> +    // CRC32 of all 28 bytes preceding this field (little endian
> +    // format).
> +    uint32_t crc32_le;
> +} __attribute__((packed));
> +
> +#ifndef __UBOOT__
> +#if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
> +static_assert(sizeof(struct bootloader_control) ==
> +              sizeof(((struct bootloader_message_ab *)0)->slot_suffix),
> +              "struct bootloader_control has wrong size");
> +#endif
> +#endif
> +
> +#ifdef __cplusplus
> +
> +#include <string>
> +#include <vector>
> +
> +// Return the block device name for the bootloader message partition and waits
> +// for the device for up to 10 seconds. In case of error returns the empty
> +// string.
> +std::string get_bootloader_message_blk_device(std::string* err);
> +
> +// Read bootloader message into boot. Error message will be set in err.
> +bool read_bootloader_message(bootloader_message* boot, std::string* err);
> +
> +// Read bootloader message from the specified misc device into boot.
> +bool read_bootloader_message_from(bootloader_message* boot, const std::string& misc_blk_device,
> +                                  std::string* err);
> +
> +// Write bootloader message to BCB.
> +bool write_bootloader_message(const bootloader_message& boot, std::string* err);
> +
> +// Write bootloader message to the specified BCB device.
> +bool write_bootloader_message_to(const bootloader_message& boot,
> +                                 const std::string& misc_blk_device, std::string* err);
> +
> +// Write bootloader message (boots into recovery with the options) to BCB. Will
> +// set the command and recovery fields, and reset the rest.
> +bool write_bootloader_message(const std::vector<std::string>& options, std::string* err);
> +
> +// Write bootloader message (boots into recovery with the options) to the specific BCB device. Will
> +// set the command and recovery fields, and reset the rest.
> +bool write_bootloader_message_to(const std::vector<std::string>& options,
> +                                 const std::string& misc_blk_device, std::string* err);
> +
> +// Update bootloader message (boots into recovery with the options) to BCB. Will
> +// only update the command and recovery fields.
> +bool update_bootloader_message(const std::vector<std::string>& options, std::string* err);
> +
> +// Update bootloader message (boots into recovery with the |options|) in |boot|. Will only update
> +// the command and recovery fields.
> +bool update_bootloader_message_in_struct(bootloader_message* boot,
> +                                         const std::vector<std::string>& options);
> +
> +// Clear BCB.
> +bool clear_bootloader_message(std::string* err);
> +
> +// Writes the reboot-bootloader reboot reason to the bootloader_message.
> +bool write_reboot_bootloader(std::string* err);
> +
> +// Read the wipe package from BCB (from offset WIPE_PACKAGE_OFFSET_IN_MISC).
> +bool read_wipe_package(std::string* package_data, size_t size, std::string* err);
> +
> +// Write the wipe package into BCB (to offset WIPE_PACKAGE_OFFSET_IN_MISC).
> +bool write_wipe_package(const std::string& package_data, std::string* err);
> +
> +#else
> +
> +#include <stdbool.h>
> +
> +// C Interface.
> +bool write_bootloader_message(const char* options);
> +bool write_reboot_bootloader(void);
> +
> +#endif  // ifdef __cplusplus
> +
> +#endif  // _BOOTLOADER_MESSAGE_H
>

[U-Boot] [PATCH v2] include: android_bl_msg.h: Initial import

[Eugeniu Rosca]

Hi Sam,

On Fri, May 10, 2019 at 04:12:10PM +0300, Sam Protsenko wrote:
> From: Eugeniu Rosca <roscaeugeniu@gmail.com>
> 
> Import the bootloader_message.h (former bootloader.h) from AOSP.
> 
> The bootloader_message.h basically defines the flash layout of a
> dedicated partition (usually called 'misc') and is needed in U-Boot
> in order to be able to implement a subset of Android Bootloader
> Requirements [1], specifically dealing with:
>  - Communication between the bootloader and recovery
>  - Handling of A/B (Seamless) System Updates [2]
>  - Passing the reboot reason [3]

Well, getting the reboot reason is a subset of
"Communication between the bootloader and recovery" or
"Communication between the bootloader and Android userspace" in general,
but if you want to stress it via a dedicated bullet, fine with me.

> 
> With respect to the in-tree vs out-of-tree file differences:
>  - license matches https://patchwork.ozlabs.org/patch/1003998/
>  - filename is changed to android_bl_msg.h, as per Simon's comment [4]
>  - minimize the future integration/update efforts from the source.
>    Particularly, the __UBOOT__ macro helps with isolating the
>    U-Boot-unrelated parts (e.g. includes/function prototypes/etc)

There is a dissonance added by this last newly added item, since it
takes an imperative form compared to the previous two. I close my eyes
on that.

[..]

> diff --git a/include/android_bl_msg.h b/include/android_bl_msg.h
> new file mode 100644
> index 0000000000..7bb69ef431
> --- /dev/null
> +++ b/include/android_bl_msg.h
> @@ -0,0 +1,264 @@
> +// SPDX-License-Identifier: BSD-2-Clause
> +/*
> + * This file was taken from the AOSP Project.
> + * Repository: https://android.googlesource.com/platform/bootable/recovery/
> + * File: bootloader_message/include/bootloader_message/bootloader_message.h
> + * Commit: 9423d2f6b7ef ("Merge "Track libziparchive API change."")

