From a81d42992805af61ccb0b132b79935f6ed709a4e Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Tue, 26 Mar 2019 12:13:04 -0700 Subject: [PATCH] releasetools: Re-enable verifying AVB-signed images. This reverts commit 9788b4ed31e58301314d226ad8028610642a12e1. All the blocking issues have been addressed. Fixes: 120517892 Test: Run validate_target_files.py on crosshatch signed target_files.zip. Change-Id: I95de241e159998e002dedddafea65953b1a1b263 --- tools/releasetools/validate_target_files.py | 28 ++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/tools/releasetools/validate_target_files.py b/tools/releasetools/validate_target_files.py index 275939c94..1c856a8e1 100755 --- a/tools/releasetools/validate_target_files.py +++ b/tools/releasetools/validate_target_files.py @@ -318,9 +318,31 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options): if info_dict.get("avb_enable") == "true": logging.info('Verifying Verified Boot 2.0 (AVB) images...') - # TODO(b/120517892): Temporarily disable the verification for AVB-signed - # images. Needing supporting changes in caller to pass in the desired keys. - logging.info('Temporarily disabled due to b/120517892') + key = options['verity_key'] + if key is None: + key = info_dict['avb_vbmeta_key_path'] + + # avbtool verifies all the images that have descriptors listed in vbmeta. + image = os.path.join(input_tmp, 'IMAGES', 'vbmeta.img') + cmd = ['avbtool', 'verify_image', '--image', image, '--key', key] + + # Append the args for chained partitions if any. + for partition in common.AVB_PARTITIONS: + key_name = 'avb_' + partition + '_key_path' + if info_dict.get(key_name) is not None: + chained_partition_arg = common.GetAvbChainedPartitionArg( + partition, info_dict, options[key_name]) + cmd.extend(["--expected_chain_partition", chained_partition_arg]) + + proc = common.Run(cmd) + stdoutdata, _ = proc.communicate() + assert proc.returncode == 0, \ + 'Failed to verify {} with avbtool (key: {}):\n{}'.format( + image, key, stdoutdata) + + logging.info( + 'Verified %s with avbtool (key: %s):\n%s', image, key, + stdoutdata.rstrip()) def main():