Commit graph

70 commits

Author SHA1 Message Date
Treehugger Robot
0edba2a37e Merge "Add defaults modules for avb modules" into main 2023-11-28 01:36:35 +00:00
Inseob Kim
87230e613d Add defaults modules for avb modules
Bug: 302465542
Test: build
Change-Id: I5bb5a0241d40cf142ed8bbefb76bc8a3709c3e34
2023-11-22 18:55:46 +09:00
Seungjae Yoo
9f263710ff Support adding AVB properties into vbmeta module
Bug: 285855436
Test: m

Change-Id: I5b0e14783ac927365dd98718bf399e94ab76aa13
2023-11-22 13:00:25 +09:00
Seungjae Yoo
a30e450ba0 Add security_patch avb property for android_filesystem
If android_filesystem module is used with use_avb, defined
security_patch for the rollback protection.

Bug: 285855436
Test: m
Test: avbtool info_image --image <IMAGE>
Change-Id: I32c6108bb1aca398ced5e46b615d937685e261a7
2023-11-09 14:55:44 +09:00
Inseob Kim
376d72f791 Add mount_point property to android_filesystem
The motivation is to support vendor images for microdroid, like the real
vendor images having "/vendor" as their mount point. This will help add
vendor_file_contexts easily.

Bug: 306313100
Test: manually build an image with file_contexts
Change-Id: I2e4bbf108eaa1da4f310ebb4099c4d1b42096436
2023-11-01 15:42:14 +09:00
Shikha Panwar
e56c9017c1 Soong support for rollback index.
avbtool already supports --rollback_index. Allow soong support as well
to enable images to include it in their targets.

Test: Builds
Test: avbtool info_image on a target built using rule `avb_add_hash_footer`
Bug: 296830692
Change-Id: Id32f30d026b01172c5dadc0698938acb2c2c8e35
2023-09-12 11:42:29 +00:00
Jooyung Han
e606759ddf Make filesystem aware of coverage
filesystem should have coverage variants with coverage-enabled build.
Otherwise, it would fail to collect dependencies.

Bug: 273238141
Test: m nothing (soong tests)
Test: compare the artifacts
 $ SKIP_ABI_CHECKS=true SOONG_COLLECT_JAVA_DEPS=true EMMA_INSTRUMENT=true\
   EMMA_INSTRUMENT_FRAMEWORK=true CLANG_COVERAGE=true\
   NATIVE_COVERAGE_PATHS='*' m microdroid
 $ m microdroid
Change-Id: I792458ace00a63b4b5213898fd3209351a6e00be
2023-03-16 13:11:17 +09:00
Jooyung Han
54f780505d Prevent sdk variants from install
Platform variants should be available even when unbundled_build so that
unbundled build of com.android.virt apex can correctly have microdroid
image with system variants.

Bug: 268582372
Test: m (soong test)
Test: banchan com.android.virt aosp_arm64
      UNBUNDLED_BUILD_SDKS_FROM_SOURCE=true m apps_only dist
      (microdroid should have the same contents)
Change-Id: I682e4f1f477f3024f7719dfaa67006ef335e0640
2023-02-22 13:45:49 +09:00
Alice Wang
000e3a396c [avb_footer] Add avb_gen_vbmeta_image to generate vbmeta image
This is the reland of the change aosp/2375848. The build of initrd on
linux-x86 that has incorrect format (b/264940248) is disabled in this
cl.

Bug: 260821553
Test: m microdroid_kernel_signed and inspect the output using `avbtool
    info_image --image <output>`
Change-Id: I3ad2419b7132cde4b2fc34ddfa09ec5ba2166819
2023-01-10 15:38:31 +00:00
Treehugger Robot
32a86bd8ec Merge "Fix the description of Avb_hash_algorithm & algorithm" 2023-01-10 08:40:51 +00:00
Jerry Huang
bc675eb9fa Revert "[avb_footer] Add avb_gen_vbmeta_image to generate vbmeta..."
Revert submission 2375848-initrd_avb_footer

