Commit graph

1052 commits

Author SHA1 Message Date
Treehugger Robot
0effed4b94 Merge "AVB: support chain partition signing" 2017-06-20 06:57:34 +00:00
Treehugger Robot
9baf675285 Merge "Allow sign_target_files_apks.py to create zip64 signed TF.zip." 2017-06-14 05:36:51 +00:00
Tao Bao
2b8f489e30 Allow sign_target_files_apks.py to create zip64 signed TF.zip.
We should only disallow zip64 for the image and OTA zips (because we
don't have zip64 support in libziparchive yet). But target_files zips
are fine to use zip64 with host tools (and we already do that in
add_img_to_target_files.py).

This CL also sets the default compression method to DEFLATED when
creating the signed TF.zip.

Test: sign_target_files.apks.py signing a large TF.zip passes.
Change-Id: I8043739860604134fa1166e920c95c28797bbcc1
2017-06-13 13:01:23 -07:00
Tianjie Xu
9ac4cb0984 Fix duplicate 'META/care_map.txt' when calling add_img_to_target_files
In case the system/vendor image is updated for an A/B target file, we'll
delay the write of META/care_map.txt. Specifically, we'll run "zip -d"
to remove the old entry and then zip in the new one from tmp dir.

Bug: 62345693
Test: Run add_img_to_target_files.py on sailfish target files, and
care_map.txt is updated.

Change-Id: Id2f9997aac50c0740e6944d0d0d43d98f5fc6c29
2017-06-13 11:20:29 -07:00
Bowgo Tsai
3e599ead66 AVB: support chain partition signing
Current build system will include AVB metadata from each partition and
store them into /vbmeta partiton when BOARD_AVB_ENABLE is set, which makes
each partition tightly-coupled.

Add the support for 'chain partition':
  - The vbmeta of each partition is stored on the same partition itself.
  - The public key used to verify each partition is stored in /vbmeta.

For example, the following build variables are required to enable chain
partition for system partition:
  - BOARD_AVB_SYSTEM_KEY_PATH := path/to/system_private_key
  - BOARD_AVB_SYSTEM_ALGORITHM := SHA512_RSA8192
  - BOARD_AVB_SYSTEM_ROLLBACK_INDEX := 1
  - BOARD_AVB_SYSTEM_ROLLBACK_INDEX_LOCATION := 2

The corresponding settings will be added into META/misc_info.txt for
build_image.py and/or add_img_to_target_files.py:
  - avb_system_key_path=path/to/system_private_key
  - avb_system_algorithm=SHA512_RSA8192
  - avb_system_add_hashtree_footer_args=--rollback_index 1
  - avb_system_rollback_index_location=2

To enable chain partition for other partitions, just replace SYSTEM with
BOOT, VENDOR and/or DTBO in the build variables.

Also switch from  `avbtool make_vbmeta_image --setup_rootfs_from_kernel system.img ...`
to `avbtool add_hashtree_footer --image system.img --setup_as_rootfs_from_kernel...`
when BOARD_BUILD_SYSTEM_ROOT_IMAGE is true. This works for both chained
and no-chained:
  - chained: `avbtool add_hashtree_footer --setup_as_rootfs_from_kernel` will
    add dm-verity kernel cmdline descriptor to system.img
  - no-chained: `avbtool make_vbmeta_image --include_descriptors_from_image
    system.img` will include the kernel cmdline descriptor from system.img into
    vbmeta.img

Bug: 38399657
Test: `make` pass, flash images from $OUT and boot device without chain partitions
Test: `make` pass, flash images from $OUT and boot device with chain partitions
Test: `make dist` pass, flash images from TF.zip and boot device without chain partitions
Test: `make dist` pass, flash images from TF.zip and boot device with chain partitions
Test: follow the same steps in
      https://android-review.googlesource.com/#/c/407572/

Change-Id: I344f79290743d7d47b5e7441b3a21df812a69099
2017-06-13 17:45:10 +08:00
Treehugger Robot
d6e8002734 Merge "Delay the write-back of misc_info in sign_target_files_apks.py." 2017-06-08 22:24:53 +00:00
Tao Bao
46a5999a02 Delay the write-back of misc_info in sign_target_files_apks.py.
Currently we're writing META/misc_info.txt to the new TF.zip during
ReplaceVerityPrivateKey(). We should delay that until we have replaced
everything in need. Otherwise we won't be able to replace/overwrite
that zip entry (unless `zip -d` first).

