Commit Graph

120 Commits

Author SHA1 Message Date
Treehugger Robot dcadb68011 Merge "sign_target_files_apks: replacing GKI signing args completely" 2021-05-11 07:30:16 +00:00
Bowgo Tsai bcae74def7 sign_target_files_apks: replacing GKI signing args completely
Commit I8bd8ad3acf324931b47d45fd30bc590206b1927e adds a default
value of "gki_signing_signature_args" in the misc_info.txt for
release signing to work. However, it's better to replace the default
value entirely (e.g., --prop foo:bar) as there is no need to include
them in the final release-signed image.

Bug: 178559811
Bug: 177862434
Test: atest releasetools_test
Test: atest releasetools_py3_test
Change-Id: I060b5a7076ff3e5d883abeb7d72f3db887c9fd69
2021-05-10 17:43:52 +08:00
Tianjie bbde59f9eb Calculate the vbmeta digest when building images
Calculate the vbmeta digest if the device builds vbmeta image. The
digest will used later to determine the build fingerprint in new
format.

One sample usage is the ota package generation, where we put the
build fingerprint in the ota metadata. But we don't have the runtime
vbmeta digest provided the bootloader.

Bug: 186786987
Test: unit tests
Change-Id: If572e2b973e295a6c95a9e23a65bb20b3afbf1b0
2021-05-05 18:04:51 +00:00
Treehugger Robot 243f9ea65f Merge "sign_target_files_apks: Relax ro.build.description requirements" 2021-04-24 05:13:01 +00:00
Kelvin Zhang 6c17ed3185 Re-raise exceptions instead of sys.exit
Test: th
Change-Id: I3ac343b51eeeaa948712be81b640122f9981137d
2021-04-14 14:59:12 -04:00
Stefen Wakefield 4260fc1575 sign_target_files_apks: Relax ro.build.description requirements
Some OEMs, namely OnePlus don't use AOSP compliant build description.
Making sure that the last piece ends with -keys is more than enough.

Change-Id: Iefa3c408a3fdda0b63db257befb8ba2d36793293
2021-04-12 17:33:29 +00:00
Bowgo Tsai 27c39b0af2 Support GKI boot.img v4 signing
Commit I9967d06bde0e18a12b84b5b0b568db09765fe305 supports adding a
generic boot_signature into boot.img v4. This change allows replacing
the boot_signture signing key with a release key during the release
process.

The default GKI signing key can be specified in a BoardConfig.mk via:

  BOARD_GKI_SIGNING_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
  BOARD_GKI_SIGNING_ALGORITHM := SHA256_RSA2048
  BOARD_GKI_SIGNING_SIGNATURE_ARGS := --prop foo:bar

The release signing key/algorithm can be specified by the following options
when invoking sign_target_files_apks:

  --gki_signing_key=external/avb/test/data/testkey_rsa4096.pem
  --gki_signing_algorithm=SHA256_RSA4096

Additional arguments for generating the GKI signature can be
specified as below:

  --gki_signing_extra_args="--prop gki:prop1 --prop gki:prop2"

Bug: 177862434
Test: make dist
Test: sign_target_files_apks \
        --gki_signing_key=external/avb/test/data/testkey_rsa4096.pem \
        --gki_signing_algorithm=SHA256_RSA4096 \
        --gki_signing_extra_args="--prop gki:prop1 --prop gki:prop2" \
        ./out/dist/*-target_files-eng.*.zip signed.zip
Test: Checks GKI boot_signature is expected after signing:
      `unzip signed.zip IMAGES/boot.img`
      `unpack_bootimg --boot_img IMAGES/boot.img --out unpack`
      `avbtool info_image --image unpack/boot_signature`
Test: unit test: releasetools_test and releasetools_py3_test

Change-Id: I61dadbc242360e4cab3dc70295931b4a5b9422a9
2021-03-19 17:11:04 +08:00
Tianjie bf0b8a8610 Add a check for missing entries in AVB_FOOTER_ARGS_BY_PARTITION
Fail the signing if the AVB_FOOTER_ARGS_BY_PARTITION isn't in sync
with common.AVB_PARTITIONS.

Bug: 181787095
Test: run sign_target_files_apks on a S image

Change-Id: I6ccf5fb9f39b92c1da2554f5b3826d2cd87d84d7
2021-03-03 17:31:48 -08:00
Tianjie 697c6eecf6 Add missing R partitions in AVB_FOOTER_ARGS
If we miss these entries, the signing script won't correctly update
the avb prop to build the vbmeta. This cl adds the missing partitions
for R build.

