Re: [PATCH v3 1/1] fastboot: introduce 'oem board' subcommand
Hi Alexey, On 4/8/24 12:15, Alexey Romanov wrote: Currently, fastboot protocol in U-Boot has no opportunity to execute vendor custom code with verifed boot. This patch introduce new fastboot subcommand fastboot oem board:, which allow to run custom oem_board function. Default implementation is __weak. Vendor must redefine it in board/ folder with his own logic. For example, some vendors have their custom nand/emmc partition flashing or erasing. Here some typical command for such use cases: - flashing: $ fastboot stage bootloader.img $ fastboot oem board:write_bootloader - erasing: $ fastboot oem board:erase_env Signed-off-by: Alexey Romanov --- doc/android/fastboot.rst | 18 ++ drivers/fastboot/Kconfig | 7 +++ drivers/fastboot/fb_command.c | 30 ++ include/fastboot.h| 1 + 4 files changed, 56 insertions(+) diff --git a/doc/android/fastboot.rst b/doc/android/fastboot.rst index 05d8f77759..2020590657 100644 --- a/doc/android/fastboot.rst +++ b/doc/android/fastboot.rst @@ -30,6 +30,7 @@ The following OEM commands are supported (if enabled): - ``oem bootbus`` - this executes ``mmc bootbus %x %s`` to configure eMMC - ``oem run`` - this executes an arbitrary U-Boot command - ``oem console`` - this dumps U-Boot console record buffer +- ``oem board`` - this executes an custom board function which is defined by vendor s/an/a/ +the vendor? (missing "the") Support for both eMMC and NAND devices is included. @@ -246,6 +247,23 @@ including multiple commands (using e.g. ``;`` or ``&&``) and control structures (``if``, ``while``, etc.). The exit code of ``fastboot`` will reflect the exit code of the command you ran. +Running Custom Vendor Code +^^ + +U-Boot allows you to execute custom fastboot logic, which can be defined +in board/ files. It can still be used for production devices with verified +boot, because vendor define logic at compile time by overriding weak s/vendor define/the vendor defines/ Suggestion: Replace "by overriding weak implementation of fastboot_oem_board()" with "by implementing fastboot_oem_board()", the weak symbol is an implementation detail I don't think we need to keep in the documentation? +implementation of fastboot_oem_board() function. The attacker will +not able to execute his commands / code. For example, this can be useful +be able (missing be) s/his/custom/ or s/his/their/ +for custom flashing or erasing protocols:: + +$ fastboot stage bootloader.img +$ fastboot oem board:write_bootloader + +In this case, ``cmd_parameter`` argument of the function ``fastboot_oem_board()`` +will contain string "write_bootloader" and ``data`` argument is a pointer to +fastboot input buffer, which containing the contents of bootloader.img file. + Either -which (remove "which") s/which containing/which contains/ Cheers, Quentin
Re: [PATCH v3 1/1] fastboot: introduce 'oem board' subcommand
Hi Alexey, Thank you for the patch. On lun., avril 08, 2024 at 13:15, Alexey Romanov wrote: > Currently, fastboot protocol in U-Boot has no opportunity > to execute vendor custom code with verifed boot. This patch > introduce new fastboot subcommand fastboot oem board:, > which allow to run custom oem_board function. > > Default implementation is __weak. Vendor must redefine it in > board/ folder with his own logic. > > For example, some vendors have their custom nand/emmc partition > flashing or erasing. Here some typical command for such use cases: > > - flashing: > > $ fastboot stage bootloader.img > $ fastboot oem board:write_bootloader > > - erasing: > > $ fastboot oem board:erase_env > > Signed-off-by: Alexey Romanov Reviewed-by: Mattijs Korpershoek Thank you for being patient on this topic! I'll be awaiting 2 more days and will apply to the u-boot-dfu if no other remarks have been made. > --- > doc/android/fastboot.rst | 18 ++ > drivers/fastboot/Kconfig | 7 +++ > drivers/fastboot/fb_command.c | 30 ++ > include/fastboot.h| 1 + > 4 files changed, 56 insertions(+) > > diff --git a/doc/android/fastboot.rst b/doc/android/fastboot.rst > index 05d8f77759..2020590657 