Age | Commit message (Collapse) | Author |
|
Instead of specifying the bootdelay as 0 in the default_env.txt, move it
to the cuttlefish.fragment. Specify the bootdelay as -2 now, because
interruption of the delay is implemented with supplemental environment
on CF now, using control flow, and therefore this hardens the autoboot
feature on other devices.
Change-Id: I9fe779f864a96a63323af608a9c436d2e367588b
Signed-off-by: Alistair Delva <adelva@google.com>
|
|
In default_env.txt, reset if a uboot_env partition exists but fails to
be loaded and verified. Also reset if the Android boot fails. This
prevents the VM from hanging due to one of these failures.
Bug: 218524777
Signed-off-by: Andrew Scull <ascull@google.com>
Change-Id: Ifc96c08c2fe8d5e7627d0c7387d1b38e4435d0d6
|
|
cbootargs is not verified. Let's keep the default env simple / secure
and allow boards downstream to import cbootargs if they need it, through
supplemental environment.
Bug: 216304872
Change-Id: I90254b0f5dca815fa97fefd4becf6c0389682357
|
|
Move Android boot flow bits to bootcmd_android and add an intermediary
uenvcmd which can be overridden by a supplemental environment.
Bug: 216304872
Change-Id: I8b35e7222aac1a693ba4cdca377bf0bd41ecbae4
|
|
Implement "env verified_import" to enable loading U-Boot environment
that is supplementary to the default environment (use '-d' to replace
the default environment).
The environment keys are only loaded if the partition is in the vbmeta
chain and verification is successful. If either the partition is not in
the chain, or the partition data has been tampered with, the keys will
not be imported. This implements a secure way to augment the default
U-Boot environment.
This code is almost entirely the same as aosp/1964846, but it is not
limited to running at env initialization time and can work with any
interface, device or named partition, in any format supported by the
U-Boot avb code.
Bug: 216304872
Change-Id: I1e1728c348837f1d3db87b0f35c8bb6244386ca7
|
|
Recent changes to the bootloader have made booting Android much simpler,
with fewer workarounds required. Avoid loading the bootloader
environment from disk, which provides a control vector for an attacker.
This makes the cuttlefish and microdroid bootloaders like kiwi's.
On microdroid, the device "0#misc" will be used, even though this
platform does not have a misc partition. The bootloader will
automatically detect this and fall back to "0", which means the Android
boot flow will assume NORMAL boot is wanted, and the slot suffix should
be "_a".
Bug: 216304872
Change-Id: Ib8dc81000ae42e56b321041c1119630cf698723b
|