Merge "Support AVB signing for BOARD_PREBUILT_BOOTIMAGE" into sc-dev

This commit is contained in:
Bowgo Tsai 2021-05-28 00:35:40 +00:00 committed by Android (Google) Code Review
commit 22fb8a4709
3 changed files with 65 additions and 4 deletions

View File

@ -1036,7 +1036,20 @@ else # TARGET_NO_KERNEL == "true"
ifdef BOARD_PREBUILT_BOOTIMAGE
INTERNAL_PREBUILT_BOOTIMAGE := $(BOARD_PREBUILT_BOOTIMAGE)
INSTALLED_BOOTIMAGE_TARGET := $(PRODUCT_OUT)/boot.img
$(eval $(call copy-one-file,$(INTERNAL_PREBUILT_BOOTIMAGE),$(INSTALLED_BOOTIMAGE_TARGET)))
ifeq ($(BOARD_AVB_ENABLE),true)
$(INSTALLED_BOOTIMAGE_TARGET): $(INTERNAL_PREBUILT_BOOTIMAGE) $(AVBTOOL) $(BOARD_AVB_BOOT_KEY_PATH)
cp $(INTERNAL_PREBUILT_BOOTIMAGE) $@
$(AVBTOOL) add_hash_footer \
--image $@ \
--partition_size $(BOARD_BOOTIMAGE_PARTITION_SIZE) \
--partition_name boot $(INTERNAL_AVB_BOOT_SIGNING_ARGS) \
$(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS)
else
$(INSTALLED_BOOTIMAGE_TARGET): $(INTERNAL_PREBUILT_BOOTIMAGE)
cp $(INTERNAL_PREBUILT_BOOTIMAGE) $@
endif # BOARD_AVB_ENABLE
else # BOARD_PREBUILT_BOOTIMAGE not defined
INSTALLED_BOOTIMAGE_TARGET :=
endif # BOARD_PREBUILT_BOOTIMAGE
@ -5107,12 +5120,17 @@ ifdef BOARD_PREBUILT_SYSTEM_EXTIMAGE
$(hide) mkdir -p $(zip_root)/IMAGES
$(hide) cp $(INSTALLED_SYSTEM_EXTIMAGE_TARGET) $(zip_root)/IMAGES/
endif
ifndef BOARD_PREBUILT_BOOTIMAGE
ifneq (,$(INTERNAL_PREBUILT_BOOTIMAGE) $(filter true,$(BOARD_COPY_BOOT_IMAGE_TO_TARGET_FILES)))
ifdef INSTALLED_BOOTIMAGE_TARGET
$(hide) mkdir -p $(zip_root)/IMAGES
$(hide) cp $(INSTALLED_BOOTIMAGE_TARGET) $(zip_root)/IMAGES/
endif # INSTALLED_BOOTIMAGE_TARGET
endif # INTERNAL_PREBUILT_BOOTIMAGE != "" || BOARD_COPY_BOOT_IMAGE_TO_TARGET_FILES == true
else # BOARD_PREBUILT_BOOTIMAGE is defined
$(hide) mkdir -p $(zip_root)/PREBUILT_IMAGES
$(hide) cp $(INSTALLED_BOOTIMAGE_TARGET) $(zip_root)/PREBUILT_IMAGES/
endif # BOARD_PREBUILT_BOOTIMAGE
ifdef BOARD_PREBUILT_ODMIMAGE
$(hide) mkdir -p $(zip_root)/IMAGES
$(hide) cp $(INSTALLED_ODMIMAGE_TARGET) $(zip_root)/IMAGES/

View File

@ -379,6 +379,8 @@ BUILDING_BOOT_IMAGE :=
ifeq ($(PRODUCT_BUILD_BOOT_IMAGE),)
ifeq ($(BOARD_USES_RECOVERY_AS_BOOT),true)
BUILDING_BOOT_IMAGE :=
else ifdef BOARD_PREBUILT_BOOTIMAGE
BUILDING_BOOT_IMAGE :=
else ifdef BOARD_BOOTIMAGE_PARTITION_SIZE
BUILDING_BOOT_IMAGE := true
else ifneq (,$(foreach kernel,$(BOARD_KERNEL_BINARIES),$(BOARD_$(call to-upper,$(kernel))_BOOTIMAGE_PARTITION_SIZE)))

View File

@ -1710,6 +1710,38 @@ def _BuildBootableImage(image_name, sourcedir, fs_config_file, info_dict=None,
return data
def _SignBootableImage(image_path, prebuilt_name, partition_name,
info_dict=None):
"""Performs AVB signing for a prebuilt boot.img.
Args:
image_path: The full path of the image, e.g., /path/to/boot.img.
prebuilt_name: The prebuilt image name, e.g., boot.img, boot-5.4-gz.img,
boot-5.10.img, recovery.img.
partition_name: The partition name, e.g., 'boot' or 'recovery'.
info_dict: The information dict read from misc_info.txt.
"""
if info_dict is None:
info_dict = OPTIONS.info_dict
# AVB: if enabled, calculate and add hash to boot.img or recovery.img.
if info_dict.get("avb_enable") == "true":
avbtool = info_dict["avb_avbtool"]
if partition_name == "recovery":
part_size = info_dict["recovery_size"]
else:
part_size = info_dict[prebuilt_name.replace(".img", "_size")]
cmd = [avbtool, "add_hash_footer", "--image", image_path,
"--partition_size", str(part_size), "--partition_name",
partition_name]
AppendAVBSigningArgs(cmd, partition_name)
args = info_dict.get("avb_" + partition_name + "_add_hash_footer_args")
if args and args.strip():
cmd.extend(shlex.split(args))
RunAndCheckOutput(cmd)
def GetBootableImage(name, prebuilt_name, unpack_dir, tree_subdir,
info_dict=None, two_step_image=False):
"""Return a File object with the desired bootable image.
@ -1718,6 +1750,9 @@ def GetBootableImage(name, prebuilt_name, unpack_dir, tree_subdir,
otherwise look for it under 'unpack_dir'/IMAGES, otherwise construct it from
the source files in 'unpack_dir'/'tree_subdir'."""
if info_dict is None:
info_dict = OPTIONS.info_dict
prebuilt_path = os.path.join(unpack_dir, "BOOTABLE_IMAGES", prebuilt_name)
if os.path.exists(prebuilt_path):
logger.info("using prebuilt %s from BOOTABLE_IMAGES...", prebuilt_name)
@ -1728,10 +1763,16 @@ def GetBootableImage(name, prebuilt_name, unpack_dir, tree_subdir,
logger.info("using prebuilt %s from IMAGES...", prebuilt_name)
return File.FromLocalFile(name, prebuilt_path)
logger.info("building image from target_files %s...", tree_subdir)
prebuilt_path = os.path.join(unpack_dir, "PREBUILT_IMAGES", prebuilt_name)
if os.path.exists(prebuilt_path):
logger.info("Re-signing prebuilt %s from PREBUILT_IMAGES...", prebuilt_name)
signed_img = MakeTempFile()
shutil.copy(prebuilt_path, signed_img)
partition_name = tree_subdir.lower()
_SignBootableImage(signed_img, prebuilt_name, partition_name, info_dict)
return File.FromLocalFile(name, signed_img)
if info_dict is None:
info_dict = OPTIONS.info_dict
logger.info("building image from target_files %s...", tree_subdir)
# With system_root_image == "true", we don't pack ramdisk into the boot image.
# Unless "recovery_as_boot" is specified, in which case we carry the ramdisk