100644 > --- a/doc/android/fastboot.rst > +++ b/doc/android/fastboot.rst > @@ -30,6 +30,7 @@ The following OEM commands are supported (if enabled): > - ``oem bootbus`` - this executes ``mmc bootbus %x %s`` to configure eMMC > - ``oem run`` - this executes an arbitrary U-Boot command > - ``oem console`` - this dumps U-Boot console record buffer > +- ``oem board`` - this executes an custom board function which is defined by > vendor > > Support for both eMMC and NAND devices is included. > > @@ -246,6 +247,23 @@ including multiple commands (using e.g. ``;`` or ``&&``) > and control structures > (``if``, ``while``, etc.). The exit code of ``fastboot`` will reflect the > exit > code of the command you ran. > > +Running Custom Vendor Code > +^^ > + > +U-Boot allows you to execute custom fastboot logic, which can be defined > +in board/ files. It can still be used for production devices with verified > +boot, because vendor define logic at compile time by overriding weak > +implementation of fastboot_oem_board() function. The attacker will > +not able to execute his commands / code. For example, this can be useful > +for custom flashing or erasing protocols:: > + > +$ fastboot stage bootloader.img > +$ fastboot oem board:write_bootloader > + > +In this case, ``cmd_parameter`` argument of the function > ``fastboot_oem_board()`` > +will contain string "write_bootloader" and ``data`` argument is a pointer to > +fastboot input buffer, which containing the contents of bootloader.img file. > + > References > -- > > diff --git a/drivers/fastboot/Kconfig b/drivers/fastboot/Kconfig > index 5e5855a76c..937a39f54a 100644 > --- a/drivers/fastboot/Kconfig > +++ b/drivers/fastboot/Kconfig > @@ -249,6 +249,13 @@ config FASTBOOT_CMD_OEM_CONSOLE > Add support for the "oem console" command to input and read console > record buffer. > > +config FASTBOOT_OEM_BOARD > + bool "Enable the 'oem board' command" > + help > + This extends the fastboot protocol with an "oem board" command. This > + command allows running vendor custom code defined in board/ files. > + Otherwise, it will do nothing and send fastboot fail. > + > endif # FASTBOOT > > endmenu > diff --git a/drivers/fastboot/fb_command.c b/drivers/fastboot/fb_command.c > index f95f4e4ae1..96c27afc60 100644 > --- a/drivers/fastboot/fb_command.c > +++ b/drivers/fastboot/fb_command.c > @@ -42,6 +42,7 @@ static void oem_format(char *, char *); > static void oem_partconf(char *, char *); > static void oem_bootbus(char *, char *); > static void oem_console(char *, char *); > +static void oem_board(char *, char *); > static void run_ucmd(char *, char *); > static void run_acmd(char *, char *); > > @@ -113,6 +114,10 @@ static const struct { > .command = "oem console", > .dispatch = CONFIG_IS_ENABLED(FASTBOOT_CMD_OEM_CONSOLE, > (oem_console), (NULL)) > }, > + [FASTBOOT_COMMAND_OEM_BOARD] = { > + .command = "oem board", > + .dispatch = CONFIG_IS_ENABLED(FASTBOOT_OEM_BOARD, (oem_board), > (NULL)) > + }, > [FASTBOOT_COMMAND_UCMD] = { > .command = "UCmd", > .dispatch = CONFIG_IS_ENABLED(FASTBOOT_UUU_SUPPORT, (run_ucmd), > (NULL)) > @@ -542,3 +547,28 @@ static void __maybe_unused oem_console(char > *cmd_parameter, char *response) > else > fastboot_response(FASTBOOT_MULTIRESPONSE_START, response, NULL); > } > + > +/** > + * fastboot_oem_board() - Execute the OEM board command. This is default > + * weak implementation, which may be overwritten in board/ files. > + * > + * @cmd_parameter: Pointer to com
[PATCH v3 1/1] fastboot: introduce 'oem board' subcommand