Here is miscommunication, again. Tom is saying in
https://patchwork.ozlabs.org/patch/1080394/#2168595:
 ----
 Please include the branch / hash this matches in the commit message at
least too.
 ---

which means he agrees with the v1 of this line, i.e.:
 ---
 Commit: see U-Boot commit importing/updating the file in-tree
 ---

and suggests documenting the current AOSP version in the description
of U-Boot commit importing/updating the file. The problem with
documenting the AOSP commit in the U-Boot file is that people will
forget updating the commit id on next AOSP backports, which will create
stale references. This actually happened between two consecutive
iterations of A/B series from Igor.

> + *
> + * Please keep this file with minimal changes with respect to AOSP version!

Agree with this new line. No other comments.

Since the next A/B patches will apparently depend on the 'bcb' command,
I can resolve the above minor nit-picks in my next iteration of the
'bcb' command, freeing you from any more work for this patch.

-- 
Best regards,
Eugeniu.

[U-Boot] [PATCH v2] include: android_bl_msg.h: Initial import

[Sam Protsenko]

Hi Eugeniu,

On Fri, May 10, 2019 at 11:41 PM Eugeniu Rosca <roscaeugeniu@gmail.com> wrote:
>
> Hi Sam,
>
> On Fri, May 10, 2019 at 04:12:10PM +0300, Sam Protsenko wrote:
> > From: Eugeniu Rosca <roscaeugeniu@gmail.com>
> >
> > Import the bootloader_message.h (former bootloader.h) from AOSP.
> >
> > The bootloader_message.h basically defines the flash layout of a
> > dedicated partition (usually called 'misc') and is needed in U-Boot
> > in order to be able to implement a subset of Android Bootloader
> > Requirements [1], specifically dealing with:
> >  - Communication between the bootloader and recovery
> >  - Handling of A/B (Seamless) System Updates [2]
> >  - Passing the reboot reason [3]
>
> Well, getting the reboot reason is a subset of
> "Communication between the bootloader and recovery" or
> "Communication between the bootloader and Android userspace" in general,
> but if you want to stress it via a dedicated bullet, fine with me.
>
> >
> > With respect to the in-tree vs out-of-tree file differences:
> >  - license matches https://patchwork.ozlabs.org/patch/1003998/
> >  - filename is changed to android_bl_msg.h, as per Simon's comment [4]
> >  - minimize the future integration/update efforts from the source.
> >    Particularly, the __UBOOT__ macro helps with isolating the
> >    U-Boot-unrelated parts (e.g. includes/function prototypes/etc)
>
> There is a dissonance added by this last newly added item, since it
> takes an imperative form compared to the previous two. I close my eyes
> on that.
>
> [..]
>
> > diff --git a/include/android_bl_msg.h b/include/android_bl_msg.h
> > new file mode 100644
> > index 0000000000..7bb69ef431
> > --- /dev/null
> > +++ b/include/android_bl_msg.h
> > @@ -0,0 +1,264 @@
> > +// SPDX-License-Identifier: BSD-2-Clause
> > +/*
> > + * This file was taken from the AOSP Project.
> > + * Repository: https://android.googlesource.com/platform/bootable/recovery/
> > + * File: bootloader_message/include/bootloader_message/bootloader_message.h
> > + * Commit: 9423d2f6b7ef ("Merge "Track libziparchive API change."")
>
> Here is miscommunication, again. Tom is saying in
> https://patchwork.ozlabs.org/patch/1080394/#2168595:
>  ----
>  Please include the branch / hash this matches in the commit message at
> least too.
>  ---
>
> which means he agrees with the v1 of this line, i.e.:
>  ---
>  Commit: see U-Boot commit importing/updating the file in-tree
>  ---
>
> and suggests documenting the current AOSP version in the description
> of U-Boot commit importing/updating the file. The problem with
> documenting the AOSP commit in the U-Boot file is that people will
> forget updating the commit id on next AOSP backports, which will create
> stale references. This actually happened between two consecutive
> iterations of A/B series from Igor.
>
> > + *
> > + * Please keep this file with minimal changes with respect to AOSP version!
>
> Agree with this new line. No other comments.
>

Agreed with all you comments. Please send the next version along with
BCB patch as you mentioned. I just wanted to accelerate things a bit,
hence submitting v2.

> Since the next A/B patches will apparently depend on the 'bcb' command,
> I can resolve the above minor nit-picks in my next iteration of the
> 'bcb' command, freeing you from any more work for this patch.
>

Thanks, Eugeniu. Please make it so. Basically, for this patch the main
change is typedefs removal. Once you send v2 for BCB, I can try and
implement reboot reason on TI X15 board by using it, and Igor will be
unblocked w.r.t. A/B patches.

> --
> Best regards,
> Eugeniu.

