/*
* Copyright (C) 2012 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <stdio.h>
#include <errno.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include "edify/expr.h"
// The bootloader block /dev/block/mmcblk0boot0 contains a low-level
// bootloader (BL1/BL2) followed by a "boot flag", followed by a
// primary copy of the full bootloader, then a backup copy of the full
// bootloader. The boot flag tells the low-level code which copy of
// the big bootloader to boot.
//
// The strategy here is to read the boot flag, write the *other* copy
// of the big bootloader, flip the boot flag to that freshly-written
// copy, write remaining copy of the big bootloader, then flip the
// flag back (so most of the time it will be booting the primary
// copy). At the end we update the BL1/BL2, which is slightly
// dangerous (there's no backup; if we fail during writing this part
// then the device is a brick). We could remove that before launch,
// or restrict it to only being written on test-keys/dev-keys devices.
#define BOOTFLAG_OFFSET (31*1024)
#define BL1BL2_LENGTH (31*1024)
#define INPUT_OFFSET (35*1024)
#define PRIMARY_OUTPUT_OFFSET (35*1024)
#define SECONDARY_OUTPUT_OFFSET (1280*1024)
#define BIG_LENGTH (1245*1024)
static void copy_block(FILE *f, unsigned char* data, size_t in_offset,
size_t length, size_t out_offset) {
if (fseek(f, out_offset, SEEK_SET) < 0) {
fprintf(stderr, "failed to seek to %d: %s\n",
out_offset, strerror(errno));
return;
}
if (fwrite(data+in_offset, 1, length, f) != length) {
fprintf(stderr, "failed to write bootloader: %s\n", strerror(errno));
return;
}
fflush(f);
fsync(fileno(f));
}
static int get_bootflag(FILE *f) {
fseek(f, BOOTFLAG_OFFSET, SEEK_SET);
char buffer[8];
if (fread(buffer, 1, 8, f) != 8) {
fprintf(stderr, "failed to read boot flag: %s\n", strerror(errno));
return 0;
}
fprintf(stderr, "bootflag is [%c%c%c%c%c%c%c%c]\n",
buffer[0], buffer[1], buffer[2], buffer[3],
buffer[4], buffer[5], buffer[6], buffer[7]);
if (strncmp(buffer, "MANTABL", 7) != 0) return 0;
if (buffer[7] == '1') return 1;
if (buffer[7] == '2') return 2;
return 0;
}
static void set_bootflag(FILE* f, int value) {
unsigned char buffer[9] = "MANTABLx";
buffer[7] = '0' + value;
copy_block(f, buffer, 0, 8, BOOTFLAG_OFFSET);
}
static int update_bootloader(unsigned char* img_data,
size_t img_size,
char* block_fn,
char* force_ro_fn) {
if (img_size != INPUT_OFFSET + BIG_LENGTH) {
fprintf(stderr, "expected bootloader.img of length %d; got %d\n",
INPUT_OFFSET + BIG_LENGTH, img_size);
return -1;
}
FILE* f = fopen(force_ro_fn, "w");
if (!f) {
fprintf(stderr, "failed to open %s: %s\n", force_ro_fn, strerror(errno));
return -1;
}
if (fwrite("0", 1, 1, f) != 1) {
fprintf(stderr, "failed to write %s: %s\n", force_ro_fn, strerror(errno));
return -1;
}
fflush(f);
fsync(fileno(f));
if (fclose(f) != 0) {
fprintf(stderr, "failed to close %s: %s\n", force_ro_fn, strerror(errno));
return -1;
}
f = fopen(block_fn, "r+b");
if (!f) {
fprintf(stderr, "failed to open %s: %s\n", block_fn, strerror(errno));
return -1;
}
int i;
int bootflag = 0;
for (i = 0; i < 2; ++i) {
bootflag = get_bootflag(f);
switch (bootflag) {
case 1:
fprintf(stderr, "updating secondary copy of bootloader\n");
copy_block(f, img_data, INPUT_OFFSET, BIG_LENGTH, SECONDARY_OUTPUT_OFFSET);
set_bootflag(f, 2);
break;
case 2:
fprintf(stderr, "updating primary copy of bootloader\n");
copy_block(f, img_data, INPUT_OFFSET, BIG_LENGTH, PRIMARY_OUTPUT_OFFSET);
set_bootflag(f, 1);
break;
case 0:
fprintf(stderr, "no bootflag; updating entire bootloader block\n");
copy_block(f, img_data, 0, img_size, 0);
i = 2;
break;
}
}
if (bootflag != 0) {
fprintf(stderr, "updating BL1/BL2\n");
copy_block(f, img_data, 0, BL1BL2_LENGTH, 0);
}
fclose(f);
return 0;
}
Value* WriteBootloaderFn(const char* name, State* state, int argc, Expr* argv[])
{
int result = -1;
Value* img;
Value* block_loc;
Value* force_ro_loc;
if (argc != 3) {
return ErrorAbort(state, "%s() expects 3 args, got %d", name, argc);
}
if (ReadValueArgs(state, argv, 3, &img, &block_loc, &force_ro_loc) < 0) {
return NULL;
}
if(img->type != VAL_BLOB ||
block_loc->type != VAL_STRING ||
force_ro_loc->type != VAL_STRING) {
FreeValue(img);
FreeValue(block_loc);
FreeValue(force_ro_loc);
return ErrorAbort(state, "%s(): argument types are incorrect", name);
}
result = update_bootloader(img->data, img->size,
block_loc->data, force_ro_loc->data);
FreeValue(img);
FreeValue(block_loc);
FreeValue(force_ro_loc);
return StringValue(strdup(result == 0 ? "t" : ""));
}
void Register_librecovery_updater_manta() {
fprintf(stderr, "installing samsung.manta updater extensions\n");
RegisterFunction("samsung.manta.write_bootloader", WriteBootloaderFn);
}