Merge "Support AVB signing for BOARD_PREBUILT_BOOTIMAGE" into sc-dev
This commit is contained in:
commit
22fb8a4709
|
@ -1036,7 +1036,20 @@ else # TARGET_NO_KERNEL == "true"
|
|||
ifdef BOARD_PREBUILT_BOOTIMAGE
|
||||
INTERNAL_PREBUILT_BOOTIMAGE := $(BOARD_PREBUILT_BOOTIMAGE)
|
||||
INSTALLED_BOOTIMAGE_TARGET := $(PRODUCT_OUT)/boot.img
|
||||
$(eval $(call copy-one-file,$(INTERNAL_PREBUILT_BOOTIMAGE),$(INSTALLED_BOOTIMAGE_TARGET)))
|
||||
|
||||
ifeq ($(BOARD_AVB_ENABLE),true)
|
||||
$(INSTALLED_BOOTIMAGE_TARGET): $(INTERNAL_PREBUILT_BOOTIMAGE) $(AVBTOOL) $(BOARD_AVB_BOOT_KEY_PATH)
|
||||
cp $(INTERNAL_PREBUILT_BOOTIMAGE) $@
|
||||
$(AVBTOOL) add_hash_footer \
|
||||
--image $@ \
|
||||
--partition_size $(BOARD_BOOTIMAGE_PARTITION_SIZE) \
|
||||
--partition_name boot $(INTERNAL_AVB_BOOT_SIGNING_ARGS) \
|
||||
$(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS)
|
||||
else
|
||||
$(INSTALLED_BOOTIMAGE_TARGET): $(INTERNAL_PREBUILT_BOOTIMAGE)
|
||||
cp $(INTERNAL_PREBUILT_BOOTIMAGE) $@
|
||||
endif # BOARD_AVB_ENABLE
|
||||
|
||||
else # BOARD_PREBUILT_BOOTIMAGE not defined
|
||||
INSTALLED_BOOTIMAGE_TARGET :=
|
||||
endif # BOARD_PREBUILT_BOOTIMAGE
|
||||
|
@ -5107,12 +5120,17 @@ ifdef BOARD_PREBUILT_SYSTEM_EXTIMAGE
|
|||
$(hide) mkdir -p $(zip_root)/IMAGES
|
||||
$(hide) cp $(INSTALLED_SYSTEM_EXTIMAGE_TARGET) $(zip_root)/IMAGES/
|
||||
endif
|
||||
ifndef BOARD_PREBUILT_BOOTIMAGE
|
||||
ifneq (,$(INTERNAL_PREBUILT_BOOTIMAGE) $(filter true,$(BOARD_COPY_BOOT_IMAGE_TO_TARGET_FILES)))
|
||||
ifdef INSTALLED_BOOTIMAGE_TARGET
|
||||
$(hide) mkdir -p $(zip_root)/IMAGES
|
||||
$(hide) cp $(INSTALLED_BOOTIMAGE_TARGET) $(zip_root)/IMAGES/
|
||||
endif # INSTALLED_BOOTIMAGE_TARGET
|
||||
endif # INTERNAL_PREBUILT_BOOTIMAGE != "" || BOARD_COPY_BOOT_IMAGE_TO_TARGET_FILES == true
|
||||
else # BOARD_PREBUILT_BOOTIMAGE is defined
|
||||
$(hide) mkdir -p $(zip_root)/PREBUILT_IMAGES
|
||||
$(hide) cp $(INSTALLED_BOOTIMAGE_TARGET) $(zip_root)/PREBUILT_IMAGES/
|
||||
endif # BOARD_PREBUILT_BOOTIMAGE
|
||||
ifdef BOARD_PREBUILT_ODMIMAGE
|
||||
$(hide) mkdir -p $(zip_root)/IMAGES
|
||||
$(hide) cp $(INSTALLED_ODMIMAGE_TARGET) $(zip_root)/IMAGES/
|
||||
|
|
|
@ -379,6 +379,8 @@ BUILDING_BOOT_IMAGE :=
|
|||
ifeq ($(PRODUCT_BUILD_BOOT_IMAGE),)
|
||||
ifeq ($(BOARD_USES_RECOVERY_AS_BOOT),true)
|
||||
BUILDING_BOOT_IMAGE :=
|
||||
else ifdef BOARD_PREBUILT_BOOTIMAGE
|
||||
BUILDING_BOOT_IMAGE :=
|
||||
else ifdef BOARD_BOOTIMAGE_PARTITION_SIZE
|
||||
BUILDING_BOOT_IMAGE := true
|
||||
else ifneq (,$(foreach kernel,$(BOARD_KERNEL_BINARIES),$(BOARD_$(call to-upper,$(kernel))_BOOTIMAGE_PARTITION_SIZE)))
|
||||
|
|
|
@ -1710,6 +1710,38 @@ def _BuildBootableImage(image_name, sourcedir, fs_config_file, info_dict=None,
|
|||
return data
|
||||
|
||||
|
||||
def _SignBootableImage(image_path, prebuilt_name, partition_name,
|
||||
info_dict=None):
|
||||
"""Performs AVB signing for a prebuilt boot.img.
