From mboxrd@z Thu Jan 1 00:00:00 1970 From: Roman Stratiienko Date: Wed, 27 Jan 2021 11:34:04 +0200 Subject: [PATCH] fastboot: add UUU command UCmd and ACmd support In-Reply-To: <20210111101919.228555-1-hs@denx.de> References: <20210111101919.228555-1-hs@denx.de> Message-ID: List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Hello Heiko, Looks like these commands will provide full access to any u-boot commands, including working with memory. It can be used to read/set any registers/data which is not in the trust zone, thus opening a huge backdoor. This command could be useful for debug/CI purposes, but do you really want this in release builds? Best regards, Roman ??, 11 ???. 2021 ?. ? 12:19, Heiko Schocher : > > add support for the UUU commands ACmd and UCmd. > > Enable them through the Kconfig option > CONFIG_FASTBOOT_UUU_SUPPORT > > base was commit in NXP kernel > 9b149c2a2882: ("MLK-18591-3 android: Add FSL android fastboot support") > > and ported it to current mainline. Tested this patch > on imx6ul based board. > > Signed-off-by: Heiko Schocher > --- > azure build: > https://dev.azure.com/hs0298/hs/_build/results?buildId=57&view=results > > version uuu tool used for tests: > commit 3870fb781b35: ("fastboot: default to logical-block-size 4096") > > doc/android/fastboot-protocol.rst | 5 +++ > doc/android/fastboot.rst | 2 + > drivers/fastboot/Kconfig | 7 ++++ > drivers/fastboot/fb_command.c | 62 +++++++++++++++++++++++++++++++ > drivers/usb/gadget/f_fastboot.c | 17 +++++++++ > include/fastboot.h | 7 ++++ > 6 files changed, 100 insertions(+) > > diff --git a/doc/android/fastboot-protocol.rst b/doc/android/fastboot-protocol.rst > index e723659e49c..e8cbd7f24ea 100644 > --- a/doc/android/fastboot-protocol.rst > +++ b/doc/android/fastboot-protocol.rst > @@ -144,6 +144,11 @@ Command Reference > > "powerdown" Power off the device. > > + "ucmd" execute any bootloader command and wait until it > + finishs. > + > + "acmd" execute any bootloader command, do not wait. > + > Client Variables > ---------------- > > diff --git a/doc/android/fastboot.rst b/doc/android/fastboot.rst > index 2877c3cbaaa..b58d1b5b31a 100644 > --- a/doc/android/fastboot.rst > +++ b/doc/android/fastboot.rst > @@ -19,6 +19,8 @@ The current implementation supports the following standard commands: > - ``reboot`` > - ``reboot-bootloader`` > - ``set_active`` (only a stub implementation which always succeeds) > +- ``ucmd`` (if enabled) > +- ``acmd`` (if enabled) > > The following OEM commands are supported (if enabled): > > diff --git a/drivers/fastboot/Kconfig b/drivers/fastboot/Kconfig > index 4352ba67a71..b1f8cd74a15 100644 > --- a/drivers/fastboot/Kconfig > +++ b/drivers/fastboot/Kconfig > @@ -72,6 +72,13 @@ config FASTBOOT_FLASH > the downloaded image to a non-volatile storage device. Define > this to enable the "fastboot flash" command. > > +config FASTBOOT_UUU_SUPPORT > + bool "Enable FASTBOOT i.MX UUU special command" > + default y if ARCH_MX7 || ARCH_MX6 || ARCH_IMX8 || ARCH_IMX8M || ARCH_MX7ULP > + select FSL_FASTBOOT > + help > + The fastboot protocol includes "UCmd" command and "ACmd" command > + > choice > prompt "Flash provider for FASTBOOT" > depends on FASTBOOT_FLASH > diff --git a/drivers/fastboot/fb_command.c b/drivers/fastboot/fb_command.c > index d3c578672dc..31a47e46386 100644 > --- a/drivers/fastboot/fb_command.c > +++ b/drivers/fastboot/fb_command.c > @@ -43,6 +43,11 @@ static void reboot_recovery(char *, char *); > static void oem_format(char *, char *); > #endif > > +#if CONFIG_IS_ENABLED(FASTBOOT_UUU_SUPPORT) > +static void run_ucmd(char *, char *); > +static void run_acmd(char *, char *); > +#endif > + > static const struct { > const char *command; > void (*dispatch)(char *cmd_parameter, char *response); > @@ -99,6 +104,16 @@ static const struct { > .dispatch = oem_format, > }, > #endif > +#if CONFIG_IS_ENABLED(FASTBOOT_UUU_SUPPORT) > + [FASTBOOT_COMMAND_UCMD] = { > + .command = "UCmd", > + .dispatch = run_ucmd, > + }, > + [FASTBOOT_COMMAND_ACMD] = { > + .command = "ACmd", > + .dispatch = run_acmd, > + }, > +#endif > }; > > /** > @@ -309,6 +324,53 @@ static void erase(char *cmd_parameter, char *response) > } > #endif > > +#if CONFIG_IS_ENABLED(FASTBOOT_UUU_SUPPORT) > +/** > + * run_ucmd() - Execute the UCmd command > + * > + * @cmd_parameter: Pointer to command parameter > + * @response: Pointer to fastboot response buffer > + */ > +static void run_ucmd(char *cmd_parameter, char *response) > +{ > + if (!cmd_parameter) { > + pr_err("missing slot suffix\n"); > + fastboot_fail("missing command", response); > + return; > + } > + > + if (run_command(cmd_parameter, 0)) > + fastboot_fail("", response); > + else > + fastboot_okay(NULL, response); > +} > + > +static char g_a_cmd_buff[64]; > + > +void fastboot_acmd_complete(void) > +{ > + run_command(g_a_cmd_buff, 0); > +} > + > +/** > + * run_acmd() - Execute the ACmd command > + * > + * @cmd_parameter: Pointer to command parameter > + * @response: Pointer to fastboot response buffer > + */ > +static void run_acmd(char *cmd_parameter, char *response) > +{ > + if (!cmd_parameter) { > + pr_err("missing slot suffix\n"); > + fastboot_fail("missing command", response); > + return; > + } > + > + strcpy(g_a_cmd_buff, cmd_parameter); > + fastboot_okay(NULL, response); > +} > +#endif > + > /** > * reboot_bootloader() - Sets reboot bootloader flag. > * > diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_fastboot.c > index d1d087e12b2..bf52d2505f4 100644 > --- a/drivers/usb/gadget/f_fastboot.c > +++ b/drivers/usb/gadget/f_fastboot.c > @@ -419,6 +419,18 @@ static void do_bootm_on_complete(struct usb_ep *ep, struct usb_request *req) > do_exit_on_complete(ep, req); > } > > +#if CONFIG_IS_ENABLED(FASTBOOT_UUU_SUPPORT) > +static void do_acmd_complete(struct usb_ep *ep, struct usb_request *req) > +{ > + /* When usb dequeue complete will be called > + * Need status value before call run_command. > + * otherwise, host can't get last message. > + */ > + if (req->status == 0) > + fastboot_acmd_complete(); > +} > +#endif > + > static void rx_handler_command(struct usb_ep *ep, struct usb_request *req) > { > char *cmdbuf = req->buf; > @@ -457,6 +469,11 @@ static void rx_handler_command(struct usb_ep *ep, struct usb_request *req) > case FASTBOOT_COMMAND_REBOOT_RECOVERY: > fastboot_func->in_req->complete = compl_do_reset; > break; > +#if CONFIG_IS_ENABLED(FASTBOOT_UUU_SUPPORT) > + case FASTBOOT_COMMAND_ACMD: > + fastboot_func->in_req->complete = do_acmd_complete; > + break; > +#endif > } > } > > diff --git a/include/fastboot.h b/include/fastboot.h > index 8e9ee80907d..ef8cd842bb3 100644 > --- a/include/fastboot.h > +++ b/include/fastboot.h > @@ -38,6 +38,10 @@ enum { > #if CONFIG_IS_ENABLED(FASTBOOT_CMD_OEM_FORMAT) > FASTBOOT_COMMAND_OEM_FORMAT, > #endif > +#if CONFIG_IS_ENABLED(FASTBOOT_UUU_SUPPORT) > + FASTBOOT_COMMAND_ACMD, > + FASTBOOT_COMMAND_UCMD, > +#endif > > FASTBOOT_COMMAND_COUNT > }; > @@ -172,4 +176,7 @@ void fastboot_data_download(const void *fastboot_data, > */ > void fastboot_data_complete(char *response); > > +#if CONFIG_IS_ENABLED(FASTBOOT_UUU_SUPPORT) > +void fastboot_acmd_complete(void); > +#endif > #endif /* _FASTBOOT_H_ */ > -- > 2.25.4 >