[U-Boot] [PATCH v2] include: android_bl_msg.h: Initial import

[Eugeniu Rosca]

Hi Sam,

On Sat, May 11, 2019 at 12:54:24AM +0300, Sam Protsenko wrote:
> Hi Eugeniu,
> 
> On Fri, May 10, 2019 at 11:41 PM Eugeniu Rosca <roscaeugeniu@gmail.com> wrote:
[..]
> > Since the next A/B patches will apparently depend on the 'bcb' command,
> > I can resolve the above minor nit-picks in my next iteration of the
> > 'bcb' command, freeing you from any more work for this patch.
> >
> 
> Thanks, Eugeniu. Please make it so. Basically, for this patch the main
> change is typedefs removal. Once you send v2 for BCB, I can try and
> implement reboot reason on TI X15 board by using it, and Igor will be
> unblocked w.r.t. A/B patches.

Agreed. I will submit the next revision beginning of next week.
But just to be clear, I don't think anybody is blocked by me and should
be able to continue his local efforts to address review comments and
polish any pending A/B patches.

The changes in my series will be non-functional (except for the typedef
removal in the header). There will be no added/removed features in the
'bcb' command and it can already be used locally to read the boot
reason and act accordingly as explained in my pseudo-code example.

Thanks for cooperation.

> > --
> > Best regards,
> > Eugeniu.

[U-Boot] [PATCH v2] include: android_bl_msg.h: Initial import

[AKASHI Takahiro]

On Fri, May 10, 2019 at 04:12:10PM +0300, Sam Protsenko wrote:
> From: Eugeniu Rosca <roscaeugeniu@gmail.com>
> 
> Import the bootloader_message.h (former bootloader.h) from AOSP.
> 
> The bootloader_message.h basically defines the flash layout of a
> dedicated partition (usually called 'misc') and is needed in U-Boot
> in order to be able to implement a subset of Android Bootloader
> Requirements [1], specifically dealing with:
>  - Communication between the bootloader and recovery
>  - Handling of A/B (Seamless) System Updates [2]
>  - Passing the reboot reason [3]
> 
> With respect to the in-tree vs out-of-tree file differences:
>  - license matches https://patchwork.ozlabs.org/patch/1003998/
>  - filename is changed to android_bl_msg.h, as per Simon's comment [4]
>  - minimize the future integration/update efforts from the source.
>    Particularly, the __UBOOT__ macro helps with isolating the
>    U-Boot-unrelated parts (e.g. includes/function prototypes/etc)
> 
> [1] https://source.android.com/devices/bootloader
> [2] https://source.android.com/devices/tech/ota/ab/
> [3] https://source.android.com/devices/bootloader/boot-reason
> [4] https://patchwork.ozlabs.org/patch/1003998/#2046141
> 
> Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
> Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
> ---
> Changes in v2:
>  * Remove struct typedefs, as it breaks Linux kernel style outside of
>    this file, it bloats namespace (old struct names still remain in the
>    namespace) and increases the delta w.r.t. AOSP file version
>  * Add specific AOSP commit-id where this file was imported from
>    (as per Tom's comment)
>  * Update this file to the most recent version from AOSP
> 
>  include/android_bl_msg.h | 264 +++++++++++++++++++++++++++++++++++++++
>  1 file changed, 264 insertions(+)
>  create mode 100644 include/android_bl_msg.h
> 
> diff --git a/include/android_bl_msg.h b/include/android_bl_msg.h
> new file mode 100644
> index 0000000000..7bb69ef431
> --- /dev/null
> +++ b/include/android_bl_msg.h
> @@ -0,0 +1,264 @@
> +// SPDX-License-Identifier: BSD-2-Clause
> +/*
> + * This file was taken from the AOSP Project.
> + * Repository: https://android.googlesource.com/platform/bootable/recovery/
> + * File: bootloader_message/include/bootloader_message/bootloader_message.h
> + * Commit: 9423d2f6b7ef ("Merge "Track libziparchive API change."")
> + *
> + * Please keep this file with minimal changes with respect to AOSP version!
> + *
> + * Copyright (C) 2008 The Android Open Source Project
> + *
> + * Licensed under the Apache License, Version 2.0 (the "License");

Which license, BSD-2 (in SPDX) or Apache v2, is applied to this file?
If the latter, it is said incompatible with GPLv2, isn't it?