Reason for revert: build break

Reverted changes: /q/submissionid:2375848-initrd_avb_footer

Bug: 264940248
Change-Id: Iab44c187183a5d8eeefc952910e6262fc63627de
2023-01-10 02:52:57 +00:00
Alice Wang
fafe064fe1 [avb_footer] Add avb_gen_vbmeta_image to generate vbmeta image
Bug: 260821553
Test: m microdroid_kernel_signed and inspect the output using `avbtool
    info_image --image <output>`
Change-Id: Iacdf34aca15f5480766b6d4f971704f85f6bf44b
2023-01-09 22:04:16 +00:00
Nikita Ioffe
519015f99d Run host_init_verifier when building filesystem
As part of building Android images we run host_init_verifier to ensure
that .rc files are well-formed. Unfortunately that doesn't cover the
Microdroid image. This change addresses the divergence.

Ideally we should have a concept of pluggable linters that we can run on
the generated image. However, introducing such concept will take some
time, so while we are working on it directly integrate
host_init_verifier into the build system.

Bug: 263486078
Test: m microdroid
Test: add incorrect .rc file and run m microdroid, verify it fails
Change-Id: Id8c9311915e89a10ce3ff7b1f209ebc8cb42211f
2022-12-23 15:46:09 +00:00
Shikha Panwar
01403bb225 Fix the description of Avb_hash_algorithm & algorithm
Avb_hash_algorithm corresponds to --hash_algorithm of avbtool while
avb_algorithm corresponds to signing algorithm.

Bug: 262892300
Test: Builds
Change-Id: Ief4b0f0fd89ebf64b45b29962a3811698bc922d6
2022-12-22 12:34:47 +00:00
Shikha Panwar
e6f3063317 Expose avb_hash_algorithm as a property.
When avb_hash_algorithm is set, for filesystem type build targets,
add_hashtree_footer will be called with the appropriate --hash_algorithm
flag.

Bug: 262892300i
Test: Build succeeds

Change-Id: If2f9c9aa1e98314b3d3e2f8bf25c1bab193f908e
2022-12-21 15:49:15 +00:00
Jiyong Park
b0fda8f594 Fix incorrect command line from avb_add_hash_footer
This change fixes an error that the command line generated from
avb_add_hash_footer contains "a_file --prop_from_file prop_name:a_file",
which is invalid. The file should be an implicit dependency.

Bug: 256148237
Test: N/A
Change-Id: Id0a832bd552d5d79cbc79f250681928140255f91
2022-12-05 17:12:58 +09:00
Jiyong Park
bc48548df1 Add props property to add_avb_hash_footer
It is used to provide name:value properties to the footer. Value can be
from a text in *.bp file or a binary file referenced via the `file`
prop. e.g.

```
avb_add_hash_footer {
	...
	props: [
		{
			name: "string_prop",
			value: "string_value",
		},
		{
			name: "binary_prop",
			file: "a_binary_file_name",
		},
	],
}
```

This CL also adds a test for the module type which has been missing.

Bug: 256148237
Test: m nothing
Change-Id: Idf55b308c8ce760387c01a847846b42d1aebe4ea
2022-11-18 12:56:12 +09:00
Andrew Scull
ebd61e9029 Add rule for AVB signing an image
This is used multiple times by Microdroid to generate signed images.

Test: build and microdroid tests
Bug: 234564414
Bug: 185115783
Change-Id: I7d0b2c9907913c8a42a02f9951f341d08b585b8e
2022-06-11 07:08:44 +00:00
Andrew Walbran
79c3b77ea2 raw_binary output should not be executable.
If it is, rust_test (wrongly) tries to execute it when it is used as
data.

Also fixed description and a lint warning while I was at it.

Bug: 233732515
Test: atest vmbase_example.integration_test
Change-Id: I49bf5147a9908549b0f37bdb0678e77676148db8
2022-05-24 13:57:17 +00:00
David Brazdil
08f7eadcee fs: Add raw_binary rule
Raw binaries are used in bare-metal environments such as early boot of
pVMs (protected virtual machines). Add a new target rule called
'raw_binary' which converts an executable to the raw binary format.

