fastboot: Add OEM run command

This adds the UUU UCmd functionality as an OEM command. While the
fastboot tool allows sending arbitrary commands as long as they are
prefixed with "oem". This allows running generic U-Boot commands over
fastboot without UUU, which is especially useful when not using USB.
This is really the route we should have gone in the first place when
adding these commands.

While we're here, clean up the UUU Kconfig a bit.

Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Reviewed-by: Heiko Schocher <hs@denx.de>

doc/android/fastboot.rst

@@ -28,6 +28,7 @@ The following OEM commands are supported (if enabled):
 - ``oem partconf`` - this executes ``mmc partconf %x <arg> 0`` to configure eMMC
   with <arg> = boot_ack boot_partition
 - ``oem bootbus``  - this executes ``mmc bootbus %x %s`` to configure eMMC
+- ``oem run`` - this executes an arbitrary U-Boot command
 
 Support for both eMMC and NAND devices is included.
 
@@ -227,6 +228,23 @@ and on the U-Boot side you should see::
 
    Starting kernel ...
 
+Running Shell Commands
+^^^^^^^^^^^^^^^^^^^^^^
+
+Normally, arbitrary U-Boot command execution is not enabled. This is so
+fastboot can be used to update systems using verified boot. However, such
+functionality can be useful for production or when verified boot is not in use.
+Enable ``CONFIG_FASTBOOT_OEM_RUN`` to use this functionality. This will enable
+``oem run`` command, which can be used with the fastboot client. For example,
+to print "Hello at 115200 baud" (or whatever ``CONFIG_BAUDRATE`` is), run::
+
+    $ fastboot oem run:'echo Hello at $baudrate baud'
+
+You can run any command you would normally run on the U-Boot command line,
+including multiple commands (using e.g. ``;`` or ``&&``) and control structures
+(``if``, ``while``, etc.). The exit code of ``fastboot`` will reflect the exit
+code of the command you ran.
+
 References
 ----------
 

drivers/fastboot/Kconfig

@@ -80,12 +80,13 @@ config FASTBOOT_FLASH
 	  this to enable the "fastboot flash" command.
 
 config FASTBOOT_UUU_SUPPORT
-	bool "Enable FASTBOOT i.MX UUU special command"
+	bool "Enable UUU support"
 	help
-	  The fastboot protocol includes "UCmd" and "ACmd" command.
-	  Be aware that you provide full access to any U-Boot command,
-	  including working with memory and may open a huge backdoor,
-	  when enabling this option.
+	  This extends the fastboot protocol with the "UCmd" and "ACmd"
+	  commands, which are used by NXP's "universal update utility" (UUU).
+	  These commands allow running any shell command. Do not enable this
+	  feature if you are using verified boot, as it will allow an attacker
+	  to bypass any restrictions you have in place.
 
 choice
 	prompt "Flash provider for FASTBOOT"
@@ -218,6 +219,14 @@ config FASTBOOT_CMD_OEM_BOOTBUS
 	  Add support for the "oem bootbus" command from a client. This set
 	  the mmc boot configuration for the selecting eMMC device.
 
+config FASTBOOT_OEM_RUN
+	bool "Enable the 'oem run' command"
+	help
+	  This extends the fastboot protocol with an "oem run" command. This
+	  command allows running arbitrary U-Boot shell commands. Do not enable
+	  this feature if you are using verified boot, as it will allow an
+	  attacker to bypass any restrictions you have in place.
+
 endif # FASTBOOT
 
 endmenu

drivers/fastboot/fb_command.c

@@ -102,6 +102,10 @@ static const struct {
 		.command = "oem bootbus",
 		.dispatch = CONFIG_IS_ENABLED(FASTBOOT_CMD_OEM_BOOTBUS, (oem_bootbus), (NULL))
 	},
+	[FASTBOOT_COMMAND_OEM_RUN] = {
+		.command = "oem run",
+		.dispatch = CONFIG_IS_ENABLED(FASTBOOT_OEM_RUN, (run_ucmd), (NULL))
+	},
 	[FASTBOOT_COMMAND_UCMD] = {
 		.command = "UCmd",
 		.dispatch = CONFIG_IS_ENABLED(FASTBOOT_UUU_SUPPORT, (run_ucmd), (NULL))

include/fastboot.h

@@ -36,6 +36,7 @@ enum {
 	FASTBOOT_COMMAND_OEM_FORMAT,
 	FASTBOOT_COMMAND_OEM_PARTCONF,
 	FASTBOOT_COMMAND_OEM_BOOTBUS,
+	FASTBOOT_COMMAND_OEM_RUN,
 	FASTBOOT_COMMAND_ACMD,
 	FASTBOOT_COMMAND_UCMD,
 	FASTBOOT_COMMAND_COUNT