fidl_fuchsia_paver

Enum BootManagerRequest

Source 
pub enum BootManagerRequest {
    QueryCurrentConfiguration {
        responder: BootManagerQueryCurrentConfigurationResponder,
    },
    QueryActiveConfiguration {
        responder: BootManagerQueryActiveConfigurationResponder,
    },
    QueryConfigurationLastSetActive {
        responder: BootManagerQueryConfigurationLastSetActiveResponder,
    },
    QueryConfigurationStatus {
        configuration: Configuration,
        responder: BootManagerQueryConfigurationStatusResponder,
    },
    QueryConfigurationStatusAndBootAttempts {
        configuration: Configuration,
        responder: BootManagerQueryConfigurationStatusAndBootAttemptsResponder,
    },
    SetConfigurationActive {
        configuration: Configuration,
        responder: BootManagerSetConfigurationActiveResponder,
    },
    SetConfigurationUnbootable {
        configuration: Configuration,
        responder: BootManagerSetConfigurationUnbootableResponder,
    },
    SetConfigurationHealthy {
        configuration: Configuration,
        responder: BootManagerSetConfigurationHealthyResponder,
    },
    SetOneShotRecovery {
        responder: BootManagerSetOneShotRecoveryResponder,
    },
    Flush {
        responder: BootManagerFlushResponder,
    },
}
Expand description

Protocol for managing boot configurations.

All functions will first check the A/B/R metadata and reset it to the default state if it’s invalid.

Operations which change the configuration are applied transactionally and will not be persisted to storage until Flush() is called, at which point they will all be applied (or none at all). If any of the operations fail (which is generally unexpected), the current set of changes may be discarded.

The connection will be immediately closed with an epitaph of ZX_ERR_NOT_SUPPORTED if A/B/R is not supported.

Variants§

§

QueryCurrentConfiguration

Queries the configuration the system is currently running.

Returns ZX_ERR_NOT_SUPPORTED if the zvb.current_slot boot argument cannot be read or is an unexpected value.

§

QueryActiveConfiguration

Queries the configuration which will be used as the default boot choice on a normal cold boot, which may differ from the currently running configuration. Configuration::RECOVERY should never be active.

Returns ZX_ERR_NOT_SUPPORTED if Configuration.RECOVERY is active.

§

QueryConfigurationLastSetActive

Queries the configuration that was last explicitly marked as active by SetConfigurationActive(). The result is not affected by the current status of the slot.

A newly updated slot is typically marked as active immediately. Therefore this interface can be used as a way to identify the newest slot.

Returns ZX_ERR_IO if fail to load abr metadata. Returns ZX_ERR_INTERNAL if invalid slot index is returned by libabr routine.

§

QueryConfigurationStatus

Queries status of configuration.

Returns ZX_ERR_INVALID_ARGS if Configuration.RECOVERY is passed in via configuration.

§

QueryConfigurationStatusAndBootAttempts

Queries status of configuration.

The returned table contains:

  • status: the current ConfigurationStatus

  • boot_attempts: if status is ConfigurationStatus::PENDING, this will be the number of times this configuration has attempted to boot, including the current attempt. For any other status this value will not be provided.

    If provided, this value will be in the range [0, MAX_PENDING_BOOT_ATTEMPTS]. 0 indicates the configuration was just set active and has not attempted any boots yet, and MAX_PENDING_BOOT_ATTEMPTS indicates that all attempts have been used.

  • unbootable_reason: if status is ConfigurationStatus::UNBOOTABLE, this will be the reported reason for why the configuration is unbootable. For any other status this value will not be provided.

Returns ZX_ERR_INVALID_ARGS if Configuration.RECOVERY is passed in via configuration.

§

SetConfigurationActive

Updates persistent metadata identifying which configuration should be selected as ‘primary’ for booting purposes. Should only be called after KERNEL as well as optional VERIFIED_BOOT_METADATA assets for specified configuration were written successfully.

Also resets the boot attempts count for the given Configuration.

Returns ZX_ERR_INVALID_ARGS if Configuration.RECOVERY is passed in via configuration.

§

SetConfigurationUnbootable

Updates persistent metadata identifying whether configuration is bootable. Should only be called in the following situations:

  • Before KERNEL as well as optional VERIFIED_BOOT_METADATA assets for specified configuration are written.
  • After successfully booting from a new configuration and marking it healthy. This method would be then called on the old configuration.
  • After “successfully” booting from a new configuration, but encountering an unrecoverable error during health check. This method would be then called on the new configuration.

If the configuration is unbootable, no action is taken.

Returns ZX_ERR_INVALID_ARGS if Configuration.RECOVERY is passed in via configuration.

§

SetConfigurationHealthy

Updates persistent metadata to mark a [fuchsia.paver/Configuration] as successful.

This function is typically used by the OS update system after having confirmed that the configuration works as intended and the “rollback to previous slot” logic is not needed anymore.

Compatibility between the newly successful configuration and the other configuration is unknown. Even if the other configuration was successful at one point, it may no longer be. This function adds a success mark to the given configuration but also removes any success mark on the other.

If configuration is unbootable or is [fuchsia.paver/Configuration.RECOVERY], response will be ZX_ERR_INVALID_ARGS.

  • request configuration the Configuration to mark as healthy. Must not be RECOVERY.
  • response status a zx_status value indicating success or failure.
§

SetOneShotRecovery

Force device to boot to recovery in the next reboot/power cycle. This will only be triggered once and will be reset after the reboot. State of A/B configuration slot will not be affected.

§

Flush

Flush all previously buffered writes to persistent storage.

Implementations§

Trait Implementations§

Source§

impl Debug for BootManagerRequest

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<T, D> Encode<Ambiguous1, D> for T
where D: ResourceDialect,

§

unsafe fn encode( self, _encoder: &mut Encoder<'_, D>, _offset: usize, _depth: Depth, ) -> Result<(), Error>

Encodes the object into the encoder’s buffers. Any handles stored in the object are swapped for Handle::INVALID. Read more
§

impl<T, D> Encode<Ambiguous2, D> for T
where D: ResourceDialect,

§

unsafe fn encode( self, _encoder: &mut Encoder<'_, D>, _offset: usize, _depth: Depth, ) -> Result<(), Error>

Encodes the object into the encoder’s buffers. Any handles stored in the object are swapped for Handle::INVALID. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> Pointable for T

§

const ALIGN: usize = _

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.