openkylin
/
platform_build
mirror of https://gitee.com/openkylin/platform_build.git
9
0
Fork 1
Code Issues Projects Releases Wiki Activity
37,974 Commits 2 Branches 1 Tag 73 MiB
Makefile 43.1%
Python 38.2%
Java 6.1%
C++ 3.6%
Shell 2.4%
Other 6.5%
Go to file
Bowgo Tsai f636a80888 AVB: support chain partition signing 
Current build system will include AVB metadata from each partition and
store them into /vbmeta partiton when BOARD_AVB_ENABLE is set, which makes
each partition tightly-coupled.

Add the support for 'chain partition':
  - The vbmeta of each partition is stored on the same partition itself.
  - The public key used to verify each partition is stored in /vbmeta.

For example, the following build variables are required to enable chain
partition for system partition:
  - BOARD_AVB_SYSTEM_KEY_PATH := path/to/system_private_key
  - BOARD_AVB_SYSTEM_ALGORITHM := SHA512_RSA8192
  - BOARD_AVB_SYSTEM_ROLLBACK_INDEX := 1
  - BOARD_AVB_SYSTEM_ROLLBACK_INDEX_LOCATION := 2

The corresponding settings will be added into META/misc_info.txt for
build_image.py and/or add_img_to_target_files.py:
  - avb_system_key_path=path/to/system_private_key
  - avb_system_algorithm=SHA512_RSA8192
  - avb_system_add_hashtree_footer_args=--rollback_index 1
  - avb_system_rollback_index_location=2

To enable chain partition for other partitions, just replace SYSTEM with
BOOT, VENDOR and/or DTBO in the build variables.

Also switch from  `avbtool make_vbmeta_image --setup_rootfs_from_kernel system.img ...`
to `avbtool add_hashtree_footer --image system.img --setup_as_rootfs_from_kernel...`
when BOARD_BUILD_SYSTEM_ROOT_IMAGE is true. This works for both chained
and no-chained:
  - chained: `avbtool add_hashtree_footer --setup_as_rootfs_from_kernel` will
    add dm-verity kernel cmdline descriptor to system.img
  - no-chained: `avbtool make_vbmeta_image --include_descriptors_from_image
    system.img` will include the kernel cmdline descriptor from system.img into
    vbmeta.img

Bug: 38399657
Test: `make` pass, flash images from $OUT and boot device without chain partitions
Test: `make` pass, flash images from $OUT and boot device with chain partitions
Test: `make dist` pass, flash images from TF.zip and boot device without chain partitions
Test: `make dist` pass, flash images from TF.zip and boot device with chain partitions
Test: follow the same steps in
      https://android-review.googlesource.com/#/c/407572/

Change-Id: I344f79290743d7d47b5e7441b3a21df812a69099
Merged-In: I344f79290743d7d47b5e7441b3a21df812a69099
(cherry picked from commit 3e599ead66)
 		2017-06-21 10:22:38 +08:00
core AVB: support chain partition signing 2017-06-21 10:22:38 +08:00
target Merge "Add audio.a2dp.default to generic system image" into oc-dr1-dev 2017-06-21 01:57:53 +00:00
tests Only set TARGET_PLATFORM version in lunch when explicitly requested 2017-05-03 02:47:59 +00:00
tools AVB: support chain partition signing 2017-06-21 10:22:38 +08:00
.gitignore Add build subprojects to .gitignore 2015-07-23 13:18:47 -07:00
Android.mk Add new Android.mk to handle repo move 2016-06-16 15:30:19 -07:00
CleanSpec.mk Move version checking to soong_ui 2017-05-15 14:02:38 -07:00
buildspec.mk.default Add TARGET_PLATFORM_VERSION to lunch 2017-03-23 09:44:08 -07:00
envsetup.sh Merge "Teach mgrep to find soong/*.go files." am: 46d9bf8f9a am: bb67e3ae54 am: f515b91b3f 2017-05-18 18:29:40 +00:00