In the followup, we need to make the map in sync with AVB_PARTITIONS in
common.py

Bug: 181787095
Test: run sign_target_files_apks
Change-Id: I39a308fb7028b45ce08f0ca3c6ad61a6c13e8082
2021-03-03 15:28:58 -08:00
Tianjie 5bd0395570 Sign APEXes on all partitions
Bundle APEXes may exist on other partitions than system, e.g. vendor,
system_ext. And leaving them unsigned may cause security problems.

Bug: 180675334
Test: run sign_target_files_apks
Change-Id: Ib912a026f4010d818161a89b11f818180208843f
2021-02-18 23:02:36 -08:00
Kelvin Zhang 9f781ff907 Fix error where otacerts in VENDOR_BOOT isn't replaced
Test: sign a target_file, check otacerts.zip
Bug: 180025432

Change-Id: I918c3772a6de83314d76884dff3b26a85ed66eb2
2021-02-11 20:14:24 -05:00
Kelvin Zhang 119f279455 Fix signing errors where some partitions aren't properly signed
Rewrite build.prop of all partitions

Test: sign an target_file, check build prop of partitions

Bug: 179186447
Bug: 180025432

Change-Id: I01249532dc2df1b6d9ec8d0be58424a76814b53e
2021-02-11 19:51:05 -05:00
Kelvin Zhang 5f0fcee4dd Emit apex_info to target_files META/apex_info.pb
Test: mm -j
Bug: 172911822

Change-Id: I5a70b75dbe1cd546c66beaa8e4e3a63c3987461e
2021-01-25 09:15:30 -05:00
Tianjie Xu ec952237e2 Merge "sign_target_files_apks: Fix password encrypted keys handle" 2020-10-20 21:45:54 +00:00
Oleh Cherpak e555ab1848 sign_target_files_apks: Fix password encrypted keys handle
This patch restores the possibility of using password encrypted
keys for build signing.

Bug: 171221825
Test: 1. Generate password encrypted keys (write non empty passwords):
        $ subject='/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
        $ mkdir ~/.android-certs
        $ for x in releasekey platform shared media; do \
            ./development/tools/make_key ~/.android-certs/$x \
            "$subject"; \
          done
      2. Create a file with passwords:
        Example of passwd file:
            [[[ 12345678 ]]] /home/user/.android-certs/releasekey
            [[[ 12345678 ]]] /home/user/.android-certs/platform
            [[[ 12345678 ]]] /home/user/.android-certs/shared
            [[[ 12345678 ]]] /home/user/.android-certs/media
            [[[ 12345678 ]]] /home/user/.android-certs/networkstack
      3. Tell system where to find passwords:
        $ export ANDROID_PW_FILE=/path/to/file/with/passwords
      4. Generate a release image:
        $ make dist
        $ sign_target_files_apks \
        -o --default_key_mappings ~/.android-certs \
        out/dist/*-target_files-*.zip \
        signed-target_files.zip

Signed-off-by: Oleh Cherpak <oleh.cherpak@globallogic.com>
Change-Id: I3e9d5318f69a2c3ac6eec64b36163b6544d49c90
2020-10-20 18:29:35 +00:00
Kelvin Zhang 928c2341a6 Allow zip64 support when opening zip files
When opening an zip file through zipfile.ZipFile(), python2 by default
disables zip64 support. To support update files >4GB, we manually add
allowZip64 to override the setting.

Test: generate && serve an OTA

Change-Id: I9645e963ced830cc2d3a4b72bc63b9369a1cefe8
2020-09-22 16:53:39 -04:00
Tianjie a85bdf0bf0 Update language to comply with Android's inclusive language guidance
More details in: https://source.android.com/setup/contribute/respectful-code

Bug: 161896447
Test: build, run unittests
Change-Id: I35732333da0dd0c871f3e37c4af1b2211647d1e3
2020-07-29 12:06:00 -07:00
Ivan Lozano b021b2aeb3 Update language to comply with Android’s inclusive language guidance
See https://source.android.com/setup/contribute/respectful-code for reference