-Takahiro Akashi

> + * you may not use this file except in compliance with the License.
> + * You may obtain a copy of the License at
> + *
> + *      http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +
> +#ifndef _BOOTLOADER_MESSAGE_H
> +#define _BOOTLOADER_MESSAGE_H
> +
> +#ifndef __UBOOT__
> +#include <assert.h>
> +#include <stddef.h>
> +#include <stdint.h>
> +#else
> +#include <compiler.h>
> +#endif
> +
> +// Spaces used by misc partition are as below:
> +// 0   - 2K     For bootloader_message
> +// 2K  - 16K    Used by Vendor's bootloader (the 2K - 4K range may be optionally used
> +//              as bootloader_message_ab struct)
> +// 16K - 64K    Used by uncrypt and recovery to store wipe_package for A/B devices
> +// Note that these offsets are admitted by bootloader,recovery and uncrypt, so they
> +// are not configurable without changing all of them.
> +static const size_t BOOTLOADER_MESSAGE_OFFSET_IN_MISC = 0;
> +static const size_t WIPE_PACKAGE_OFFSET_IN_MISC = 16 * 1024;
> +
> +/* Bootloader Message (2-KiB)
> + *
> + * This structure describes the content of a block in flash
> + * that is used for recovery and the bootloader to talk to
> + * each other.
> + *
> + * The command field is updated by linux when it wants to
> + * reboot into recovery or to update radio or bootloader firmware.
> + * It is also updated by the bootloader when firmware update
> + * is complete (to boot into recovery for any final cleanup)
> + *
> + * The status field was used by the bootloader after the completion
> + * of an "update-radio" or "update-hboot" command, which has been
> + * deprecated since Froyo.
> + *
> + * The recovery field is only written by linux and used
> + * for the system to send a message to recovery or the
> + * other way around.
> + *
> + * The stage field is written by packages which restart themselves
> + * multiple times, so that the UI can reflect which invocation of the
> + * package it is.  If the value is of the format "#/#" (eg, "1/3"),
> + * the UI will add a simple indicator of that status.
> + *
> + * We used to have slot_suffix field for A/B boot control metadata in
> + * this struct, which gets unintentionally cleared by recovery or
> + * uncrypt. Move it into struct bootloader_message_ab to avoid the
> + * issue.
> + */
> +struct bootloader_message {
> +    char command[32];
> +    char status[32];
> +    char recovery[768];
> +
> +    // The 'recovery' field used to be 1024 bytes.  It has only ever
> +    // been used to store the recovery command line, so 768 bytes
> +    // should be plenty.  We carve off the last 256 bytes to store the
> +    // stage string (for multistage packages) and possible future
> +    // expansion.
> +    char stage[32];
> +
> +    // The 'reserved' field used to be 224 bytes when it was initially
> +    // carved off from the 1024-byte recovery field. Bump it up to
> +    // 1184-byte so that the entire bootloader_message struct rounds up
> +    // to 2048-byte.
> +    char reserved[1184];
> +};
> +
> +/**
> + * We must be cautious when changing the bootloader_message struct size,
> + * because A/B-specific fields may end up with different offsets.
> + */
> +#ifndef __UBOOT__
> +#if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
> +static_assert(sizeof(struct bootloader_message) == 2048,
> +              "struct bootloader_message size changes, which may break A/B devices");
> +#endif
> +#endif
> +
> +/**
> + * The A/B-specific bootloader message structure (4-KiB).
> + *
> + * We separate A/B boot control metadata from the regular bootloader
> + * message struct and keep it here. Everything that's A/B-specific
> + * stays after struct bootloader_message, which should be managed by
> + * the A/B-bootloader or boot control HAL.
> + *
> + * The slot_suffix field is used for A/B implementations where the
> + * bootloader does not set the androidboot.ro.boot.slot_suffix kernel
> + * commandline parameter. This is used by fs_mgr to mount /system and
> + * other partitions with the slotselect flag set in fstab. A/B
> + * implementations are free to use all 32 bytes and may store private
> + * data past the first NUL-byte in this field. It is encouraged, but
> + * not mandatory, to use 'struct bootloader_control' described below.
> + *
> + * The update_channel field is used to store the Omaha update channel
> + * if update_engine is compiled with Omaha support.
> + */
> +struct bootloader_message_ab {
> +    struct bootloader_message message;
> +    char slot_suffix[32];
> +    char update_channel[128];
> +
> +    // Round up the entire struct to 4096-byte.
> +    char reserved[1888];
> +};
> +
> +/**
> + * Be cautious about the struct size change, in case we put anything post
> + * bootloader_message_ab struct (b/29159185).
> + */
> +#ifndef __UBOOT__
> +#if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
> +static_assert(sizeof(struct bootloader_message_ab) == 4096,
> +              "struct bootloader_message_ab size changes");
> +#endif
> +#endif
> +
> +#define BOOT_CTRL_MAGIC   0x42414342 /* Bootloader Control AB */
> +#define BOOT_CTRL_VERSION 1
> +