Test: m pvmfw
Change-Id: I701b703a0f12df891b714fe29e320914f167cd04
2022-05-05 18:46:39 +01:00
Jooyung Han
65f402b780 Support deterministic output for bootimg/filesystem
Adding salt to bootimg/filesystem so that avbtool can produce the same
output with same input.

Adding timestamp/uuid to filesystem so that resulting image can be
deterministic.

Bug: 229784558
Test: m com.android.virt
      # remove intermediates and touch some sources
      m com.android.virt
      # compare two built artifacts
Change-Id: I4e4668fd0ac42a35bea5a33ec3ae8c362b6a6bd2
2022-04-21 14:36:40 +09:00
Jooyung Han
0fbbc2b0d4 android_system_image only packages "system" items
android_system_image filers packaging items installed outside "system"
partition.

Some packaging items install related items to different partitions but
putting them altogether to android_system_image doesn't make sense.
(android_system_image is suppposed to be "system" partition)

To be specific, this filters out "apex" partition items.  "apex"
partition is used by APEX installation to install APEX contents to paths
similar to activated paths on device so that symbol lookup works well
with APEX contents.

Bug: 225121718
Test: atest MicrodroidHostTestCases
Test: debugfs <intermediate>/microdroid.img -R 'ls system'
  shows no "com.android.runtime"
Change-Id: Ibc3d85ead2fda99e231132ce8ab9ccf1cc9317b7
2022-03-29 07:56:02 +09:00
Jooyung Han
a883428293 Move GatherPackagingSpecs out of CopyDepsToZip
This gives a PackageModule a chance to filter/customize the contents of
resulting package.

Bug: 225121718
Test: m (no changes)
Change-Id: I45505e8234dff42201dc40d4f038e7b08eea89f0
2022-03-28 14:29:14 +09:00
Jiyong Park
393ebfc85c ramdisk_module and dtb_prebuild properties are optional
The two properties are now optional, so that we can split boot.img into
boot.img that doesn't have ramdisk and init_boot.img that has only the
ramdisk.

Bug: N/A
Test: m com.android.virt
Change-Id: I5dc8b140893dfbcf69a8b5c099d23b9216217b53
2022-01-06 14:28:53 +09:00
Colin Cross
c68db4b305 Remove InstallBypassMake and ToMakePath
InstallBypassMake and ToMakePath are obsolete, remove them.

Bug: 204136549
Test: m checkbuild
Change-Id: Ie5a6f7254b3d317ed6039e114ed6aec35e1ce273
2021-12-15 15:22:53 -08:00
Jiyong Park
16e77a9b30 cmdline property in bootimg can be customized for debuggable builds
This change adds product_variables.debuggable.cmdline so that the kernel
cmdline arguments can be augmented for the debuggable builds.

To support that the type of the property has changed to string array.

Bug: 181936135
Test: inspect build.ninja
Change-Id: I81b3ead5187ccb378efabb87d1d15fbdb59d8e2f
2021-08-31 08:32:44 +09:00
Jooyung Han
df09d173ca Generate linker config with packaged items.
Previously, we gather all deps without checking if a dep is actually one
of packaged items (CopyDepsToZip contents)

For example, following items shouldn't be listed.

provideLibs: "platform-mainline-sdk_libartpalette-system@current.so"
provideLibs: "platform-mainline-sdk_liblog@current.so"
provideLibs: "runtime-module-sdk_libc@current.so"
provideLibs: "runtime-module-sdk_libdl@current.so"
provideLibs: "runtime-module-sdk_libdl_android@current.so"
provideLibs: "runtime-module-sdk_libm@current.so"

Now, we gather only those modules contributing CopyDepsToZip to generate
linker config for android_system_image.

Test: m nothing
Test: m microdroid
Test: conv_linker_config print -s
    .../microdroid/android_common/root/system/etc/linker.config.pb
    shouldn't list sdk members.
Change-Id: Ife5d2193ab59970367d10e196aaaa922c6582862
2021-05-11 11:56:54 +09:00
Jiyong Park
fa616137a2 android_system_image that generates linker.config.pb
android_system_image module type is a specialization of the
android_filesystem module type. Currently, it adds a build rule for
creating linker.config.pb from the information about all the other files
in the filesystem and includes linker.config.pb to the filesystem as
well.

