The current solution expects BOARD_PREBUILT_DTBIMAGE_DIR to
contain prebuilt DTB files that are concatenated by the build system
to create $OUT/dtb.img. In order to accommodate devices that build
the dtb image locally, make boot.img creation depend on $OUT/dtb.img
only when BOARD_PREBUILT_DTBIMAGE_DIR is undefined.
Bug: 133161451
Test: Build with BOARD_PREBUILT_DTBIMAGE_DIR undefined and verify
using unpack_bootimg.py that $OUT/dtb.img was included in boot.img.
Change-Id: Iae2c634ccdc1d83589b26d382882f75fb8565a31
Bug: 131437873
Test: Built system-only and vendor builds for merge. Compared
resulting apkcertx and apexkeys text files to that of a monolithic
build,
Test: Created colliding entries in both apexkeys and apkcerts text
files and ensure the script exited with an appropriate error message.
Test: Created unit tests to cover both non-colliding and colliding
entries
Change-Id: I6e42ce682ffa9059344e8cd63ba3a720c1f93452
Phony rules with recipes run on every build, move the recipe for
check-all-partition-sizes to a rule with an output.
Fixes: 132900128
Test: m && m
Change-Id: I9b4d335bf269cd09a01094e895fc15053b410415
os_version is important for keymaster version binding, where it
refuses to perform operations with a key that is bound to an old
system version. This ensures that an attacker who discovers a
weakness in an old version of system or TEE software cannot roll a
device back to the vulnerable version and use keys created with the
newer version.
Previously, os_version for system.img is added into boot.img header
for bootloader to read the value then pass to TEE before booting the
HLOS. However, with project Treble to modularize each partition, all
images are now in the trajectory to be built independently (still
on-going). Also, in the Generic System Image (GSI) compliance test,
the os_version in OEM's boot.img cannot reflect the actual version of
GSI.
This CL adds per-partition os_versions into AVB metadata, which is
readable by bootloader via libavb without file system dependency. It's
still unclear for how os_version in non-system partition should be used.
We just add them for completeness here.
See more details in:
https://source.android.com/security/keystore/version-binding
Bug: 132233601
Test: build and avbtool info_image $OUT/vbmeta.img
- Prop: com.android.build.boot.os_version -> '10'
- Prop: com.android.build.system.os_version -> '10'
- Prop: com.android.build.system.security_patch -> '2019-06-05'
- Prop: com.android.build.vendor.os_version -> '10'
- Prop: com.android.build.vendor.security_patch -> '2019-06-05'
- Prop: com.android.build.product.os_version -> '10'
- Prop: com.android.build.product.security_patch -> '2019-06-05'
Change-Id: I21a77420f2e8a3456f7a8cae5158eb8fc41319e7
Bug: 132197773
Test: property present in vendor/build.prop
Currently, the property resides in product partition which gets
overwritten by the GSI image. Moving it to vendor will ensure
that the property is set even when a GSI image is flashed on the device.
Change-Id: I4d4a3c473194e15ba124a121f89bbb3ec1a73d19
symbols.zip is created while files that are not part of the platform
build but were requested on the Make command line (for example by
passing "tests") are still being installed. Installation often
involves removing and then recreating the file. If the file
exists when the list of files to be zipped is created, but is
removed when soong_zip is zipping, it fails with an error. Pass
--ignore_missing_files to silence the error and keep zipping.
Fixes: 79503862
Test: m checkbuild
Change-Id: I1fbbf1f1396948288ee133c319b2e19dee97983b
Bug: 123428770
Test: Built system-only image and checked that no boot.img or
recovery.img files where created. Booted the resulting merged build on
device.
Change-Id: I760476502775e68125907c39e66b8665e789a798
This keeps the packed shared libs in sync with their executables.
This CL also changes the packing location of mke2fs.conf, from
system/extras/ext4_utils/mke2fs.conf to bin/mke2fs.conf.
Bug: 34738751
Test: `m -j otatools-package`. Compare the packed files against the ones
prior to this CL.
Change-Id: Icae88e3cd898460f5ba7dc11ab8a57350630c432
libcurl-host.so was added for delta_generator (commit f8e6fbe2f5).
libext2_misc.so and libext2_profile-host.so were added for e2fsck and
build_verity_tree (commit d0ec665727). None of them is actively used by
otatools.
Bug: 34738751
Test: `m -j otatools-package`. Unzip and check that there's no missing
shared libs reported by ldd.
Change-Id: Id229e450f5f2eaa03a6c6cf568a1912add06754c
When /boot partition is chained in AVB signing, libavb will try to
read AVB footer from the end of /boot partition, even if the device is
unlocked. However, this makes device unbootable when the unsigned
boot-debug.img is flashed on /boot partition. This CL uses a test key
from external/avb to sign the boot-debug.img if /boot partition is
chained.
Bug: 126493225
Bug: 129508966
Test: Enables chain partition for boot.img, `make bootimage_debug` then
checks `avbtool info_image --image $OUT/boot-debug.img`
Test: `make bootimage_debug-nodeps`
Test: boot a device with a chained boot-debug.img
Change-Id: I870cb70c70b7d4d7a30b77bed58cbca6e007d5e3
Primarily for use with build_test during presubmit.
Moved the check to main.mk to avoid nonobvious dependency on
product_target_FILES from main.mk to Makefile.
Test: m systemimage
Test: build/soong/build_test.bash
Test: m out/target/product/taimen/system/lib/libdexfile.so; m systemimage;
check that "find"-based check fails
Test: Add a system library to APEX_MODULE_LIBS; m systemimage;
check that "product_target_FILES"-based check fails;
env DISABLE_APEX_LIBS_ABSENCE_CHECK=true m systemimage;
check that it works
Bug: 124293228
Change-Id: I7a93cc0ac4480404a3d56c75eb43ae499e8a3a05
Note: libtombstoned_client.so was moved from the Runtime APEX to system with
http://r.android.com/941388.
Test: m systemimage
Bug: 124293228
Bug: 131587358
Change-Id: I9e517d3c2344b39cf2743a34723572e646675677
These were added as part of http://r.android.com/731514, but
most of these properties make no sense for the bootimage. Revert
to only defining date, date.utc and fingerprint.
Bug: 131066061
Test: inspect vendor/build.prop
Test: boot, no SELinux warnings for removed props
Change-Id: Ibbeff9870a5b71e83c2cceeb1327b12600077b23
When set, product-img-tag.zip contains super.img instead of individual
user images from target files. For virtual devices, super.img is needed
to boot the device, but individual user images aren't needed.
Test: on A/B DAP, with flag set:
- m updatepackage and look at img.zip
- img_from_target_files
both have super.img and not system / vendor / system_other
Test: on non-A/B DAP, with the flag set:
- m updatepackage and look at img.zip
- img_from_target_files
both have super.img and not system / vendor
Test: on A/B retrofit, with the flag set:
- m updatepackage and look at img.zip
- img_from_target_files
both have super_*.img and system_other.img, but not system / vendor
Bug: 113175337
Change-Id: I94e33091d0c837cae40776176b4dcfdd338aba90
build_mixed script can't merge system and product VINTF
data yet.
Fixes: 131418170
Bug: 131425279
Test: build 'target_files_package' for 'mainline_system_google_arm64',
see META/system_manifest.xml
Change-Id: I366d9bc802ee0e6bdf8fe480303f3fee827c579d
They only contain prebuilts from older releases.
Test: m systemimage on affected internal lunch targets
Bug: 124293228
Change-Id: I059c9d0edb78e52838a25cef0472807847d77417
