Devices using GKI architecture will use a prebuilt boot.img.
However, we should still sign this prebuilt boot.img with
device-specific AVB keys.
Steps to test the CL.
1. In a device BoardConfig.mk:
# Uses a prebuilt boot.img
TARGET_NO_KERNEL := true
BOARD_PREBUILT_BOOTIMAGE := device/google/redbull/boot.img
# Enable chained vbmeta for the boot image.
# The following can be absent, where the hash descriptor of the
# 'boot' partition will be stored then signed in vbmeta.img instead.
BOARD_AVB_BOOT_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem
BOARD_AVB_BOOT_ALGORITHM := SHA256_RSA4096
BOARD_AVB_BOOT_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP)
BOARD_AVB_BOOT_ROLLBACK_INDEX_LOCATION := 2
2. `make bootimage`, then `avbtool info_image --image $OUT/boot.img`,
checks the image is re-signed with a device-specific key
3. `make dist` to generate out/dist/TF.zip
4. `unzip out/dist/TF.zip IMAGES/boot.img`
5. `avbtool info_image --image out/dist/IMAGES/boot.img`,
checks the image is re-signed with a device-specific key
6. `sign_target_files_apks \
--avb_boot_key=external/avb/test/data/testkey_rsa8192.pem \
--avb_boot_algorithm=SHA256_RSA8192 \
--avb_boot_extra_args="--prop test:sign" \
./out/dist/*-target_files-eng.*.zip signed.zip`, resign the TF.zip
7. `unzip signed.zip IMAGES/boot.img`, then use `avbtool info_image` to
check the boot.img is re-signed with the --avb_boot_key in step 6.
Bug: 188485657
Test: above steps
Change-Id: I7ee8b3ffe6a86aaca34bbb7a8898a97b3f8bd801
Merged-In: I7ee8b3ffe6a86aaca34bbb7a8898a97b3f8bd801
(cherry picked from commit cf9ead8972)
Currently the debug ramdisk resources might be under / or
/first_stage_ramdisk of the ramdisk, and is determined by
some BOARD variables, e.g., BOARD_USES_RECOVERY_AS_BOOT,
BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT, etc.
To make a generic boot-debug.img that can work on both devices,
let's move the debug resources always under / of the ramdisk.
Bug: 186082603
Test: boot a device with boot-debug.img
Test: boot a device with vendor_boot-debug.img
Change-Id: I55dc8ff322f6b97e2d6dc1a4ee5935e863f2f835
If BOARD_BOOT_HEADER_VERSION >= 4,
BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT is true and
BOARD_INCLUDE_RECOVERY_RAMDISK_IN_VENDOR_BOOT is true, then build
recovery as a standalone ramdisk fragment in vendor_boot image.
The recovery ramdisk would be a vendor ramdisk fragment packaged in
vendor_boot, whose ramdisk_name is "recovery" and ramdisk_type is
"VENDOR_RAMDISK_TYPE_RECOVERY".
Bootloader can omit loading the recovery ramdisk during normal boot to
optimize the size of the initramfs.
Bug: 183395459
Test: Presubmit
Test: Modify BoardConfig of CF and m dist. Verify the vendor_boot.img
with unpack_bootimg.
Test: Strip the vendor_boot of the recovery ramdisk, and verify that CF
can boot to normal boot without the recovery ramdisk.
Change-Id: I6e9a2781ec87aece10d4844fa18bbe9a7b4674e6
Add more checks around BOARD_BOOT_HEADER_VERSION in board_config.mk.
Refactor generation logic of vendor_boot ramdisk fragments.
Consolidate initialization and validation check to its own section.
Adjust some variable names and initialization sequence so the follow-up
change can land more cleanly.
Rename variable name "dir" so that it don't collide with the Makefile
function "$(dir ...)".
Bug: 183395459
Test: Presubmit; Change should be no-op with respect to build artifacts.
Test: Modify BoardConfig of CF and m dist. Verify the vendor_boot.img
with unpack_bootimg.
