Merge changes Ieb58dd9a,I8ada38df
* changes: AVB: support BOARD_BUILD_SYSTEM_ROOT_IMAGE AVB: support signing vendor.img
This commit is contained in:
commit
9ea5c1aad0
120
core/Makefile
120
core/Makefile
|
@ -892,6 +892,8 @@ $(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_signing_args=$(INTERNAL_AVB_SIGNING_A
|
|||
$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_avbtool=$(AVBTOOL)" >> $(1))
|
||||
$(if $(BOARD_AVB_ENABLE),$(hide) echo "system_avb_enable=$(BOARD_AVB_ENABLE)" >> $(1))
|
||||
$(if $(BOARD_AVB_ENABLE),$(hide) echo "system_avb_add_hashtree_footer_args=$(BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS)" >> $(1))
|
||||
$(if $(BOARD_AVB_ENABLE),$(hide) echo "vendor_avb_enable=$(BOARD_AVB_ENABLE)" >> $(1))
|
||||
$(if $(BOARD_AVB_ENABLE),$(hide) echo "vendor_avb_add_hashtree_footer_args=$(BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS)" >> $(1))
|
||||
$(if $(filter true,$(BOARD_USES_RECOVERY_AS_BOOT)),\
|
||||
$(hide) echo "recovery_as_boot=true" >> $(1))
|
||||
$(if $(filter true,$(BOARD_BUILD_SYSTEM_ROOT_IMAGE)),\
|
||||
|
@ -1584,61 +1586,6 @@ else # BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE
|
|||
IGNORE_CACHE_LINK := --exclude=cache
|
||||
endif # BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# vbmeta image
|
||||
ifeq ($(BOARD_AVB_ENABLE),true)
|
||||
|
||||
BUILT_VBMETAIMAGE_TARGET := $(PRODUCT_OUT)/vbmeta.img
|
||||
|
||||
INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS := \
|
||||
--include_descriptors_from_image $(INSTALLED_BOOTIMAGE_TARGET) \
|
||||
--include_descriptors_from_image $(INSTALLED_SYSTEMIMAGE) \
|
||||
--generate_dm_verity_cmdline_from_hashtree $(INSTALLED_SYSTEMIMAGE)
|
||||
|
||||
ifdef BOARD_AVB_ROLLBACK_INDEX
|
||||
INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += --rollback_index $(BOARD_AVB_ROLLBACK_INDEX)
|
||||
endif
|
||||
|
||||
ifndef BOARD_AVB_KEY_PATH
|
||||
# If key path isn't specified, use the 4096-bit test key.
|
||||
INTERNAL_AVB_SIGNING_ARGS := \
|
||||
--algorithm SHA256_RSA4096 \
|
||||
--key external/avb/test/data/testkey_rsa4096.pem
|
||||
else
|
||||
INTERNAL_AVB_SIGNING_ARGS := \
|
||||
--algorithm $(BOARD_AVB_ALGORITHM) --key $(BOARD_AVB_KEY_PATH)
|
||||
endif
|
||||
|
||||
ifndef BOARD_BOOTIMAGE_PARTITION_SIZE
|
||||
$(error BOARD_BOOTIMAGE_PARTITION_SIZE must be set for BOARD_AVB_ENABLE)
|
||||
endif
|
||||
|
||||
ifndef BOARD_SYSTEMIMAGE_PARTITION_SIZE
|
||||
$(error BOARD_SYSTEMIMAGE_PARTITION_SIZE must be set for BOARD_AVB_ENABLE)
|
||||
endif
|
||||
|
||||
define build-vbmetaimage-target
|
||||
$(call pretty,"Target vbmeta image: $(INSTALLED_VBMETAIMAGE_TARGET)")
|
||||
$(hide) $(AVBTOOL) make_vbmeta_image \
|
||||
$(INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS) \
|
||||
$(INTERNAL_AVB_SIGNING_ARGS) \
|
||||
$(BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS) \
|
||||
--output $@
|
||||
endef
|
||||
|
||||
INSTALLED_VBMETAIMAGE_TARGET := $(BUILT_VBMETAIMAGE_TARGET)
|
||||
$(INSTALLED_VBMETAIMAGE_TARGET): $(AVBTOOL) $(INSTALLED_BOOTIMAGE_TARGET) $(INSTALLED_SYSTEMIMAGE)
|
||||
$(build-vbmetaimage-target)
|
||||
|
||||
.PHONY: vbmetaimage-nodeps
|
||||
vbmetaimage-nodeps:
|
||||
$(build-vbmetaimage-target)
|
||||
|
||||
# We need $(AVBTOOL) for system.img generation.
|
||||
FULL_SYSTEMIMAGE_DEPS += $(AVBTOOL)
|
||||
|
||||
endif # BOARD_AVB_ENABLE
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# system_other partition image
|
||||
ifeq ($(BOARD_USES_SYSTEM_OTHER_ODEX),true)
|
||||
|
@ -1742,6 +1689,69 @@ INSTALLED_VENDORIMAGE_TARGET := $(PRODUCT_OUT)/vendor.img
|
|||
$(eval $(call copy-one-file,$(BOARD_PREBUILT_VENDORIMAGE),$(INSTALLED_VENDORIMAGE_TARGET)))
|
||||
endif
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# vbmeta image
|
||||
ifeq ($(BOARD_AVB_ENABLE),true)
|
||||
|
||||
BUILT_VBMETAIMAGE_TARGET := $(PRODUCT_OUT)/vbmeta.img
|
||||
|
||||
INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS := \
|
||||
--include_descriptors_from_image $(INSTALLED_BOOTIMAGE_TARGET) \
|
||||
--include_descriptors_from_image $(INSTALLED_SYSTEMIMAGE) \
|
||||
|
||||
ifdef INSTALLED_VENDORIMAGE_TARGET
|
||||
INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += \
|
||||
--include_descriptors_from_image $(INSTALLED_VENDORIMAGE_TARGET)
|
||||
endif
|
||||
|
||||
ifeq ($(BOARD_BUILD_SYSTEM_ROOT_IMAGE),true)
|
||||
INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += --setup_rootfs_from_kernel $(BUILT_SYSTEMIMAGE)
|
||||
endif
|
||||
|
||||
ifdef BOARD_AVB_ROLLBACK_INDEX
|
||||
INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += --rollback_index $(BOARD_AVB_ROLLBACK_INDEX)
