xref: /aosp_15_r20/hardware/interfaces/boot/1.0/IBootControl.hal (revision 4d7e907c777eeecc4c5bd7cf640a754fac206ff7)

/*
 * Copyright 2016 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package [email protected];

/**
 * The Boot Control HAL is designed to allow for managing sets of redundant
 * partitions, called slots, that can be booted from independently. Slots
 * are sets of partitions whose names differ only by a given suffix.
 * They are identified here by a 0 indexed number and associated with their
 * suffix, which is appended to the base name for any particular partition
 * to find the one associated with that slot.
 * The primary use of this set up is to allow for background updates while
 * the device is running, and to provide a fallback in the event that the
 * update fails.
 */
interface IBootControl {
  /**
   * getNumberSlots() returns the number of available slots.
   * For instance, a system with a single set of partitions must return
   * 1, a system with A/B must return 2, A/B/C -> 3 and so on. A system with
   * less than two slots doesn't support background updates, for example if
   * running from a virtual machine with only one copy of each partition for the
   * purpose of testing.
   */
  getNumberSlots() generates (uint32_t numSlots);

  /**
   * getCurrentSlot() returns the slot number of that the current boot is booted
   * from, for example slot number 0 (Slot A). It is assumed that if the current
   * slot is A, then the block devices underlying B can be accessed directly
   * without any risk of corruption.
   * The returned value is always guaranteed to be strictly less than the
   * value returned by getNumberSlots. Slots start at 0 and finish at
   * getNumberSlots() - 1. The value returned here must match the suffix passed
   * from the bootloader, regardless of which slot is active or successful.
   */
  getCurrentSlot() generates (Slot slot);

  /**
   * markBootSuccessful() marks the current slot as having booted successfully.
   *
   * Returns whether the command succeeded.
   */
  markBootSuccessful() generates (CommandResult error);

  /**
   * setActiveBootSlot() marks the slot passed in parameter as the active boot
   * slot (see getCurrentSlot for an explanation of the "slot" parameter). This
   * overrides any previous call to setSlotAsUnbootable.
   * Returns whether the command succeeded.
   */
  setActiveBootSlot(Slot slot) generates (CommandResult error);

  /**
   * setSlotAsUnbootable() marks the slot passed in parameter as
   * an unbootable. This can be used while updating the contents of the slot's
   * partitions, so that the system must not attempt to boot a known bad set up.
   * Returns whether the command succeeded.
   */
  setSlotAsUnbootable(Slot slot) generates (CommandResult error);

  /**
   * isSlotBootable() returns if the slot passed in parameter is bootable. Note
   * that slots can be made unbootable by both the bootloader and by the OS
   * using setSlotAsUnbootable.
   * Returns TRUE if the slot is bootable, FALSE if it's not, and INVALID_SLOT
   * if slot does not exist.
   */
  isSlotBootable(Slot slot) generates (BoolResult bootable);

  /**
   * isSlotMarkedSucessful() returns if the slot passed in parameter has been
   * marked as successful using markBootSuccessful. Note that only the current
   * slot can be marked as successful but any slot can be queried.
   * Returns TRUE if the slot has been marked as successful, FALSE if it has
   * not, and INVALID_SLOT if the slot does not exist.
   */
  isSlotMarkedSuccessful(Slot slot) generates (BoolResult successful);

  /**
   * getSuffix() returns the string suffix used by partitions that correspond to
   * the slot number passed in as a parameter. The bootloader must pass the
   * suffix of the currently active slot either through a kernel command line
   * property at androidboot.slot_suffix, or the device tree at
   * /firmware/android/slot_suffix.
   * Returns the empty string "" if slot does not match an existing slot.
   */
  getSuffix(Slot slot) generates (string slotSuffix);
};