forked from openkylin/platform_build
Merge "releasetools: Allow verifying chained vbmeta partitions." am: 23def8793d
am: 01ca117595
Change-Id: I3508b65759c1b3151d5d84348d1c3f6e9e4e07ee
This commit is contained in:
commit
4b2910f8ae
|
@ -99,6 +99,9 @@ SPECIAL_CERT_STRINGS = ("PRESIGNED", "EXTERNAL")
|
|||
AVB_PARTITIONS = ('boot', 'dtbo', 'odm', 'product', 'product_services',
|
||||
'recovery', 'system', 'vendor')
|
||||
|
||||
# Chained VBMeta partitions.
|
||||
AVB_VBMETA_PARTITIONS = ('vbmeta_system', 'vbmeta_vendor')
|
||||
|
||||
# Partitions that should have their care_map added to META/care_map.pb
|
||||
PARTITIONS_WITH_CARE_MAP = ('system', 'vendor', 'product', 'product_services',
|
||||
'odm')
|
||||
|
|
|
@ -327,11 +327,14 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options):
|
|||
cmd = ['avbtool', 'verify_image', '--image', image, '--key', key]
|
||||
|
||||
# Append the args for chained partitions if any.
|
||||
for partition in common.AVB_PARTITIONS:
|
||||
for partition in common.AVB_PARTITIONS + common.AVB_VBMETA_PARTITIONS:
|
||||
key_name = 'avb_' + partition + '_key_path'
|
||||
if info_dict.get(key_name) is not None:
|
||||
# Use the key file from command line if specified; otherwise fall back
|
||||
# to the one in info dict.
|
||||
key_file = options.get(key_name, info_dict[key_name])
|
||||
chained_partition_arg = common.GetAvbChainedPartitionArg(
|
||||
partition, info_dict, options[key_name])
|
||||
partition, info_dict, key_file)
|
||||
cmd.extend(["--expected_chain_partition", chained_partition_arg])
|
||||
|
||||
proc = common.Run(cmd)
|
||||
|
@ -357,7 +360,7 @@ def main():
|
|||
help='the verity public key to verify the bootable images (Verified '
|
||||
'Boot 1.0), or the vbmeta image (Verified Boot 2.0, aka AVB), where '
|
||||
'applicable')
|
||||
for partition in common.AVB_PARTITIONS:
|
||||
for partition in common.AVB_PARTITIONS + common.AVB_VBMETA_PARTITIONS:
|
||||
parser.add_argument(
|
||||
'--avb_' + partition + '_key_path',
|
||||
help='the public or private key in PEM format to verify AVB chained '
|
||||
|
|
Loading…
Reference in New Issue