This CL also cleans up the return value of ReplaceVerityPublicKey() and
ReplaceVerityKeyId(), since the caller no longer needs the values.

Test: sign_target_files_apks.py and check the generated signed TF.zip.
Change-Id: I9fbd7182247728281519e5e3971557f6b018ad65
2017-06-07 15:13:50 -07:00
Treehugger Robot
9718140570 Merge "Fix the broken script in AssertFingerprintOrThumbprint." 2017-06-05 22:33:05 +00:00
Tao Bao
d2d01e519e Fix the broken script in AssertFingerprintOrThumbprint.
Bug: 62252466
Test: Re-generate an incremental OTA that goes from the fingerprint to
      thumbprint, and check the updater-script.
Change-Id: I6e2cbf68cbd22fbcf0d200fc3fdc8a33da510a53
2017-06-05 12:27:52 -07:00
Tao Bao
3ebfddeabe Remove three board_avb_* args from META/misc_info.txt.
board_avb_algorithm and board_avb_key_path are overlapping with
avb_signing_args. In core/Makefile, only avb_signing_args (i.e.
INTERNAL_AVB_SIGNING_ARGS) will be used in the AVB-signing command. It
covers the contents in board_avb_{algorithm,key_path}. We should do the
same thing in tools/releasetools to avoid potential inconsistency.

This CL cleans up the logic in tools/releasetools, by always using
avb_signing_args. This also allows easier signing key replacement (so we
can replace the key/algorithm/signer in 'avb_signing_args').

board_avb_system_add_hashtree_footer_args is unused in releasetools
script, and the same information has been covered by
system_avb_add_hashtree_footer_args. This CL removes this arg as well.

Test: `m dist`. Then a) check the removed three args no longer exist in
      META/misc_info.txt; b) check that rebuilding images with
      add_img_to_target_files.py uses the same parameters.
Change-Id: I7db890b5c942de5b6868d8d1ebf937586d4729c0
2017-06-05 10:33:52 -07:00
Tao Bao
4536e45f66 Merge "Support re-generating DTBO image from add_img_to_target_files.py." 2017-06-02 22:13:36 +00:00
Tianjie Xu
65b98cd3b1 Merge "Generate care_map.txt when AVB is enabled" 2017-06-02 18:09:58 +00:00
Tianjie Xu
6b2e155ee6 Generate care_map.txt when AVB is enabled
When AVB is enabled, generate care_map.txt and add it to the target
files. Also copy it into the OTA package where it will later be used
by the update_verifier.

Bug: 62208947
Test: \
1. Run add_img_to_target_files on the TF of a new pixel device,
and care_map.txt generates successfully.

2. Make dist in oc-dr1-release and find care_map.txt in the OTA package.

3. update_verifier succeeds in reading all the blocks on the care_map,
and fails to read out-of-bound blocks.

Change-Id: I2881711e6f87789cb7de150dbeca18b756fed68a
2017-06-01 21:36:43 -07:00
Tao Bao
c633ed0230 Support re-generating DTBO image from add_img_to_target_files.py.
This is a step to enable signing a given target_files zip with release
keys.

When calling sign_target_files_apks.py, we will delete all the entries
under IMAGES/ in order to re-generate them (with the proper release
keys). In order to support that, we need to pack everything in need into
TF.zip.