To do so, the filesystem module now provides a function pointer which
subtype modules like android_system_image can implement to pass extra
files that they want to package in the filesystem.

In addition, the linkerconfig package is revised to make it possible to
build linker.config.pb file outside of the package.

Bug: 185391776
Test: m microdroid and inspect etc/linker.config.pb in it.

Change-Id: Id89c40b519213062860d7306029b8413d8d36a2d
2021-04-21 09:11:21 +09:00
Jooyung Han
9706cbc1e9 Add filesystem_test.go
It has only one test function as a starting point.

Bug: n/a
Test: m (soong tests)
Change-Id: I785b096805014a40dfd600f7baaf884f4016c23c
2021-04-16 13:20:02 +09:00
Jiyong Park
da2d6ee7a2 Truncate vbmeta to 64KB
libavb expects to be able to read the maximum vbmeta size, so we must
provide a partition which matches this or the read will fail.

Bug: 181923506
Test: m MicrodroidHostTestCases
libavb tries

Change-Id: Icc5b86ccd98e3ed9c4269e584f35dbfbdf1b0730
2021-04-14 16:42:24 +09:00
Jiyong Park
30a083215b bootimg.cmdline is arch specific
microdroid_boot.img needs different kernel cmdline for x86_64 and arm64.

Bug: 185082754
Test: atest MicrodroidHostTests
Change-Id: I69be83cbdada6c49a033da2787908490ee76de36
2021-04-13 13:17:59 +09:00
Inseob Kim
a46b51cf20 Support super image size automatic calculation
If the size is set to "auto", the size will be automatically calculated
by lpmake.

Bug: 181107248
Test: boot microdroid
Change-Id: I9dd599ca64e4d442bfb83fe45b1f03080a74f1e1
2021-04-01 13:19:30 +09:00
Inseob Kim
152a702955 Add default group support for logical_partition
Default group has no size limit and becomes automatically minimized.

Bug: 181107248
Test: boot microdroid
Change-Id: Id38d3ab173db5fa01db3d471af15747d30b1820c
2021-03-31 10:46:46 +09:00
Treehugger Robot
9b6108f8de Merge "Fix PackagingBase.CopyDepsToZip" 2021-03-23 04:21:38 +00:00
Jiyong Park
e7569bc544 Merge "Add vbmeta module type" 2021-03-18 00:02:41 +00:00
Treehugger Robot
ab534a3b5c Merge "bootimg signs image using verity_utils" 2021-03-17 23:37:04 +00:00
Jooyung Han
092ef811a0 Fix PackagingBase.CopyDepsToZip
CopyDepsToZip() zips direct dependencies with tags implementing
PackagingItem interface.

Previously, it relied on InstallNeededDependencyTag which has a
different meaning.
- InstallNeededDependencyTag tells whether a dependency is required to
  be installed together.
- PackagingItem tells whether a dependency (of PackagingBase) is
  required to be packaged.

With the separation of InstallNeededDependencyTag and PackagingItem,
PackagingBase module can distinguish cases which were not available
before.(I = InstallNeededDependencyTag, P = PackagingItem)

   a (PackagingBase module)
   |
   |`--(I)--> b
   |
   |`--(P)--> c --(I)--> d
   |
    `--(I/P)--> e

a's CopyDepsToZip(): [c, d, e]

Test: m nothing (packaging_test)
Change-Id: I71fce29b19b0f00dc394981bcf4240e9c1041c7a
2021-03-17 11:54:53 +09:00
Jiyong Park
972e06c41f Add vbmeta module type
The module type is to create vbmeta image out of other partitions.

Bug: 180676957
Test: m microdroid_vbmeta microdroid_vbmeta_system
Inspect the built image using `avbtool info_image --image <image>`

Change-Id: Iac92e9ab1640dcd488af69842e09850a91262bf1
2021-03-16 11:34:11 +09:00
Jiyong Park
ac4076de9d bootimg signs image using verity_utils
Previously, bootimg signed the image using avbtool. This didn't work
because avbtool always requires that the partition size is given via
'--partition_size' parameter. The partition size is hard to estimate
especially when the image is not for a real physical partition, but for
a logical partition in a composite image.