 #inclusivefixit

Bug: 161896447
Test: N/A
Change-Id: I9fd970726d739da658f6419a1ccd3e4952b17c78
2020-07-28 15:43:15 -04:00
Kelvin Zhang c8b4784cb9 Merge "Fix lint errors in ota_from_target_files script" 2020-06-24 19:17:35 +00:00
Kelvin Zhang 0876c410ad Fix lint errors in ota_from_target_files script
Only changes code styles, should be No-op to functionality

Test: Run unit tests
Bug: 159723838
Change-Id: Icf6146eb0d6b3fb66478709c0edf55bce54db68f
2020-06-24 09:21:35 -04:00
Oleg Aravin 8046cb0a2c Attach apk_name as a suffix for the temporary files
With this change the name of the signed and unsigned APK will be something like 'tmpadrbpp9f/tmpvl0lf2kr/tmpknja6mca_MyApk.apk' instead of 'tmpadrbpp9f/tmpvl0lf2kr/tmpknja6mca'.

The motivation for this change is a better logging and transparency what is being signed in the underlying client.

Change-Id: I32b0e93d5859ca3fb712e426705f16d329d71f0e
2020-06-02 16:03:21 -07:00
Hongguang Chen 4975a9334f Allow more than one '=' in avb_extra_custom_image_extra_args.
avb_extra_custom_image_extra_args can be set to
'oem=--signing_helper_with_files=/tmp/avbsigner.sh' on signing server.
The second '=' shouldn't be splitted in this case.

BUG: 154171021
Test: Manually sign target zip files which has custom images.
  sign_target_files_apks -d certs --avb_extra_custom_image_key \
    oem=oem_rsa4096.pem --avb_extra_custom_image_algorithm \
    oem=SHA256_RSA4096 --avb_extra_custom_image_extra_args \
    oem="--signing_helper_with_files=/tmp/avbsigner.sh" \
    xxxx-target_files.zip signed.zip

Change-Id: I815d574f791734d4c6a25a9f8d827b5b4f93d7cc
Merged-In: I815d574f791734d4c6a25a9f8d827b5b4f93d7cc
2020-05-25 15:11:30 -07:00
Hongguang Chen 883eecbc4b Allow more than one '=' in avb_extra_custom_image_extra_args.
avb_extra_custom_image_extra_args can be set to
'oem=--signing_helper_with_files=/tmp/avbsigner.sh' on signing server.
The second '=' shouldn't be splitted in this case.

BUG: 154171021
Test: Manually sign target zip files which has custom images.
  sign_target_files_apks -d certs --avb_extra_custom_image_key \
    oem=oem_rsa4096.pem --avb_extra_custom_image_algorithm \
    oem=SHA256_RSA4096 --avb_extra_custom_image_extra_args \
    oem="--signing_helper_with_files=/tmp/avbsigner.sh" \
    xxxx-target_files.zip signed.zip

Change-Id: I815d574f791734d4c6a25a9f8d827b5b4f93d7cc
2020-05-24 21:10:44 -07:00
Hongguang Chen d9edddd64d Add options to sign the prebuilt custom images.
The custom images are any images owned by OEMs and SoCs, oem images
mounted on /oem is an example. The oem images can be used to customize
devices for different carriers, like wallpaper, ringtones, and
carrier-specific apks. OEMs can generate multiple oem images, like
oem.img, oem-carrier1.img and oem-carrier2.img and flash different oem
images for different carriers. The oem images are only one case, OEMs
and SoCs can add more custom images and mount them to custom partitions.

This change enables custom images to be vbmeta.img chained partitions.
The following configuration in BoardConfig.mk is an exmaple. It has two
custom partitions: oem and test. They will be signed by different keys.
And they will be chained by vbmeta.img. The custom images here are
prebuilts, which can be built by `make custom_images` separately.
BOARD_AVB_<CUSTOM_PARTITION>_IMAGE_LIST should include all custom images
to apply AVB signing. And to every custom partition, one image whose
name is partition name must be added in its
BOARD_AVB_<CUSTOM_PARTITION>_IMAGE_LIST.