|
||||
|
||||
Args:
|
||||
image_path: The full path of the image, e.g., /path/to/boot.img.
|
||||
prebuilt_name: The prebuilt image name, e.g., boot.img, boot-5.4-gz.img,
|
||||
boot-5.10.img, recovery.img.
|
||||
partition_name: The partition name, e.g., 'boot' or 'recovery'.
|
||||
info_dict: The information dict read from misc_info.txt.
|
||||
"""
|
||||
if info_dict is None:
|
||||
info_dict = OPTIONS.info_dict
|
||||
|
||||
# AVB: if enabled, calculate and add hash to boot.img or recovery.img.
|
||||
if info_dict.get("avb_enable") == "true":
|
||||
avbtool = info_dict["avb_avbtool"]
|
||||
if partition_name == "recovery":
|
||||
part_size = info_dict["recovery_size"]
|
||||
else:
|
||||
part_size = info_dict[prebuilt_name.replace(".img", "_size")]
|
||||
|
||||
cmd = [avbtool, "add_hash_footer", "--image", image_path,
|
||||
"--partition_size", str(part_size), "--partition_name",
|
||||
partition_name]
|
||||
AppendAVBSigningArgs(cmd, partition_name)
|
||||
args = info_dict.get("avb_" + partition_name + "_add_hash_footer_args")
|
||||
if args and args.strip():
|
||||
cmd.extend(shlex.split(args))
|
||||
RunAndCheckOutput(cmd)
|
||||
|
||||
|
||||
def GetBootableImage(name, prebuilt_name, unpack_dir, tree_subdir,
|
||||
info_dict=None, two_step_image=False):
|
||||
"""Return a File object with the desired bootable image.
|
||||
|
@ -1718,6 +1750,9 @@ def GetBootableImage(name, prebuilt_name, unpack_dir, tree_subdir,
|
|||
otherwise look for it under 'unpack_dir'/IMAGES, otherwise construct it from
|
||||
the source files in 'unpack_dir'/'tree_subdir'."""
|
||||
|
||||
if info_dict is None:
|
||||
info_dict = OPTIONS.info_dict
|
||||
|
||||
prebuilt_path = os.path.join(unpack_dir, "BOOTABLE_IMAGES", prebuilt_name)
|
||||
if os.path.exists(prebuilt_path):
|
||||
logger.info("using prebuilt %s from BOOTABLE_IMAGES...", prebuilt_name)
|
||||
|
@ -1728,10 +1763,16 @@ def GetBootableImage(name, prebuilt_name, unpack_dir, tree_subdir,
|
|||
logger.info("using prebuilt %s from IMAGES...", prebuilt_name)
|
||||
return File.FromLocalFile(name, prebuilt_path)
|
||||
|
||||
logger.info("building image from target_files %s...", tree_subdir)
|
||||
prebuilt_path = os.path.join(unpack_dir, "PREBUILT_IMAGES", prebuilt_name)
|
||||
if os.path.exists(prebuilt_path):
|
||||
logger.info("Re-signing prebuilt %s from PREBUILT_IMAGES...", prebuilt_name)
|
||||
signed_img = MakeTempFile()
|
||||
shutil.copy(prebuilt_path, signed_img)
|
||||
partition_name = tree_subdir.lower()
|
||||
_SignBootableImage(signed_img, prebuilt_name, partition_name, info_dict)
|
||||
return File.FromLocalFile(name, signed_img)
|
||||
|
||||
if info_dict is None:
|
||||
info_dict = OPTIONS.info_dict
|
||||
logger.info("building image from target_files %s...", tree_subdir)
|
||||
|
||||
# With system_root_image == "true", we don't pack ramdisk into the boot image.
|
||||
# Unless "recovery_as_boot" is specified, in which case we carry the ramdisk
|
||||
|
|
Loading…
Reference in New Issue