Commit I9967d06bde0e18a12b84b5b0b568db09765fe305 supports adding a
generic boot_signature into boot.img v4. This change allows replacing
the boot_signture signing key with a release key during the release
process.
The default GKI signing key can be specified in a BoardConfig.mk via:
BOARD_GKI_SIGNING_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
BOARD_GKI_SIGNING_ALGORITHM := SHA256_RSA2048
BOARD_GKI_SIGNING_SIGNATURE_ARGS := --prop foo:bar
The release signing key/algorithm can be specified by the following options
when invoking sign_target_files_apks:
--gki_signing_key=external/avb/test/data/testkey_rsa4096.pem
--gki_signing_algorithm=SHA256_RSA4096
Additional arguments for generating the GKI signature can be
specified as below:
--gki_signing_extra_args="--prop gki:prop1 --prop gki:prop2"
Bug: 177862434
Test: make dist
Test: sign_target_files_apks \
--gki_signing_key=external/avb/test/data/testkey_rsa4096.pem \
--gki_signing_algorithm=SHA256_RSA4096 \
--gki_signing_extra_args="--prop gki:prop1 --prop gki:prop2" \
./out/dist/*-target_files-eng.*.zip signed.zip
Test: Checks GKI boot_signature is expected after signing:
`unzip signed.zip IMAGES/boot.img`
`unpack_bootimg --boot_img IMAGES/boot.img --out unpack`
`avbtool info_image --image unpack/boot_signature`
Test: unit test: releasetools_test and releasetools_py3_test
Change-Id: I61dadbc242360e4cab3dc70295931b4a5b9422a9
verity_utils.py gets an entry point and becomes a host binary. This is
to support signing images from the "bootimg" module type. Previously
this was done by directly invoking "avbtool" from the soong module, but
that required people to know the partition_size priori. The partition
size may not be known before actually building the partition image
especially when the partition is not for a physical partition but for a
partition in a composite image.
verity_utils.py, when the partition_size is not given, is capable of
calculating the mininum required partition size based on the size of the
unsigned input image file.
Bug: 180676957
Test: m microdroid_boot-5.10
Change-Id: I7bef292fb141c90899b7bdc0748895f95f964829
The maximum size of all dynamic partition groups should not exceed
the super size - DAP metadata size. Today the configuration of
some devices don't take the metadata into acount. So turn the CheckLe
into CheckLt.
Also, display a warning if the reserved size for DAP metadata is less
than 1M.
Bug: 182431975
Test: mm -j32 check-all-partition-sizes
Change-Id: Ie278f224321083e457d68da000c2b22ec8a54085
Fail the signing if the AVB_FOOTER_ARGS_BY_PARTITION isn't in sync
with common.AVB_PARTITIONS.
Bug: 181787095
Test: run sign_target_files_apks on a S image
Change-Id: I6ccf5fb9f39b92c1da2554f5b3826d2cd87d84d7
If we miss these entries, the signing script won't correctly update
the avb prop to build the vbmeta. This cl adds the missing partitions
for R build.
In the followup, we need to make the map in sync with AVB_PARTITIONS in
common.py
Bug: 181787095
Test: run sign_target_files_apks
Change-Id: I39a308fb7028b45ce08f0ca3c6ad61a6c13e8082
In aosp/1581143 , we banned generation of SPL downgrade OTAs. However,
caller of OTA script can still force an SPL downgrade OTA by passing
--spl_downgrade flag. If this flag is specified, we propagate it to OTA
metadata so that GOTA server can properly honor this flag.
Test: th
Change-Id: Ic8cdc850d2210f4149ad9121fa4ed2e5a4f59bcc
Fix incorrect report "Failed to find the ZIP entry" error when
generate OTA package.
This happens when we have a file in ROOT which name contains 'system'
such as init.system_init.rc, and init.system_init.rc will be rename to
init.SYSTEM_init.rc incorrectly, so we failed to find the entry in ZIP.