BOARD_CUSTOMIMAGES_PARTITION_LIST := oem test

BOARD_AVB_OEM_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem
BOARD_AVB_OEM_ALGORITHM := SHA256_RSA4096
BOARD_AVB_OEM_ADD_HASHTREE_FOOTER_ARGS :=
BOARD_AVB_OEM_ROLLBACK_INDEX_LOCATION := 1
BOARD_AVB_OEM_PARTITION_SIZE := 5242880
BOARD_AVB_OEM_IMAGE_LIST := \
    device/xxxx/yyyy/oem/oem.img \
    device/xxxx/yyyy/oem/oem1.img

BOARD_AVB_TEST_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
BOARD_AVB_TEST_ALGORITHM := SHA256_RSA2048
BOARD_AVB_TEST_ADD_HASHTREE_FOOTER_ARGS :=
BOARD_AVB_TEST_ROLLBACK_INDEX_LOCATION := 2
BOARD_AVB_TEST_PARTITION_SIZE := 10485760
BOARD_AVB_TEST_IMAGE_LIST := \
    device/xxxx/yyyy/test/test.img \
    device/xxxx/yyyy/test/test1.img

To resign the custom images in the target zip file, the
avb_extra_custom_image_key, avb_extra_custom_image_algorithms and
avb_extra_custom_image_extra_args options are added to the
sign_target_files_apks tool too. The following test cases list some
examples about how to use them.

BUG: 154171021
Test: 1) "atest --host releasetools_test releasetools_py3_test -c"
  2) Build images by 'make dist', sign and validate target files.
   a) Test on dist w/ chained vbmeta_system and ome custom images
   sign_target_files_apks -d certs \
     --avb_extra_custom_image_key oem=oem_rsa4096.pem \
     --avb_extra_custom_image_algorithm oem=SHA256_RSA4096 \
     xxx-target_xxx.zip signed.zip
   validate_target_files.py signed.zip
   Flash image and boot up.
   Verify the oem images and vbmeta images in OUT and target zips by
   avbtool.

   b) Test on dist w/ chained vbmeta_system and oem and test custom images
   sign_target_files_apks -d certs \
     --avb_extra_custom_image_key oem=oem_rsa4096.pem \
     --avb_extra_custom_image_algorithm oem=SHA256_RSA4096 \
     --avb_extra_custom_image_extra_args oem=--do_not_generate_fec \
     --avb_extra_custom_image_key test=test_rsa4096.pem \
     --avb_extra_custom_image_algorithm test=SHA256_RSA4096 \
     xxx-target_xxx.zip signed.zip
   validate_target_files.py signed.zip
   Verify the oem, test images and vbmeta images in OUT and target zips
   by avbtool.

   c) Test on dist w/o chained partition.
   sign_target_files_apks -d certs xxx-target_xxx.zip signed.zip
   validate_target_files.py signed.zip
   Flash image and boot up.
   Verify the vbmeta images in OUT and target zips by avbtool.

Change-Id: Ifccfee5e8909697eef6ccda0cc352fa16a9f6db6
Merged-In: Ifccfee5e8909697eef6ccda0cc352fa16a9f6db6
2020-05-21 22:22:19 +00:00
Hongguang Chen f23364d280 Add options to sign the prebuilt custom images.
The custom images are any images owned by OEMs and SoCs, oem images
mounted on /oem is an example. The oem images can be used to customize
devices for different carriers, like wallpaper, ringtones, and
carrier-specific apks. OEMs can generate multiple oem images, like
oem.img, oem-carrier1.img and oem-carrier2.img and flash different oem
images for different carriers. The oem images are only one case, OEMs
and SoCs can add more custom images and mount them to custom partitions.

This change enables custom images to be vbmeta.img chained partitions.
The following configuration in BoardConfig.mk is an exmaple. It has two
custom partitions: oem and test. They will be signed by different keys.
And they will be chained by vbmeta.img. The custom images here are
prebuilts, which can be built by `make custom_images` separately.
BOARD_AVB_<CUSTOM_PARTITION>_IMAGE_LIST should include all custom images
to apply AVB signing. And to every custom partition, one image whose
name is partition name must be added in its
BOARD_AVB_<CUSTOM_PARTITION>_IMAGE_LIST.

BOARD_CUSTOMIMAGES_PARTITION_LIST := oem test

BOARD_AVB_OEM_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem
BOARD_AVB_OEM_ALGORITHM := SHA256_RSA4096
BOARD_AVB_OEM_ADD_HASHTREE_FOOTER_ARGS :=
BOARD_AVB_OEM_ROLLBACK_INDEX_LOCATION := 1
BOARD_AVB_OEM_PARTITION_SIZE := 5242880
BOARD_AVB_OEM_IMAGE_LIST := \
    device/xxxx/yyyy/oem/oem.img \
    device/xxxx/yyyy/oem/oem1.img

