Background
Currently, eMMC boot configuration on 7x30 requires modem EFS partition to be mounted on a RAM FS. AMSS maintains a copy of the RAMFS loaded by boot loaders and a copy of the same is available for Apps_proc to sync to eMMC device upon updates to it on regular intervals. Two copies of the EFS partitions are maintained on eMMC device for ping-ponged update.Though the Modem EFS partitions are encrypted when in eMMC device, they are not protected from unauthorized access since they are accessed in HLOS. Proposal is to keep a backup partition stored on eMMC device and write protect it before the HLOS take control of the eMMC device. This ensures that we always have backup and when a compromise on the FS integrity is detected, a recovery process can be initiated.
The backup and recovery can be triggered by EFS through Boot Cookie interface and can be performed in the boot loader.
Implementation
New partition entry HOTPLUG_PARTITION_ID_BOOT_MODEM_FS_BKP (0x58) is added in the partition.xml for the backup file system partition
Backup Process
1. EFS/Hotplug initiates backup by calling amssboot API for setting backup cookie in IRAM � boot_set_cookie().
2. Phone resets and goes up to OSBL in the normal boot sequence.
3. OSBL checks for cookie by calling boot_get_cookie() during osbl_load_ramfs()
4. If the cookie is not set, normal boot sequence is continued
5. RAMFS1 and RAMFS2 partitions are read into their respective locations in RAM.
6. Based on the RAMFS partition number read from the payload, one of these buffers will be written to BACKUP_RAMFS partition using hotplug API.
7. Clear the cookie upon success.
8. Normal boot sequence is continued after osbl_load_ramfs().
9. At the end of boot loader sequence, set the write protection for backup partitions
Recovery Process
1. EFS initiates recovery process by calling amssboot API boot_set_cookie() for setting recovery cookie in IRAM.
2. Phone resets and goes up to OSBL in the normal boot sequence
3. OSBL checks for cookie by calling boot_get_cookie() during osbl_load_ramfs()
4. If the cookie is not set, normal boot sequence is continued
5. BACKUP_RAMFS partition is loaded from eMMC device instead of RAMFS1 to the RAMFS1 RAM location.
6. RAMFS2 partition is loaded to it respective RAM location as normal.
7. Normal boot sequence is continued after osbl_load_ramfs() without clearing the recovery cookie.
8. At the end of boot loaders, set the write protection for backup partitions
9. During EFS initialization in AMSS, It detects that the restore cookie is set, and intiates a sync operation for writing backup partitions to respective modem EFS partitions.
Assumption is that, Backup and recovery of EFS partitions is not initiated at once.
No comments:
Post a Comment