Merge "Define the Bootloader Control A/B structure" am: e6af522 am: b30c6f6
am: 81f13d0

* commit '81f13d0e7dc1b8aac7bd07b9e423ee964db0d819':
  Define the Bootloader Control A/B structure

Change-Id: I0382d5a690a40a81ead3814cebd9fbe3086ca3ff
diff --git a/bootloader.h b/bootloader.h
index 742a4ab..92c74f0 100644
--- a/bootloader.h
+++ b/bootloader.h
@@ -45,7 +45,8 @@
  * commandline parameter. This is used by fs_mgr to mount /system and
  * other partitions with the slotselect flag set in fstab. A/B
  * implementations are free to use all 32 bytes and may store private
- * data past the first NUL-byte in this field.
+ * data past the first NUL-byte in this field. It is encouraged, but
+ * not mandatory, to use 'struct bootloader_control' described below.
  */
 struct bootloader_message {
     char command[32];
@@ -62,6 +63,57 @@
     char reserved[192];
 };
 
+#define BOOT_CTRL_MAGIC   0x42414342 /* Bootloader Control AB */
+#define BOOT_CTRL_VERSION 1
+
+struct slot_metadata {
+    // Slot priority with 15 meaning highest priority, 1 lowest
+    // priority and 0 the slot is unbootable.
+    uint8_t priority : 4;
+    // Number of times left attempting to boot this slot.
+    uint8_t tries_remaining : 3;
+    // 1 if this slot has booted successfully, 0 otherwise.
+    uint8_t successful_boot : 1;
+    // Reserved for further use.
+    uint8_t reserved;
+} __attribute__((packed));
+
+/* Bootloader Control AB
+ *
+ * This struct can be used to manage A/B metadata. It is designed to
+ * be put in the 'slot_suffix' field of the 'bootloader_message'
+ * structure described above. It is encouraged to use the
+ * 'bootloader_control' structure to store the A/B metadata, but not
+ * mandatory.
+ */
+struct bootloader_control {
+    // NUL terminated active slot suffix.
+    char slot_suffix[4];
+    // Bootloader Control AB magic number (see BOOT_CTRL_MAGIC).
+    uint32_t magic;
+    // Version of struct being used (see BOOT_CTRL_VERSION).
+    uint8_t version;
+    // Number of slots being managed.
+    uint8_t nb_slot : 3;
+    // Number of times left attempting to boot recovery.
+    uint8_t recovery_tries_remaining : 3;
+    // Ensure 4-bytes alignment for slot_info field.
+    uint8_t reserved0[2];
+    // Per-slot information.  Up to 4 slots.
+    struct slot_metadata slot_info[4];
+    // Reserved for further use.
+    uint8_t reserved1[8];
+    // CRC32 of all 28 bytes preceding this field (little endian
+    // format).
+    uint32_t crc32_le;
+} __attribute__((packed));
+
+#if (__STDC_VERSION__ >= 201112L)
+_Static_assert(sizeof(struct bootloader_control) ==
+               sizeof(((struct bootloader_message *)0)->slot_suffix),
+               "struct bootloader_control has wrong size");
+#endif
+
 /* Read and write the bootloader command from the "misc" partition.
  * These return zero on success.
  */