Merge "releasetools: Re-enable verifying AVB-signed images."

am: 5ed75d74e3

Change-Id: I45ff35f4b64967f5dd0c539b5abf535ab648408a
This commit is contained in:
Tao Bao 2019-03-26 20:36:22 -07:00 committed by android-build-merger
commit 26b2664dce

View file

@ -318,9 +318,31 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options):
if info_dict.get("avb_enable") == "true": if info_dict.get("avb_enable") == "true":
logging.info('Verifying Verified Boot 2.0 (AVB) images...') logging.info('Verifying Verified Boot 2.0 (AVB) images...')
# TODO(b/120517892): Temporarily disable the verification for AVB-signed key = options['verity_key']
# images. Needing supporting changes in caller to pass in the desired keys. if key is None:
logging.info('Temporarily disabled due to b/120517892') key = info_dict['avb_vbmeta_key_path']
# avbtool verifies all the images that have descriptors listed in vbmeta.
image = os.path.join(input_tmp, 'IMAGES', 'vbmeta.img')
cmd = ['avbtool', 'verify_image', '--image', image, '--key', key]
# Append the args for chained partitions if any.
for partition in common.AVB_PARTITIONS:
key_name = 'avb_' + partition + '_key_path'
if info_dict.get(key_name) is not None:
chained_partition_arg = common.GetAvbChainedPartitionArg(
partition, info_dict, options[key_name])
cmd.extend(["--expected_chain_partition", chained_partition_arg])
proc = common.Run(cmd)
stdoutdata, _ = proc.communicate()
assert proc.returncode == 0, \
'Failed to verify {} with avbtool (key: {}):\n{}'.format(
image, key, stdoutdata)
logging.info(
'Verified %s with avbtool (key: %s):\n%s', image, key,
stdoutdata.rstrip())
def main(): def main():