Steps to test the CL.
a) Choose a target that has both AVB and DTBO enabled.
 $ m dist

b) Check IMAGES/dtbo.img and PREBUILT_IMAGES/dtbo.img both exist in the
   generated out/dist/TF.zip.

c) Remove the entries under IMAGES/ from the generated TF.zip.
 $ zip -d TF.zip IMAGES/\*

d) Re-generate the images with TF.zip.
 $ build/make/tools/releasetools/add_img_to_target_files.py TF.zip

e) Check that IMAGES/dtbo.img is re-generated, and it's identical to the
   image in b). Note that by default the re-generated image will carry a
   different footer, because of the random salt. This CL is verified by
   specifying the same salt.

Bug: 38315721
Test: see above.
Change-Id: I0bdc4e1cd4800962dc3902ca550dad6a8ca56c78
2017-06-01 20:07:33 -07:00
Treehugger Robot
db5fa05429 Merge "Pack avbtool into otatools.zip." 2017-06-01 07:19:17 +00:00
Tao Bao
2bb109709a Remove the obsolete logic in img_from_target_files.py.
img_from_target_files.py used to handle the case that a given TF.zip not
containing the image entries under IMAGES/. That is only the case for
pre-Lollipop releases.

Also unzip the needed files only since we know that for sure now.

Test: img_from_target_files.py with an existing bullhead-TF.zip gives
      the same bullhead-img.zip.
Change-Id: I892379ba388df80ae63be9d3ce647fbb77fd4753
2017-05-31 11:17:56 -07:00
Tao Bao
3cba374da2 Pack avbtool into otatools.zip.
Also pack the test keys for easier testing.

Bug: 38315721
Test: m otatools-package and avbtool is present in otatools.zip.
Change-Id: Ieb63bf3f4bc211ef1f48ab278cb01b70845d06da
2017-05-31 10:20:25 -07:00
Treehugger Robot
fe7aeb1de7 Merge "Support signing custom images with AVB HASH or AVB HASHTREE" 2017-05-31 03:24:25 +00:00
Tianjie Xu
f7a76f9a30 Merge "Remove the obsolete UnpackPackageDir() in edify generator" 2017-05-31 01:08:15 +00:00
Tianjie Xu
616fbeb144 Move recovery building from sign_target_files_apk to add_img_to_target_files
Currently we're building the boot/recovery image twice, which is
redundant. And b/38455129 shows a problematic case when the image
from two builds doesn't match. We should only build the recovery
image once in the add_img_to_target_files.

Bug: 62021378
Test: call sign_target_files_apk on an angler target file,
recovery-from-boot.p generates successfully; and SHA of recovery.img
matches the one in install-recovery.sh.

Change-Id: I01e033501d80c18a87cbb870300eee5c19a04441
2017-05-26 17:20:22 -07:00
Tianjie Xu
38af07ff20 Update the recovery files under SYSTEM/ if recovery patch is rebuilt
If we pass "rebuild_recovery" to add_img_to_target_files, the recovery
patch is rebuilt. But related files under SYSTEM/ (e.g.
SYSTEM/recovery-from-boot.p && SYSTEM/bin/install-recovery.sh) are not
updated.

This may cause a mismatch between system.img and SYSTEM/, and
may lead to a failure in validate_target_files.py.

Bug: 62096364
Test: Rebuild the system image in the TF and observe the recovery files
under SYSTEM/ get updated.

Change-Id: I7d679a612a86d02cf2eff81d1d120c0067138ed9
2017-05-26 22:40:23 +00:00
Bowgo Tsai
7ea994b21c Support signing custom images with AVB HASH or AVB HASHTREE
`make custom_images` supports to build different kinds of *non-droid* images,
e.g., odm.img. Adding the support of signing them with either AVB HASH footer
or AVB HASHTREE footer. The user can use HASH for small images and
HASHTREE for large images.

