We are investigating replacing make_ext4fs with the upstream tool mke2fs.
To mitigate the trouble that may arise if the new tool behave differently
compared to the old one, there will be a transition period.
Devices that want to use the new way of creating ext4 images can set the
variable "TARGET_USES_MKE2FS" to true in their BoardConfig.mk
By default, the build system will choose the old tool 'make_ext4fs'.
Test: m otapackage with TARGET_USES_MKE2FS={,false,true}
Change-Id: I282bcb9efe335a86c53986283090ca947d65c7f8
Add support for specifying number of inodes when creating
system, vendor, oem partitions. These are all read-only
and have no use for extra inodes. Removing extra inodes
saves a lot of space.
Bug: 32246383
Change-Id: I13f1d4614b64a4abc752c42a1c65d3d151481c21
Adds installed-files.json in addition to installed-files.txt
Further sorts the file list to be ordered within the same size bucket.
Test: manual, cross-checked checksums with sha256sum utility
checked build outputs.
Bug: 19988819
Merged-in: Ifb632eb4df65ec48645c8f93e36bae44ccc52ba8
Change-Id: Ifb632eb4df65ec48645c8f93e36bae44ccc52ba8
Signed-off-by: Sasha Levitskiy <sanek@google.com>
Adds installed-files.json in addition to installed-files.txt
Further sorts the file list to be ordered within the same size bucket.
Test: manual, cross-checked checksums with sha256sum utility
checked build outputs.
Bug: 19988819
Change-Id: Ifb632eb4df65ec48645c8f93e36bae44ccc52ba8
Signed-off-by: Sasha Levitskiy <sanek@google.com>
Often BOARD_USES_RECOVERY_AS_BOOT is used together with
BOARD_BUILD_SYSTEM_ROOT_IMAGE, but with this combination we're currently
not adding a hash footer to boot.img. Fix this.
Bug: 31119415
Test: Built with BOARD_USES_RECOVERY_AS_BOOT set to true and inspected images.
Merged-In: If033e5c93f5b71fd17405af7d970dc3f0540a1d2
Change-Id: I2f10bbffb0ba2467d53e3e62d5379c3ab7236063
Often BOARD_USES_RECOVERY_AS_BOOT is used together with
BOARD_BUILD_SYSTEM_ROOT_IMAGE, but with this combination we're
currently not adding a hash footer to boot.img. Fix this.
Bug: 31119415
Test: aosp_x86_64-eng 'm' and 'm dist' successful.
Change-Id: If033e5c93f5b71fd17405af7d970dc3f0540a1d2
Instead of using rot13 / rot26, use the Kati extension to mark these
variables as readonly.
Move $(strip) for a few variables to before they're marked readonly. Use
a different variable for modifications to BOARD_KERNEL_CMDLINE in
build/core/Makefile.
Test: build/tools/kati_all_products.mk on AOSP and internal master
Test: build-aosp_bullhead.ninja the same before / after
Change-Id: If98b24af763831a9c5c2de38037a69ab1bf9e023
While the system.img images currently built with AVB support verify
correctly, mounting the filesystem content fails. This is because
'avbtool add_hashtree_footer' used to claim some of the unused /
DONT_CARE space for stashing the verity tables and this resulting in the
mapped device ending up being smaller causing the mount failure.
Fix this by leaving enough room for AVB hashtree and metadata before
building the image. This is achieved by moving the AVB hashtree support
into build_image.py and using a just added '--calc_max_image_size'
option to 'avbtool add_hashtree_footer' to figure out how much space to
leave out.
This depends on https://android-review.googlesource.com/#/c/281821/
Bug: 31264226
Test: Mounting dm-verity set up from system.img now works.
Merged-In: I4c5de1004c1059f8c582e76b3b8517d427aa1a87
Change-Id: I945a5f1f6782791736cd319f216cfa6b448fb04d
While the system.img images currently built with AVB support verify
correctly, mounting the filesystem content fails. This is because
'avbtool add_hashtree_footer' used to claim some of the unused /
DONT_CARE space for stashing the verity tables and this resulting in the
mapped device ending up being smaller causing the mount failure.
Fix this by leaving enough room for AVB hashtree and metadata before
building the image. This is achieved by moving the AVB hashtree support
into build_image.py and using a just added '--calc_max_image_size'
option to 'avbtool add_hashtree_footer' to figure out how much space to
leave out.
This depends on https://android-review.googlesource.com/#/c/281821/
Bug: 31264226
Test: aosp_x86_64-eng 'm' and 'm dist' successful.
Change-Id: I4c5de1004c1059f8c582e76b3b8517d427aa1a87
This updates the build system for the new Android Verified Boot
codebase. As this is based on Brillo Verified Boot, this change replaces
the existing BVB support.
Android Verified Boot is enabled by the BOARD_AVB_ENABLE variable
BOARD_AVB_ENABLE := true
This will make the build system create vbmeta.img which will contain a
hash descriptor for boot.img, a hashtree descriptor for system.img, a
kernel-cmdline descriptor for setting up dm-verity for system.img and
append a hash-tree to system.img.
Additionally, the descriptors are left in boot.img and system.img so a
third party can create their own vbmeta.img file linking - using the
option --chain_partition - to these images. If this is not needed
footers can be erased using the 'avbtool erase_footer' command. It's
also harmless to just leave them in the images.
By default, the algorithm SHA256_RSA4096 is used with a test key from
the AVB source directory. This can be overriden by the
BOARD_AVB_ALGORITHM and BOARD_AVB_KEY_PATH variables to use e.g. a
4096-bit RSA key and SHA-512:
BOARD_AVB_ALGORITHM := SHA512_RSA4096
BOARD_AVB_KEY_PATH := /path/to/rsa_key_4096bits.pem
To prevent rollback attacks, the rollback index should be increased on a
regular basis. The rollback index can be set with the
BOARD_AVB_ROLLBACK_INDEX variable:
BOARD_AVB_ROLLBACK_INDEX := 5
If this is not set, the rollback index defaults to 0.
