Current AVB signing for custom images is enabled by either of the
following build variables:
CUSTOM_IMAGE_AVB_HASH_ENABLE := true
CUSTOM_IMAGE_AVB_HASHTREE_ENABLE := true
A previous change to support chain partition replaced avb_signing_args
with avb_key_path and avb_algorithm. This change updates the
corresponding change for custom_images.
To sign a custom_image as a chain partition, it needs:
CUSTOM_IMAGE_AVB_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
CUSTOM_IMAGE_AVB_ALGORITHM := SHA256_RSA2048
CUSTOM_IMAGE_AVB_ROLLBACK_INDEX := 1
Note that it doesn't support include metadata of custom images into
vbmeta.img. Because custom_images is designed to build multiple files
(e.g., custom1.img, custom2.img, custom3.img, etc) and a device can only
use/mount one of them. The vbmeta.img needs to be generated per each
combination.
Bug:36701014
Test: sign custom image with AVB HASH descriptor (non-chain)
Test: sign custom image with AVB HASH descriptor as chain partition
Test: sign custom image with AVB HASHTREE descriptor (non-chain)
Test: sign custom image with AVB HASHTREE descriptor as chain partition
Change-Id: I492e2ce768e7caec22228b776b2c13a2d37a5b89
This reverts commit 9b99ddc8a5.
and add syste-qemu.img to the dependency list of sdk target
Test: build sdk target successfully
Change-Id: Idb0bee56275f3bfe33ba7d29463e4b8e0699ec33
Don't use sed -i, it requires an argument on mac and is eating the
-e parameter, which causes the command to not be applied.
Also clean up the temporary list files so they don't clutter up
$OUT.
Test: m -j device-tests
Bug: 64226094
Change-Id: Ie71820fc2d1cd812717bf0c156af011ca723e9f6
For raw system.img and vendor.img do not have
partition table and init refuses to mount them
in first stage mounting.
For emulator build:
create partitioned system-qemu.img for system.img;
create partitioned vendor-qemu.img for vendor.img
if applicable.
Change-Id: I64fdcdafc303cf2f74a1e96653e7afe259f0af98
Bug: 63691195
Test: `make custom_images` with CUSTOM_IMAGE_SUPPORT_VERITY_FEC := true
Test: boot device with the custom image built above
Change-Id: I198fa1e0697cb00712bbfb6f1a717ec623703ede
This patch reuses the build-image-kernel-modules macro to build the
odm/lib/modules directory according to the BOARD_ODM_KERNEL_MODULES
which contains list of kernel module files.
Bug: 36012197
Test: android master build on pixel
Change-Id: I2c004132a89e7f230690b4d26c98c3d5b2769f11
Replace java -> $(JAVA), etc. to prepare for moving java binaries
out of the path and using full paths to them.
Test: builds
Bug: 62956999
Change-Id: I5dfcd0d4e855ecde69cd127169e9545e59723d12
To support extra files in package-modules.mk, allow the user to set
my_copy_pairs to a list of src:dest pairs that will be copied into the
zip file.
Test: build-aosp_arm.ninja is identical before/after
Test: codesearch says that these variables aren't otherwise used
Test: set my_copy_pairs, ensure that they exist in the zip.
Change-Id: Ia80cd136db8ad37a71010baf0552621b281c8bc3
`make custom_images` supports to build different kinds of *non-droid* images,
e.g., odm.img. Adding the support of signing them with either AVB HASH footer
or AVB HASHTREE footer. The user can use HASH for small images and
HASHTREE for large images.
