bootimg signs image using verity_utils
Previously, bootimg signed the image using avbtool. This didn't work because avbtool always requires that the partition size is given via '--partition_size' parameter. The partition size is hard to estimate especially when the image is not for a real physical partition, but for a logical partition in a composite image. With this change, the signing of bootimg is done by verity_utils.py which internally uses avbtool. The python script is capable of calculating the minimum required partition size when the partition size is not given. In addition, this change adds 'partition_name' property to the `android_filesystem` module type so that we can customize the partition name field in the vbmeta descriptor. Bug: 180676957 Test: m microdroid-boot-5.10 Change-Id: I2e4aa626cf06a2177b4a8d90ff9b9006d2927ae4
This commit is contained in:
Jiyong Park
parent
aa52d66cd5
commit
ac4076de9d
2 changed files with 38 additions and 9 deletions
|
|
@ -17,6 +17,7 @@ package filesystem
|
|||
import (
|
||||
"fmt"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/google/blueprint"
|
||||
"github.com/google/blueprint/proptools"
|
||||
|
|
@ -200,22 +201,46 @@ func (b *bootimg) buildBootImage(ctx android.ModuleContext, vendor bool) android
|
|||
}
|
||||
|
||||
func (b *bootimg) signImage(ctx android.ModuleContext, unsignedImage android.OutputPath) android.OutputPath {
|
||||
output := android.PathForModuleOut(ctx, b.installFileName()).OutputPath
|
||||
key := android.PathForModuleSrc(ctx, proptools.String(b.properties.Avb_private_key))
|
||||
propFile, toolDeps := b.buildPropFile(ctx)
|
||||
|
||||
output := android.PathForModuleOut(ctx, b.installFileName()).OutputPath
|
||||
builder := android.NewRuleBuilder(pctx, ctx)
|
||||
builder.Command().Text("cp").Input(unsignedImage).Output(output)
|
||||
builder.Command().
|
||||
BuiltTool("avbtool").
|
||||
Flag("add_hash_footer").
|
||||
FlagWithArg("--partition_name ", b.partitionName()).
|
||||
FlagWithInput("--key ", key).
|
||||
FlagWithOutput("--image ", output)
|
||||
builder.Command().BuiltTool("verity_utils").
|
||||
Input(propFile).
|
||||
Implicits(toolDeps).
|
||||
Output(output)
|
||||
|
||||
builder.Build("sign_bootimg", fmt.Sprintf("Signing %s", b.BaseModuleName()))
|
||||
return output
|
||||
}
|
||||
|
||||
func (b *bootimg) buildPropFile(ctx android.ModuleContext) (propFile android.OutputPath, toolDeps android.Paths) {
|
||||
var sb strings.Builder
|
||||
var deps android.Paths
|
||||
addStr := func(name string, value string) {
|
||||
fmt.Fprintf(&sb, "%s=%s\n", name, value)
|
||||
}
|
||||
addPath := func(name string, path android.Path) {
|
||||
addStr(name, path.String())
|
||||
deps = append(deps, path)
|
||||
}
|
||||
|
||||
addStr("avb_hash_enable", "true")
|
||||
addPath("avb_avbtool", ctx.Config().HostToolPath(ctx, "avbtool"))
|
||||
algorithm := proptools.StringDefault(b.properties.Avb_algorithm, "SHA256_RSA4096")
|
||||
addStr("avb_algorithm", algorithm)
|
||||
key := android.PathForModuleSrc(ctx, proptools.String(b.properties.Avb_private_key))
|
||||
addPath("avb_key_path", key)
|
||||
addStr("avb_add_hash_footer_args", "") // TODO(jiyong): add --rollback_index
|
||||
partitionName := proptools.StringDefault(b.properties.Partition_name, b.Name())
|
||||
addStr("partition_name", partitionName)
|
||||
|
||||
propFile = android.PathForModuleOut(ctx, "prop").OutputPath
|
||||
android.WriteFileRule(ctx, propFile, sb.String())
|
||||
return propFile, deps
|
||||
}
|
||||
|
||||
var _ android.AndroidMkEntriesProvider = (*bootimg)(nil)
|
||||
|
||||
// Implements android.AndroidMkEntriesProvider
|
||||
|
|
|
|||
|
|
@ -55,6 +55,9 @@ type filesystemProperties struct {
|
|||
// Hash and signing algorithm for avbtool. Default is SHA256_RSA4096.
|
||||
Avb_algorithm *string
|
||||
|
||||
// Name of the partition stored in vbmeta desc. Defaults to the name of this module.
|
||||
Partition_name *string
|
||||
|
||||
// Type of the filesystem. Currently, ext4, cpio, and compressed_cpio are supported. Default
|
||||
// is ext4.
|
||||
Type *string
|
||||
|
|
@ -279,7 +282,8 @@ func (f *filesystem) buildPropFile(ctx android.ModuleContext) (propFile android.
|
|||
key := android.PathForModuleSrc(ctx, proptools.String(f.properties.Avb_private_key))
|
||||
addPath("avb_key_path", key)
|
||||
addStr("avb_add_hashtree_footer_args", "--do_not_generate_fec")
|
||||
addStr("partition_name", f.Name())
|
||||
partitionName := proptools.StringDefault(f.properties.Partition_name, f.Name())
|
||||
addStr("partition_name", partitionName)
|
||||
}
|
||||
|
||||
if proptools.String(f.properties.File_contexts) != "" {
|
||||
|
|
|
|||
Loading…
Reference in a new issue