With this change, the signing of bootimg is done by verity_utils.py
which internally uses avbtool. The python script is capable of
calculating the minimum required partition size when the partition size
is not given.

In addition, this change adds 'partition_name' property to the
`android_filesystem` module type so that we can customize the partition
name field in the vbmeta descriptor.

Bug: 180676957
Test: m microdroid-boot-5.10
Change-Id: I2e4aa626cf06a2177b4a8d90ff9b9006d2927ae4
2021-03-16 00:34:57 +09:00
Jiyong Park
ca5e611e0a Merge "bootimg supports v4 header" 2021-03-15 14:39:07 +00:00
Jooyung Han
d0b3574072 Merge "Fix bootimg.cmdline to use ShellEscapeIncludingSpaces" 2021-03-12 09:10:22 +00:00
Jooyung Han
32cddd0ba5 Fix bootimg.cmdline to use ShellEscapeIncludingSpaces
bootimg.cmdline should be passed to mkbootimg's --cmdline flag as a
single argument. Because cmdline can have spaces we should escape it
with ShellEscapeIncludingSpaces rather than blindly putting double
qoutes with ShellEscape, which also puts single quotes when necessary.

Bug: 182092664
Test: m nothing && see build.ninja (microdroid's build commands)
Test: boot microdroid on VIM3L
Change-Id: I5d766bb0a816d829569c9ebfddf97c4f846f78f8
2021-03-12 14:38:46 +09:00
Jiyong Park
b0eb3192c5 bootimg and logical_partition are OutputFileProducer
The two module types now implement OutputFileProducer so that we can add
them to the data dependencies of tests.

Bug: 181860941
Test: atest MicrodroidHostTestCase
Change-Id: If263fefb1e5cdb5b57c17eb389c6ecc11d8356f4
2021-03-09 20:31:51 +09:00
Jiyong Park
81aea9a0f2 bootimg supports v4 header
It's the latest version of android boot image header which supports
bootconfig. Bootconfig parameters are now passed via `bootconfig`
property.

Bug: 181936566
Test: m microdroid_boot

Change-Id: Iff8697434f7502fe56fca5bce5573e53f2f6ac60
2021-03-08 09:12:17 +09:00
Jiyong Park
b89e5e71b7 Add logical_partition module type
logical_partition builds a partition image (which is usually called
'super.img') out of one or more filesystem images.

Bug: 180921702
Test: m microdroid_super
Change-Id: I659607647e3a5bc82c82b576a049e6c6f91cbddb
2021-02-24 12:53:39 +09:00
Treehugger Robot
05785f0023 Merge "bootimg supports building (non-vendor) boot.img" 2021-02-22 23:53:15 +00:00
Treehugger Robot
277303f042 Merge "Add ctx to AndroidMkExtraEntriesFunc" 2021-02-22 22:40:31 +00:00
Colin Cross
aa2555387d Add ctx to AndroidMkExtraEntriesFunc
Add a ctx parameter to AndroidMkExtraEntriesFunc to allow them to
access providers.

Test: m checkbuild
Change-Id: Id6becc1e425c3c3d8519248f8c0ce80777fac7cc
Merged-In: Id6becc1e425c3c3d8519248f8c0ce80777fac7cc
2021-02-19 23:05:40 +00:00
Jiyong Park
4bbd6cfcaf bootimg supports building (non-vendor) boot.img
Bug: 178562516
Test: m microdroid_boot-5.10
Change-Id: I120fc954eb00362bdd2c02e3f3ef147670c69d8f
2021-02-19 18:26:32 +09:00
Inseob Kim
abf3f3c0ef Merge changes from topics "deps_base_dir_filesystem", "filesystem_rootdir"
* changes:
  Add dirs and symlinks property to filesystem
  Add base_dir property to filesystem
2021-02-18 00:19:48 +00:00