diff --git a/core/Makefile b/core/Makefile index 265c14def..a4f46cab7 100644 --- a/core/Makefile +++ b/core/Makefile @@ -1303,12 +1303,10 @@ define build-recoveryimage-target $(if $(filter true,$(BOARD_USES_RECOVERY_AS_BOOT)), \ $(hide) $(call assert-max-image-size,$(1),$(call get-hash-image-max-size,$(BOARD_BOOTIMAGE_PARTITION_SIZE))), \ $(hide) $(call assert-max-image-size,$(1),$(call get-hash-image-max-size,$(BOARD_RECOVERYIMAGE_PARTITION_SIZE)))) - $(if $(and $(filter true,$(BOARD_USES_RECOVERY_AS_BOOT)),$(filter true,$(BOARD_AVB_ENABLE))), \ - $(hide) $(AVBTOOL) add_hash_footer \ - --image $(1) \ - --partition_size $(BOARD_BOOTIMAGE_PARTITION_SIZE) \ - --partition_name boot $(INTERNAL_AVB_BOOT_SIGNING_ARGS) \ - $(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS)) + $(if $(filter true,$(BOARD_AVB_ENABLE)), \ + $(if $(filter true,$(BOARD_USES_RECOVERY_AS_BOOT)), \ + $(hide) $(AVBTOOL) add_hash_footer --image $(1) --partition_size $(BOARD_BOOTIMAGE_PARTITION_SIZE) --partition_name boot $(INTERNAL_AVB_BOOT_SIGNING_ARGS) $(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS),\ + $(hide) $(AVBTOOL) add_hash_footer --image $(1) --partition_size $(BOARD_RECOVERYIMAGE_PARTITION_SIZE) --partition_name recovery $(INTERNAL_AVB_RECOVERY_SIGNING_ARGS) $(BOARD_AVB_RECOVERY_ADD_HASH_FOOTER_ARGS))) endef ADBD := $(TARGET_OUT_EXECUTABLES)/adbd @@ -1962,6 +1960,7 @@ BOOT_FOOTER_ARGS := BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS DTBO_FOOTER_ARGS := BOARD_AVB_DTBO_ADD_HASH_FOOTER_ARGS SYSTEM_FOOTER_ARGS := BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS VENDOR_FOOTER_ARGS := BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS +RECOVERY_FOOTER_ARGS := BOARD_AVB_RECOVERY_ADD_HASH_FOOTER_ARGS # Check and set required build variables for a chain partition. # $(1): the partition to enable AVB chain, e.g., BOOT or SYSTEM. @@ -2023,6 +2022,15 @@ INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += \ endif endif +ifdef INSTALLED_RECOVERYIMAGE_TARGET +ifdef BOARD_AVB_RECOVERY_KEY_PATH +$(eval $(call check-and-set-avb-chain-args,RECOVERY)) +else +INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += \ + --include_descriptors_from_image $(INSTALLED_RECOVERYIMAGE_TARGET) +endif +endif + BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --padding_size 4096 # Add kernel cmdline descriptor for kernel to mount system.img as root with @@ -2061,6 +2069,9 @@ define extract-avb-chain-public-keys $(if $(BOARD_AVB_DTBO_KEY_PATH),\ $(hide) $(AVBTOOL) extract_public_key --key $(BOARD_AVB_DTBO_KEY_PATH) \ --output $(1)/dtbo.avbpubkey) + $(if $(BOARD_AVB_RECOVERY_KEY_PATH),\ + $(hide) $(AVBTOOL) extract_public_key --key $(BOARD_AVB_RECOVERY_KEY_PATH) \ + --output $(1)/recovery.avbpubkey) endef define build-vbmetaimage-target @@ -2076,7 +2087,14 @@ define build-vbmetaimage-target endef INSTALLED_VBMETAIMAGE_TARGET := $(BUILT_VBMETAIMAGE_TARGET) -$(INSTALLED_VBMETAIMAGE_TARGET): $(AVBTOOL) $(INSTALLED_BOOTIMAGE_TARGET) $(INSTALLED_SYSTEMIMAGE) $(INSTALLED_VENDORIMAGE_TARGET) $(INSTALLED_DTBOIMAGE_TARGET) $(BOARD_AVB_KEY_PATH) +$(INSTALLED_VBMETAIMAGE_TARGET): \ + $(AVBTOOL) \ + $(INSTALLED_BOOTIMAGE_TARGET) \ + $(INSTALLED_SYSTEMIMAGE) \ + $(INSTALLED_VENDORIMAGE_TARGET) \ + $(INSTALLED_DTBOIMAGE_TARGET) \ + $(INSTALLED_RECOVERYIMAGE_TARGET) \ + $(BOARD_AVB_KEY_PATH) $(build-vbmetaimage-target) .PHONY: vbmetaimage-nodeps @@ -2506,6 +2524,12 @@ ifdef BOARD_AVB_BOOT_KEY_PATH $(hide) echo "avb_boot_algorithm=$(BOARD_AVB_BOOT_ALGORITHM)" >> $(zip_root)/META/misc_info.txt $(hide) echo "avb_boot_rollback_index_location=$(BOARD_AVB_BOOT_ROLLBACK_INDEX_LOCATION)" >> $(zip_root)/META/misc_info.txt endif # BOARD_AVB_BOOT_KEY_PATH + $(hide) echo "avb_recovery_add_hash_footer_args=$(BOARD_AVB_RECOVERY_ADD_HASH_FOOTER_ARGS)" >> $(zip_root)/META/misc_info.txt +ifdef BOARD_AVB_RECOVERY_KEY_PATH + $(hide) echo "avb_recovery_key_path=$(BOARD_AVB_RECOVERY_KEY_PATH)" >> $(zip_root)/META/misc_info.txt + $(hide) echo "avb_recovery_algorithm=$(BOARD_AVB_RECOVERY_ALGORITHM)" >> $(zip_root)/META/misc_info.txt + $(hide) echo "avb_recovery_rollback_index_location=$(BOARD_AVB_RECOVERY_ROLLBACK_INDEX_LOCATION)" >> $(zip_root)/META/misc_info.txt +endif # BOARD_AVB_RECOVERY_KEY_PATH endif # BOARD_AVB_ENABLE ifdef BOARD_BPT_INPUT_FILES $(hide) echo "board_bpt_enable=true" >> $(zip_root)/META/misc_info.txt diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py index 6b7536699..fc1f52ab9 100644 --- a/tools/releasetools/common.py +++ b/tools/releasetools/common.py @@ -501,15 +501,15 @@ def _BuildBootableImage(sourcedir, fs_config_file, info_dict=None, img_unsigned.close() img_keyblock.close() - # AVB: if enabled, calculate and add hash to boot.img. + # AVB: if enabled, calculate and add hash to boot.img or recovery.img. if info_dict.get("avb_enable") == "true": avbtool = os.getenv('AVBTOOL') or info_dict["avb_avbtool"] - part_size = info_dict["boot_size"] + part_size = info_dict[partition_name + "_size"] cmd = [avbtool, "add_hash_footer", "--image", img.name, "--partition_size", str(part_size), "--partition_name", partition_name] AppendAVBSigningArgs(cmd, partition_name) - args = info_dict.get("avb_boot_add_hash_footer_args") + args = info_dict.get("avb_" + partition_name + "_add_hash_footer_args") if args and args.strip(): cmd.extend(shlex.split(args)) p = Run(cmd, stdout=subprocess.PIPE) diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py index 44977a43a..f559b2912 100755 --- a/tools/releasetools/sign_target_files_apks.py +++ b/tools/releasetools/sign_target_files_apks.py @@ -589,6 +589,7 @@ def ReplaceAvbSigningKeys(misc_info): AVB_FOOTER_ARGS_BY_PARTITION = { 'boot' : 'avb_boot_add_hash_footer_args', 'dtbo' : 'avb_dtbo_add_hash_footer_args', + 'recovery' : 'avb_recovery_add_hash_footer_args', 'system' : 'avb_system_add_hashtree_footer_args', 'vendor' : 'avb_vendor_add_hashtree_footer_args', 'vbmeta' : 'avb_vbmeta_args',