Retrofit devices will have two super partitions, spanning the A and B
slots separately. By design an OTA will never cause "A" or "B"
partitions to be assigned to the wrong super. However, the same is not
true of fastbootd, where it is possible to flash the inactive slot. We
do not want, for example, logical "system_a" flashing to super_b.
When interacting with partitions, fastbootd now extracts the slot suffix
from a GetSuperSlotSuffix() helper. On retrofit devices, if the partition
name has a slot, that slot will override FastbootDevice::GetCurrentSlot.
This forces partitions in the inactive slot to be assigned to the correct
super.
There are two consequences of this. First, partitions with no slot
suffix will default to the current slot. That means it is possible to
wind up with two "scratch" partitions, if "adb remount" is used on both
the "A" and "B" slots. However, only the active slot's "scratch" will be
visible to the user (either through adb or fastboot).
Second, if one slot does not have dynamic partitions, flashing will
default to fixed partitions. For example, if the A slot is logical and B
is not, flashing "system_a" will be logical and "system_b" will be
fixed. This works no matter which slot is active. We do not try to
upgrade the inactive slot to dynamic partitions.
Bug: 116802789
Test: fastboot set_active a
fastboot flashall # dynamic partitions
fastboot getvar is-logical:system_a # true
fastboot getvar is-logical:system_b # false
fastboot set_active b
fastboot flashall --skip-secondary
fastboot getvar is-logical:system_a # true
fastboot getvar is-logical:system_b # true
Booting both slots works.
Change-Id: Ib3c91944aaee1a96b2f5ad69c90e215bd6c5a2e8
On retrofit devices, it is easy to accidentally overwrite
system/vendor/product by flashing system in the bootloader. The reason
is that GPT system_a is really the super partition, and the bootloader
doesn't know it.
Addressing this in bootloaders would require two separate commands: one
that rejects flashing system/vendor/product, and another for
expert/factory use that would allow direct flashing.
This patch introduces protection into the host fastboot tool instead.
It's not mutually exclusive with bootloader changes; having protection
in the host tool affords us better and consistent UI. However it does
rely on users having newer builds.
With this change, the following will not work in the bootloader:
fastboot flash system # or vendor, product, etc
The message is the same whether or not the device is a retrofit. To
continue anyway, you can do:
fastboot flash --force system
If we decide on bootloader protection as well, the --force flag can be
re-used.
Bug: 119689480
Test: fastboot flash system # disallowed in bootloader, allowed in fastbootd
fastboot flash --force system # allowed in bootloader
Change-Id: I0861e3f28a15be925886d5c30c7ebd4b20c477cf
Removes a few more Android.mk files.
Test: check for adb, mkbootfs, and fastboot in the build artifacts
Change-Id: Ie4e50a363a734d0b9207f0d0098c54719f038e76
Similar to the change to adb in Id26760bc62c89a1f7ef67511b21f9d9252ab69f3,
pin the interface version to IOUSBFamily 5.0.0.
Bug: 119264733
Test: Manual
Change-Id: Ied9164532c0ba6f20415dafecb0c774578aa5c57
This patch adds a new variable, "super-partition-name", to query the
name of the super partition (with a slot suffix if it has one). The
fastboot flashing tool has been updated to query this variable.
Since the super partition name can no longer be determined without
fastbootd, the presence of super_empty.img is used to test for
dynamic partition support rather than the presence of a super partition.
Bug: 116802789
Test: fastboot flashall on retrofit device
Change-Id: If830768eba6de7f31ac3183c64167fae973c77a4
When updating the super partition, attempt to preserve partitions from
the other slot. If any partition can't be preserved, fail and require a
wipe (-w) to proceed. This allows two bootable builds to be flashed to
both slots.
The preserve operation can fail if the metadata is not compatible with
the old partition layout. For example, if the partition references a
group that no longer exists, or a group changed its capacity, or the
metadata's block device list or list contents changed.
Bug: N/A
Test: liblp_test gtest
fastboot flashall --skip-secondary
Change-Id: I53fdd29bc1f0ef132005a93d3cf1cdcd7f2fc05f
Without this, it is much more difficult to ensure that the "a" and "b"
slots are both bootable during development. We already update all
metadata slots for update-super, so we should here as well.