BOARD_AVB_TEST_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
BOARD_AVB_TEST_ALGORITHM := SHA256_RSA2048
BOARD_AVB_TEST_ADD_HASHTREE_FOOTER_ARGS :=
BOARD_AVB_TEST_ROLLBACK_INDEX_LOCATION := 2
BOARD_AVB_TEST_PARTITION_SIZE := 10485760
BOARD_AVB_TEST_IMAGE_LIST := \
    device/xxxx/yyyy/test/test.img \
    device/xxxx/yyyy/test/test1.img

To resign the custom images in the target zip file, the
avb_extra_custom_image_key, avb_extra_custom_image_algorithms and
avb_extra_custom_image_extra_args options are added to the
sign_target_files_apks tool too. The following test cases list some
examples about how to use them.

BUG: 154171021
Test: 1) "atest --host releasetools_test releasetools_py3_test -c"
  2) Build images by 'make dist', sign and validate target files.
   a) Test on dist w/ chained vbmeta_system and ome custom images
   sign_target_files_apks -d certs \
     --avb_extra_custom_image_key oem=oem_rsa4096.pem \
     --avb_extra_custom_image_algorithm oem=SHA256_RSA4096 \
     xxx-target_xxx.zip signed.zip
   validate_target_files.py signed.zip
   Flash image and boot up.
   Verify the oem images and vbmeta images in OUT and target zips by
   avbtool.

   b) Test on dist w/ chained vbmeta_system and oem and test custom images
   sign_target_files_apks -d certs \
     --avb_extra_custom_image_key oem=oem_rsa4096.pem \
     --avb_extra_custom_image_algorithm oem=SHA256_RSA4096 \
     --avb_extra_custom_image_extra_args oem=--do_not_generate_fec \
     --avb_extra_custom_image_key test=test_rsa4096.pem \
     --avb_extra_custom_image_algorithm test=SHA256_RSA4096 \
     xxx-target_xxx.zip signed.zip
   validate_target_files.py signed.zip
   Verify the oem, test images and vbmeta images in OUT and target zips
   by avbtool.

   c) Test on dist w/o chained partition.
   sign_target_files_apks -d certs xxx-target_xxx.zip signed.zip
   validate_target_files.py signed.zip
   Flash image and boot up.
   Verify the vbmeta images in OUT and target zips by avbtool.

Change-Id: Ifccfee5e8909697eef6ccda0cc352fa16a9f6db6
2020-05-20 04:10:00 +00:00
Bill Peckham 96c9e6ed00 Make the `partition=` tag optional.
Since we might use ToT release tools to sign a package
generated by an older build, we make the new
`partition=` tag optional. This also means we need to be
careful to use non-greedy regex matching.

Bug: 153133823
Test: python3 -m unittest
Test: input with and without the new `partition=` tag
Test: new test_ReadApkCerts_WithWithoutOptionalFields
Change-Id: Ic57efd34e745ad302ae17150c6f2318f0b4524cb
Merged-In: Ic57efd34e745ad302ae17150c6f2318f0b4524cb
2020-04-03 21:23:04 -07:00
Bill Peckham 5c7b034a5c Make the `partition=` tag optional.
Since we might use ToT release tools to sign a package
generated by an older build, we make the new
`partition=` tag optional. This also means we need to be
careful to use non-greedy regex matching.

Bug: 153133823
Test: python3 -m unittest
Test: input with and without the new `partition=` tag
Test: new test_ReadApkCerts_WithWithoutOptionalFields
Change-Id: Ic57efd34e745ad302ae17150c6f2318f0b4524cb
2020-04-03 17:09:37 -07:00
Bill Peckham 8676f639f3 Build merged apexkeys.txt/apkcerts.txt by partition.
Propagate partition tag data to apexkeys.txt and
apkcerts.txt so that merge_target_files.py can build
merged versions of these files by filtering the
framework files for framework partitions and filtering
the vendor files for vendor partitions.

Bug: 138942268
Change-Id: Ic3226728e97dae84d38ec230ccc86d1b124bea94
Merged-In: Ic3226728e97dae84d38ec230ccc86d1b124bea94
2020-04-02 17:16:01 +00:00
Bill Peckham 19c3feb2d3 Build merged apexkeys.txt/apkcerts.txt by partition.
Propagate partition tag data to apexkeys.txt and
apkcerts.txt so that merge_target_files.py can build
merged versions of these files by filtering the
framework files for framework partitions and filtering
the vendor files for vendor partitions.