Test: manual test
Change-Id: I97359e513aaca7521fe9c035f6a4264a2053b86d
Signed-off-by: wangshumin <wangshumin@xiaomi.com>
This follows the same steps as OpenSplitPolicy() in
system/core/init/selinux.cpp on the device.
Bug: 178864050
Test: merge_target_files for R+S and S+S devices
Test: test_merge_target_files
Change-Id: Ia41a436bfda8e2cb65706122f0ff3805b99d16e1
Gather all BOARD_BOOTCONFIG parameters.
Create vendor-bootconfig.img with parameters seperated by newlines. Pass
that file to mkbootimg as --vendor_bootconfig to add it to the
vendor_boot.img.
Test: Add BOARD_BOOTCONFIG parameters in cuttlefish .mk file
Check vendor-bootconfig.img for expected output
Verify expected vendor_boot.img format with:
unpack_bootimg --boot_image vendor_boot.img
Test: Update Cuttlefish bootloader to handle the new vendor_boot.img and
check /proc/bootconfig for the expexted parameters.
Bug: 173815685
Change-Id: Iaa9b71b4bc64375777a5353396e83bb2beb25c47
The pvmfw is included in an `m` build but not in the distribution files.
Apply the same treatment as the dtbo partition to copy the pvmfw
partition to dist/ since, similar to the dtbo image, the pvmfw image is
generally provided as a prebuilt image.
Test: make dist
Bug: 174457787
Change-Id: I6f42517ba42db92e90048d1236d7255ccbd73f73
Bug:180682930
Test: erofs image can be set to input timestamp and UUID
Change-Id: I71e455350db51096e18ab5a03123500d56ebe252
Signed-off-by: Huang Jianan <huangjianan@oppo.com>
Bundle APEXes may exist on other partitions than system, e.g. vendor,
system_ext. And leaving them unsigned may cause security problems.
Bug: 180675334
Test: run sign_target_files_apks
Change-Id: Ib912a026f4010d818161a89b11f818180208843f
This is needed for partial builds that do not have the apex directory in
their target files package.
Test: build target files for a partial vendor-only build.
Change-Id: I076bfbd1a81cccddcef795f5edeaf2b51538cdec
Rewrite build.prop of all partitions
Test: sign an target_file, check build prop of partitions
Bug: 179186447
Bug: 180025432
Change-Id: I01249532dc2df1b6d9ec8d0be58424a76814b53e
At the end of OTA generation, we will use some private key to sign the
OTA payload. Since signing happens after the payload is being generated,
if caller passes an incorrect key path, caller won't notice it until 1
hour later when delta_generator finishes. At which point caller has to
staart from scratch, pass in another key path, and wait for an hour.
Let's detect incorrect key path before calling delta_generator, so
caller will get an error message right at beginning.
Test: th
Change-Id: Iefb1e0a9ed86f82664be1675afb84c020ec28fe7
Previously we allow all spl downgrade OTA to generate. But applying such
OTA often causes device to hang and rollback, because keymaster refuses
to attach if it detects spl downgrade. When such error happens, it's
really hard to debug. So instead of debugging a mysterious boot failure,
let''s prevent such OTA from generating in the first place.
Test: th
Bug: 178584781
Change-Id: I8e271862d804e86b16aea70424b4d3e289d43cc9
This is needed due to output artifacts in the zip that confuse globbing,
such as [.
(Also changes this call to RunAndCheckOutput, which prints the stderror
by default instead of RunAndWait which does not. Removes RunAndWait
which is now unused)
Bug: 179799226
Test: Run merge_target_files to merge two partial builds
Change-Id: Ibf8a5b0c013c9cd8b1e61195d97583f247d97c6f
If an OTA contains compressed APEX inside it, then the device will need
to allocate space on /data partition for their decompression. In order
to calculate how much space the OTA process needs to allocate, the
process needs more information about the APEX contained inside the OTA.
In this CL, we are adding functionality to the OTA generation script
that allows us to gather information about the APEX stored inside the
target-file zip. However, we did not integrate the new functionality
with the ota_from_target_files.py scrip yet. That will be done on follow
up CL.