> +struct slot_metadata {
> +    // Slot priority with 15 meaning highest priority, 1 lowest
> +    // priority and 0 the slot is unbootable.
> +    uint8_t priority : 4;
> +    // Number of times left attempting to boot this slot.
> +    uint8_t tries_remaining : 3;
> +    // 1 if this slot has booted successfully, 0 otherwise.
> +    uint8_t successful_boot : 1;
> +    // 1 if this slot is corrupted from a dm-verity corruption, 0
> +    // otherwise.
> +    uint8_t verity_corrupted : 1;
> +    // Reserved for further use.
> +    uint8_t reserved : 7;
> +} __attribute__((packed));
> +
> +/* Bootloader Control AB
> + *
> + * This struct can be used to manage A/B metadata. It is designed to
> + * be put in the 'slot_suffix' field of the 'bootloader_message'
> + * structure described above. It is encouraged to use the
> + * 'bootloader_control' structure to store the A/B metadata, but not
> + * mandatory.
> + */
> +struct bootloader_control {
> +    // NUL terminated active slot suffix.
> +    char slot_suffix[4];
> +    // Bootloader Control AB magic number (see BOOT_CTRL_MAGIC).
> +    uint32_t magic;
> +    // Version of struct being used (see BOOT_CTRL_VERSION).
> +    uint8_t version;
> +    // Number of slots being managed.
> +    uint8_t nb_slot : 3;
> +    // Number of times left attempting to boot recovery.
> +    uint8_t recovery_tries_remaining : 3;
> +    // Ensure 4-bytes alignment for slot_info field.
> +    uint8_t reserved0[2];
> +    // Per-slot information.  Up to 4 slots.
> +    struct slot_metadata slot_info[4];
> +    // Reserved for further use.
> +    uint8_t reserved1[8];
> +    // CRC32 of all 28 bytes preceding this field (little endian
> +    // format).
> +    uint32_t crc32_le;
> +} __attribute__((packed));
> +
> +#ifndef __UBOOT__
> +#if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
> +static_assert(sizeof(struct bootloader_control) ==
> +              sizeof(((struct bootloader_message_ab *)0)->slot_suffix),
> +              "struct bootloader_control has wrong size");
> +#endif
> +#endif
> +
> +#ifdef __cplusplus
> +
> +#include <string>
> +#include <vector>
> +
> +// Return the block device name for the bootloader message partition and waits
> +// for the device for up to 10 seconds. In case of error returns the empty
> +// string.
> +std::string get_bootloader_message_blk_device(std::string* err);
> +
> +// Read bootloader message into boot. Error message will be set in err.
> +bool read_bootloader_message(bootloader_message* boot, std::string* err);
> +
> +// Read bootloader message from the specified misc device into boot.
> +bool read_bootloader_message_from(bootloader_message* boot, const std::string& misc_blk_device,
> +                                  std::string* err);
> +
> +// Write bootloader message to BCB.
> +bool write_bootloader_message(const bootloader_message& boot, std::string* err);
> +
> +// Write bootloader message to the specified BCB device.
> +bool write_bootloader_message_to(const bootloader_message& boot,
> +                                 const std::string& misc_blk_device, std::string* err);
> +
> +// Write bootloader message (boots into recovery with the options) to BCB. Will
> +// set the command and recovery fields, and reset the rest.
> +bool write_bootloader_message(const std::vector<std::string>& options, std::string* err);
> +
> +// Write bootloader message (boots into recovery with the options) to the specific BCB device. Will
> +// set the command and recovery fields, and reset the rest.
> +bool write_bootloader_message_to(const std::vector<std::string>& options,
> +                                 const std::string& misc_blk_device, std::string* err);
> +
> +// Update bootloader message (boots into recovery with the options) to BCB. Will
> +// only update the command and recovery fields.
> +bool update_bootloader_message(const std::vector<std::string>& options, std::string* err);
> +
> +// Update bootloader message (boots into recovery with the |options|) in |boot|. Will only update
> +// the command and recovery fields.
> +bool update_bootloader_message_in_struct(bootloader_message* boot,
> +                                         const std::vector<std::string>& options);
> +
> +// Clear BCB.
> +bool clear_bootloader_message(std::string* err);
> +
> +// Writes the reboot-bootloader reboot reason to the bootloader_message.
> +bool write_reboot_bootloader(std::string* err);
> +
> +// Read the wipe package from BCB (from offset WIPE_PACKAGE_OFFSET_IN_MISC).
> +bool read_wipe_package(std::string* package_data, size_t size, std::string* err);
> +
> +// Write the wipe package into BCB (to offset WIPE_PACKAGE_OFFSET_IN_MISC).
> +bool write_wipe_package(const std::string& package_data, std::string* err);
> +
> +#else
> +
> +#include <stdbool.h>
> +
> +// C Interface.
> +bool write_bootloader_message(const char* options);
> +bool write_reboot_bootloader(void);
> +
> +#endif  // ifdef __cplusplus
> +
> +#endif  // _BOOTLOADER_MESSAGE_H
> -- 
> 2.20.1
> 
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH v2] include: android_bl_msg.h: Initial import