Bug: N/A
Test: fastboot flashall
fastboot set_active other
fastboot flashall
Change-Id: Ib661e35fa89171a68a0b1da195dc5ba0375d72e4
Arrange to delete the overlayfs backing when a specified partition
has been flashed.
Test: manual
Bug: 109821005
Bug: 117605276
Change-Id: I1c6a0341c6cd2ecfbb7c71bec5679a74d579aadd
The purpose of this code was to support preserving partitions across a
flashall operation. Since we are not supporting persistent read-write
partitions, this merging code is effectively useless - it is preserving
only partitions that will be deleted.
Additionally, this code does not merge partition group changes, since
doing so accurately is difficult. Partition size changes aren't sent
until after update-super resolves, so a valid re-grouping could be
rejected during update-super if the existing partitions are too big.
This patch removes the update-super merging code until a use case comes
along and we can properly evaluate how it should work.
Bug: N/A
Test: fastboot flashall
Change-Id: I1d622b23dabdf031897be9de49f59fc8cf3caf3b
The libziparchive public headers that refer to `off64_t` also need the
Mac workaround.
In fastboot, there's a stray `lseek64` but since it's only for offset 0,
any kind of seek is fine.
Bug: N/A
Test: builds
Change-Id: I68b4f95202623ebf07ffe6c3e0e21437e7922c5b
If an image size changes slightly in between "flashall" and some change
in the build, it's inconvenient to have to reflash the whole device again.
This patch resizes partitions when using a normal flash command, to
improve the developer workflow.
Bug: N/A
Test: fastboot flash system
Change-Id: I349364a4742a0c15748f545fcfda946107720d45
After rebooting to userspace fastboot, the first command issued is
"update-super". If we wound up in the bootloader by accident (as
happened to a few users with a busted vbmeta_system), the resulting
error message will be very misleading ("update-super" will be an
unrecognized command).
Instead, this patch explicitly errors if we did not successfully boot
into fastbootd.
Bug: N/A
Test: fastboot flashall
Change-Id: I7d5bd64db540978bd0bae884f40ce8c3df48f856
This allows us to remove libziparchive's dependency on libutils.
Bug: http://b/79112958
Test: ran libbase and libziparchive tests, ran fastboot manually
Change-Id: I95c651976dad222863e5b8c37d4514b778f5dce7
Cleanup to utilize all the manifest values in constants.h.
If the cli command _and_ the protocol name match, use a common
source of convenient truth. This should set a pattern for future
additional commands. When the command and the protocol differ,
we want to introduce resistance as it results in confusion and
maintenance issues.
Test: compile
Change-Id: Idad413c63cbbfcb6e851856105a5d5a9ef53ef29
Bug: 78793464
Test: fastboot flashall
Sparse images with CRC are not supported by the Android build
system and hence the calculated CRC is unused.
Change-Id: Ia48b2f7e29f2adea26d185c5a8f2337c4cbe6dcb
Boot control HAL implementations will return the current boot
slot as the active slot. If a set_active command is issued on another
slot, it should be considered as the new active slot and subsequent
flashes should flash the same.
Test: fastboot set_active "b", fastboot getvar current-slot
Bug: 78793464
Change-Id: Ida3817670de8e74a7d7ae2a905e7ac1756c6bdf1
This is required to pass fuzzy_fastboot conformance tests.
Also, allow for zero sized partitions in fuzzy_fastboot.
Test: ./fuzzy_fastboot --gtest_filter=Conformance.Slots
Bug: 117220134
Change-Id: Ifb12994a7796b081215084cb68b37674210aaa12
Return lock status of true if unable to read kernel command line.
Test: fastboot getvar unlocked
Bug: 117275849
Change-Id: Id6c00c769bcdcdf87fcc9e88902713a8eff3e320
Sparse images with CRC are currently not supported by the
Android build system.
Test: ./fuzzy_fastboot --gtest_filter=Conformance.*
Change-Id: I6a73fb0dc5d4c77a3d1a0384c137789eb06fa956
If a device has logical partitions but does not use a partition called
"super", we will need this to be configurable. Note that the "slot"
argument is currently unused, but will be necessary for update_engine if
there are A and B super partitions.
Bug: 116608795
Test: super partition works
Change-Id: Ieb548a158faeb423f3561230f26d582325efbc6b
Replace the remnants of engine.cpp with better functionality in
FastBootDriver. Particularly, add prolog() and epilog()
callbacks to FastBootDriver for printing actions and their result to
the console. Then clean up the rest of fastboot.cpp to directly use
FastBootDriver.