Bug: 138942268
Change-Id: Ic3226728e97dae84d38ec230ccc86d1b124bea94
2020-03-30 22:33:27 +00:00
Bowgo Tsai a7276405c9 Support removing AVB public keys
AVB public keys might be installed into the first-stage ramdisk.
This CL supports removing some AVB keys during the signing process,
which can be useful when a key needs to be revoked.

Also correcting the path of force_debuggable detection.

Bug: 150109393
Test: make dist
Test: ./build/tools/releasetools/sign_target_files_apks \
      --remove_avb_public_keys key1.avbpubkey,key2.avbpubkey \
      out/dist/*-target_files-*.zip signed-target_files.zip
Change-Id: I1af95adbbec655f40121f3392965dd1950aca4e5
Merged-In: I1af95adbbec655f40121f3392965dd1950aca4e5
(cherry picked from commit 2fe786a528)
2020-03-03 17:39:20 +08:00
Bowgo Tsai 2fe786a528 Support removing AVB public keys
AVB public keys might be installed into the first-stage ramdisk.
This CL supports removing some AVB keys during the signing process,
which can be useful when a key needs to be revoked.

Also correcting the path of force_debuggable detection.

Bug: 150109393
Test: make dist
Test: ./build/tools/releasetools/sign_target_files_apks \
      --remove_avb_public_keys key1.avbpubkey,key2.avbpubkey \
      out/dist/*-target_files-*.zip signed-target_files.zip
Change-Id: I1af95adbbec655f40121f3392965dd1950aca4e5
2020-02-24 17:53:10 +08:00
Tianjie Xu 88a759d651 Resign apks contained in apex
Some apex payload images contain apk files. And these apks need to be
signed during the signing processed when sign_target_files_apks is
called. To support the signing, we can extract the payload and repack
the apex file with the (de)apexer tool. Add the signing support in the
apex_util.

Bug: 146508800
Test: unit tests pass, run sign_apex, sign_target_files_apks
Change-Id: If6d58975248709a144b07dbabf47c27916e5695e
2020-01-27 19:48:39 +00:00
Robin Lee da427de124 Rebuild the vendor install-recovery if necessary.
Test: Manual on a device with VENDOR/bin/install-recovery.sh
Bug: 146504238
Bug: 68319577
Change-Id: I33c253716bda5e7e655dac5c0636e9995e7b64c1
2020-01-09 00:29:38 +01:00
Oleh Cherpak 982e608085 sign_target_apks: Add networkstack to default key_map
Test: run cts -m CtsSecurityTestCases -t \
	android.security.cts.PackageSignatureTest#testPackageSignatures
Bug: 145955635
Change-Id: I1a1498562e2b5983010cb98e3edcd03ceb2cce19
Signed-off-by: Oleh Cherpak <oleh.cherpak@globallogic.com>
2019-12-10 15:03:57 +00:00
Tianjie Xu 2df23d7f41 Stop creating update_engine_payload_key
Now the update_engine is able to read public keysfrom otacerts directly.
So the update_engine_payload_key is no longer needed.

Also remove the key replace in sign_target_files_apks.py. So we should
not use the new script to sign the old target files.

Bug: 116660991
Test: build the system image, unit tests pass
Change-Id: I9dae1f8b397f2b5efafed66a8faac1cb9087c741
2019-10-16 18:27:22 +00:00
Tao Bao 19b02fe8e5 Include per-partition fingerprint as AVB prop.
This allows querying per-partition fingerprint via libavb (in
particular, avb_property_lookup).

Bug: 80097573
Test: `m dist`; `avbtool info_image --image /path/to/image` to check the
      written prop.
Test: `atest --host releasetools_test releasetools_py3_test`
Test: Run sign_target_files_apks to sign a target_files.zip that's built
      with the change. Check the AVB prop in the signed images.
Change-Id: Id4f06df82c29e77aca128439c8c11f0367fe587e
2019-10-09 21:25:19 -07:00
Tao Bao 448004af9d Don't generate hashtree when signing bundled APEXes.
Bug: 139957269
Test: Sign a target_files.zip. Extract a re-signed APEX and check the
      hashtree size (being zero).
Test: Use sign_apex to sign an APEX file. Check the hashtree size (not
      being zero).
Test: python -m unittest test_apex_utils
Test: python -m unittest test_sign_apex
Change-Id: I927b7681d66920d7732b700ec3a8f7a65b4cb351
2019-09-19 14:41:34 -07:00
Tao Bao c99819311c Also install verity_key to ramdisk for non-system-as-root target.
The commit in d14b895665
(https://android-review.googlesource.com/c/platform/build/+/728287)
changed partition layout, to always build the root dir into system.img,
even for devices not using system-as-root (i.e. the ones with separate
boot ramdisk).