[Sam Protsenko]

Hi Akashi,

On Mon, May 13, 2019 at 3:09 AM AKASHI Takahiro
<takahiro.akashi@linaro.org> wrote:
>
> On Fri, May 10, 2019 at 04:12:10PM +0300, Sam Protsenko wrote:
> > From: Eugeniu Rosca <roscaeugeniu@gmail.com>
> >
> > Import the bootloader_message.h (former bootloader.h) from AOSP.
> >
> > The bootloader_message.h basically defines the flash layout of a
> > dedicated partition (usually called 'misc') and is needed in U-Boot
> > in order to be able to implement a subset of Android Bootloader
> > Requirements [1], specifically dealing with:
> >  - Communication between the bootloader and recovery
> >  - Handling of A/B (Seamless) System Updates [2]
> >  - Passing the reboot reason [3]
> >
> > With respect to the in-tree vs out-of-tree file differences:
> >  - license matches https://patchwork.ozlabs.org/patch/1003998/
> >  - filename is changed to android_bl_msg.h, as per Simon's comment [4]
> >  - minimize the future integration/update efforts from the source.
> >    Particularly, the __UBOOT__ macro helps with isolating the
> >    U-Boot-unrelated parts (e.g. includes/function prototypes/etc)
> >
> > [1] https://source.android.com/devices/bootloader
> > [2] https://source.android.com/devices/tech/ota/ab/
> > [3] https://source.android.com/devices/bootloader/boot-reason
> > [4] https://patchwork.ozlabs.org/patch/1003998/#2046141
> >
> > Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
> > Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
> > ---
> > Changes in v2:
> >  * Remove struct typedefs, as it breaks Linux kernel style outside of
> >    this file, it bloats namespace (old struct names still remain in the
> >    namespace) and increases the delta w.r.t. AOSP file version
> >  * Add specific AOSP commit-id where this file was imported from
> >    (as per Tom's comment)
> >  * Update this file to the most recent version from AOSP
> >
> >  include/android_bl_msg.h | 264 +++++++++++++++++++++++++++++++++++++++
> >  1 file changed, 264 insertions(+)
> >  create mode 100644 include/android_bl_msg.h
> >
> > diff --git a/include/android_bl_msg.h b/include/android_bl_msg.h
> > new file mode 100644
> > index 0000000000..7bb69ef431
> > --- /dev/null
> > +++ b/include/android_bl_msg.h
> > @@ -0,0 +1,264 @@
> > +// SPDX-License-Identifier: BSD-2-Clause
> > +/*
> > + * This file was taken from the AOSP Project.
> > + * Repository: https://android.googlesource.com/platform/bootable/recovery/
> > + * File: bootloader_message/include/bootloader_message/bootloader_message.h
> > + * Commit: 9423d2f6b7ef ("Merge "Track libziparchive API change."")
> > + *
> > + * Please keep this file with minimal changes with respect to AOSP version!
> > + *
> > + * Copyright (C) 2008 The Android Open Source Project
> > + *
> > + * Licensed under the Apache License, Version 2.0 (the "License");
>
> Which license, BSD-2 (in SPDX) or Apache v2, is applied to this file?
> If the latter, it is said incompatible with GPLv2, isn't it?
>

This file was also published by Google under BSD-2 in AOSP
external/u-boot [1]. But it differs somehow from the file in this
patch.

Tom, should we use this file from [1] to be on the safe side of the
road? Or it's ok to take it directly from [2], as it's done here?

Thanks!

[1] https://android.googlesource.com/platform/external/u-boot/+/c7f85c5f75f95dbbd3cedcc3a399eee6dbb59cdc
[2] https://android.googlesource.com/platform/bootable/recovery/+/refs/heads/master/bootloader_message/include/bootloader_message/bootloader_message.h