Currently, fastboot protocol in U-Boot has no opportunity to execute vendor custom code with verifed boot. This patch introduce new fastboot subcommand fastboot oem board:, which allow to run custom oem_board function. Default implementation is __weak. Vendor must redefine it in board/ folder with his own logic. For example, some vendors have their custom nand/emmc partition flashing or erasing. Here some typical command for such use cases: - flashing: $ fastboot stage bootloader.img $ fastboot oem board:write_bootloader - erasing: $ fastboot oem board:erase_env Signed-off-by: Alexey Romanov --- doc/android/fastboot.rst | 18 ++ drivers/fastboot/Kconfig | 7 +++ drivers/fastboot/fb_command.c | 30 ++ include/fastboot.h| 1 + 4 files changed, 56 insertions(+) diff --git a/doc/android/fastboot.rst b/doc/android/fastboot.rst index 05d8f77759..2020590657 100644 --- a/doc/android/fastboot.rst +++ b/doc/android/fastboot.rst @@ -30,6 +30,7 @@ The following OEM commands are supported (if enabled): - ``oem bootbus`` - this executes ``mmc bootbus %x %s`` to configure eMMC - ``oem run`` - this executes an arbitrary U-Boot command - ``oem console`` - this dumps U-Boot console record buffer +- ``oem board`` - this executes an custom board function which is defined by vendor Support for both eMMC and NAND devices is included. @@ -246,6 +247,23 @@ including multiple commands (using e.g. ``;`` or ``&&``) and control structures (``if``, ``while``, etc.). The exit code of ``fastboot`` will reflect the exit code of the command you ran. +Running Custom Vendor Code +^^ + +U-Boot allows you to execute custom fastboot logic, which can be defined +in board/ files. It can still be used for production devices with verified +boot, because vendor define logic at compile time by overriding weak +implementation of fastboot_oem_board() function. The attacker will +not able to execute his commands / code. For example, this can be useful +for custom flashing or erasing protocols:: + +$ fastboot stage bootloader.img +$ fastboot oem board:write_bootloader + +In this case, ``cmd_parameter`` argument of the function ``fastboot_oem_board()`` +will contain string "write_bootloader" and ``data`` argument is a pointer to +fastboot input buffer, which containing the contents of bootloader.img file. + References -- diff --git a/drivers/fastboot/Kconfig b/drivers/fastboot/Kconfig index 5e5855a76c..937a39f54a 100644 --- a/drivers/fastboot/Kconfig +++ b/drivers/fastboot/Kconfig @@ -249,6 +249,13 @@ config FASTBOOT_CMD_OEM_CONSOLE Add support for the "oem console" command to input and read console record buffer. +config FASTBOOT_OEM_BOARD + bool "Enable the 'oem board' command" + help + This extends the fastboot protocol with an "oem board" command. This + command allows running vendor custom code defined in board/ files. + Otherwise, it will do nothing and send fastboot fail. + endif # FASTBOOT endmenu diff --git a/drivers/fastboot/fb_command.c b/drivers/fastboot/fb_command.c index f95f4e4ae1..96c27afc60 100644 --- a/drivers/fastboot/fb_command.c +++ b/drivers/fastboot/fb_command.c @@ -42,6 +42,7 @@ static void oem_format(char *, char *); static void oem_partconf(char *, char *); static void oem_bootbus(char *, char *); static void oem_console(char *, char *); +static void oem_board(char *, char *); static void run_ucmd(char *, char *); static void run_acmd(char *, char *); @@ -113,6 +114,10 @@ static const struct { .command = "oem console", .dispatch = CONFIG_IS_ENABLED(FASTBOOT_CMD_OEM_CONSOLE, (oem_console), (NULL)) }, + [FASTBOOT_COMMAND_OEM_BOARD] = { + .command = "oem board", + .dispatch = CONFIG_IS_ENABLED(FASTBOOT_OEM_BOARD, (oem_board), (NULL)) + }, [FASTBOOT_COMMAND_UCMD] = { .command = "UCmd", .dispatch = CONFIG_IS_ENABLED(FASTBOOT_UUU_SUPPORT, (run_ucmd), (NULL)) @@ -542,3 +547,28 @@ static void __maybe_unused oem_console(char *cmd_parameter, char *response) else fastboot_response(FASTBOOT_MULTIRESPONSE_START, response, NULL); } + +/** + * fastboot_oem_board() - Execute the OEM board command. This is default + * weak implementation, which may be overwritten in board/ files. + * + * @cmd_parameter: Pointer to command parameter + * @data: Pointer to fastboot input buffer + * @size: Size of the fastboot input buffer + * @response: Pointer to fastboot response buffer + */ +void __weak fastboot_oem_board(char *cmd_parameter, void *data, u32 size, char *response) +{ + fastboot_fail("oem board function not defined", response); +} + +/** + * oem_board() - Execute the OEM board command + * + * @cmd_parameter: Pointer to command parameter + * @response: Pointer to fastboot response b