Sample signing configurations:
 * AVB HASH footer:
   - CUSTOM_IMAGE_AVB_HASH_ENABLE := true
   - CUSTOM_IMAGE_AVB_ADD_HASH_FOOTER_ARGS := --append_to_release_string my_odm_image

 * AVB HASHTREE footer:
   - CUSTOM_IMAGE_AVB_HASHTREE_ENABLE := true
   - CUSTOM_IMAGE_AVB_ADD_HASHTREE_FOOTER_ARGS := --fec_num_roots 8

 * Using custom signing key:
   - CUSTOM_IMAGE_AVB_ALGORITHM := SHA256_RSA2048
   - CUSTOM_IMAGE_AVB_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem

Bug: 36701014
Test: `make custom_images` with AVB HASH footer
Test: `make custom_images` with AVB HASHTREE footer
Test: `make droid` to check system.img is still properly signed with AVB HASHTREE
Test: `make droid` to check vendor.img is still properly signed with AVB HASHTREE

Change-Id: I8dc420e12e37e9a631345c0cd883339db05d489f
2017-05-24 14:21:03 +08:00
Tianjie Xu
6a324ba588 Remove the obsolete UnpackPackageDir() in edify generator
package_extract_dir is used in file based OTA only and should be killed.

Bug: 37959785
Test: code search shows no usage of this function in aosp.
Change-Id: Id3719b969c24b7ecef0c7f0e4a3af09a72be54d4
2017-05-23 17:15:14 -07:00
Tao Bao
406050bdb6 Fix the symlink detection when signing TF.zip.
We used to check for 'attr >> 16 == 0xa1ff' (i.e. 0o120777) to detect
symlinks in the input target_files zip (TF.zip). This becomes broken
after we switch to soong_zip, which packs symlinks with 0o120700.

This CL fixes the issue by using stat.S_ISLNK() instead.

Note that we don't need to stage the files with the exact permission
bits as in the input TF.zip. Because this part is covered by mkbootfs
by using the canned or the compiled-in fs_config - as long as the
files/directories are accessible and the symlinks are created.

Bug: 38455129
Test: sign_target_files_apks.py on bullhead TF.zip. Check the
      checksums in SYSTEM/bin/install-recovery.sh.
Change-Id: I51c1fc9a257fb3f18c16c2ed71528abaa6f7d9c9
2017-05-22 23:33:11 -07:00
Treehugger Robot
294d5c5f07 Merge "add dtbo support for ota" 2017-05-15 16:49:46 +00:00
Treehugger Robot
bba00b2cb9 Merge "Add the option to reserve headroom for partition images. This is useful for devices with low disk space with different build variants." 2017-05-13 01:37:25 +00:00
Yueyao Zhu
889ee5e7d3 add dtbo support for ota
Test: make dist and locally push ota on a device
Change-Id: I920b98f20e248b437955b2a963eb69ed2ddb8d45
2017-05-12 17:50:46 -07:00
Tianjie Xu
f34d435925 Merge "Add a script to parse an block-based ota package" 2017-05-11 21:52:10 +00:00
Christian Oder
f63e2cd47b OTA Tools: Handle password encrypted keys
* Add logic to handle decrypted keys from common.GetKeyPassword in
WriteABOTAPackageWithBrilloScript.

* Get the keys passwords in main and store them in OPTIONS.key_passwords.
This allows accessing them in WriteABOTAPackageWithBrilloScript and SignOutput
so it's only required to ask for the password once, while allowing to use
decrypted signing keys.

Test: ota_from_target_files.py on marlin and angler respectively.
Change-Id: I7c9b0198855a4b630c52b8552e904f312f09c4ce
2017-05-10 16:54:42 -07:00
Tianjie Xu
ce9d78fcd9 Add a script to parse an block-based ota package
The script prints the meta info, new/patch data size. It also simulates
the transfer commands and calculates amount of I/O as well as cache
needed.

We can add the more options to parse system/vendor.map so that we can
analyze the location change of files.

Bug: 31514709
Test: parse a bullhead incremental/full ota.
Change-Id: I70ed4f4c15e595b1851109e9799d44ac4e815c16
2017-05-09 21:01:19 +00:00
Julius D'souza
001c676b81 Add the option to reserve headroom for partition images.
This is useful for devices with low disk space with different
build variants.

