Adding verified boot metadata with a "disable magic". The resulting
metadata at the end of each image (e.g., system.img, vendor.img) will
be the same as triggering an "adb disable-verity" on an USERDEBUG image.
This can help simplify the code on fs_mgr, which won't have to check if
current image is an ENG build or not.
Bug: 63056044
Test: boot sailfish eng/userdebug builds
Change-Id: I95d23ac7b76c04d6d4483c9c4dc1de16bf0d9c3a
Current AVB signing for custom images is enabled by either of the
following build variables:
CUSTOM_IMAGE_AVB_HASH_ENABLE := true
CUSTOM_IMAGE_AVB_HASHTREE_ENABLE := true
A previous change to support chain partition replaced avb_signing_args
with avb_key_path and avb_algorithm. This change updates the
corresponding change for custom_images.
To sign a custom_image as a chain partition, it needs:
CUSTOM_IMAGE_AVB_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
CUSTOM_IMAGE_AVB_ALGORITHM := SHA256_RSA2048
CUSTOM_IMAGE_AVB_ROLLBACK_INDEX := 1
Note that it doesn't support include metadata of custom images into
vbmeta.img. Because custom_images is designed to build multiple files
(e.g., custom1.img, custom2.img, custom3.img, etc) and a device can only
use/mount one of them. The vbmeta.img needs to be generated per each
combination.
Bug:36701014
Test: sign custom image with AVB HASH descriptor (non-chain)
Test: sign custom image with AVB HASH descriptor as chain partition
Test: sign custom image with AVB HASHTREE descriptor (non-chain)
Test: sign custom image with AVB HASHTREE descriptor as chain partition
Change-Id: I492e2ce768e7caec22228b776b2c13a2d37a5b89
Bug: 63691195
Test: `make custom_images` with CUSTOM_IMAGE_SUPPORT_VERITY_FEC := true
Test: boot device with the custom image built above
Change-Id: I198fa1e0697cb00712bbfb6f1a717ec623703ede
This patch reuses the build-image-kernel-modules macro to build the
odm/lib/modules directory according to the BOARD_ODM_KERNEL_MODULES
which contains list of kernel module files.
Bug: 36012197
Test: android master build on pixel
Change-Id: I2c004132a89e7f230690b4d26c98c3d5b2769f11
To support extra files in package-modules.mk, allow the user to set
my_copy_pairs to a list of src:dest pairs that will be copied into the
zip file.
Test: build-aosp_arm.ninja is identical before/after
Test: codesearch says that these variables aren't otherwise used
Test: set my_copy_pairs, ensure that they exist in the zip.
Change-Id: Ia80cd136db8ad37a71010baf0552621b281c8bc3
`make custom_images` supports to build different kinds of *non-droid* images,
e.g., odm.img. Adding the support of signing them with either AVB HASH footer
or AVB HASHTREE footer. The user can use HASH for small images and
HASHTREE for large images.
Sample signing configurations:
* AVB HASH footer:
- CUSTOM_IMAGE_AVB_HASH_ENABLE := true
- CUSTOM_IMAGE_AVB_ADD_HASH_FOOTER_ARGS := --append_to_release_string my_odm_image
* AVB HASHTREE footer:
- CUSTOM_IMAGE_AVB_HASHTREE_ENABLE := true
- CUSTOM_IMAGE_AVB_ADD_HASHTREE_FOOTER_ARGS := --fec_num_roots 8
* Using custom signing key:
- CUSTOM_IMAGE_AVB_ALGORITHM := SHA256_RSA2048
- CUSTOM_IMAGE_AVB_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
Bug: 36701014
Test: `make custom_images` with AVB HASH footer
Test: `make custom_images` with AVB HASHTREE footer
Test: `make droid` to check system.img is still properly signed with AVB HASHTREE
Test: `make droid` to check vendor.img is still properly signed with AVB HASHTREE
Change-Id: I8dc420e12e37e9a631345c0cd883339db05d489f
Set CUSTOM_IMAGE_AVB_ENABLE := true to enable avb, add_hashtree_footer
args can be added in CUSTOM_IMAGE_AVB_ADD_HASHTREE_FOOTER_ARGS.
Bug: 38319818
Test: m custom_images
Change-Id: Ia452dc5ce8b55bcbd3abba9e965b72e78fd8c104
All the new features are turned off for now, since multiple branches and
products need to be verified before they can be turned on. So everything
should behave the same as today, except for no partition-based
warnings.
Instead of the current link type checks that happen during the build,
run as many as possible immediately after loading all the Android.mk
files. If we're allowing missing dependencies ('mm',
ALLOW_MISSING_DEPENDENCIES, tapas, etc), we'll defer the link type
checks to during the build. If we're not allowing missing dependencies,
we'll produce a better error message to the user about the missing
dependencies.
See core/main.mk for a description of the storage format.