Sample signing configurations:
* AVB HASH footer:
- CUSTOM_IMAGE_AVB_HASH_ENABLE := true
- CUSTOM_IMAGE_AVB_ADD_HASH_FOOTER_ARGS := --append_to_release_string my_odm_image
* AVB HASHTREE footer:
- CUSTOM_IMAGE_AVB_HASHTREE_ENABLE := true
- CUSTOM_IMAGE_AVB_ADD_HASHTREE_FOOTER_ARGS := --fec_num_roots 8
* Using custom signing key:
- CUSTOM_IMAGE_AVB_ALGORITHM := SHA256_RSA2048
- CUSTOM_IMAGE_AVB_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
Bug: 36701014
Test: `make custom_images` with AVB HASH footer
Test: `make custom_images` with AVB HASHTREE footer
Test: `make droid` to check system.img is still properly signed with AVB HASHTREE
Test: `make droid` to check vendor.img is still properly signed with AVB HASHTREE
Change-Id: I8dc420e12e37e9a631345c0cd883339db05d489f
Set CUSTOM_IMAGE_AVB_ENABLE := true to enable avb, add_hashtree_footer
args can be added in CUSTOM_IMAGE_AVB_ADD_HASHTREE_FOOTER_ARGS.
Bug: 38319818
Test: m custom_images
Change-Id: Ia452dc5ce8b55bcbd3abba9e965b72e78fd8c104
Sort the inputs to remove duplicates, which fixes:
found two file paths to be copied into dest path: "target/testcases/minikin_perftests/minikin_perftests", both ["target/testcases/minikin_perftests/minikin_perftests"]"out/target/product/bullhead/testcases/minikin_perftests/minikin_perftests" and ["target/testcases/minikin_perftests/minikin_perftests"]"out/target/product/bullhead/testcases/minikin_perftests/minikin_perftests"!
Test: m -j device-tests
Change-Id: I8d7e83cd077c62461c9a08e7f1b49c321fbcb0e3
All the new features are turned off for now, since multiple branches and
products need to be verified before they can be turned on. So everything
should behave the same as today, except for no partition-based
warnings.
Instead of the current link type checks that happen during the build,
run as many as possible immediately after loading all the Android.mk
files. If we're allowing missing dependencies ('mm',
ALLOW_MISSING_DEPENDENCIES, tapas, etc), we'll defer the link type
checks to during the build. If we're not allowing missing dependencies,
we'll produce a better error message to the user about the missing
dependencies.
See core/main.mk for a description of the storage format.
This also remove the partition-based type checking. It hasn't worked all
that well, particularly with ASAN builds. The new VNDK checks will
handle the most pressing cases.
Test: Verify all link_type files and dependencies are the same:
grep link_type: out/build-aosp_arm64.ninja | sed -E "s/ rule[0-9]+//" | sort
Change-Id: Id643658b9d9e84f99f5db0d526aad88c1f5d3417
This CL addresses the problem that native tests build for multiple
architectures and also build for host.
First it restructures each testcase folder to the following layout:
<testcase>/<testcase>.config
<testcase>/<arch 1>/testcase
<testcase>/<arch 2>/testcase
Secondly it now uses the new soong-zip prefix capability to
separate out host and target testcases in the device-tests &
general-tests zip files.
Bug:36692141
Test: `make device-tests general-tests cts -j` &
ensured all built successfully.
Change-Id: I4e8b084ee56fa8940914911649ff35507d87eb27
Using ; to join commands in a rule causes failures to be ignored by
make. Use && instead, and add true at the end as the second operand
to the last && operator.
Also inline copy-test-in-batch, batching is no longer necessary as
kati will fall back to a shell script if the recipe is too long to
fit in a command line.
Test: builds
Change-Id: I4a2528bf2a15106cfabaae0336662c4a0464271d
This also makes the resulting zip files more repeatable -- the file list
is sorted and the entries have static timestamps.
On my machine, this saves ~30 seconds for android-cts.zip, it now takes
less than a second.
Test: m -j cts; compare output from without this change
Change-Id: Ia71e35878ff98ba9775115860530e87eee47739f
Include the calling makefile and package name instead of just a warning
pointing to package-modules.mk
Test: multiproduct_kati, grep logs
Change-Id: I4fa35540b9695b44eea6c23463e137ec37d1d2c9
Adds the device-tests and general-tests makefiles and
added include lines to main.mk so that individual test
modules can be built properly.
These targets do not build any special tradefed wrapper
that normal *TS's usually employ. They are not necessary
here.
Bug: 35350788
Test: Updated several CTS test modules to belong to these
suites instead and ran:
`rm -rf out; make clean; make device-tests general-tests -j`
then verified the output.
Change-Id: I40e3958375f7b39cb56508f2812ce9760d403f6f