Bug: 37469715
Test: Regular image builds successfully, errors occur when
the headroom size is greater than available partition space.

Change-Id: I526cdd0f84981bbd16e3afcfe1cd7fc43dce98ef
2017-05-08 11:59:25 -07:00
Tao Bao
39451582c4 releasetools: Add a verbose parameter to common.Run().
Caller can optionally specify the verbose flag which overrides
OPTIONS.verbose. The command line won't be outputed with verbose=False.
This is useful for cases that a) those command lines are less useful
(but will spam the output otherwise); b) sensitive info is part of the
invocation.

'verbose=False' will be consumed by common.Run() only, instead of being
passed to subprocess.Popen().

Test: ota_from_target_files.py on a block based OTA.
Change-Id: I7d5b4094d756a60f84f89c6a965e7ccc68e435f8
2017-05-04 11:18:56 -07:00
Tao Bao
21803d3574 Revert "Revert "Add compatibility metadata to OTA package""
This reverts commit b1e59b8a73.

This CL enables generating compatibility zip entry in an A/B OTA
package. We're not enabling the support for non-A/B OTAs for now until
they have the necessary support (e.g. /proc/config.gz exists).

Bug: 36810913
Test: Generate full and incremental packages for marlin and applly under
      normal boot and sideload respectively.

Change-Id: I69f0a3feb7a0efc7f727f92f31c9e63f47ee6530
(cherry picked from commit b63c952cc7)
2017-04-26 14:28:46 -07:00
Bowgo Tsai
9b3776017f AVB: support BOARD_BUILD_SYSTEM_ROOT_IMAGE
Passing --setup_rootfs_from_kernel to avbtool when
BOARD_BUILD_SYSTEM_ROOT_IMAGE is true

Bug: 33590159
Test: 'make' sailfish with BOARD_AVB_ENABLE := true
Test: 'make dist' with BOARD_AVB_ENABLE := true
Change-Id: Ieb58dd9ae6be1eceb90a33c739b85cff5cbc6e0a
2017-04-15 08:53:40 +08:00
Bowgo Tsai
8ee4a3db8c AVB: support signing vendor.img
Uses avbtool to sign vendor.img if BOARD_AVB_ENABLE is set.
It also allows appending additional arguments to avbtool via
BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS.

e.g.,
  BOARD_AVB_ENABLE := true
  BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS := --generate_fec

Bug: 35415839
Test: "make" with the above variables and use avbtool to check vbmeta is
      appended to vendor.img
Test: "make dist" with the above variables

Change-Id: I8ada38dff3def6d34613e77c67944def8a49f464
2017-04-15 08:53:06 +08:00
Tao Bao
afaa0a638b releasetools: Add validate_target_files.py.
Bug: 35408446
Test: validate_target_files.py on existing target_files zips.
Change-Id: I140ef86533eee5adb93c2546510fdd7e9ce4e81a
2017-04-05 09:04:13 -07:00
Tianjie Xu
a011dec9b2 Fix unittest for blockimgdiff
The test broke due to api change in constructor of Transfer.

Bug: 36456381
Test: blockimgdiff test passes
Change-Id: Ic73b66f8fb6141ff6f50c113b0d8cc55d34e0b5d
2017-03-24 16:28:16 -07:00
Tao Bao
5f8ff9319b Add a missing default value for OPTIONS.extracted_input.
Test: ota_from_target_files.py without --extracted_input_target_files.
Change-Id: Ieaba43fa557b544b24f3eeccd68ac289d1fe3d31
2017-03-21 22:36:20 -07:00
Dan Willemsen
cea5cd210e Speed up non-AB ota_from_target_files in the build system
We've just created the target files package and still have the extracted
directory, so pass that to ota_from_target_files so that it doesn't have
to re-extract what we just compressed.

