forked from canonical/snapd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsnappy_boot_v2.h
256 lines (231 loc) · 11.4 KB
/
snappy_boot_v2.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
/**
* Copyright (C) 2020 Canonical Ltd
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
#include "snappy_boot_common.h"
#ifndef _BOOTLOADER_SNAP_BOOT_V2_H
#define _BOOTLOADER_SNAP_BOOT_V2_H
#define SNAP_BOOTSELECT_VERSION_V2 0x00010010
#define SNAP_BOOTSELECT_SIGNATURE_RECOVERY ('S' | ('R' << 8) | ('s' << 16) | ('e' << 24))
// device lock states
#define DEVICE_STATE_UNKNOWN 0 // initial device state at first boot
#define DEVICE_STATE_UNLOCKED 1 // device unlocked
#define DEVICE_STATE_LOCKED 2 // device locked
/* snappy bootselect partition format structure for run mode */
typedef struct SNAP_RUN_BOOT_SELECTION {
/* Should always contain value of SNAP_BOOTSELECT_SIGNATURE_RUN defined in common.h */
uint32_t signature;
/* Should always contain value of SNAP_BOOTSELECT_VERSION_V2 */
uint32_t version;
/* kernel_status, one of: 'empty', "try", "trying" */
char kernel_status[SNAP_NAME_MAX_LEN];
/* current kernel snap revision */
char snap_kernel[SNAP_NAME_MAX_LEN];
/* current try kernel snap revision */
char snap_try_kernel[SNAP_NAME_MAX_LEN];
/* gadget_mode, one of: 'empty', "try", "trying" */
char gadget_mode[SNAP_NAME_MAX_LEN];
/* GADGET assets: current gadget assets revision */
char snap_gadget[SNAP_NAME_MAX_LEN];
/* GADGET assets: try gadget assets revision */
char snap_try_gadget[SNAP_NAME_MAX_LEN];
/**
* Matrix for mapping of run mode boot img partition to installed kernel
* snap revision
*
* First column represents boot image partition label (e.g. boot_a,boot_b )
* value are static and should be populated at gadget built time
* or latest at image build time. Values are not further altered at run
* time.
* Second column represents name currently installed kernel snap
* e.g. pi2-kernel_123.snap
* initial value representing initial kernel snap revision
* is populated at image build time by snapd
*
* There are two rows in the matrix, representing current and previous
* kernel revision
* The following describes how this matrix should be modified at different
* stages:
* - snapd in install mode:
* - extracted kernel snap revision name should be filled
* into free slot (first row, second row)
* - snapd in run mode:
* - when new kernel snap revision is being installed, snapd cycles
* through matrix to find unused 'boot slot' to be used for new kernel
* snap revision from free slot, first column represents partition
* label to which kernel snap boot image should be extracted. Second
* column is then populated with kernel snap revision name.
* - kernel_status, snap_try_kernel, snap_try_core behaves same way as
* with u-boot
* - bootloader:
* - bootloader reads kernel_status to determine if snap_kernel or
* snap_try_kernel is used to get kernel snap revision name.
* kernel snap revision is then used to search matrix to determine
* partition label to be used for current boot
* - bootloader NEVER alters this matrix values
*
* [ <bootimg 1 part label> ] [ <kernel snap revision installed in this boot partition> ]
* [ <bootimg 2 part label> ] [ <kernel snap revision installed in this boot partition> ]
*/
char bootimg_matrix[SNAP_RUN_BOOTIMG_PART_NUM][2][SNAP_NAME_MAX_LEN];
/* name of the boot image from kernel snap to be used for extraction
when not defined or empty, default boot.img will be used */
char bootimg_file_name[SNAP_NAME_MAX_LEN];
/**
* gadget assets: Matrix for mapping of gadget asset partitions
* Optional boot asset tracking, based on bootloader support
* Some boot chains support A/B boot assets for increased robustness
* example being A/B TrustExecutionEnvironment
* This matrix can be used to track current and try boot assets for
* robust updates
* Use of Gadget_asset_matrix matches use of Bootimg_matrix
*
* [ <boot assets 1 part label> ] [ <currently installed assets revision in this partition> ]
* [ <boot assets 2 part label> ] [ <currently installed assets revision in this partition> ]
*/
char gadget_asset_matrix[SNAP_RUN_BOOTIMG_PART_NUM][2][SNAP_NAME_MAX_LEN];
/* unused placeholders for additional parameters to be used in the future */
char unused_key_01[SNAP_NAME_MAX_LEN];
char unused_key_02[SNAP_NAME_MAX_LEN];
char unused_key_03[SNAP_NAME_MAX_LEN];
char unused_key_04[SNAP_NAME_MAX_LEN];
char unused_key_05[SNAP_NAME_MAX_LEN];
char unused_key_06[SNAP_NAME_MAX_LEN];
char unused_key_07[SNAP_NAME_MAX_LEN];
char unused_key_08[SNAP_NAME_MAX_LEN];
char unused_key_09[SNAP_NAME_MAX_LEN];
char unused_key_10[SNAP_NAME_MAX_LEN];
char unused_key_11[SNAP_NAME_MAX_LEN];
char unused_key_12[SNAP_NAME_MAX_LEN];
char unused_key_13[SNAP_NAME_MAX_LEN];
char unused_key_14[SNAP_NAME_MAX_LEN];
char unused_key_15[SNAP_NAME_MAX_LEN];
char unused_key_16[SNAP_NAME_MAX_LEN];
char unused_key_17[SNAP_NAME_MAX_LEN];
char unused_key_18[SNAP_NAME_MAX_LEN];
char unused_key_19[SNAP_NAME_MAX_LEN];
char unused_key_20[SNAP_NAME_MAX_LEN];
/* unused array of 10 key - value pairs */
char key_value_pairs[10][2][SNAP_NAME_MAX_LEN];
/* crc32 value for structure */
uint32_t crc32;
} SNAP_RUN_BOOT_SELECTION_t;
/* snappy bootselect partition format structure for recovery*/
typedef struct SNAP_RECOVERY_BOOT_SELECTION {
/* Should always contain value of SNAP_BOOTSELECT_SIGNATURE_RECOVERY defined above */
uint32_t signature;
/* Should always contain value of SNAP_BOOTSELECT_VERSION_V2 */
uint32_t version;
/** snapd_recovery_mode is what mode the system will be booted in, one of
* "install", "recover" or "run"
*/
char snapd_recovery_mode[SNAP_NAME_MAX_LEN];
/** snapd_recovery_system defines the recovery system label to be used when
* booting the system, it must be defined to one of the values in the
* bootimg matrix below
*/
char snapd_recovery_system[SNAP_NAME_MAX_LEN];
/**
* Matrix for mapping of recovery system boot img partition to kernel snap
* revisions for those recovery systems
*
* First column represents boot image partition label (e.g. recov_a, recov_a)
* value are static and should be populated at gadget build time
* or latest at image build time. Values are not further altered at run
* time.
