From ac4076de9d5c517e144090487dc165538d15b0d2 Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Mon, 15 Mar 2021 23:21:30 +0900 Subject: [PATCH] bootimg signs image using verity_utils Previously, bootimg signed the image using avbtool. This didn't work because avbtool always requires that the partition size is given via '--partition_size' parameter. The partition size is hard to estimate especially when the image is not for a real physical partition, but for a logical partition in a composite image. With this change, the signing of bootimg is done by verity_utils.py which internally uses avbtool. The python script is capable of calculating the minimum required partition size when the partition size is not given. In addition, this change adds 'partition_name' property to the `android_filesystem` module type so that we can customize the partition name field in the vbmeta descriptor. Bug: 180676957 Test: m microdroid-boot-5.10 Change-Id: I2e4aa626cf06a2177b4a8d90ff9b9006d2927ae4 --- filesystem/bootimg.go | 41 ++++++++++++++++++++++++++++++++-------- filesystem/filesystem.go | 6 +++++- 2 files changed, 38 insertions(+), 9 deletions(-) diff --git a/filesystem/bootimg.go b/filesystem/bootimg.go index 876e189ee..ce1c855d4 100644 --- a/filesystem/bootimg.go +++ b/filesystem/bootimg.go @@ -17,6 +17,7 @@ package filesystem import ( "fmt" "strconv" + "strings" "github.com/google/blueprint" "github.com/google/blueprint/proptools" @@ -200,22 +201,46 @@ func (b *bootimg) buildBootImage(ctx android.ModuleContext, vendor bool) android } func (b *bootimg) signImage(ctx android.ModuleContext, unsignedImage android.OutputPath) android.OutputPath { - output := android.PathForModuleOut(ctx, b.installFileName()).OutputPath - key := android.PathForModuleSrc(ctx, proptools.String(b.properties.Avb_private_key)) + propFile, toolDeps := b.buildPropFile(ctx) + output := android.PathForModuleOut(ctx, b.installFileName()).OutputPath builder := android.NewRuleBuilder(pctx, ctx) builder.Command().Text("cp").Input(unsignedImage).Output(output) - builder.Command(). - BuiltTool("avbtool"). - Flag("add_hash_footer"). - FlagWithArg("--partition_name ", b.partitionName()). - FlagWithInput("--key ", key). - FlagWithOutput("--image ", output) + builder.Command().BuiltTool("verity_utils"). + Input(propFile). + Implicits(toolDeps). + Output(output) builder.Build("sign_bootimg", fmt.Sprintf("Signing %s", b.BaseModuleName())) return output } +func (b *bootimg) buildPropFile(ctx android.ModuleContext) (propFile android.OutputPath, toolDeps android.Paths) { + var sb strings.Builder + var deps android.Paths + addStr := func(name string, value string) { + fmt.Fprintf(&sb, "%s=%s\n", name, value) + } + addPath := func(name string, path android.Path) { + addStr(name, path.String()) + deps = append(deps, path) + } + + addStr("avb_hash_enable", "true") + addPath("avb_avbtool", ctx.Config().HostToolPath(ctx, "avbtool")) + algorithm := proptools.StringDefault(b.properties.Avb_algorithm, "SHA256_RSA4096") + addStr("avb_algorithm", algorithm) + key := android.PathForModuleSrc(ctx, proptools.String(b.properties.Avb_private_key)) + addPath("avb_key_path", key) + addStr("avb_add_hash_footer_args", "") // TODO(jiyong): add --rollback_index + partitionName := proptools.StringDefault(b.properties.Partition_name, b.Name()) + addStr("partition_name", partitionName) + + propFile = android.PathForModuleOut(ctx, "prop").OutputPath + android.WriteFileRule(ctx, propFile, sb.String()) + return propFile, deps +} + var _ android.AndroidMkEntriesProvider = (*bootimg)(nil) // Implements android.AndroidMkEntriesProvider diff --git a/filesystem/filesystem.go b/filesystem/filesystem.go index 3b0a7ae5a..7f36308df 100644 --- a/filesystem/filesystem.go +++ b/filesystem/filesystem.go @@ -55,6 +55,9 @@ type filesystemProperties struct { // Hash and signing algorithm for avbtool. Default is SHA256_RSA4096. Avb_algorithm *string + // Name of the partition stored in vbmeta desc. Defaults to the name of this module. + Partition_name *string + // Type of the filesystem. Currently, ext4, cpio, and compressed_cpio are supported. Default // is ext4. Type *string @@ -279,7 +282,8 @@ func (f *filesystem) buildPropFile(ctx android.ModuleContext) (propFile android. key := android.PathForModuleSrc(ctx, proptools.String(f.properties.Avb_private_key)) addPath("avb_key_path", key) addStr("avb_add_hashtree_footer_args", "--do_not_generate_fec") - addStr("partition_name", f.Name()) + partitionName := proptools.StringDefault(f.properties.Partition_name, f.Name()) + addStr("partition_name", partitionName) } if proptools.String(f.properties.File_contexts) != "" {