Merge "releasetools: Allow verifying chained vbmeta partitions."

tools/releasetools/common.py

@@ -99,6 +99,9 @@ SPECIAL_CERT_STRINGS = ("PRESIGNED", "EXTERNAL")
 AVB_PARTITIONS = ('boot', 'dtbo', 'odm', 'product', 'product_services',
                   'recovery', 'system', 'vendor')
 
+# Chained VBMeta partitions.
+AVB_VBMETA_PARTITIONS = ('vbmeta_system', 'vbmeta_vendor')
+
 # Partitions that should have their care_map added to META/care_map.pb
 PARTITIONS_WITH_CARE_MAP = ('system', 'vendor', 'product', 'product_services',
                             'odm')

tools/releasetools/validate_target_files.py

@@ -327,11 +327,14 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options):
     cmd = ['avbtool', 'verify_image', '--image', image, '--key', key]
 
     # Append the args for chained partitions if any.
-    for partition in common.AVB_PARTITIONS:
+    for partition in common.AVB_PARTITIONS + common.AVB_VBMETA_PARTITIONS:
       key_name = 'avb_' + partition + '_key_path'
       if info_dict.get(key_name) is not None:
+        # Use the key file from command line if specified; otherwise fall back
+        # to the one in info dict.
+        key_file = options.get(key_name, info_dict[key_name])
         chained_partition_arg = common.GetAvbChainedPartitionArg(
-            partition, info_dict, options[key_name])
+            partition, info_dict, key_file)
         cmd.extend(["--expected_chain_partition", chained_partition_arg])
 
     proc = common.Run(cmd)
@@ -357,7 +360,7 @@ def main():
       help='the verity public key to verify the bootable images (Verified '
            'Boot 1.0), or the vbmeta image (Verified Boot 2.0, aka AVB), where '
            'applicable')
-  for partition in common.AVB_PARTITIONS:
+  for partition in common.AVB_PARTITIONS + common.AVB_VBMETA_PARTITIONS:
     parser.add_argument(
         '--avb_' + partition + '_key_path',
         help='the public or private key in PEM format to verify AVB chained '