Test: fastboot works
Change-Id: I0ff01d6a10f75e9dc1c82b46c6e9bb3bc4c68638
CheckRequirements() had various issues that are cleaned up here,
1) Move from C string parsing to C++
2) Moved from C data structures to C++, including fixing memory leaks.
3) Removed the 'cur_product' global and the 'query_save' function that
stores it
4) Actually writing tests for the parsing function for
android-info.txt
5) Check that a variable needs to be checked for a given product before
trying to read it. Previously, fastboot would fail if a variable
isn't recognized on a device, even if the check should be ignored.
A lot of flexibility is allowed for the input strings, to keep
backwards compatibility with the previous parsers.
Test: fastboot works, unit tests
Change-Id: Idc3bba8b8fe829d8eefe5f6c495e63a9441c0b60
Note that in addition to waiting for the path to appear, we must also
wait for it to be unlinked. Otherwise, we could accidentally access an
older device when opening and closing the same partition twice in a row.
Bug: 114198005
Test: fastboot flashall works
Change-Id: Iddffc34e1ac8aa066c28e7b1a92b09b6dfd7945c
UsbTransportSniffer invokes the virtual method Close() within
its destructor. This usage is fine right now, but if a future
class inherited from UsbTransportSniffer and overrode the Close()
method, then this destructor would not act as expected.
To protect against this, we declare Close() 'final' in
UsbTransportSniffer, and add a comment.
Test: Treehugger
Change-Id: I6182d84e7caf67cb06f37c22c6203ad6d6e57f34
There is little advantage and increasingly much disadvantage to
queueing up fastboot commands before executing them. This change
removes the queue in the most simple way possible to enable further
clean up.
Test: fastboot works
Change-Id: I9abab05df07ed167dbe6a42e1eb9eab8f8d4f157
Partition sizes must be reported with an "0x" prefix for fuzzy_fastboot.
Also, with dynamic partitions, the size of a partition can be 0.
Bug: 78793464
Test: fuzzy_fastboot Conformance.PartitionInfo does not error on
partition sizes when using fastbootd
Change-Id: I4148440bd9ed420878940829618cbf8cee85bf6a
This change moves Transport ownership back out of FastBootDriver.
Callers of set_transport must ensure that the previous transport is
destroyed. In addition, deleting a transport now ensures that it is
closed.
Bug: 78793464
Test: fastboot, fuzzy_fastboot works
Change-Id: I8f9ed2f7d5b09fd0820b2677d087a027378f26db
This implements getvar all by invoking each callback and writing an INFO
status for each result. For commands that take arguments, the variable
handler can specify a function that returns all possible arguments.
Currently this only applies to partition variables.
Bug: 78793464
Test: fastboot getvar all works
Change-Id: I1cf84e06bf67614b6f56171c0ee6ca5d7ac383c9
It is easier to implement getvar all if we can invoke each variable
handler and collect their results. This change reverts the handlers to
return their messages as an outparam, rather than going through
FastbootDevice.
Bug: 78793464
Test: fastboot getvar works
Change-Id: I8544251ce517526b26435526756359ce220520cc
The Carbon framework isn't on the list of libraries that Soong allows
linking against, so this broke the Mac build. This compiles just fine
without Carbon though, and I don't see any references to Carbon in the
code.
Test: mma
Change-Id: I83044d244f7cec778c8b8b6132249c0f016c10fc
Also fix adb's version number to match.
See build/soong/README.md for more information.
Test: cd system/core/fastboot; mma
Test: fastboot --version
Test: adb --version
Test: out/host/linux-x86/nativetest/fastboot_test/fastboot_test
Test: out/host/linux-x86/nativetest64/fastboot_test/fastboot_test
Change-Id: I65ea39af9183c602e84f3bc0e4a0d066a30fc464
This patch extracts the common logic out of the flashall and update
command implementations. There is now a FlashAllTool helper class, and
an ImageSource class for commands to specify how to find built images.
With these paths merged, the update command now supports logical
partitions.
Bug: 78793464
Test: flashall works with or without a super partition
update works with or without a super partition
Change-Id: I63a8690bbc4da6ea98a07eb2c07166ddd993a7b7
This isn't sent by the fastboot client.
This isn't in our bootloader requirement document.
Neither my hikey nor sailfish respond to this.
