diff --git a/tools/releasetools/add_img_to_target_files.py b/tools/releasetools/add_img_to_target_files.py index 02f2000a07..1a08cb6fa7 100755 --- a/tools/releasetools/add_img_to_target_files.py +++ b/tools/releasetools/add_img_to_target_files.py @@ -53,6 +53,7 @@ if sys.hexversion < 0x02070000: import datetime import errno +import hashlib import os import shlex import shutil @@ -546,6 +547,17 @@ def AddImagesToTargetFiles(filename): has_recovery = (OPTIONS.info_dict.get("no_recovery") != "true") + if OPTIONS.info_dict.get("avb_enable") == "true": + fp = None + if "build.prop" in OPTIONS.info_dict: + build_prop = OPTIONS.info_dict["build.prop"] + if "ro.build.fingerprint" in build_prop: + fp = build_prop["ro.build.fingerprint"] + elif "ro.build.thumbprint" in build_prop: + fp = build_prop["ro.build.thumbprint"] + if fp: + OPTIONS.info_dict["avb_salt"] = hashlib.sha256(fp).hexdigest() + def banner(s): print("\n\n++++ " + s + " ++++\n\n") diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py index 1b9bb04f1f..ccfa35fc10 100755 --- a/tools/releasetools/build_image.py +++ b/tools/releasetools/build_image.py @@ -120,7 +120,7 @@ def AVBCalcMaxImageSize(avbtool, footer_type, partition_size, additional_args): return int(output) def AVBAddFooter(image_path, avbtool, footer_type, partition_size, - partition_name, key_path, algorithm, + partition_name, key_path, algorithm, salt, additional_args): """Adds dm-verity hashtree and AVB metadata to an image. @@ -132,6 +132,7 @@ def AVBAddFooter(image_path, avbtool, footer_type, partition_size, partition_name: The name of the partition - will be embedded in metadata. key_path: Path to key to use or None. algorithm: Name of algorithm to use or None. + salt: The salt to use (a hexadecimal string) or None. additional_args: Additional arguments to pass to 'avbtool add_hashtree_image'. Returns: @@ -144,6 +145,8 @@ def AVBAddFooter(image_path, avbtool, footer_type, partition_size, if key_path and algorithm: cmd.extend(["--key", key_path, "--algorithm", algorithm]) + if salt: + cmd.extend(["--salt", salt]) cmd.extend(shlex.split(additional_args)) @@ -590,10 +593,11 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None): # key_path and algorithm are only available when chain partition is used. key_path = prop_dict.get("avb_key_path") algorithm = prop_dict.get("avb_algorithm") + salt = prop_dict.get("avb_salt") # avb_add_hash_footer_args or avb_add_hashtree_footer_args additional_args = prop_dict["avb_add_" + avb_footer_type + "_footer_args"] if not AVBAddFooter(out_file, avbtool, avb_footer_type, original_partition_size, - partition_name, key_path, algorithm, additional_args): + partition_name, key_path, algorithm, salt, additional_args): return False if run_fsck and prop_dict.get("skip_fsck") != "true": @@ -639,8 +643,9 @@ def ImagePropFromGlobalDict(glob_dict, mount_point): "verity_signer_cmd", "verity_fec", "avb_enable", - "avb_avbtool" - ) + "avb_avbtool", + "avb_salt", + ) for p in common_props: copy_prop(p, p) diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py index 34c334e40f..f3096c924b 100644 --- a/tools/releasetools/common.py +++ b/tools/releasetools/common.py @@ -353,6 +353,10 @@ def AppendAVBSigningArgs(cmd, partition): algorithm = OPTIONS.info_dict.get("avb_" + partition + "_algorithm") if key_path and algorithm: cmd.extend(["--key", key_path, "--algorithm", algorithm]) + avb_salt = OPTIONS.info_dict.get("avb_salt") + # make_vbmeta_image doesn't like "--salt" (and it's not needed). + if avb_salt and partition != "vbmeta": + cmd.extend(["--salt", avb_salt]) def _BuildBootableImage(sourcedir, fs_config_file, info_dict=None,