This adds the UUU UCmd functionality as an OEM command. While the fastboot tool allows sending arbitrary commands as long as they are prefixed with "oem". This allows running generic U-Boot commands over fastboot without UUU, which is especially useful when not using USB. This is really the route we should have gone in the first place when adding these commands.
While we're here, clean up the UUU Kconfig a bit. Signed-off-by: Sean Anderson <sean.ander...@seco.com> --- This commit is based on [1]. [1] https://lore.kernel.org/u-boot/20221215101547.1.Ic4654626494193d6dd4788d14fda0aae447783a5@changeid/ Changes in v3: - Further document command capabilities - Use a separate config for oem run Changes in v2: - Document usage - Keep enum in order doc/android/fastboot.rst | 18 ++++++++++++++++++ drivers/fastboot/Kconfig | 19 ++++++++++++++----- drivers/fastboot/fb_command.c | 4 ++++ include/fastboot.h | 1 + 4 files changed, 37 insertions(+), 5 deletions(-) diff --git a/doc/android/fastboot.rst b/doc/android/fastboot.rst index 7611f07038..1ad8a897c8 100644 --- a/doc/android/fastboot.rst +++ b/doc/android/fastboot.rst @@ -28,6 +28,7 @@ The following OEM commands are supported (if enabled): - ``oem partconf`` - this executes ``mmc partconf %x <arg> 0`` to configure eMMC with <arg> = boot_ack boot_partition - ``oem bootbus`` - this executes ``mmc bootbus %x %s`` to configure eMMC +- ``oem run`` - this executes an arbitrary U-Boot command Support for both eMMC and NAND devices is included. @@ -227,6 +228,23 @@ and on the U-Boot side you should see:: Starting kernel ... +Running Shell Commands +^^^^^^^^^^^^^^^^^^^^^^ + +Normally, arbitrary U-Boot command execution is not enabled. This is so +fastboot can be used to update systems using verified boot. However, such +functionality can be useful for production or when verified boot is not in use. +Enable ``CONFIG_FASTBOOT_OEM_RUN`` to use this functionality. This will enable +``oem run`` command, which can be used with the fastboot client. For example, +to print "Hello at 115200 baud" (or whatever ``CONFIG_BAUDRATE`` is), run:: + + $ fastboot oem run:'echo Hello at $baudrate baud' + +You can run any command you would normally run on the U-Boot command line, +including multiple commands (using e.g. ``;`` or ``&&``) and control structures +(``if``, ``while``, etc.). The exit code of ``fastboot`` will reflect the exit +code of the command you ran. + References ---------- diff --git a/drivers/fastboot/Kconfig b/drivers/fastboot/Kconfig index b97c67bf60..eefa34779c 100644 --- a/drivers/fastboot/Kconfig +++ b/drivers/fastboot/Kconfig @@ -80,12 +80,13 @@ config FASTBOOT_FLASH this to enable the "fastboot flash" command. config FASTBOOT_UUU_SUPPORT - bool "Enable FASTBOOT i.MX UUU special command" + bool "Enable UUU support" help - The fastboot protocol includes "UCmd" and "ACmd" command. - Be aware that you provide full access to any U-Boot command, - including working with memory and may open a huge backdoor, - when enabling this option. + This extends the fastboot protocol with the "UCmd" and "ACmd" + commands, which are used by NXP's "universal update utility" (UUU). + These commands allow running any shell command. Do not enable this + feature if you are using verified boot, as it will allow an attacker + to bypass any restrictions you have in place. choice prompt "Flash provider for FASTBOOT" @@ -218,6 +219,14 @@ config FASTBOOT_CMD_OEM_BOOTBUS Add support for the "oem bootbus" command from a client. This set the mmc boot configuration for the selecting eMMC device. +config FASTBOOT_OEM_RUN + bool "Enable the 'oem run' command" + help + This extends the fastboot protocol with an "oem run" command. This + command allows running arbitrary U-Boot shell commands. Do not enable + this feature if you are using verified boot, as it will allow an + attacker to bypass any restrictions you have in place. + endif # FASTBOOT endmenu diff --git a/drivers/fastboot/fb_command.c b/drivers/fastboot/fb_command.c index f0fd605854..67a9479828 100644 --- a/drivers/fastboot/fb_command.c +++ b/drivers/fastboot/fb_command.c @@ -102,6 +102,10 @@ static const struct { .command = "oem bootbus", .dispatch = CONFIG_IS_ENABLED(FASTBOOT_CMD_OEM_BOOTBUS, (oem_bootbus), (NULL)) }, + [FASTBOOT_COMMAND_OEM_RUN] = { + .command = "oem run", + .dispatch = CONFIG_IS_ENABLED(FASTBOOT_OEM_RUN, (run_ucmd), (NULL)) + }, [FASTBOOT_COMMAND_UCMD] = { .command = "UCmd", .dispatch = CONFIG_IS_ENABLED(FASTBOOT_UUU_SUPPORT, (run_ucmd), (NULL)) diff --git a/include/fastboot.h b/include/fastboot.h index d062a3469e..07f4c8fa71 100644 --- a/include/fastboot.h +++ b/include/fastboot.h @@ -36,6 +36,7 @@ enum { FASTBOOT_COMMAND_OEM_FORMAT, FASTBOOT_COMMAND_OEM_PARTCONF, FASTBOOT_COMMAND_OEM_BOOTBUS, + FASTBOOT_COMMAND_OEM_RUN, FASTBOOT_COMMAND_ACMD, FASTBOOT_COMMAND_UCMD, FASTBOOT_COMMAND_COUNT -- 2.35.1.1320.gc452695387.dirty
