[PATCH v4 1/1] fastboot: introduce 'oem board' subcommand

Wed, 10 Apr 2024 06:04:35 -0700 

Currently, fastboot protocol in U-Boot has no opportunity
to execute vendor custom code with verifed boot. This patch
introduce new fastboot subcommand fastboot oem board:<cmd>,
which allow to run custom oem_board function.

Default implementation is __weak. Vendor must redefine it in
board/ folder with his own logic.

For example, some vendors have their custom nand/emmc partition
flashing or erasing. Here some typical command for such use cases:

- flashing:

  $ fastboot stage bootloader.img
  $ fastboot oem board:write_bootloader

- erasing:

  $ fastboot oem board:erase_env

Signed-off-by: Alexey Romanov <avroma...@salutedevices.com>
Reviewed-by: Mattijs Korpershoek <mkorpersh...@baylibre.com>
---
 doc/android/fastboot.rst      | 18 ++++++++++++++++++
 drivers/fastboot/Kconfig      |  7 +++++++
 drivers/fastboot/fb_command.c | 30 ++++++++++++++++++++++++++++++
 include/fastboot.h            |  1 +
 4 files changed, 56 insertions(+)

diff --git a/doc/android/fastboot.rst b/doc/android/fastboot.rst
index 1ad8a897c8..2a627f9890 100644
--- a/doc/android/fastboot.rst
+++ b/doc/android/fastboot.rst
@@ -29,6 +29,7 @@ The following OEM commands are supported (if enabled):
   with <arg> = boot_ack boot_partition
 - ``oem bootbus``  - this executes ``mmc bootbus %x %s`` to configure eMMC
 - ``oem run`` - this executes an arbitrary U-Boot command
+- ``oem board`` - this executes a custom board function which is defined by 
the vendor
 
 Support for both eMMC and NAND devices is included.
 
@@ -245,6 +246,23 @@ including multiple commands (using e.g. ``;`` or ``&&``) 
and control structures
 (``if``, ``while``, etc.). The exit code of ``fastboot`` will reflect the exit
 code of the command you ran.
 
+Running Custom Vendor Code
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+U-Boot allows you to execute custom fastboot logic, which can be defined
+in board/ files. It can still be used for production devices with verified
+boot, because the vendor define logic at compile time by implementing
+fastboot_oem_board() function. The attacker will not be able to execute
+custom commands / code. For example, this can be useful for custom flashing
+or erasing protocols::
+
+    $ fastboot stage bootloader.img
+    $ fastboot oem board:write_bootloader
+
+In this case, ``cmd_parameter`` argument of the function 
``fastboot_oem_board()``
+will contain string "write_bootloader" and ``data`` argument is a pointer to
+fastboot input buffer, which contains the contents of bootloader.img file.
+
 References
 ----------
 
diff --git a/drivers/fastboot/Kconfig b/drivers/fastboot/Kconfig
index a4313d60a9..4d94391a76 100644
--- a/drivers/fastboot/Kconfig
+++ b/drivers/fastboot/Kconfig
@@ -241,6 +241,13 @@ config FASTBOOT_OEM_RUN
          this feature if you are using verified boot, as it will allow an
          attacker to bypass any restrictions you have in place.
 
+config FASTBOOT_OEM_BOARD
+       bool "Enable the 'oem board' command"
+       help
+         This extends the fastboot protocol with an "oem board" command. This
+         command allows running vendor custom code defined in board/ files.
+         Otherwise, it will do nothing and send fastboot fail.
+
 endif # FASTBOOT
 
 endmenu
diff --git a/drivers/fastboot/fb_command.c b/drivers/fastboot/fb_command.c
index 5fcadcdf50..da29211db1 100644
--- a/drivers/fastboot/fb_command.c
+++ b/drivers/fastboot/fb_command.c
@@ -40,6 +40,7 @@ static void reboot_recovery(char *, char *);
 static void oem_format(char *, char *);
 static void oem_partconf(char *, char *);
 static void oem_bootbus(char *, char *);
+static void oem_board(char *, char *);
 static void run_ucmd(char *, char *);
 static void run_acmd(char *, char *);
 
@@ -107,6 +108,10 @@ static const struct {
                .command = "oem run",
                .dispatch = CONFIG_IS_ENABLED(FASTBOOT_OEM_RUN, (run_ucmd), 
(NULL))
        },
+       [FASTBOOT_COMMAND_OEM_BOARD] = {
+               .command = "oem board",
+               .dispatch = CONFIG_IS_ENABLED(FASTBOOT_OEM_BOARD, (oem_board), 
(NULL))
+       },
        [FASTBOOT_COMMAND_UCMD] = {
                .command = "UCmd",
                .dispatch = CONFIG_IS_ENABLED(FASTBOOT_UUU_SUPPORT, (run_ucmd), 
(NULL))
@@ -490,3 +495,28 @@ static void __maybe_unused oem_bootbus(char 
*cmd_parameter, char *response)
        else
                fastboot_okay(NULL, response);
 }
+
+/**
+ * fastboot_oem_board() - Execute the OEM board command. This is default
+ * weak implementation, which may be overwritten in board/ files.
+ *
+ * @cmd_parameter: Pointer to command parameter
+ * @data: Pointer to fastboot input buffer
+ * @size: Size of the fastboot input buffer
+ * @response: Pointer to fastboot response buffer
+ */
+void __weak fastboot_oem_board(char *cmd_parameter, void *data, u32 size, char 
*response)
+{
+       fastboot_fail("oem board function not defined", response);
+}
+
+/**
+ * oem_board() - Execute the OEM board command
+ *
+ * @cmd_parameter: Pointer to command parameter
+ * @response: Pointer to fastboot response buffer
+ */
+static void __maybe_unused oem_board(char *cmd_parameter, char *response)
+{
+       fastboot_oem_board(cmd_parameter, fastboot_buf_addr, image_size, 
response);
+}
diff --git a/include/fastboot.h b/include/fastboot.h
index 296451f89d..06c1f26b6c 100644
--- a/include/fastboot.h
+++ b/include/fastboot.h
@@ -37,6 +37,7 @@ enum {
        FASTBOOT_COMMAND_OEM_PARTCONF,
        FASTBOOT_COMMAND_OEM_BOOTBUS,
        FASTBOOT_COMMAND_OEM_RUN,
+       FASTBOOT_COMMAND_OEM_BOARD,
        FASTBOOT_COMMAND_ACMD,
        FASTBOOT_COMMAND_UCMD,
        FASTBOOT_COMMAND_COUNT
-- 
2.34.1

Reply via email to