Test: fastboot still works
Change-Id: I11ff0aed818d98f3427ed427605d99b3c76ccb06
This isn't sent by the fastboot client.
This isn't in our bootloader requirement document.
Neither my hikey nor sailfish respond to this.
The README.md literally uses this as an example for 'unknown command'
Test: fastboot still works.
Change-Id: Ia442a41de517dae078dd7e73c951aadb97646c73
This makes the following changes to the images array:
* The "optional_if_no_partition" flag is removed, as it was a temporary
workaround for super.img.
* The "flashall" flag is removed.
* The "needed_for_fastbootd" flag is now an ImageType enum.
Bug: N/A
Test: fastboot builds, flashall works
Change-Id: Id000ea20cf83639cec2c9ae94f28c799b34606f1
Userspace fastboot is required when flashing logical partitions. If for
some reason userspace fastboot is broken, the user may be stuck with
bootloader fastboot. To address this scenario, we now flash "boot",
"vbmeta", "recovery", "dtbo", and "dts" before booting into userspace
fastboot, using whatever fastboot is currently active.
Bug: 78793464
Test: fastboot flashall with device in bootloader fastboot
Change-Id: I773707bbbe9235c560416c70976e32fd8e52a5a3
In order to flash logical partitions, "flashall" must be run against
userspace fastboot. When the bootloader supports the "reboot-fastboot"
command, we now attempt to automatically reboot into userspace fastboot.
We do this by closing the transport, sleeping for one second, and then
polling for a new connection until one is available. FastBootDriver is
then assigned the new transport.
Bug: 78793464
Test: fastboot flashall on device with logical partitions, while booted
into bootloader fastboot
Change-Id: I6949871b93ab5e352784cabe0963c6ecfc0af36d
Add "super" to the table of known images so that automatic file
resolution can occur. Add a flag to indicate if the image should
be flashed with flashall and set it to false for the new "super"
image, all else true.
Test: 'fastboot flash super' works.
'fastboot flashall' does not flash super
Bug: 78793464
Change-Id: I5b85536b1d4890264531af357aba84a061d6df44
Currently, fastboot flashall will try to flash every partition in the
image list. For devices with logical partitions, this will cause those
partitions to be flashed twice (once via super.img, and again for each
individual image). Additionally, super.img is needed to synchronize the
logical partition list, but it is only generated with "make dist",
making it inconvenient for most workflows.
This patch removes automatic flashing of super.img. Instead, devices
with a super partition must now generate a "super_empty.img"
describing the super geometry and logical partition layout. Before
flashing any other partitions, this image is used to ensure the device
has created all necessary logical partitions.
Additionally, before flashing (but after updating super), all logical
partitions that will be flashed are resized to 0. This ensures that
logical partitions will receive more optimal space allocation.
Finally, during flashing of individual images, logical partitions are
resized to the image size, since they do not have hardcoded sizes in the
build.
Bug: 78793464
Test: fastboot flashall can flash vendor, product, product_services
without a make dist/super.img.
Change-Id: I18c2291e0d0cb10de729c5646b75ac84dde8c871
This change introduces an "update-super" command to the fastboot
protocol. Unlike the "flash" command, which copies raw or sparse data to
a partition, the "update-super" command requires the data to be a super
image generated by lpmake.
If the super partition is not yet formatted (or is corrupt), then it
will be formatted using the given image. Otherwise, "update-super" will
preserve the existing partition layout, and only ensure that logical
partition entries exist for all the new partitions in the given image.
All new partitions added this way will have a zero size, and it is the
host's responsibility to size them as needed afterwards with the
"resize-logical-partition" command.
In addition, the "update-super" command supports a "wipe" argument,
which will force the super partition to be reformatted with the given
image, overwriting any existing partition tables.
Bug: 78793464
Test: fastboot flashall with a super partition
Change-Id: If37d839a03e396e11b6c08a9c32984106613d1dc
Attempting to reduce the number of different spellings we have for
"product services" partition in the codebase.
Bug: 112431447
Test: m
Change-Id: I1a87d7e040a8b1f91f973ac7d90d6360b5b54f71
Merged-In: I1a87d7e040a8b1f91f973ac7d90d6360b5b54f71
Some OEM commands can take quite a while.
The current 10 second timeout is too small.