|
||||
endif
|
||||
|
||||
ifndef BOARD_AVB_KEY_PATH
|
||||
# If key path isn't specified, use the 4096-bit test key.
|
||||
INTERNAL_AVB_SIGNING_ARGS := \
|
||||
--algorithm SHA256_RSA4096 \
|
||||
--key external/avb/test/data/testkey_rsa4096.pem
|
||||
else
|
||||
INTERNAL_AVB_SIGNING_ARGS := \
|
||||
--algorithm $(BOARD_AVB_ALGORITHM) --key $(BOARD_AVB_KEY_PATH)
|
||||
endif
|
||||
|
||||
ifndef BOARD_BOOTIMAGE_PARTITION_SIZE
|
||||
$(error BOARD_BOOTIMAGE_PARTITION_SIZE must be set for BOARD_AVB_ENABLE)
|
||||
endif
|
||||
|
||||
ifndef BOARD_SYSTEMIMAGE_PARTITION_SIZE
|
||||
$(error BOARD_SYSTEMIMAGE_PARTITION_SIZE must be set for BOARD_AVB_ENABLE)
|
||||
endif
|
||||
|
||||
define build-vbmetaimage-target
|
||||
$(call pretty,"Target vbmeta image: $(INSTALLED_VBMETAIMAGE_TARGET)")
|
||||
$(hide) $(AVBTOOL) make_vbmeta_image \
|
||||
$(INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS) \
|
||||
$(INTERNAL_AVB_SIGNING_ARGS) \
|
||||
$(BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS) \
|
||||
--output $@
|
||||
endef
|
||||
|
||||
INSTALLED_VBMETAIMAGE_TARGET := $(BUILT_VBMETAIMAGE_TARGET)
|
||||
$(INSTALLED_VBMETAIMAGE_TARGET): $(AVBTOOL) $(INSTALLED_BOOTIMAGE_TARGET) $(INSTALLED_SYSTEMIMAGE) $(INSTALLED_VENDORIMAGE_TARGET)
|
||||
$(build-vbmetaimage-target)
|
||||
|
||||
.PHONY: vbmetaimage-nodeps
|
||||
vbmetaimage-nodeps:
|
||||
$(build-vbmetaimage-target)
|
||||
|
||||
# We need $(AVBTOOL) for system.img generation.
|
||||
FULL_SYSTEMIMAGE_DEPS += $(AVBTOOL)
|
||||
|
||||
endif # BOARD_AVB_ENABLE
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# bring in the installer image generation defines if necessary
|
||||
ifeq ($(TARGET_USE_DISKINSTALLER),true)
|
||||
|
|
|
@ -285,15 +285,19 @@ def AddUserdata(output_zip, prefix="IMAGES/"):
|
|||
img.Write()
|
||||
|
||||
|
||||
def AddVBMeta(output_zip, boot_img_path, system_img_path, prefix="IMAGES/"):
|
||||
def AddVBMeta(output_zip, boot_img_path, system_img_path, vendor_img_path,
|
||||
prefix="IMAGES/"):
|
||||
"""Create a VBMeta image and store it in output_zip."""
|
||||
img = OutputFile(output_zip, OPTIONS.input_tmp, prefix, "vbmeta.img")
|
||||
avbtool = os.getenv('AVBTOOL') or "avbtool"
|
||||
cmd = [avbtool, "make_vbmeta_image",
|
||||
"--output", img.name,
|
||||
"--include_descriptors_from_image", boot_img_path,
|
||||
"--include_descriptors_from_image", system_img_path,
|
||||
"--generate_dm_verity_cmdline_from_hashtree", system_img_path]
|
||||
"--include_descriptors_from_image", system_img_path]
|
||||
if vendor_img_path is not None:
|
||||
cmd.extend(["--include_descriptors_from_image", vendor_img_path])
|
||||
if OPTIONS.info_dict.get("system_root_image", None) == "true":
|
||||
cmd.extend(["--setup_rootfs_from_kernel", system_img_path])
|
||||
common.AppendAVBSigningArgs(cmd)
|
||||
args = OPTIONS.info_dict.get("board_avb_make_vbmeta_image_args", None)
|
||||
if args and args.strip():
|
||||
|
@ -477,7 +481,7 @@ def AddImagesToTargetFiles(filename):
|
|||
if OPTIONS.info_dict.get("board_avb_enable", None) == "true":
|
||||
banner("vbmeta")
|
||||
boot_contents = boot_image.WriteToTemp()
|
||||
AddVBMeta(output_zip, boot_contents.name, system_img_path)
|
||||
AddVBMeta(output_zip, boot_contents.name, system_img_path, vendor_img_path)
|
||||
|
||||
# For devices using A/B update, copy over images from RADIO/ and/or
|
||||
# VENDOR_IMAGES/ to IMAGES/ and make sure we have all the needed
|
||||
|
|
Loading…
Reference in New Issue