> -Takahiro Akashi
>
> > + * you may not use this file except in compliance with the License.
> > + * You may obtain a copy of the License at
> > + *
> > + *      http://www.apache.org/licenses/LICENSE-2.0
> > + *
> > + * Unless required by applicable law or agreed to in writing, software
> > + * distributed under the License is distributed on an "AS IS" BASIS,
> > + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> > + * See the License for the specific language governing permissions and
> > + * limitations under the License.
> > + */
> > +
> > +#ifndef _BOOTLOADER_MESSAGE_H
> > +#define _BOOTLOADER_MESSAGE_H
> > +
> > +#ifndef __UBOOT__
> > +#include <assert.h>
> > +#include <stddef.h>
> > +#include <stdint.h>
> > +#else
> > +#include <compiler.h>
> > +#endif
> > +
> > +// Spaces used by misc partition are as below:
> > +// 0   - 2K     For bootloader_message
> > +// 2K  - 16K    Used by Vendor's bootloader (the 2K - 4K range may be optionally used
> > +//              as bootloader_message_ab struct)
> > +// 16K - 64K    Used by uncrypt and recovery to store wipe_package for A/B devices
> > +// Note that these offsets are admitted by bootloader,recovery and uncrypt, so they
> > +// are not configurable without changing all of them.
> > +static const size_t BOOTLOADER_MESSAGE_OFFSET_IN_MISC = 0;
> > +static const size_t WIPE_PACKAGE_OFFSET_IN_MISC = 16 * 1024;
> > +
> > +/* Bootloader Message (2-KiB)
> > + *
> > + * This structure describes the content of a block in flash
> > + * that is used for recovery and the bootloader to talk to
> > + * each other.
> > + *
> > + * The command field is updated by linux when it wants to
> > + * reboot into recovery or to update radio or bootloader firmware.
> > + * It is also updated by the bootloader when firmware update
> > + * is complete (to boot into recovery for any final cleanup)
> > + *
> > + * The status field was used by the bootloader after the completion
> > + * of an "update-radio" or "update-hboot" command, which has been
> > + * deprecated since Froyo.
> > + *
> > + * The recovery field is only written by linux and used
> > + * for the system to send a message to recovery or the
> > + * other way around.
> > + *
> > + * The stage field is written by packages which restart themselves
> > + * multiple times, so that the UI can reflect which invocation of the
> > + * package it is.  If the value is of the format "#/#" (eg, "1/3"),
> > + * the UI will add a simple indicator of that status.
> > + *
> > + * We used to have slot_suffix field for A/B boot control metadata in
> > + * this struct, which gets unintentionally cleared by recovery or
> > + * uncrypt. Move it into struct bootloader_message_ab to avoid the
> > + * issue.
> > + */
> > +struct bootloader_message {
> > +    char command[32];
> > +    char status[32];
> > +    char recovery[768];
> > +
> > +    // The 'recovery' field used to be 1024 bytes.  It has only ever
> > +    // been used to store the recovery command line, so 768 bytes
> > +    // should be plenty.  We carve off the last 256 bytes to store the
> > +    // stage string (for multistage packages) and possible future
> > +    // expansion.
> > +    char stage[32];
> > +
> > +    // The 'reserved' field used to be 224 bytes when it was initially
> > +    // carved off from the 1024-byte recovery field. Bump it up to
> > +    // 1184-byte so that the entire bootloader_message struct rounds up
> > +    // to 2048-byte.
> > +    char reserved[1184];
> > +};
> > +
> > +/**
> > + * We must be cautious when changing the bootloader_message struct size,
> > + * because A/B-specific fields may end up with different offsets.
> > + */
> > +#ifndef __UBOOT__
> > +#if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
> > +static_assert(sizeof(struct bootloader_message) == 2048,
> > +              "struct bootloader_message size changes, which may break A/B devices");
> > +#endif
> > +#endif
> > +
> > +/**
> > + * The A/B-specific bootloader message structure (4-KiB).
> > + *
> > + * We separate A/B boot control metadata from the regular bootloader
> > + * message struct and keep it here. Everything that's A/B-specific
> > + * stays after struct bootloader_message, which should be managed by
> > + * the A/B-bootloader or boot control HAL.
> > + *
> > + * The slot_suffix field is used for A/B implementations where the
> > + * bootloader does not set the androidboot.ro.boot.slot_suffix kernel
> > + * commandline parameter. This is used by fs_mgr to mount /system and
> > + * other partitions with the slotselect flag set in fstab. A/B
> > + * implementations are free to use all 32 bytes and may store private
> > + * data past the first NUL-byte in this field. It is encouraged, but
> > + * not mandatory, to use 'struct bootloader_control' described below.
> > + *
> > + * The update_channel field is used to store the Omaha update channel
> > + * if update_engine is compiled with Omaha support.
> > + */
> > +struct bootloader_message_ab {
> > +    struct bootloader_message message;
> > +    char slot_suffix[32];
> > +    char update_channel[128];
> > +
> > +    // Round up the entire struct to 4096-byte.
> > +    char reserved[1888];
> > +};
> > +
> > +/**
> > + * Be cautious about the struct size change, in case we put anything post
> > + * bootloader_message_ab struct (b/29159185).
> > + */
> > +#ifndef __UBOOT__
> > +#if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
> > +static_assert(sizeof(struct bootloader_message_ab) == 4096,
> > +              "struct bootloader_message_ab size changes");
> > +#endif
> > +#endif
> > +
> > +#define BOOT_CTRL_MAGIC   0x42414342 /* Bootloader Control AB */
> > +#define BOOT_CTRL_VERSION 1
> > +
> > +struct slot_metadata {
> > +    // Slot priority with 15 meaning highest priority, 1 lowest
> > +    // priority and 0 the slot is unbootable.
> > +    uint8_t priority : 4;
> > +    // Number of times left attempting to boot this slot.
> > +    uint8_t tries_remaining : 3;
> > +    // 1 if this slot has booted successfully, 0 otherwise.
> > +    uint8_t successful_boot : 1;