The variable BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS can be used to specify
additional options passed to 'avbtool make_vbmeta_image'. Typical
options to be used here include '--prop', '--prop_from_file', and
'--chain_partition'.
The variable BOARD_AVBTOOL_BOOT_ADD_HASH_FOOTER_ARGS can be used to
specify additional options passed to 'avbtool add_hash_footer' for
boot.img. Typical options to be used here include '--hash_algorithm' and
'--salt'.
The variable BOARD_AVBTOOL_SYSTEM_ADD_HASHTREE_FOOTER_ARGS can be used
to specify additional options passed to 'avbtool add_hashtree_footer'
for systems.img. Typical options to be used here include
'--hash_algorithm', '--salt', and '--block_size'.
BUG=31264226
TEST=Manually tested on edison-eng by inspecting {boot, system,
vbmeta}.img in out/ directory as well as their counterparts in
the IMAGES/ directory of edision-target_files-eng.zeuthen.zip
Merged-In: Ic9a61cfc65c148b12996e57f04da5432eef6b982
Change-Id: I97042655bca15e7eac899f12c5bada2f6184d307
This updates the build system for the new Android Verified Boot
codebase. As this is based on Brillo Verified Boot, this change replaces
the existing BVB support.
Android Verified Boot is enabled by the BOARD_AVB_ENABLE variable
BOARD_AVB_ENABLE := true
This will make the build system create vbmeta.img which will contain a
hash descriptor for boot.img, a hashtree descriptor for system.img, a
kernel-cmdline descriptor for setting up dm-verity for system.img and
append a hash-tree to system.img.
Additionally, the descriptors are left in boot.img and system.img so a
third party can create their own vbmeta.img file linking - using the
option --chain_partition - to these images. If this is not needed
footers can be erased using the 'avbtool erase_footer' command. It's
also harmless to just leave them in the images.
By default, the algorithm SHA256_RSA4096 is used with a test key from
the AVB source directory. This can be overriden by the
BOARD_AVB_ALGORITHM and BOARD_AVB_KEY_PATH variables to use e.g. a
4096-bit RSA key and SHA-512:
BOARD_AVB_ALGORITHM := SHA512_RSA4096
BOARD_AVB_KEY_PATH := /path/to/rsa_key_4096bits.pem
To prevent rollback attacks, the rollback index should be increased on a
regular basis. The rollback index can be set with the
BOARD_AVB_ROLLBACK_INDEX variable:
BOARD_AVB_ROLLBACK_INDEX := 5
If this is not set, the rollback index defaults to 0.
The variable BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS can be used to specify
additional options passed to 'avbtool make_vbmeta_image'. Typical
options to be used here include '--prop', '--prop_from_file', and
'--chain_partition'.
The variable BOARD_AVBTOOL_BOOT_ADD_HASH_FOOTER_ARGS can be used to
specify additional options passed to 'avbtool add_hash_footer' for
boot.img. Typical options to be used here include '--hash_algorithm' and
'--salt'.
The variable BOARD_AVBTOOL_SYSTEM_ADD_HASHTREE_FOOTER_ARGS can be used
to specify additional options passed to 'avbtool add_hashtree_footer'
for systems.img. Typical options to be used here include
'--hash_algorithm', '--salt', and '--block_size'.
Bug: 31264226
Test: aosp_x86_64-eng 'm' and 'm dist' successful.
Change-Id: Ic9a61cfc65c148b12996e57f04da5432eef6b982
Native coverage is enabled by setting NATIVE_COVERAGE to true
and specifying a list of paths in the COVERAGE_PATHS
environment variable. Files are exported to a zip file in the
target out directory.
Change-Id: I66a2ddd88e849bec1cc0cdae1b51fe18a007e2c3
The output will be in the `m dist` results as soong_to_convert.txt, or
can be built using:
$ m $OUT/soong_to_convert.txt
The output is a list of modules that are probably ready to convert to
Soong:
# Blocked on Module (potential problems)
283 libEGL (srcs_dotarm)
246 libicuuc (dotdot_incs dotdot_srcs)
221 libspeexresampler
215 libcamera_metadata
...
0 zram-perf (dotdot_incs)
The number at the beginning of the line shows how many native modules
depend on that module.
All of their dependencies have been satisfied, and any potential
problems that Make can detect are listed in parenthesis after the
module:
dotdot_srcs: LOCAL_SRC_FILES contains paths outside $(LOCAL_PATH)
dotdot_incs: LOCAL_C_INCLUDES contains paths include '..'
srcs_dotarm: LOCAL_SRC_FILES contains source files like <...>.c.arm
aidl: LOCAL_SRC_FILES contains .aidl sources
dbus: LOCAL_SRC_FILES contains .dbus-xml sources
objc: LOCAL_SRC_FILES contains Objective-C sources
proto: LOCAL_SRC_FILES contains .proto sources
rs: LOCAL_SRC_FILES contains renderscript sources
vts: LOCAL_SRC_FILES contains .vts sources
Not all problems can be discovered, but this is a starting point.
Change-Id: I45674fe93fd267d4d1fb0bc3bc9aa025e20c5ac6
So that we can get to the contents of userdata from the build server
without extracting the image.
Bug: 27719200
Test: m userdatatarball dist
Change-Id: I1438597bd29df80665571f7dc3b4957b9adde870
Adrien Schildknecht