From 131e1977f6b4f38e1165c1987591eb05b3057778 Mon Sep 17 00:00:00 2001 From: Badhri Jagan Sridharan Date: Fri, 29 Apr 2016 18:20:13 -0700 Subject: [PATCH] Extract public key ID from cert Extracts keyid inline using openssl commands. The keyid is passed as one of the kernel command line parameters for the dm-android-verity module to mount root fs(system) with verity enabled. (cherry-picked from 3af315aed5d657942b28ccae342324b9ee90116d https://googleplex-android-review.git.corp.google.com/#/c/1061691/) BUG: 28384658 Change-Id: I8efbe1b0e415ef1d396f9b51cfa4b3fa01b22484 --- core/Makefile | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/core/Makefile b/core/Makefile index 02bd4f79b..79faae13a 100644 --- a/core/Makefile +++ b/core/Makefile @@ -533,12 +533,6 @@ endif INTERNAL_BOOTIMAGE_FILES := $(filter-out --%,$(INTERNAL_BOOTIMAGE_ARGS)) -BOARD_KERNEL_CMDLINE := $(strip $(BOARD_KERNEL_CMDLINE)) -ifdef BOARD_KERNEL_CMDLINE - INTERNAL_BOOTIMAGE_ARGS += --cmdline "$(BOARD_KERNEL_CMDLINE)" - INTERNAL_BVBTOOL_MAKE_BOOT_IMAGE_ARGS += --kernel_cmdline "$(BOARD_KERNEL_CMDLINE)" -endif - BOARD_KERNEL_BASE := $(strip $(BOARD_KERNEL_BASE)) ifdef BOARD_KERNEL_BASE INTERNAL_BOOTIMAGE_ARGS += --base $(BOARD_KERNEL_BASE) @@ -549,6 +543,18 @@ ifdef BOARD_KERNEL_PAGESIZE INTERNAL_BOOTIMAGE_ARGS += --pagesize $(BOARD_KERNEL_PAGESIZE) endif +ifeq ($(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),true) +ifeq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true) +VERITY_KEYID := veritykeyid=id:`openssl x509 -in $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_SIGNING_KEY).x509.pem -text \ + | grep keyid | sed 's/://g' | tr -d '[:space:]' | tr '[:upper:]' '[:lower:]' | sed 's/keyid//g'` +endif +endif + +BOARD_KERNEL_CMDLINE := $(strip $(BOARD_KERNEL_CMDLINE) $(VERITY_KEYID)) +ifdef BOARD_KERNEL_CMDLINE +INTERNAL_BOOTIMAGE_ARGS += --cmdline "$(BOARD_KERNEL_CMDLINE)" +endif + INTERNAL_MKBOOTIMG_VERSION_ARGS := \ --os_version $(PLATFORM_VERSION) \ --os_patch_level $(PLATFORM_SECURITY_PATCH)