From 9bd832a0122b76bce3fe10790b04aabf0099a7ff Mon Sep 17 00:00:00 2001 From: Tianjie Xu Date: Thu, 6 Feb 2020 13:12:56 -0800 Subject: [PATCH] Remove the key parameter when verifying avb images in validate_target_files If a key is specified, the avbtool always use the input key to verify all the chained images. And this will cause failures when the vbmeta & system use different keys (e.g. RSA 4096 vs RSA2048). Because the public key to vbmeta will always fail to verify the system image. Remove the '--key' parameter in the verification command, so the avbtool will use the embedded public in the image. Test: validate target-file from sdk_gphone_x86_64 Bug: 148916990 Change-Id: I9d31be0f8c32af605af94fa73d07818f40f51ec4 --- tools/releasetools/validate_target_files.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/releasetools/validate_target_files.py b/tools/releasetools/validate_target_files.py index 9c2bc514e..1b918cc4f 100755 --- a/tools/releasetools/validate_target_files.py +++ b/tools/releasetools/validate_target_files.py @@ -350,7 +350,7 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options): # vbmeta partitions (e.g. vbmeta_system). image = os.path.join(input_tmp, 'IMAGES', 'vbmeta.img') cmd = [info_dict['avb_avbtool'], 'verify_image', '--image', image, - '--key', key, '--follow_chain_partitions'] + '--follow_chain_partitions'] # Append the args for chained partitions if any. for partition in common.AVB_PARTITIONS + common.AVB_VBMETA_PARTITIONS: