diff --git a/tools/releasetools/add_img_to_target_files.py b/tools/releasetools/add_img_to_target_files.py index 52d3918926..91213ba59d 100755 --- a/tools/releasetools/add_img_to_target_files.py +++ b/tools/releasetools/add_img_to_target_files.py @@ -53,6 +53,7 @@ if sys.hexversion < 0x02070000: import datetime import errno +import hashlib import os import shlex import shutil @@ -532,6 +533,17 @@ def AddImagesToTargetFiles(filename): has_recovery = (OPTIONS.info_dict.get("no_recovery") != "true") + if OPTIONS.info_dict.get("avb_enable") == "true": + fp = None + if "build.prop" in OPTIONS.info_dict: + build_prop = OPTIONS.info_dict["build.prop"] + if "ro.build.fingerprint" in build_prop: + fp = build_prop["ro.build.fingerprint"] + elif "ro.build.thumbprint" in build_prop: + fp = build_prop["ro.build.thumbprint"] + if fp: + OPTIONS.info_dict["avb_salt"] = hashlib.sha256(fp).hexdigest() + def banner(s): print("\n\n++++ " + s + " ++++\n\n") diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py index d2c9f59700..94626d7936 100755 --- a/tools/releasetools/build_image.py +++ b/tools/releasetools/build_image.py @@ -126,7 +126,7 @@ def AVBCalcMaxImageSize(avbtool, footer_type, partition_size, additional_args): return int(output) def AVBAddFooter(image_path, avbtool, footer_type, partition_size, - partition_name, key_path, algorithm, + partition_name, key_path, algorithm, salt, additional_args): """Adds dm-verity hashtree and AVB metadata to an image. @@ -138,6 +138,7 @@ def AVBAddFooter(image_path, avbtool, footer_type, partition_size, partition_name: The name of the partition - will be embedded in metadata. key_path: Path to key to use or None. algorithm: Name of algorithm to use or None. + salt: The salt to use (a hexadecimal string) or None. additional_args: Additional arguments to pass to 'avbtool add_hashtree_image'. Returns: @@ -150,6 +151,8 @@ def AVBAddFooter(image_path, avbtool, footer_type, partition_size, if key_path and algorithm: cmd.extend(["--key", key_path, "--algorithm", algorithm]) + if salt: + cmd.extend(["--salt", salt]) cmd.extend(shlex.split(additional_args)) @@ -592,10 +595,11 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None): # key_path and algorithm are only available when chain partition is used. key_path = prop_dict.get("avb_key_path") algorithm = prop_dict.get("avb_algorithm") + salt = prop_dict.get("avb_salt") # avb_add_hash_footer_args or avb_add_hashtree_footer_args additional_args = prop_dict["avb_add_" + avb_footer_type + "_footer_args"] if not AVBAddFooter(out_file, avbtool, avb_footer_type, original_partition_size, - partition_name, key_path, algorithm, additional_args): + partition_name, key_path, algorithm, salt, additional_args): return False if run_fsck and prop_dict.get("skip_fsck") != "true": @@ -641,8 +645,9 @@ def ImagePropFromGlobalDict(glob_dict, mount_point): "verity_signer_cmd", "verity_fec", "avb_enable", - "avb_avbtool" - ) + "avb_avbtool", + "avb_salt", + ) for p in common_props: copy_prop(p, p) diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py index 789fefeceb..97261255cf 100644 --- a/tools/releasetools/common.py +++ b/tools/releasetools/common.py @@ -353,6 +353,10 @@ def AppendAVBSigningArgs(cmd, partition): algorithm = OPTIONS.info_dict.get("avb_" + partition + "_algorithm") if key_path and algorithm: cmd.extend(["--key", key_path, "--algorithm", algorithm]) + avb_salt = OPTIONS.info_dict.get("avb_salt") + # make_vbmeta_image doesn't like "--salt" (and it's not needed). + if avb_salt and partition != "vbmeta": + cmd.extend(["--salt", avb_salt]) def _BuildBootableImage(sourcedir, fs_config_file, info_dict=None,