While the system.img images currently built with AVB support verify
correctly, mounting the filesystem content fails. This is because
'avbtool add_hashtree_footer' used to claim some of the unused /
DONT_CARE space for stashing the verity tables and this resulting in the
mapped device ending up being smaller causing the mount failure.
Fix this by leaving enough room for AVB hashtree and metadata before
building the image. This is achieved by moving the AVB hashtree support
into build_image.py and using a just added '--calc_max_image_size'
option to 'avbtool add_hashtree_footer' to figure out how much space to
leave out.
This depends on https://android-review.googlesource.com/#/c/281821/
Bug: 31264226
Test: Mounting dm-verity set up from system.img now works.
Merged-In: I4c5de1004c1059f8c582e76b3b8517d427aa1a87
Change-Id: I945a5f1f6782791736cd319f216cfa6b448fb04d
This updates the build system for the new Android Verified Boot
codebase. As this is based on Brillo Verified Boot, this change replaces
the existing BVB support.
Android Verified Boot is enabled by the BOARD_AVB_ENABLE variable
BOARD_AVB_ENABLE := true
This will make the build system create vbmeta.img which will contain a
hash descriptor for boot.img, a hashtree descriptor for system.img, a
kernel-cmdline descriptor for setting up dm-verity for system.img and
append a hash-tree to system.img.
Additionally, the descriptors are left in boot.img and system.img so a
third party can create their own vbmeta.img file linking - using the
option --chain_partition - to these images. If this is not needed
footers can be erased using the 'avbtool erase_footer' command. It's
also harmless to just leave them in the images.
By default, the algorithm SHA256_RSA4096 is used with a test key from
the AVB source directory. This can be overriden by the
BOARD_AVB_ALGORITHM and BOARD_AVB_KEY_PATH variables to use e.g. a
4096-bit RSA key and SHA-512:
BOARD_AVB_ALGORITHM := SHA512_RSA4096
BOARD_AVB_KEY_PATH := /path/to/rsa_key_4096bits.pem
To prevent rollback attacks, the rollback index should be increased on a
regular basis. The rollback index can be set with the
BOARD_AVB_ROLLBACK_INDEX variable:
BOARD_AVB_ROLLBACK_INDEX := 5
If this is not set, the rollback index defaults to 0.
The variable BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS can be used to specify
additional options passed to 'avbtool make_vbmeta_image'. Typical
options to be used here include '--prop', '--prop_from_file', and
'--chain_partition'.
The variable BOARD_AVBTOOL_BOOT_ADD_HASH_FOOTER_ARGS can be used to
specify additional options passed to 'avbtool add_hash_footer' for
boot.img. Typical options to be used here include '--hash_algorithm' and
'--salt'.
The variable BOARD_AVBTOOL_SYSTEM_ADD_HASHTREE_FOOTER_ARGS can be used
to specify additional options passed to 'avbtool add_hashtree_footer'
for systems.img. Typical options to be used here include
'--hash_algorithm', '--salt', and '--block_size'.
BUG=31264226
TEST=Manually tested on edison-eng by inspecting {boot, system,
vbmeta}.img in out/ directory as well as their counterparts in
the IMAGES/ directory of edision-target_files-eng.zeuthen.zip
Merged-In: Ic9a61cfc65c148b12996e57f04da5432eef6b982
Change-Id: I97042655bca15e7eac899f12c5bada2f6184d307
Native coverage is enabled by setting NATIVE_COVERAGE to true
and specifying a list of paths in the COVERAGE_PATHS
environment variable. Files are exported to a zip file in the
target out directory.
Change-Id: I66a2ddd88e849bec1cc0cdae1b51fe18a007e2c3
The output will be in the `m dist` results as soong_to_convert.txt, or
can be built using:
$ m $OUT/soong_to_convert.txt
The output is a list of modules that are probably ready to convert to
Soong:
# Blocked on Module (potential problems)
283 libEGL (srcs_dotarm)
246 libicuuc (dotdot_incs dotdot_srcs)
221 libspeexresampler
215 libcamera_metadata
...
0 zram-perf (dotdot_incs)
The number at the beginning of the line shows how many native modules
depend on that module.
