forked from openkylin/platform_build
Merge "Added support for building verified vendor partition" into lmp-dev
This commit is contained in:
commit
f3bcb2d4c3
|
@ -684,11 +684,11 @@ $(if $(BOARD_OEMIMAGE_PARTITION_SIZE),$(hide) echo "oem_size=$(BOARD_OEMIMAGE_PA
|
|||
$(if $(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG),$(hide) echo "extfs_sparse_flag=$(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG)" >> $(1))
|
||||
$(if $(mkyaffs2_extra_flags),$(hide) echo "mkyaffs2_extra_flags=$(mkyaffs2_extra_flags)" >> $(1))
|
||||
$(hide) echo "selinux_fc=$(SELINUX_FC)" >> $(1)
|
||||
$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY), $(hide) echo "verity=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY)" >> $(1))
|
||||
$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_block_device=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_PARTITION)" >> $(1))
|
||||
$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY)" >> $(1))
|
||||
$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_key=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_SIGNING_KEY)" >> $(1))
|
||||
$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_signer_cmd=$(VERITY_SIGNER)" >> $(1))
|
||||
$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_mountpoint=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_MOUNTPOINT)" >> $(1))
|
||||
$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_VERITY_PARTITION),$(hide) echo "system_verity_block_device=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_VERITY_PARTITION)" >> $(1))
|
||||
$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VENDOR_VERITY_PARTITION),$(hide) echo "vendor_verity_block_device=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VENDOR_VERITY_PARTITION)" >> $(1))
|
||||
$(if $(2),$(hide) $(foreach kv,$(2),echo "$(kv)" >> $(1);))
|
||||
endef
|
||||
|
||||
|
|
|
@ -103,9 +103,9 @@ _product_var_list := \
|
|||
PRODUCT_SUPPORTS_VERITY \
|
||||
PRODUCT_OEM_PROPERTIES \
|
||||
PRODUCT_SYSTEM_PROPERTY_BLACKLIST \
|
||||
PRODUCT_VERITY_PARTITION \
|
||||
PRODUCT_VERITY_SIGNING_KEY \
|
||||
PRODUCT_VERITY_MOUNTPOINT
|
||||
PRODUCT_SYSTEM_VERITY_PARTITION \
|
||||
PRODUCT_VENDOR_VERITY_PARTITION
|
||||
|
||||
define dump-product
|
||||
$(info ==== $(1) ====)\
|
||||
|
|
|
@ -18,7 +18,6 @@
|
|||
|
||||
PRODUCT_SUPPORTS_VERITY := true
|
||||
PRODUCT_VERITY_SIGNING_KEY := build/target/product/security/verity_private_dev_key
|
||||
PRODUCT_VERITY_MOUNTPOINT := system
|
||||
|
||||
PRODUCT_PACKAGES += \
|
||||
verity_key
|
||||
|
|
|
@ -229,7 +229,7 @@ def BuildImage(in_dir, prop_dict, out_file,
|
|||
fs_type = prop_dict.get("fs_type", "")
|
||||
run_fsck = False
|
||||
|
||||
is_verity_partition = prop_dict.get("mount_point") == prop_dict.get("verity_mountpoint")
|
||||
is_verity_partition = "verity_block_device" in prop_dict
|
||||
verity_supported = prop_dict.get("verity") == "true"
|
||||
# adjust the partition size to make room for the hashes if this is to be verified
|
||||
if verity_supported and is_verity_partition:
|
||||
|
@ -315,10 +315,8 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
|
|||
"selinux_fc",
|
||||
"skip_fsck",
|
||||
"verity",
|
||||
"verity_block_device",
|
||||
"verity_key",
|
||||
"verity_signer_cmd",
|
||||
"verity_mountpoint"
|
||||
"verity_signer_cmd"
|
||||
)
|
||||
for p in common_props:
|
||||
copy_prop(p, p)
|
||||
|
@ -327,6 +325,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
|
|||
if mount_point == "system":
|
||||
copy_prop("fs_type", "fs_type")
|
||||
copy_prop("system_size", "partition_size")
|
||||
copy_prop("system_verity_block_device", "verity_block_device")
|
||||
elif mount_point == "data":
|
||||
# Copy the generic fs type first, override with specific one if available.
|
||||
copy_prop("fs_type", "fs_type")
|
||||
|
@ -338,6 +337,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point):
|
|||
elif mount_point == "vendor":
|
||||
copy_prop("vendor_fs_type", "fs_type")
|
||||
copy_prop("vendor_size", "partition_size")
|
||||
copy_prop("vendor_verity_block_device", "verity_block_device")
|
||||
elif mount_point == "oem":
|
||||
copy_prop("fs_type", "fs_type")
|
||||
copy_prop("oem_size", "partition_size")
|
||||
|
|
|
@ -153,6 +153,7 @@ def LoadInfoDict(input):
|
|||
makeint("recovery_api_version")
|
||||
makeint("blocksize")
|
||||
makeint("system_size")
|
||||
makeint("vendor_size")
|
||||
makeint("userdata_size")
|
||||
makeint("cache_size")
|
||||
makeint("recovery_size")
|
||||
|
|
Loading…
Reference in New Issue