With the new layout, there will be two root dirs for non-system-as-root
targets during the boot. If such a device uses Verified Boot 1.0,
/verity_key needs to be available in both roots, to establish the chain
of trust.
 - bootloader uses the baked-in key to verify boot.img; it then loads
   the ramdisk from the verified boot.img
 - First stage init uses /verity_key (in ramdisk) to verify and mount
   system.img at /system, then chroot's to it
 - Second stage init uses /verity_key (in system.img) to verify and
   mount other partitions

This CL adds rules to additionally install verity_key into ramdisk for
such targets.

Bug: 139770257
Test: Set up a target to use non-system-as-root
      (BOARD_BUILD_SYSTEM_ROOT_IMAGE != true). `m dist`.
Test: Check that both ROOT/verity_key and BOOT/RAMDISK/verity_key exist
      in the built target_files.zip.
Test: Run validate_target_files to validate the above target_files.zip.
      $ validate_target_files \
          --verity_key_mincrypt /path/to/verity_key \
          target_files.zip
Test: Run sign_target_files_apks to sign the above target. Re-run
      validate_target_files on the signed target_files.zip.
Test: python -m unittest test_validate_target_files
Change-Id: Ibe7e771c8c376429add85851ac86055564765d3c
2019-09-17 08:53:16 -07:00
Tao Bao 0480850f0b releasetools: Move recovery-two-step.img to OTA/.
It used to be packed at IMAGES/recovery-two-step.img, but to serve OTA
purpose only.

Test: `m dist` with a non-A/B target. Check the file in the generated
      target_files.zip.
Test: Create two-step package. Check that recovery-two-step.img is used.
Change-Id: Iec6a73c682e0f844cd8c0b758c9470fa35dd15d8
2019-07-26 13:59:11 -07:00
Tao Bao bb73388acf releasetools: Fix the use of StringIO.
Based on the actual semantics, it actually wants an in-memory _bytes_
buffer (io.BytesIO), especially when running with Python 3. This CL
fixes the issue and adds a unittest.

Bug: 131631303
Test: python -m unittest test_sign_target_files_apks
Test: python3 -m unittest test_sign_target_files_apks
Change-Id: I3fb067acc26713f1842e831225607779fd0d1b7e
2019-07-24 23:34:25 -07:00
Tao Bao 3422309d6d releasetools: Ignore nonexistent APEX overrides.
This allows sharing the same signing config on different target_files
zips. Nonexistent APEX will be ignored with a warning.

Bug: 137249701
Test: Run sign_target_files_apks with APEX overrides.
Change-Id: I2bad0f5c00753ed36ec5ae3431c7dc2ff1fc3e9c
Merged-In: I2bad0f5c00753ed36ec5ae3431c7dc2ff1fc3e9c
(cherry picked from commit b369c7226a)
2019-07-12 00:25:41 -07:00
Justin Yun 6151e3f1ea Rename product_services to system_ext
Bug: 134359158
Test: build and check if system_ext.img is created
Change-Id: I67f2e95dd29eac6a28e07e24ea973d3a134c3bfc
2019-07-09 08:57:19 +00:00
Tao Bao 63cf1326da Merge "releasetools: Prefer the avbtool specified in target_files." 2019-06-28 01:18:21 +00:00
Tao Bao a370545a2c releasetools: Make additional modules Python 3 compatible.
Bug: 131631303
Test: `python -m unittest test_sign_target_files_apks`
Test: `python3 -m unittest test_sign_target_files_apks`
Test: `python -m unittest test_add_img_to_target_files`
Test: `python3 -m unittest test_add_img_to_target_files`
Test: `python -m unittest test_ota_from_target_files`
Test: `python3 -m unittest test_ota_from_target_files`
Test: `python -m unittest test_validate_target_files`
Test: `python3 -m unittest test_validate_target_files`
Test: Run `python3 ota_from_target_files.py` to generate an OTA.
Test: Run `python3 sign_target_files_apks.py` to sign a target_files.
Change-Id: I56b45bbcbf7aa83e690785a9640c0212e45d12d8
2019-06-27 09:05:48 -07:00
Tao Bao 1ac886e181 releasetools: Prefer the avbtool specified in target_files.
This allows a consistent logic in using the avbtool which could be
board-specific.