Change-Id: I8785c40dd9f87f3797a56ada93e65939d27d0e9b
This reverts commit ccfea17fb7.
Reason for revert: Original bug was resolved by updating branch config
Change-Id: I2327092261a2147fa8f2be3d878db04228e65511
For consistency with android-11 GKI boot-debug.img, we should
put debug resources under the 'fisrt_stage_ramdisk' dir. This is
needed for devices with `androidboot.force_normal_boot=1` in the
kernel cmdline, where init will chroot into /fisrt_stage_ramdisk.
For devices without force_normal_boot, they still can use their
vendor_boot-debug.img for debugging purpose.
Bug: 183670217
Test: `make bootimage_debug`, then use unpack_bootimg and
`lz4 -d -c ramdisk | toybox cpio -i` to unpack the ramdisk
for inspection.
Change-Id: I0a79440dafd091141a1203a2c2c7be5bc1bfc836
This change doesn't change the condition for building super_empty.img,
it just add a toggle PRODUCT_BUILD_SUPER_EMPTY_IMAGE that product
makefiles can use to skip building super_empty.img.
Products that don't use super_empty at all, for example GSI, can set
this option to ensure the super_empty.img is not built.
Bug: 183068624
Test: "m dist" on GSI and check the build artifacts under OUT and DIST
directories, and check the contents of *-img-*.zip
Change-Id: I54943952873d2d297fd9d18cbe14742bc12ae9c6
The 'bootconfig' kernel cmdline parameter needs to exist for the kernel
to search for bootconfig.
If BOARD_BOOTCONFIG contains anything, then add the parameter to the
kernel cmdline.
Test: Boot cuttlefish and verify /proc/cmdline has 'bootconfig' after
removing it from cuttlefish BoardConfig.mk
Bug: 173815685
Change-Id: I112a2a8e02ba7265c5547d9244298e07f26985ba
Gather all BOARD_BOOTCONFIG parameters.
Create vendor-bootconfig.img with parameters seperated by newlines. Pass
that file to mkbootimg as --vendor_bootconfig to add it to the
vendor_boot.img.
Test: Add BOARD_BOOTCONFIG parameters in cuttlefish .mk file
Check vendor-bootconfig.img for expected output
Verify expected vendor_boot.img format with:
unpack_bootimg --boot_image vendor_boot.img
Test: Update Cuttlefish bootloader to handle the new vendor_boot.img and
check /proc/bootconfig for the expexted parameters.
Bug: 173815685
Change-Id: Iaa9b71b4bc64375777a5353396e83bb2beb25c47
Add support for partitioning the vendor_boot kernel modules into
multiple vendor ramdisk fragments. The partition granularity is kernel
module directory. This mechanism builds upon the existing
BOARD_KERNEL_MODULE_DIRS mechanism. For example, say we have three
kernel module directories:
BOARD_KERNEL_MODULE_DIRS := foo bar baz
We can then define a vendor ramdisk fragment:
BOARD_MKBOOTIMG_ARGS += --header_version 4
BOARD_VENDOR_RAMDISK_FRAGMENTS := dlkm_foobar
And let said ramdisk to contain the DLKM directories "foo" and "bar":
BOARD_VENDOR_RAMDISK_FRAGMENT.dlkm_foobar.KERNEL_MODULE_DIRS := foo bar
BOARD_VENDOR_RAMDISK_FRAGMENT.dlkm_foobar.MKBOOTIMG_ARGS := <mkbootimg args>
The built vendor_boot image would contain two ramdisks.
The first one being the "default" ramdisk, which contains DLKM directory
"baz" and the rest of the files that get's installed to
$(TARGET_VENDOR_RAMDISK_OUT).
The second one is the "dlkm_foobar" ramdisk, which contains the two DLKM
directories.