Test: fastboot tool
Change-Id: Icf59615919c92dc85807abe3ec5793504cf7a162
When flashing logical partitions, we read the "super" partition metadata
corresponding to the current slot. We then temporarily create a
device-mapper device for that partition, and immediately destroy the
device after all operations are complete. We do not mount partitions
ahead of time, or keep them mounted, because a fastboot operation may
change the layout of the logical partition table (or change which slot
is current).
Bug: 78793464
Test: fastboot flash a logical partition under "super"
Change-Id: Id2a61d3592decabeebfd283c4fd6e6cbe576a18c
Currently a few getvar handlers will return invalid strings when an
error occurs. This change allows those handlers to instead send a proper
failure message.
Bug: 78793464
Test: N/A
Change-Id: I7ff7d036c1e6fb0a3d700ecf21b1103ab77278d2
The size of `fastbootd` goes down from 64088-byte to 38488-byte
(aosp_taimen-userdebug) after the change.
Bug: 78793464
Test: `m -j installclean && m -j fastbootd`. Check that
$OUT/recovery/root/system/lib64/libadbd.so exists and
$OUT/recovery/root/system/bin/fastbootd depends on that.
Change-Id: Ic36c98da1a0dda4e0d86e671f858c42578f53f90
The build system generates a partition name of "product_services" for
the product-services partition, so fastboot's image list must reflect
this.
Bug: 78793464
Test: fastboot flash product_services works with fastbootd
Change-Id: I348f970c9584fd3dd4369e8cded66b6e39eee2b2
Bug: 112108453
Test: fastboot flashall with super.img and product-services.img in $OUT,
fastboot update with super.img and product-services.img in image.zip.
Change-Id: I5718b5e60c546c55af74292895b3f7fe169e4f02
Fastbootd is started by recovery, and communicates
over usb with the fastboot protocol.
Add additional fastboot commands to move in and out of
fastbootd. "fastboot reboot recovery" and "fastboot reboot fastboot"
Bug: 78793464
Test: fastboot reboot recovery, fastboot reboot fastboot
Change-Id: Iffb77b2d3ceefb7335c38aa9fba7bd17821484f0
This CL is largely and adaptation of
Ifd119650dd3316508870df0dfc770099e95ae1d1
Bug: 80741439
Test: Successfully built product-services.img with one module in it, and
flashed on device. Also successfully built image with
/system/product-services and no dedicated /product-services partition.
Change-Id: I204a831e052d018018ab124d70ad1ff1610ee007
When host fastboot sends sparse blocks to the device, it tries to only
send blocks in multiples of 1024 bytes. If a block is not aligned to this
size, the excess bytes are prepended to the next write operation. This
is implemented by doing the write in two steps: first the previous
excess from the last write (plus new data up to alignment), then a
second write for the aligned remainder of the new data.
This logic has a bug if the final block plus the previous excess data
contains >= 1024 but < 2048 bytes. In this case the first write will
drain 1024 bytes from the data, and the second write will not have 1024
bytes to write. Instead of retaining this data for the next write, it
tries to write 0 chunks (and thus 0 bytes), which hangs the ioctl() call.
Bug: N/A
Test: "fastboot flash super super.img" where super.img is generated by
lpmake, containing system and product_services partitions and
images.
Change-Id: I9e8523c976ec84d5a57b36a28f4b1ca800edb7e7
USB Reset() allows simulating unplugging and replugging device.
Test: build and run fastboot on mac 10.13.3
Test: glinux build and run fastboot
Change-Id: Id924d063e549a4cca9dda03afd8f8fe266f6d2ab
This reverts commit ceb7cbf5fd.
Reason for revert: Broke mac builds:
system/core/fastboot/usb_osx.cpp:513:35: error: use of undeclared identifier 'USB_TRANSACTION_TIMEOUT'
USB_TRANSACTION_TIMEOUT, USB_TRANSACTION_TIMEOUT);
^
Change-Id: Ibe2f9ff2d5c63f9d33f4bd6d9ba962604cf8caeb
For testing there needs to be a way to simulate unplugging and
replugging a device. This change adds support for a USB reset
method that does this.
Also add timeouts, so USB reads/writes don't block forever
on an unresponsive device.
Test: glinux, fastboot tool still works
Test: Reset confirmed working via wireshark Linux URB captures
Change-Id: I7213a2395d4ef1c0238810e4929ab966e78c8b55
Treehugger Robot