product_services partition is designed for the test purpose only. It
must not be included in the target devices.
Bug: 134359158
Test: Build configuration for product_services partition must return
error message.
Change-Id: I6f8cdf73d18ad3174c7b31edb5d5ee10df75a776
When using Verified Boot 2.0, releasetools specifies a salt value based
on build fingerprint, so that to give idempotent images.
However, the change that removed static `ro.build.fingerprint` [1] broke
the behavior, as common.LoadInfoDict still relies on fingerprints.
Without a fixed salt, the first call to make_recovery_patch.py and the
second one (which writes IMAGES/{boot,recovery}.img) will see different
images, which leads to install-recovery.sh failure.
Note that currently there's a dependency that requires getting bootable
images through two separate calls. make_recovery_patch.py has to happen
first to get (placeholder) files in the system image. We then generate
canned fs_config files, and finally use add_img_to_target_files.py to
write the images.
This CL adds a quick workaround to force rebuilding the
recovery-from-boot patch while calling add_img_to_target_files.py.
[1] https://android-review.googlesource.com/c/platform/build/+/892933
Bug: 134123803
Bug: 134525174
Test: TreeHugger
Test: Build a non-A/B target that uses AVB. Run validate_target_files.py
on the generated target_files.zip.
Change-Id: I5859e30be63bfd54398cf41fd2d907f15285f560
Merged-In: I5859e30be63bfd54398cf41fd2d907f15285f560
(cherry picked from commit 4978fa99d1)
The current solution expects BOARD_PREBUILT_DTBIMAGE_DIR to
contain prebuilt DTB files that are concatenated by the build system
to create $OUT/dtb.img. In order to accommodate devices that build
the dtb image locally, when BOARD_PREBUILT_DTBIMAGE_DIR is undefined,
make boot.img creation depend only on $OUT/dtb.img.
Bug: 133161451
Test: Build with BOARD_PREBUILT_DTBIMAGE_DIR undefined and verify
using unpack_bootimg.py that $OUT/dtb.img was included in boot.img.
Change-Id: Iae2c634ccdc1d83589b26d382882f75fb8565a31
Merged-In: Iae2c634ccdc1d83589b26d382882f75fb8565a31
In device root directory, we have the following symlinks:
- /odm/app -> /vendor/odm/app
- /odm/bin -> /vendor/odm/bin
- /odm/etc -> /vendor/odm/etc
...
This allows the Generic System Image (GSI) to be used on both devices:
1) Has a physical odm partition, where those symlink will be hidden
when /odm is used as the mount point
2) Has no physical odm partition and fallback to /vendor/odm/.
We can't just have the symlink /odm -> /vendor/odm, because the former
devices won't have /vendor/odm directory, which leads to mount failure
when the mount point /odm is resolved to /vendor/odm.
The existing /vendor/odm/build.prop won't be loaded in the latter
devices, because there is no symlink:
- /odm/build.prop -> /vendor/odm/build.prop.
Note that init blocks reading through direct symlinks (O_NOFOLLOW) so
the above symlink won't work either. This CL moves the odm build.prop
to /odm/etc/build.prop for init to load it (symlinks in earlier
components of the path will still be followed by O_NOFOLLOW).
Bug: 132128501
Test: boot a device and checks /odm/etc/build.prop is loaded
Test: make dist with an odm.img, checks $OUT/odm/etc/build.prop is loaded
Change-Id: I6f88763db755c9ec6068bfdd9cee81c19d72e9d7
Merged-In: I6f88763db755c9ec6068bfdd9cee81c19d72e9d7
(cherry picked from commit 6c62884000)
os_version is important for keymaster version binding, where it
refuses to perform operations with a key that is bound to an old
system version. This ensures that an attacker who discovers a
weakness in an old version of system or TEE software cannot roll a
device back to the vulnerable version and use keys created with the
newer version.
Previously, os_version for system.img is added into boot.img header
for bootloader to read the value then pass to TEE before booting the
HLOS. However, with project Treble to modularize each partition, all
images are now in the trajectory to be built independently (still
on-going). Also, in the Generic System Image (GSI) compliance test,
the os_version in OEM's boot.img cannot reflect the actual version of
GSI.
This CL adds per-partition os_versions into AVB metadata, which is
readable by bootloader via libavb without file system dependency. It's
still unclear for how os_version in non-system partition should be used.
We just add them for completeness here.