All of their dependencies have been satisfied, and any potential
problems that Make can detect are listed in parenthesis after the
module:
dotdot_srcs: LOCAL_SRC_FILES contains paths outside $(LOCAL_PATH)
dotdot_incs: LOCAL_C_INCLUDES contains paths include '..'
srcs_dotarm: LOCAL_SRC_FILES contains source files like <...>.c.arm
aidl: LOCAL_SRC_FILES contains .aidl sources
dbus: LOCAL_SRC_FILES contains .dbus-xml sources
objc: LOCAL_SRC_FILES contains Objective-C sources
proto: LOCAL_SRC_FILES contains .proto sources
rs: LOCAL_SRC_FILES contains renderscript sources
vts: LOCAL_SRC_FILES contains .vts sources
Not all problems can be discovered, but this is a starting point.
Change-Id: I45674fe93fd267d4d1fb0bc3bc9aa025e20c5ac6
So that we can get to the contents of userdata from the build server
without extracting the image.
Bug: 27719200
Test: m userdatatarball dist
Change-Id: I1438597bd29df80665571f7dc3b4957b9adde870
soong_zip parallelizes the compression when creating a zip file, which
makes these packaging steps far shorter.
zip2zip skips the decompression and recompression during the -img- file
creation.
For an aosp_arm64-eng aosp/master build:
target_files.zip: 92s to 60s
symbols.zip: 147s to 7s
img.zip: 64s to 0.5s
There's still room to parallelize the image compression during
target_files.zip (add_img_to_target_files step takes most of the time)
Change-Id: I7b6a91e4a7dbeda2e49ca936b10181cff2f973d7
The update-payload-key is required to verify the contents of the OTA in
recovery while sideloading an update.
Bug: 27178350
TEST=`make` builds a boot.img with the payload key in recovery.
Change-Id: I04616979023b84aa4a1feb6916db2b2725b25c54
Creates a build_system_stats.txt build artifact that contains statistics
on how many BUILD_* modules are defined in a build. Also writes out
information about the Soong module types sent from the Soong build.
Merged-In: Iaf0c7062f542dc6942b5349854f3d49267cac4a5
Change-Id: Iaf0c7062f542dc6942b5349854f3d49267cac4a5
libbrillo-http was actually never used but it was being liked into
delta_generator anyway.
Bug: None
TEST=`lddtree delta_generator` doesn't show librillo-http.
Change-Id: I69ac66c87847d925b5798cf261c79466a3ff432a
This reverts commit ef31fc6477.
It's now using unique_host_soname to use a different installed name,
but keeping the libevent module name.
Change-Id: I1cb6e8e670636089993054236b089da059629da1
There's no need to use a different name for target and host modules, and
in Soong, it's better to use the same for both.
Change-Id: Ib2d8d0cc8a1e0f7f95d7c2795a360f02d946fa1a
Verity is not enabled in eng builds. Pass the build variant so
that kernel does not try to enable verity in eng builds
BUG:29276559
Change-Id: I7f412196ac59aa63e91c21d825ad15bae9f51691
Extracts keyid inline using openssl commands.
The keyid is passed as one of the kernel command line parameters
for the dm-android-verity module to mount root fs(system)
with verity enabled.
(cherry-picked from 3af315aed5https://googleplex-android-review.git.corp.google.com/#/c/1061691/)
BUG: 28384658
Change-Id: I8efbe1b0e415ef1d396f9b51cfa4b3fa01b22484
Standardize symlinking /system/vendor -> /vendor for aosp_* devices,
since some /vendor binaries still use /system/vendor/... paths.
Support using a prebuilt vendor image and including it into all the
normal packaging steps.
Bug: 28987532
Change-Id: I27040e8a8d1df0777e16cd1e3c3a9f1b28695e96
We recently moved Brillo verified boot from system/bvb to external/bvb
so update the path accordingly.
TEST=Build with 'BOARD_BVB_ENABLE := true' succeeds.
BUG=29099910
Change-Id: I66f3b90e23d6b2afc09f81af571ede7b573325e9
TARGET_RECOVERY_BRICK specifies the file that lists all the partitions
to be bricked under recovery. The file, if present, will be copied to
'$(TARGET_RECOVERY_ROOT_OUT)/etc/recovery.brick'.
Bug: 27253717
Change-Id: Id84195b5ee1031a83bf7a077be070a3728416580
(cherry picked from commit 3051f4f11a)
