Commit Graph

112 Commits

Author SHA1 Message Date
Tianjie Xu 149b7fbf08 Add a verbose option to RunCommand in build_image.py
Make the build log less verbose; also print the result for
AdjustPartitionSizeForVerity().

Bug: 65292710
Test: Run add_img_to_target_files with and without "-v" and check
the logs.

Change-Id: Icdc86197ce69db036658ea9e77cc4ebe1750463b
2017-09-09 03:42:31 +00:00
Bowgo Tsai 3e599ead66 AVB: support chain partition signing
Current build system will include AVB metadata from each partition and
store them into /vbmeta partiton when BOARD_AVB_ENABLE is set, which makes
each partition tightly-coupled.

Add the support for 'chain partition':
  - The vbmeta of each partition is stored on the same partition itself.
  - The public key used to verify each partition is stored in /vbmeta.

For example, the following build variables are required to enable chain
partition for system partition:
  - BOARD_AVB_SYSTEM_KEY_PATH := path/to/system_private_key
  - BOARD_AVB_SYSTEM_ALGORITHM := SHA512_RSA8192
  - BOARD_AVB_SYSTEM_ROLLBACK_INDEX := 1
  - BOARD_AVB_SYSTEM_ROLLBACK_INDEX_LOCATION := 2

The corresponding settings will be added into META/misc_info.txt for
build_image.py and/or add_img_to_target_files.py:
  - avb_system_key_path=path/to/system_private_key
  - avb_system_algorithm=SHA512_RSA8192
  - avb_system_add_hashtree_footer_args=--rollback_index 1
  - avb_system_rollback_index_location=2

To enable chain partition for other partitions, just replace SYSTEM with
BOOT, VENDOR and/or DTBO in the build variables.

Also switch from  `avbtool make_vbmeta_image --setup_rootfs_from_kernel system.img ...`
to `avbtool add_hashtree_footer --image system.img --setup_as_rootfs_from_kernel...`
when BOARD_BUILD_SYSTEM_ROOT_IMAGE is true. This works for both chained
and no-chained:
  - chained: `avbtool add_hashtree_footer --setup_as_rootfs_from_kernel` will
    add dm-verity kernel cmdline descriptor to system.img
  - no-chained: `avbtool make_vbmeta_image --include_descriptors_from_image
    system.img` will include the kernel cmdline descriptor from system.img into
    vbmeta.img

Bug: 38399657
Test: `make` pass, flash images from $OUT and boot device without chain partitions
Test: `make` pass, flash images from $OUT and boot device with chain partitions
Test: `make dist` pass, flash images from TF.zip and boot device without chain partitions
Test: `make dist` pass, flash images from TF.zip and boot device with chain partitions
Test: follow the same steps in
      https://android-review.googlesource.com/#/c/407572/

Change-Id: I344f79290743d7d47b5e7441b3a21df812a69099
2017-06-13 17:45:10 +08:00
Tianjie Xu 65b98cd3b1 Merge "Generate care_map.txt when AVB is enabled" 2017-06-02 18:09:58 +00:00
Tianjie Xu 6b2e155ee6 Generate care_map.txt when AVB is enabled
When AVB is enabled, generate care_map.txt and add it to the target
files. Also copy it into the OTA package where it will later be used
by the update_verifier.

Bug: 62208947
Test: \
1. Run add_img_to_target_files on the TF of a new pixel device,
and care_map.txt generates successfully.

2. Make dist in oc-dr1-release and find care_map.txt in the OTA package.

3. update_verifier succeeds in reading all the blocks on the care_map,
and fails to read out-of-bound blocks.

Change-Id: I2881711e6f87789cb7de150dbeca18b756fed68a
2017-06-01 21:36:43 -07:00
Bowgo Tsai 7ea994b21c Support signing custom images with AVB HASH or AVB HASHTREE
`make custom_images` supports to build different kinds of *non-droid* images,
e.g., odm.img. Adding the support of signing them with either AVB HASH footer
or AVB HASHTREE footer. The user can use HASH for small images and
HASHTREE for large images.

Sample signing configurations:
 * AVB HASH footer:
   - CUSTOM_IMAGE_AVB_HASH_ENABLE := true
   - CUSTOM_IMAGE_AVB_ADD_HASH_FOOTER_ARGS := --append_to_release_string my_odm_image

 * AVB HASHTREE footer:
   - CUSTOM_IMAGE_AVB_HASHTREE_ENABLE := true
   - CUSTOM_IMAGE_AVB_ADD_HASHTREE_FOOTER_ARGS := --fec_num_roots 8

 * Using custom signing key:
   - CUSTOM_IMAGE_AVB_ALGORITHM := SHA256_RSA2048
   - CUSTOM_IMAGE_AVB_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem

Bug: 36701014
Test: `make custom_images` with AVB HASH footer
Test: `make custom_images` with AVB HASHTREE footer
Test: `make droid` to check system.img is still properly signed with AVB HASHTREE
Test: `make droid` to check vendor.img is still properly signed with AVB HASHTREE

Change-Id: I8dc420e12e37e9a631345c0cd883339db05d489f
2017-05-24 14:21:03 +08:00
Julius D'souza 001c676b81 Add the option to reserve headroom for partition images.
This is useful for devices with low disk space with different
build variants.

Bug: 37469715
Test: Regular image builds successfully, errors occur when
the headroom size is greater than available partition space.