This saves a little bit of time -- for bullhead-userdebug on internal
master, this brings the time to build an OTA from ~340s -> ~310s. Much
of the time is still spent generating and signing the OTA.

Test: lunch bullhead-userdebug; m -j otapackage
Test: bullhead-ota-*.zip is identical before/after
Change-Id: Ib51cf6b02123e9c49280e9957c6590645470a52c
2017-03-21 15:34:27 -07:00
Tao Bao
2f80e83e98 releasetools: Remove a dead line.
system_root_image has been dead since commit
2ce63edab7.

Test: pylint --rcfile=pylintrc add_img_to_target_files.py
Change-Id: Id791747b7313923b82279a21d264a998455a92d4
2017-03-16 11:59:24 -07:00
Tianjie Xu
b59c17fc8f Provide more info for bsdiff/imgdiff exceptions.
When bsdiff/imgdiff fails, dump the output along with the src/tgt
filenames and block ranges. Also, exit the script gracefully instead
of raising an exception about iterating over 'NoneType'.

Bug: 31381530
Test: Package generates successfully for angler, and error outputs
      correctly with error injection.

Change-Id: I06a2dfe545fbdff7043de05fee34b378453a9291
2017-03-14 18:51:21 -07:00
Tao Bao
e5b2ff2a97 Merge "releasetools: Fix the diff_worker progress report." 2017-03-13 19:12:26 +00:00
Tianjie Xu
36e612b753 Merge "Switch command to subprocess in build_image.py" 2017-03-13 18:23:08 +00:00
Tao Bao
33635b1f32 releasetools: Fix the diff_worker progress report.
Test: Observe the progress update during an incremental generation.
Change-Id: Ib0629a0fd9f925076fd20a040345c4f169133c30
2017-03-12 13:02:51 -07:00
Tianjie Xu
e3ad41bb2f Switch command to subprocess in build_image.py
Bug: 36012162
Test: image builds successfully for bullhead and sailfish

Change-Id: Iaa83034b39d392ff8a2154c7b32b21bf33ef552f
2017-03-10 15:16:24 -08:00
Tao Bao
c3e3406125 Merge "releasetools: Drop the support for BBOTA v1 and v2." 2017-03-10 19:25:06 +00:00
Tao Bao
39f3eaf221 releasetools: Fix the missing 'post-build' in full OTAs.
The line was unintentionally removed in commit 7f804ba.

Test: ota_from_target_files.py generates a full OTA. Check the package
      metadata.

Change-Id: Icae88e2a9bb2bfc450a3d0d7ab524d6a6eac9df5
2017-03-09 15:01:11 -08:00
Tao Bao
8fad03e771 releasetools: Drop the support for BBOTA v1 and v2.
BBOTA v1 and v2 (introduced in L and L MR1 respectively) don't support
resumable OTA. We shouldn't generate packages using v1/v2 at the risk of
bricking devices.

BBOTA v3 (since M) and v4 (since N) both support resumable OTAs. BBOTA
v4 additionally supports using FEC to possibly recover a corrupted
image.

Bug: 33694730
Test: Generate full and incremental OTAs w/ and w/o the CL. They should
      give identical packages (in v4).
Change-Id: Ib89d9cd63ba08e8e9aa4131bed18876b89d244c0
2017-03-09 12:25:46 -08:00
Tao Bao
f388104eaa releasetools: Remove dead functions in EdifyGenerator.
Remove the following functions that are needed for file-based OTAs only:
 - SetPermissions()
 - SetPermissionsRecursive()
 - MakeSymlinks()
 - DeleteFiles()
 - DeleteFilesIfNotMatching()
 - RenameFiles()
 - SkipNextActionIfTargetExists()

Bug: 35853185
Test: Verified there's no reference to these functions.
Change-Id: Iff24a9d705476211effaef28eed2a147fa5fcbce
2017-03-08 16:37:07 -08:00
Tao Bao
9bca43858f Merge "releasetools: Drop the support for file-based OTA generation." 2017-03-08 21:00:03 +00:00