Design doc: go/vendor-boot-v4
Bug: 162864255
Test: Modify BoardConfig.mk to have a product build v4 vendor_boot
Test: Use unpack_bootimg to verify the vendor_boot image
Test: Teach a bootloader how to handle v4 boot image, flash boot &
vendor_boot and boot device
Change-Id: Ibb1bbd7ebe36430c55ec6c4818c1d3888a319089
Not setting TARGET_ARCH is ok if TARGET_ARCH_SUITE is set instead. Skip
certain TARGET_ARCH-specific steps of the config:
- don't run the 'select' steps to figure out cpu flags
- don't generate dexopt config for TARGET_ARCH
Bug: 174315599
Test: lunch <product that sets TARGET_ARCH_SUITE but not TARGET_ARCH>
Change-Id: I74a9e71d0cc5c7f74d3b10b1c8bb89682c096d7c
Add a new TARGET_ARCH_SUITE which, when set to 'mainline_sdk' or 'ndk',
sets `Aml_abis: true` in soong.variables.
This is required to enable removing the custom soong.variables that
are being maintained for the ndk and mainline sdk builds.
Bug: 174315599
Test: TARGET_ARCH_SUITE=mainline-sdk m nothing; inspect soong.variables
(ditto for ndk)
Change-Id: Ib651a637457310270840d721cdccf50bede3ee58
Allows for adding comments between variable definitions. This matches
the style in product.mk
Test: m nothing
Change-Id: Icc1e3d635a885000c49371997a55001739c02587
This allows system-only builds (which disable vendor images) to inherit
from device makefiles that normally place GSI AVB keys on vendor boot.
Bug: 175594737
Test: lunch system-only build, m, observe warning not failure
Change-Id: Ib6c199d0a47b3b3be2143241d83ab586966cfd1e
Raise build error when PRODUCT_ENFORCE_INTER_PARTITION_JAVA_SDK_LIBRARY
is true while BOARD_VNDK_VERSION is not set because
PRODUCT_ENFORCE_INTER_PARTITION_JAVA_SDK_LIBRARY doesn't have any
meaning in that case.
Test: m nothing
Bug: 168180538
Change-Id: Ied2f99763a7cce7674ad50867403a66b18968071
The debug vendor boot image needs to include the debug ramdisk in order
to retain adb root. So make sure this still happens when recovery is
moved to the the vendor boot image.
Bug: 172510680
Test: verify adb root when using vendor_boot-debug.img
Change-Id: I20fe27635dd33e4d8a59e873e704891de223204b
If BOARD_COPY_BOOT_IMAGE_TO_TARGET_FILES is defined,
in target files, instead of rebuilding the boot image, copy the boot
image already built in $OUT to target files package directly so that
they are the same package.
Define BOARD_COPY_BOOT_IMAGE_TO_TARGET_FILES for aosp_arm64.
The GKI APEX is built using the boot image in $OUT. If the boot image in
$OUT is different from the boot image in target files, aka the generic
boot image we release, the GKI APEX we built is invalid.
If another device needs to copy $OUT/boot.img to target files, it can
define BOARD_COPY_BOOT_IMAGE_TO_TARGET_FILES.
Fixes: 172682114
Test: lunch aosp_arm64 &&
Change-Id: I10fc7a5aa36e976dbeaf25434239687455bba061
In terms of sepolicy rules, every property should have an apporpriate
owner attribute, which can be one of: system_property_type,
product_property_type, or vendor_property_type. This will be enforced
for devices launching with S or later. Devices launching with R or
eariler can relax this by setting following under BoardConfig.mk:
BUILD_BROKEN_ENFORCE_SYSPROP_OWNER := true
See system/sepolicy/public/te_macros for more details.
Bug: 131162102
Test: system/sepolicy/tools/build_policies.sh
Change-Id: Iee05fc15beac1ccf61da4ea901a85b9d4068e0ca
BOARD_MOVE_GSI_AVB_KEYS_TO_VENDOR_BOOT controls whether GSI AVB keys are built
to vendor_boot. On devices without a dedicated recovery partition, GSI AVB
keys used to be built in boot. They are device-specific, so they should be
moved to vendor_boot.