Test: `atest releasetools_test`
Test: Run sign_target_files_apks.py on a target_files.zip.
Change-Id: I8cd93b8e71146985734f85c31f4662f5e2e9534c
2019-06-26 17:18:48 -07:00
Tao Bao 338c1b7e90 releasetools: Remove some legacy paths for prop rewrites.
sign_target_files_apks.py only needs to take care of the current
release. The legacy paths of ODM/build.prop, VENDOR/odm/build.prop, and
BOOT/RAMDISK/default.prop no longer exist in the target_files.zip from
master.

The other two cases of ROOT/default.prop and
RECOVERY/RAMDISK/default.prop are still kept in the code, as they will
still exist (as symlink or conditionally).

Test: Run sign_target_files_apks.py against
      aosp_taimen-target_files.zip. Check the rewritten prop files.
Test: `python -m unittest test_sign_target_files_apks`
Change-Id: I5e70bc2ccc0f3dcf0eace0718c59a3b0f89a9ff4
2019-06-21 10:26:15 -07:00
Bowgo Tsai 71a4d5cdd5 Moving /odm/build.prop to /odm/etc/buid.prop
In device root directory, we have the following symlinks:
  - /odm/app -> /vendor/odm/app
  - /odm/bin -> /vendor/odm/bin
  - /odm/etc -> /vendor/odm/etc
  ...

This allows the Generic System Image (GSI) to be used on both devices:
  1) Has a physical odm partition, where those symlink will be hidden
     when /odm is used as the mount point
  2) Has no physical odm partition and fallback to /vendor/odm/.

We can't just have the symlink /odm -> /vendor/odm, because the former
devices won't have /vendor/odm directory, which leads to mount failure
when the mount point /odm is resolved to /vendor/odm.

The existing /vendor/odm/build.prop won't be loaded in the latter
devices, because there is no symlink:
    - /odm/build.prop -> /vendor/odm/build.prop.

Note that init blocks reading through direct symlinks (O_NOFOLLOW) so
the above symlink won't work either. This CL moves the odm build.prop
to /odm/etc/build.prop for init to load it (symlinks in earlier
components of the path will still be followed by O_NOFOLLOW).

Bug: 132128501
Test: boot a device and checks /odm/etc/build.prop is loaded
Test: make dist with an odm.img, checks $OUT/odm/etc/build.prop is loaded
Change-Id: I6f88763db755c9ec6068bfdd9cee81c19d72e9d7
Merged-In: I6f88763db755c9ec6068bfdd9cee81c19d72e9d7
(cherry picked from commit 6c62884000)
2019-05-22 14:04:39 +08:00
Tao Bao e7354ba447 Add sign_apex.py that signs a given APEX file.
This CL moves SignApex() from sign_target_files_apks into apex_utils,
and adds sign_apex that allows signing a standalone APEX file directly.

Test: Run the following command and check the output file.
$ build/make/tools/releasetools/sign_apex.py \
     -v \
     --container_key \
         build/make/target/product/security/testkey.x509.pem \
     --payload_key external/avb/test/data/testkey_rsa4096.pem \
     --payload_extra_args \
         "--signing_helper_with_files ./signing-helper.sh" \
     foo.apex \
     signed-foo.apex
Test: Run sign_target_files_apks.py on crosshatch target_files.zip.
Change-Id: I4b2422fd5cb1c60a3aa94511475e2a0e5b1666ca
2019-05-13 12:41:26 -07:00
Tao Bao d6085d6834 releasetools: Support replacing the signing keys for chained vbmeta.
Bug: 131710801
Test: Run sign_target_files_apks.py on a target that uses vbmeta_system.
Change-Id: I3bc526af3ec9f2680ca17ee5535607cff3ae9523
2019-05-06 12:56:52 -07:00
Magnus Strandh 234f4b418f Ensure that 'release-keys' are set on properties
Some properties had 'test-keys' still set
after signing the target files zip for release.

These properties are now added to the RewriteProps
method.

Bug: 131810966
Test: manual
Test: `atest releasetools_test`
Change-Id: Ifb352ed28f5100f1e9f686d77e935723f7f6d3ae
2019-05-03 10:42:35 -07:00