* Second column represents the name of the currently installed recovery
* system label there - note that every recovery system has only one
* kernel for it, so this is in effect a proxy for the kernel revision
*
* The initial value representing initial single recovery system is
* populated at image build time by snapd
*
* There are SNAP_RECOVERY_BOOTIMG_PART_NUM rows in the matrix, representing
* all possible recovery systems on the image.
* The following describes how this matrix should be modified at different
* stages:
* - at image build time:
* - default recovery system label should be filled into free slot
* (first row, second column)
* - snapd:
* - when new recovery system is being created, snapd cycles
* through matrix to find unused 'boot slot' to be used for new
* recovery system from free slot, first column represents partition
* label to which kernel snap boot image should be extracted. Second
* column is then populated recovery system label.
* - snapd_recovery_mode and snapd_recovery_system are written/used
* normally when transitioning to/from recover/install/run modes
* - bootloader:
* - bootloader reads snapd_recovery_system to determine what label
* should be searched for in the matrix, then finds the corresponding
* partition label for the kernel snap from that recovery system. Then
* snapd_recovery_mode is read and both variables are put onto the
* kernel commandline when booting the linux kernel
* - bootloader NEVER alters this matrix values
*
* [ <bootimg 1 part label> ] [ <kernel snap revision installed in this boot partition> ]
* [ <bootimg 2 part label> ] [ <kernel snap revision installed in this boot partition> ]
*/
char bootimg_matrix[SNAP_RECOVERY_BOOTIMG_PART_NUM][2][SNAP_NAME_MAX_LEN];
/* name of the boot image from kernel snap to be used for extraction
when not defined or empty, default boot.img will be used */
char bootimg_file_name[SNAP_NAME_MAX_LEN];
/** try_recovery_system contains the label of a recovery system to be
* tried. This entry is completely transparent to the bootloader and is
* only modified by snapd or snap-bootstrap.
*/
char try_recovery_system[SNAP_NAME_MAX_LEN];
/** recovery_system_status contains the status of a tried recovery
* systems, which is one of "", "try", "tried". This entry is completely
* transparent to the bootloader and is only modified by snapd or
* snap-bootstrap
*/
char recovery_system_status[SNAP_NAME_MAX_LEN];
/** device_lock_state contains the lock state of the device. It is used by the
* bootloader to track device lock changes. When lock state changes, device goes
* automatically to install mode. This entry is completely transparent
* to the snapd and is only modified by bootloader.
* Only first char in the array is used (device_lock_state[0])
* Permitted values:
* 0: DEVICE_STATE_UNKNOWN: initial value at first boot.
* This is changed by the bootloader to reflect actual device state.
* 1: DEVICE_STATE_UNLOCKED: unlocked device
* 2: DEVICE_STATE_LOCKED: locked device
*/
char device_lock_state[SNAP_NAME_MAX_LEN];
/* unused placeholders for additional parameters to be used in the future */
char unused_key_01[SNAP_NAME_MAX_LEN];
char unused_key_02[SNAP_NAME_MAX_LEN];
char unused_key_03[SNAP_NAME_MAX_LEN];
char unused_key_04[SNAP_NAME_MAX_LEN];
char unused_key_05[SNAP_NAME_MAX_LEN];
char unused_key_06[SNAP_NAME_MAX_LEN];
char unused_key_07[SNAP_NAME_MAX_LEN];
char unused_key_08[SNAP_NAME_MAX_LEN];
char unused_key_09[SNAP_NAME_MAX_LEN];
char unused_key_10[SNAP_NAME_MAX_LEN];
char unused_key_11[SNAP_NAME_MAX_LEN];
char unused_key_12[SNAP_NAME_MAX_LEN];
char unused_key_13[SNAP_NAME_MAX_LEN];
char unused_key_14[SNAP_NAME_MAX_LEN];
char unused_key_15[SNAP_NAME_MAX_LEN];
char unused_key_16[SNAP_NAME_MAX_LEN];
char unused_key_17[SNAP_NAME_MAX_LEN];
/* unused array of 10 key - value pairs */
char key_value_pairs[10][2][SNAP_NAME_MAX_LEN];
/* crc32 value for structure */
uint32_t crc32;
} SNAP_RECOVERY_BOOT_SELECTION_t;
#endif // _BOOTLOADER_SNAP_BOOT_V2_H