Bug: 172911822
Test: atest releasetools_py3_test
Change-Id: I2ac42018f628c2c21527b3e086be1f4e7e7247ad
Logic for signing compressed apex will be added in the follow-up cl.
Test: python -m unittest test_sign_apex
Bug: 172912232
Change-Id: I8dc1d334c17e11f9eed8fe0a575b6dfcf337ab5d
We should skip lines that don't contain '=', e.g. empty lines.
Also, pop a warning instead of an error if a prop is defined
multiple times with the same value
Bug: 177240467
Test: unittest, run validate_target_files
Change-Id: Ifc9eadb91e5dda7170a19d875016e5a47e8fc592
When GetBootImageBuildProp is moved to common, its dependencies
(toybox, lz4 and unpack_bootimg) aren't moved accordingly.
Copy the dependencies over.
Test: pass
Change-Id: Iaa8f41ae0109e8eb1c058ecd7dd854bb7de9391a
If system/etc/ramdisk/build.prop does not exist in the ramdisk,
GetBootImageBuildProp should return None instead of a path
to a non-existant file.
Test: pass
Bug: 177171706
Change-Id: I34e447bc315d203e136e8c0d59d00961f81301e3
Add boot to PARTITION_WITH_BUILD_PROP. Let PartitionBuildProps handle
boot partitions by extracting build.prop file.
Test: generate OTA and call
`payload_info.py payload.bin`, check that boot image timestamp is
set
Bug: 162623577
Change-Id: I71955e4ee494ffbb5d111c3d02a129c0f879b6d1
Right now they are the same content. In the future, boot will be added
to PARTITIONS_WITH_BUILD_PROP, but it is not added to
PARTITIONS_WITH_CARE_MAP. Boot partition has a cpio filesystem in the
ramdisk, so it contains a build.prop file, but it doesn't make sense to
create care map from it.
Test: TH
Bug: 162623577
Change-Id: I9b5a20fe2d774b52cf7d5eae9deecbc75122a3dd
All unit_tests:true are run in presubmit which avoids
the explicit definition of TEST_MAPPING.
Test: presubmit runs all those tests
Bug: 175408655
Change-Id: Ibfad3fe2dd8d2fa1ebc6f6bcbd8ab34c2a0069dc
Add support for partitioning the vendor_boot kernel modules into
multiple vendor ramdisk fragments. The partition granularity is kernel
module directory. This mechanism builds upon the existing
BOARD_KERNEL_MODULE_DIRS mechanism. For example, say we have three
kernel module directories:
BOARD_KERNEL_MODULE_DIRS := foo bar baz
We can then define a vendor ramdisk fragment:
BOARD_MKBOOTIMG_ARGS += --header_version 4
BOARD_VENDOR_RAMDISK_FRAGMENTS := dlkm_foobar
And let said ramdisk to contain the DLKM directories "foo" and "bar":
BOARD_VENDOR_RAMDISK_FRAGMENT.dlkm_foobar.KERNEL_MODULE_DIRS := foo bar
BOARD_VENDOR_RAMDISK_FRAGMENT.dlkm_foobar.MKBOOTIMG_ARGS := <mkbootimg args>
The built vendor_boot image would contain two ramdisks.
The first one being the "default" ramdisk, which contains DLKM directory
"baz" and the rest of the files that get's installed to
$(TARGET_VENDOR_RAMDISK_OUT).
The second one is the "dlkm_foobar" ramdisk, which contains the two DLKM
directories.