This also remove the partition-based type checking. It hasn't worked all
that well, particularly with ASAN builds. The new VNDK checks will
handle the most pressing cases.
Test: Verify all link_type files and dependencies are the same:
grep link_type: out/build-aosp_arm64.ninja | sed -E "s/ rule[0-9]+//" | sort
Change-Id: Id643658b9d9e84f99f5db0d526aad88c1f5d3417
Using ; to join commands in a rule causes failures to be ignored by
make. Use && instead, and add true at the end as the second operand
to the last && operator.
Also inline copy-test-in-batch, batching is no longer necessary as
kati will fall back to a shell script if the recipe is too long to
fit in a command line.
Test: builds
Change-Id: I4a2528bf2a15106cfabaae0336662c4a0464271d
This also makes the resulting zip files more repeatable -- the file list
is sorted and the entries have static timestamps.
On my machine, this saves ~30 seconds for android-cts.zip, it now takes
less than a second.
Test: m -j cts; compare output from without this change
Change-Id: Ia71e35878ff98ba9775115860530e87eee47739f
Include the calling makefile and package name instead of just a warning
pointing to package-modules.mk
Test: multiproduct_kati, grep logs
Change-Id: I4fa35540b9695b44eea6c23463e137ec37d1d2c9
When building test modules, dependencies added by the test modules get
build but don't get included in the packaged tests .zip file.
When packaging modules into a .zip file, this patch includes the modules
explicitly listed as a dependency in LOCAL_REQUIRED_MODULES for the
requested modules to package.
If these LOCAL_REQUIRED_MODULES dependencies are not used in the base
system image, they were build as part of the "tests" target but weree
not included in the package nor in the system image. This patch includes
those modules, making it easier to define dependencies of a test
module in the Android.mk file that defined said module, instead of
requiring to re-list all the dependent modules when packaging test
modules.
Bug: 27348226
Change-Id: Ic6f60cf2916b3fae0fa39f84aee8a4f440af9539
HOST_OUT_EXECUTABLES is already added to the PATH variable,
so it is not needed to add the path info for binaries in
misc_info.txt and <partition>_image_info.txt.
Earlier the mkuserimg item in the build_image dictionary is
hardcoded to "mkuserimg.sh", but now it is customized for
mkuserimg.sh and mkuserimg_mke2fs.sh, and maintained in
dictionary "ext_mkuserimg=$(MKEXTUSERIMG)" in misc_info.txt
and <partition>_image_info.txt, where it is used in the
build_image script while creating the images.
The problem here is the value for this key is set to build
path of the file mkuserimg file
$(HOST_OUT_EXECUTABLES)/mkuserimg.sh,
i.e. out/host/linux_x86/bin/mkuserimg.sh,
there by standalone signing the images using otatools is
not working as the executables are packed in bin folder.
Test: tools/releasetools/sign_target_files_apks
-p <extracted ota-tools.zip folder>
--extra_signapk_args=-f /etc/opt/cert_data.dat
-v
--replace_verity_private_key ~/build/target/product/security/verity
--replace_verity_public_key ~/build/target/product/security/verity.x509.pem
-k <key maping>
<input target files zip>
<output target files zip>
Change-Id: I57af1025ec38f3794f779c49faa0bf965afc6a5d
Enable client-side dynamic config code to access the suite-level dynamic
config files by placing them in the testcases directory. Also update
cts_v2.mk to define the location of its corresponding dynamic config file.
bug:23625592
Change-Id: Id11dea4b6acbe8ea7e5e9579e369a2be5873a224
ziptime fails on zip file larger than 2GB.
These zip files won't installed on device and we don't care that much
about their reprodudcibility across builds.
Change-Id: I47062928d075a59eda92dd5333e59502f490d1cb
Pass -X to zip so that Unix UID/GID and extra timestamps aren't
saved into the zip files.
Add a new tool, ziptime, that uses a very stripped down copy of
zipalign. It no longer depends on libandroidfw, and now rewrites the
timestamps in place instead of making a copy of the zipfile. This should
improve speed and reduce disk requirements, especially with the large
packaging zip files.
Bug: 24201956
Change-Id: I50f68669f659da1b4393e964ad40b6aafb00c1e7
This reverts commit 3c2c064c87.
zipalign depends on libandroidfw, and some setups don't include frameworks/base.
Bug: 24201956
Change-Id: I48ee95808924f6b2221f0a49ab205c2565096b1f
Pass -X to zip so that Unix UID/GID and extra timestamps aren't
saved into the zip files.
Add a new option to zipalign, -t, to replace all timestamps with static
timestamps (2008 Jan 1 00:00:00). Use this for all non-APK zip files.
APK zip timestamps are set based on the certificate date in SignApk.
Bug: 24201956
Change-Id: Ifb619fc499ba9d99fc624f2acd5f8de36d78ef8e