> > +    // 1 if this slot is corrupted from a dm-verity corruption, 0
> > +    // otherwise.
> > +    uint8_t verity_corrupted : 1;
> > +    // Reserved for further use.
> > +    uint8_t reserved : 7;
> > +} __attribute__((packed));
> > +
> > +/* Bootloader Control AB
> > + *
> > + * This struct can be used to manage A/B metadata. It is designed to
> > + * be put in the 'slot_suffix' field of the 'bootloader_message'
> > + * structure described above. It is encouraged to use the
> > + * 'bootloader_control' structure to store the A/B metadata, but not
> > + * mandatory.
> > + */
> > +struct bootloader_control {
> > +    // NUL terminated active slot suffix.
> > +    char slot_suffix[4];
> > +    // Bootloader Control AB magic number (see BOOT_CTRL_MAGIC).
> > +    uint32_t magic;
> > +    // Version of struct being used (see BOOT_CTRL_VERSION).
> > +    uint8_t version;
> > +    // Number of slots being managed.
> > +    uint8_t nb_slot : 3;
> > +    // Number of times left attempting to boot recovery.
> > +    uint8_t recovery_tries_remaining : 3;
> > +    // Ensure 4-bytes alignment for slot_info field.
> > +    uint8_t reserved0[2];
> > +    // Per-slot information.  Up to 4 slots.
> > +    struct slot_metadata slot_info[4];
> > +    // Reserved for further use.
> > +    uint8_t reserved1[8];
> > +    // CRC32 of all 28 bytes preceding this field (little endian
> > +    // format).
> > +    uint32_t crc32_le;
> > +} __attribute__((packed));
> > +
> > +#ifndef __UBOOT__
> > +#if (__STDC_VERSION__ >= 201112L) || defined(__cplusplus)
> > +static_assert(sizeof(struct bootloader_control) ==
> > +              sizeof(((struct bootloader_message_ab *)0)->slot_suffix),
> > +              "struct bootloader_control has wrong size");
> > +#endif
> > +#endif
> > +
> > +#ifdef __cplusplus
> > +
> > +#include <string>
> > +#include <vector>
> > +
> > +// Return the block device name for the bootloader message partition and waits
> > +// for the device for up to 10 seconds. In case of error returns the empty
> > +// string.
> > +std::string get_bootloader_message_blk_device(std::string* err);
> > +
> > +// Read bootloader message into boot. Error message will be set in err.
> > +bool read_bootloader_message(bootloader_message* boot, std::string* err);
> > +
> > +// Read bootloader message from the specified misc device into boot.
> > +bool read_bootloader_message_from(bootloader_message* boot, const std::string& misc_blk_device,
> > +                                  std::string* err);
> > +
> > +// Write bootloader message to BCB.
> > +bool write_bootloader_message(const bootloader_message& boot, std::string* err);
> > +
> > +// Write bootloader message to the specified BCB device.
> > +bool write_bootloader_message_to(const bootloader_message& boot,
> > +                                 const std::string& misc_blk_device, std::string* err);
> > +
> > +// Write bootloader message (boots into recovery with the options) to BCB. Will
> > +// set the command and recovery fields, and reset the rest.
> > +bool write_bootloader_message(const std::vector<std::string>& options, std::string* err);
> > +
> > +// Write bootloader message (boots into recovery with the options) to the specific BCB device. Will
> > +// set the command and recovery fields, and reset the rest.
> > +bool write_bootloader_message_to(const std::vector<std::string>& options,
> > +                                 const std::string& misc_blk_device, std::string* err);
> > +
> > +// Update bootloader message (boots into recovery with the options) to BCB. Will
> > +// only update the command and recovery fields.
> > +bool update_bootloader_message(const std::vector<std::string>& options, std::string* err);
> > +
> > +// Update bootloader message (boots into recovery with the |options|) in |boot|. Will only update
> > +// the command and recovery fields.
> > +bool update_bootloader_message_in_struct(bootloader_message* boot,
> > +                                         const std::vector<std::string>& options);
> > +
> > +// Clear BCB.
> > +bool clear_bootloader_message(std::string* err);
> > +
> > +// Writes the reboot-bootloader reboot reason to the bootloader_message.
> > +bool write_reboot_bootloader(std::string* err);
> > +
> > +// Read the wipe package from BCB (from offset WIPE_PACKAGE_OFFSET_IN_MISC).
> > +bool read_wipe_package(std::string* package_data, size_t size, std::string* err);
> > +
> > +// Write the wipe package into BCB (to offset WIPE_PACKAGE_OFFSET_IN_MISC).
> > +bool write_wipe_package(const std::string& package_data, std::string* err);
> > +
> > +#else
> > +
> > +#include <stdbool.h>
> > +
> > +// C Interface.
> > +bool write_bootloader_message(const char* options);
> > +bool write_reboot_bootloader(void);
> > +
> > +#endif  // ifdef __cplusplus
> > +
> > +#endif  // _BOOTLOADER_MESSAGE_H
> > --
> > 2.20.1
> >
> > _______________________________________________
> > U-Boot mailing list
> > U-Boot at lists.denx.de
> > https://lists.denx.de/listinfo/u-boot

[U-Boot] [PATCH v2] include: android_bl_msg.h: Initial import

[Eugeniu Rosca]

I subscribe to the license-related question raised by Akashi and Sam
(thank you both)! Tom's feedback is required before I push the next
revision of the BCB command.

On Mon, May 13, 2019 at 4:12 PM Sam Protsenko
<semen.protsenko@linaro.org> wrote:
[..]
> > Which license, BSD-2 (in SPDX) or Apache v2, is applied to this file?
> > If the latter, it is said incompatible with GPLv2, isn't it?
> >
>
> This file was also published by Google under BSD-2 in AOSP
> external/u-boot [1]. But it differs somehow from the file in this
> patch.
>
> Tom, should we use this file from [1] to be on the safe side of the
> road? Or it's ok to take it directly from [2], as it's done here?
>
> Thanks!
>
> [1] https://android.googlesource.com/platform/external/u-boot/+/c7f85c5f75f95dbbd3cedcc3a399eee6dbb59cdc
> [2] https://android.googlesource.com/platform/bootable/recovery/+/refs/heads/master/bootloader_message/include/bootloader_message/bootloader_message.h
>
> > -Takahiro Akashi

-- 
Best regards,
Eugeniu.