Design doc: go/vendor-boot-v4
Bug: 162864255
Test: Modify BoardConfig.mk to have a product build v4 vendor_boot
Test: Use unpack_bootimg to verify the vendor_boot image
Test: Teach a bootloader how to handle v4 boot image, flash boot &
vendor_boot and boot device
Change-Id: Ibb1bbd7ebe36430c55ec6c4818c1d3888a319089
* Prerequisites: external/f2fs-tools: sload compression support
* Must work with corresponding changes in system/extras repository
* If Board config does not change, it falls back to old behavior,
i.e. no compression for the system partition
* Kernel f2fs compression support is a prerequisite if the Board config
enables the compression (see below)
* Necessary board config change
(e.g. device/<vendor>/<product>/BoardConfig-common.mk)
BOARD_SYSTEMIMAGE_FILE_SYSTEM_TYPE := f2fs
BOARD_SYSTEMIMAGE_PARTITION_RESERVED_SIZE := 200000000
BOARD_SYSTEMIMAGE_FILE_SYSTEM_COMPRESS := true
BOARD_SYSTEMIMAGE_F2FS_SLOAD_COMPRESS_FLAGS := <sload compress sub-options>
Setting BOARD_SYSTEMIMAGE_FILE_SYSTEM_COMPRESS to true enables both the
compression support when the initial empty file system be made (mkfs.f2fs)
and the compression flag (-c) when the system image files be side-loaded
by sload.
Sload compress sub-options (i.e. options other than -c) will be provided
by BOARD_SYSTEMIMAGE_F2FS_SLOAD_COMPRESS_FLAGS. If it is not given, or
is empty, the default sub-options will be used
Please refer to the sload.f2fs manual page.
Setting BOARD_SYSTEMIMAGE_FILE_SYSTEM_TYPE to f2fs is trivially necessary.
* File system table (fstab), notably the file 'fstab.hardware', should
also changed:
- The file type must be changed to f2fs
- Perhaps also other f2fs-specific options
Bug: 170918499
Test: Pixel4a userdebug build (from build id 6918751)
Signed-off-by: Robin Hsu <robinhsu@google.com>
Change-Id: Id9d67b5cb35dc806e06ff1320e89114abc996a28
If dynamic partitioning is enabled and the partition size is not set,
du will be used to calculate the partition size.
For compressed file systems, it's better to use the compressed size
to avoid wasting space.
Bug:174816929
Test: erofs image size is smaller than the original file
Change-Id: I1deda85d312c19620680531223fffcfb815e5fd4
Signed-off-by: Huang Jianan <huangjianan@oppo.com>
This verifies the init rc files in the merged result.
Bug: 163089173
Test: test_common.py
Test: Run merge_target_files.py to merge two target-files packages where
one has init_rc errors. Observe script failure.
Test: Run merge_target_files.py on two good target-files packages,
observe no failure.
Change-Id: I86c8e5a2bc07c2c1896ac40afd32bc1d055447ee
Test: treehugger, generate an OTA with --disable_verity_computation, serve it to
VABC device. Make sure it works
Change-Id: I0a5f3c018727cb3eed3edd004d60d09d13e34039
common.py is used by many python-based host tools. When a host tool
invokes another host tool, it's usually done with the name of the tool,
not the absolute path of the tool. For example, ["cmd", "arg"] instead
of ["out/soong/host/linux-x86/bin/cmd", "arg"].
Previously, the caller of the tool has to teach all the locations of the
sub-tools that the tool will internally use. But this isn't ideal;
1) It's against the abstraction. The existence of the sub tools and their
names are implementation detail of the containing tool. It's also
subject to change.
2) This isn't scalable. Sometimes a host tool invokes a large number of
host tools. Furthermore, the sub tools might invoke other sub-sub tools.
Then the location of the sub-sub-tools had to be known to the top-level
tool.
The idea here is to make use of the fact that
a) dependencies to the sub (and sub-sub) tools are already described in
the Android.bp and
b) the dependencies are guaranteed to be up-to-date and installed to the
host tool directory (out/soong/host/linux-x86/bin) by Soong.
Then by the time a host tool is invoked, all of its sub tools should
be found in the host tool directory. So, when "cmd" is about to be
invoked, common.py first tries to find it from the user-given paths. If
not found there, it falls back to search the directory where the current
tool is located at. Then finally falls back to the original name "cmd"
and expects it to be found under PATH.
