From 08c190fc894c7dad112d8ee894c054a36be4bfea Mon Sep 17 00:00:00 2001
From: Tao Bao <tbao@google.com>
Date: Mon, 3 Jun 2019 23:07:58 -0700
Subject: [PATCH] releasetools: Allow verifying chained vbmeta partitions.

Chained vbmeta partitions (vbmeta_system, vbmeta_vendor) were added to
support dynamic partitions. validate_target_files.py misses the logic in
handling such partitions.

Bug: 132882632
Test: Run validate_target_files.py on a target_files.zip that uses
      chained vbmeta_system partition.
Change-Id: Id06c575d13d5e9cc1b621f485ceb75d3e354c39f
Merged-In: Id06c575d13d5e9cc1b621f485ceb75d3e354c39f
(cherry picked from commit 814b14b3f79da4062335413b79284864b185a4b9)
---
 tools/releasetools/common.py                | 3 +++
 tools/releasetools/validate_target_files.py | 9 ++++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 9d67c497e..80f80029f 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -99,6 +99,9 @@ SPECIAL_CERT_STRINGS = ("PRESIGNED", "EXTERNAL")
 AVB_PARTITIONS = ('boot', 'dtbo', 'odm', 'product', 'product_services',
                   'recovery', 'system', 'vendor')
 
+# Chained VBMeta partitions.
+AVB_VBMETA_PARTITIONS = ('vbmeta_system', 'vbmeta_vendor')
+
 # Partitions that should have their care_map added to META/care_map.pb
 PARTITIONS_WITH_CARE_MAP = ('system', 'vendor', 'product', 'product_services',
                             'odm')
diff --git a/tools/releasetools/validate_target_files.py b/tools/releasetools/validate_target_files.py
index 1c856a8e1..37d5d27bf 100755
--- a/tools/releasetools/validate_target_files.py
+++ b/tools/releasetools/validate_target_files.py
@@ -327,11 +327,14 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options):
     cmd = ['avbtool', 'verify_image', '--image', image, '--key', key]
 
     # Append the args for chained partitions if any.
-    for partition in common.AVB_PARTITIONS:
+    for partition in common.AVB_PARTITIONS + common.AVB_VBMETA_PARTITIONS:
       key_name = 'avb_' + partition + '_key_path'
       if info_dict.get(key_name) is not None:
+        # Use the key file from command line if specified; otherwise fall back
+        # to the one in info dict.
+        key_file = options.get(key_name, info_dict[key_name])
         chained_partition_arg = common.GetAvbChainedPartitionArg(
-            partition, info_dict, options[key_name])
+            partition, info_dict, key_file)
         cmd.extend(["--expected_chain_partition", chained_partition_arg])
 
     proc = common.Run(cmd)
@@ -357,7 +360,7 @@ def main():
       help='the verity public key to verify the bootable images (Verified '
            'Boot 1.0), or the vbmeta image (Verified Boot 2.0, aka AVB), where '
            'applicable')
-  for partition in common.AVB_PARTITIONS:
+  for partition in common.AVB_PARTITIONS + common.AVB_VBMETA_PARTITIONS:
     parser.add_argument(
         '--avb_' + partition + '_key_path',
         help='the public or private key in PEM format to verify AVB chained '