Test: pass
Bug: 156098440
Change-Id: I0a5eaa1b39e88fcca9837c7aa3f475be47d5b0f2
This variable indicates whether recovery resources are moved to
vendor_boot. If true:
- $OUT/recovery.img will not be built
- $OUT/recovery/root will be included in vendor_boot ramdisk
Bug: 156098440
Test: set to true and check output
Test: `m target-files-package` and manually inspect output
Change-Id: I56dda56bab7def1540f4fb506323e3e605620cd4
BOARD_EXCLUDE_KERNEL_FROM_RECOVERY_IMAGE removes kernel from the
recovery image.
Test: build recovery image and unpack_bootimg
Test: build target files and unpack_bootimg IMAGES/recovery.img
on device with GKI and dedicated recovery partition.
Bug: 156098440
Change-Id: I5f37d74ed954b26fe3dd778708b6ab9cfdc51f1e
Add BOARD_USES_GENERIC_KERNEL_IMAGE to be the global variable to
indicate the device uses GKI image.
Test: pass
Bug: 156098440
Change-Id: Ica553bbdb791e25dfa9bafb524ab2de5e3f8720d
- Introduces PRODUCT_BUILD_VENDOR_BOOT_IMAGE.
- Controls vendor_boot.img, replacing TARGET_NO_VENDOR_BOOT.
- Matches the naming convention of other similar vars.
- Guards boot-debug.img behind BUILDING_BOOT_IMAGE
- Restructures BUILDING_BOOT_IMAGE to give priority to
PRODUCT_BUILD_BOOT_IMAGE, as do other partitions.
- ^ for BUILDING_RECOVERY_IMAGE.
Test: PRODUCT_BUILD_{BOOT,RECOVERY,VENDOR_BOOT}_IMAGE := false
m dist
Observe no boot, boot-debug, recovery, or vendor_boot images.
Bug: 169968221
Bug: 170423509
Change-Id: I629bf08ba08e5db14c1bf92bb338fb3ce59d5b73
Modules partition is a dynamic read-write partition.
- AVB is not enabled on the partition
- OTA is file-based; see follow up CL for details
- No build prop files; in particular, no build fingerprint
- No fs_config
- No notice files; notice files are included in individual APEXes
Test: build on CF
Bug: 163543381
Change-Id: Ie397b9ec61dfd1c158450d050196024604854d4d
Revert submission 1411608-revert-1402265-cf-x86-bootloader-XGKLNEQAPF
Reason for revert: Breakage originally caused by change was fixed. Refer to tracking bug for details.
Reverted Changes:
I89e95d4a6:Revert "Add prebuilt bootloader var and add bootlo...
I8fe199351:Revert "Added bootloader binary to cf x86 based ta...
Bug: 166380489
Bug: 164917252
Test: local build and Treehugger build
Change-Id: Ia895aedd77f2ec825aefecaf74c6dfc1ce631c93
Needed to enable a prebuilt bootloader to make it to the dist and img
directories.
Added a flag to ensure only devices that request will have the update
package populated with a bootloader
Bug: 164917252
Test: local build and Treehugger build
Change-Id: Id67b7bddda14b51a523f794976591c6de04d71ca
* changes:
add support to non-A/B for multiple kernels, boot images
add BOARD_GKI_NONAB_COMPAT for non-A/B compatability with GKI
fix recoveryimage-nodeps
The directory structure of several ramdisks are different depending on
whether the target is A/B or non-A/B. When the target needs to be
compatible with the GKI however, which is always built as A/B, it is
necessary to build these ramdisks using the A/B file hierarchy. Provide
a flag to enable this override when necessary.
Bug: 161579556
Change-Id: I1cf9a0ef5a338b0b5152113533b62804f3088c83
This is a list of KMI versions used to filter gki_apex modules. Only
gki_apex modules with kmi_version field that are in the list are created.
Test: build GKI APEXes
Bug: 162888350
Change-Id: I0f582f6ea200d52482fd4065c8f4f8b32efc4dee