Bug: 172414391
Test: m
Change-Id: Id7b44f9021be3bbf0631ddafe382ea3990f7ea74
Needed after commit 8218225794
which skips regenerating vbmeta.img if avb_building_vbmeta_image!=true.
Partial builds that disable vbmeta generation do not set this field.
Bug: 169892879
Test: Run merge_target_files.py on builds that have avb_enable=true but
PRODUCT_BUILD_VBMETA_IMAGE=false. Observe vbmeta.img generation.
Change-Id: Id498dbd28c909e19cd35178b95a0b5dc22a1ac70
check_vintf now accept a path to a file that contains the kernel
version string. Use it.
Test: m check-vintf-all and manual inspect
Bug: 161317193
Change-Id: I4812c93f352686d73c5832d59e43a297d93e67a2
Currently we support skip building vbmeta.img when
PRODUCT_BUILD_VBMETA_IMAGE is set to false, which is used
when generating a system-only or vendor-only build artifacts.
However, when using `make dist` to build target files,
vbmeta.img is still generated. This change fixes this by
passing the related info to misc_info.txt for the release
tool to skip building vbmeta.img when necessary.
To make this happen, a device config should:
1. Set PRODUCT_BUILD_VBMETA_IMAGE := false
2. Remove 'vbmeta' from AB_OTA_PARTITIONS:
AB_OTA_PARTITIONS += \
boot \
system \
- vbmeta \
dtbo \
product \
system_ext \
vbmeta_system
Bug: 161659370
Test: `make dist` and checks the target file does not include vbmeta.img
Change-Id: Iddca9fe0b171a50a80e5a88aa462e118f18a7e6f
When generating a incremental partial OTA, we need to filter out
partitions in ab_partitions which are not in partial list
Test: Generate a partial incremental OTA
Change-Id: Iff7748ce6181a9a231557de0539004211587232c
Cuttlefish doesn't support updatin vendor partition. So in testing we
need to exclude vendor and generate a downgrade partial package.
Test: generate a partial downgrade OTA
Bug: 171999375
Change-Id: I97e450d4063320cf55003a7a5c5ef913c321e067
This check is used when merging target files to ensure that a merged
build does not contain any APKs that share UID across builds.
Bug: 171431774
Test: test_common
Test: Use merge_target_files.py to merge two partial builds,
observe no failures for inputs without colliding APKs.
Test: Use merge_target_files.py to merge two partial builds,
observe failure for inputs that have an APK that shares a
UID across input partition groups.
Change-Id: I9dc57216882741ae46a99cfd7847f34702c75582
When generating secondary payload, we exclude many partitions. These
partitions should be excluded from partition timestamps as well.
Bug: 172022126
Test: ota_from_target_files --include_secondary
Change-Id: Ia3121919154181dc882c4694ad2591dcb81e719f
This involved moving the find-shareduid-violation.py script to
releasetools to simplify the cross-tool usage. This new location aligns
this script with other similar python host tools.
In a future change this violation file will be used to check for
shared UID violations across the input build partition boundary.
Bug: 171431774
Test: test_merge_target_files
Test: Use merge_target_files.py to merge two partial builds,
observe shared UID violations file contents in the result.
Test: m dist out/dist/shareduid_violation_modules.json
(Checking that existing behavior in core/tasks is presereved)
Change-Id: I7deecbe019379c71bfdbedce56edac55e7b27b41
Also adds a new validation that IMAGES/<partition>.img must come from
the same build that provides <PARTITION>/*.
Bug: 171431774
Test: python3 -m unittest test_merge_target_files
Test: Use merge_target_files to merge a build.
Change-Id: Ia1f3f2e65a0ca90962216fb0c5cdd24c4c150cae
Add a new custom_image option to configure which custom images to use to
update custom partitions in A/B update.
This change also moves oem_settings to common option as A/B update will
use it to set oem properties too.
BUG: 171225290
Test: unittest pass, generate OTAs, flash to devices and check results
Change-Id: I279477d6b2954fb3705d7efede0a8bcd330c108b
Bowgo Tsai