See more details in:
https://source.android.com/security/keystore/version-binding
Bug: 132233601
Test: build and avbtool info_image $OUT/vbmeta.img
- Prop: com.android.build.boot.os_version -> '10'
- Prop: com.android.build.system.os_version -> '10'
- Prop: com.android.build.system.security_patch -> '2019-06-05'
- Prop: com.android.build.vendor.os_version -> '10'
- Prop: com.android.build.vendor.security_patch -> '2019-06-05'
- Prop: com.android.build.product.os_version -> '10'
- Prop: com.android.build.product.security_patch -> '2019-06-05'
Change-Id: I21a77420f2e8a3456f7a8cae5158eb8fc41319e7
Merged-In: I21a77420f2e8a3456f7a8cae5158eb8fc41319e7
(cherry picked from commit 9b54801b58)
Should be in product_config.mk, before the variables are readonly'd, or
the default will fail to work.
(cherry picked from commit 269dd013a5)
Bug: 131576555
Test: set PRODUCT_SHIPPING_API_LEVEL := 29 in mainline_arm64.mk && lunch
Change-Id: I25faee7ec0a3fff17e1d08b834d868834effda36
Merged-In: I25faee7ec0a3fff17e1d08b834d868834effda36
This reverts commit 842119ab3a.
Reason for revert: Rolling forward for Q-Finalization
Bug: 129975435
Bug: 129943426
Test: Build
Change-Id: I651e3ec68a765d3867be5341751cd536ccbe604a
Bug: 132197773
Test: property present in vendor/build.prop
Currently, the property resides in product partition which gets
overwritten by the GSI image. Moving it to vendor will ensure
that the property is set even when a GSI image is flashed on the device.
Change-Id: I4d4a3c473194e15ba124a121f89bbb3ec1a73d19
Merged-In: I4d4a3c473194e15ba124a121f89bbb3ec1a73d19
TARGET_FLATTEN_APEX and ro.apex.updatable cannot be independently set.
For a device where updating APEXes is not supported, ro.apex.updatable
should not be set (or set to false) and TARGET_FLATTEN_APEX should be
set to true. For APEX-supporting devices, it is the opposite;
ro.apex.updatable == true and TARGET_FLATTEN_APEX is false (or not set).
To ensure this relationship, TARGET_FLATTEN_APEX is by default set to
true, and overridden to false when updatable_apex.mk is inherited.
Bug: 130623080
Test: choosecombo to Pixels 2 and later; get_build_var
TARGET_FLATTEN_APEX returns false.
choosecombo to the original Pixel and other non-Pixel targets;
get_build_var TARGET_FLATTEN_APEX returns true.
choosecombo to the cuttlefish; get_build_var TARGET_FLATTEN_APEX
returns false
Change-Id: Id73a594dd9838457e68e2793122592c11a84fc83
When /boot partition is chained in AVB signing, libavb will try to
read AVB footer from the end of /boot partition, even if the device is
unlocked. However, this makes device unbootable when the unsigned
boot-debug.img is flashed on /boot partition. This CL uses a test key
from external/avb to sign the boot-debug.img if /boot partition is
chained.
Bug: 126493225
Bug: 129508966
Test: Enables chain partition for boot.img, `make bootimage_debug` then
checks `avbtool info_image --image $OUT/boot-debug.img`
Test: `make bootimage_debug-nodeps`
Test: boot a device with a chained boot-debug.img
Change-Id: I870cb70c70b7d4d7a30b77bed58cbca6e007d5e3
Merged-In: I870cb70c70b7d4d7a30b77bed58cbca6e007d5e3
(cherry picked from commit 26b0a26e3e)
This reverts commit 5e0226b816.
Reason for revert: QT SDK Finalization. Will be merged again on/after May 13th
Bug: 129975435
Change-Id: Ia3693b2a4907c4ca9be56cfe18fda35b8545abba
Non-installable, non-library modules can still have notice files
attached if they are bundled in an apex module, in which case the
current make setting would generate an error. This change makes it just
ignore them silently if the module is ETC. Other classes will still
trigger an error.
Bug: 130138217
Test: manual build + TreeHugger
Merged-In: Ic7931f990369f744c8de62956a1a0a9c0451d6ab
Change-Id: Ic7931f990369f744c8de62956a1a0a9c0451d6ab
(cherry picked from commit dca3186b84)
The only copy needed is the one in the Conscrypt APEX.
Bug: 123925742
Test: m
Change-Id: Ieea8549d047750cf3580d6fe0204fdf55b6b8394
Merged-In: Ieea8549d047750cf3580d6fe0204fdf55b6b8394
Elisa Pascual Trevino