Change-Id: I526cdd0f84981bbd16e3afcfe1cd7fc43dce98ef
2017-05-08 11:59:25 -07:00
Tianjie Xu e3ad41bb2f Switch command to subprocess in build_image.py
Bug: 36012162
Test: image builds successfully for bullhead and sailfish

Change-Id: Iaa83034b39d392ff8a2154c7b32b21bf33ef552f
2017-03-10 15:16:24 -08:00
Connor O'Brien 20f08c3e16 Pass flash erase & logical block size to mke2fs
This information can be used to tune ext4 stripe and stride in the
userdata partition for better performance

Test: Build & flash userdata, confirm correct stripe & stride values
Bug: 33243520
Merged-In: Ia97cdd2d0239c3484b895fce49299f692ef911d8
Change-Id: Ia97cdd2d0239c3484b895fce49299f692ef911d8
Signed-off-by: Connor O'Brien <connoro@google.com>
2017-01-13 12:17:05 -08:00
Patrick Tjin a1900841bb build_image: add support for specifying number of inodes
Add support for specifying number of inodes when creating
system, vendor, oem partitions.  These are all read-only
and have no use for extra inodes.  Removing extra inodes
saves a lot of space.

Bug: 32246383
Change-Id: I13f1d4614b64a4abc752c42a1c65d3d151481c21
(cherry picked from commit b59eca3586)
2016-12-06 21:07:23 -08:00
The Android Automerger ada51f3b8f Manually merge commit 'c13da91' into stage-aosp-master
* commit 'c13da91':
  Add support for creating ext4 images with mke2fs

BUG:33304034
2016-12-03 04:02:09 +00:00
Adrien Schildknecht 9a072cc0b0 Add support for creating ext4 images with mke2fs
We are investigating replacing make_ext4fs with the upstream tool mke2fs.
To mitigate the trouble that may arise if the new tool behave differently
compared to the old one, there will be a transition period.

Devices that want to use the new way of creating ext4 images can set the
variable "TARGET_USES_MKE2FS" to true in their BoardConfig.mk
By default, the build system will choose the old tool 'make_ext4fs'.

Test: m otapackage with TARGET_USES_MKE2FS={,false,true}
Change-Id: I282bcb9efe335a86c53986283090ca947d65c7f8
2016-11-18 17:06:29 -08:00
Tao Bao f4a88279ed Merge "releasetools: Support verity signer args."
am: 02d2d68aec

Change-Id: Ib1aed8ff11eeef2fd64a6520e92cfb30678dadc7
2016-10-24 18:53:33 +00:00
Tao Bao 458104266f releasetools: Support verity signer args.
system/extras/verity/build_verity_metadata.py now accepts
"--signer_args" to specify verity signer args.

Also remove the duplicate "--verity_signer_args" in
add_img_to_target_files.py, as we already have that in common.py.

Bug: 31500665
Test: Building and signing work w/ and w/o --signer_args.

Change-Id: I02f59c50a1ebf15c5505e9fffd5b9bbbbaa785be
2016-10-17 16:25:22 -07:00
David Zeuthen 4e9c89ab87 resolve merge conflicts of 86180eb to nyc-mr1-dev-plus-aosp
Change-Id: Ia4bfb2571bac509cebe22f70ff43e6696f832423
2016-10-04 18:53:34 -04:00
David Zeuthen 4014a9daa7 Make room for AVB hashtree and metadata.
While the system.img images currently built with AVB support verify
correctly, mounting the filesystem content fails. This is because
'avbtool add_hashtree_footer' used to claim some of the unused /
DONT_CARE space for stashing the verity tables and this resulting in the
mapped device ending up being smaller causing the mount failure.

Fix this by leaving enough room for AVB hashtree and metadata before
building the image. This is achieved by moving the AVB hashtree support
into build_image.py and using a just added '--calc_max_image_size'
option to 'avbtool add_hashtree_footer' to figure out how much space to
leave out.

This depends on https://android-review.googlesource.com/#/c/281821/

Bug: 31264226
Test: Mounting dm-verity set up from system.img now works.

Merged-In: I4c5de1004c1059f8c582e76b3b8517d427aa1a87

Change-Id: I945a5f1f6782791736cd319f216cfa6b448fb04d
2016-10-04 17:32:16 -04:00
Sami Tolvanen 3d207c8889 Merge "build_image: add padding to match partition size" am: ef5751c1ec am: 5875285ecf
am: e261a2dc20

Change-Id: Ib396abb9f6707c984b2888b8b5a265d8ebcf76be
2016-09-02 18:24:43 +00:00
Sami Tolvanen 433905f50e build_image: add padding to match partition size
For some partition sizes, we currently build an image that's 1-2
blocks smaller than the actual partition, which causes fs_mgr to
not find metadata. This change adds padding to FEC metadata that
correctly positions the metadata header at the end.

Bug: 28865197
Change-Id: Ie0e044715a9c5ae8ba395e7d2ff9fbd7cffc0b4c
2016-09-02 10:20:02 -07:00
Alex Light a3e8e9c6f3 resolve merge conflicts of 3f7c348 to nyc-mr1-dev-plus-aosp
Bug: 29278988

Change-Id: Icffb9a280311c7d3c45f096243ddf18f7ebecd9d
2016-06-29 15:43:54 -07:00
Alex Light 4e358ab2c3 Add system_other partition, install odex files
For AB devices, support flashing two system partitions for factory use.
The normal system image on one partition, but without dex preopt. And a
system_other image that just contains the odex files. The dex files will
not be stripped out of the system image, in case the second system
partition is wiped.

Setting BOARD_USES_SYSTEM_OTHER_ODEX := true in the BoardConfig.mk
enables this behavior.

One can control which directories are placed in system_other by the
SYSTEM_OTHER_ODEX_FILTER configuration variable. Currently we default
to only copying only app and priv-app odexs.

Bug: 29278988
Change-Id: I7f4e87da919e7dc6a89fd8c668193cd4e98631bc
2016-06-24 11:07:15 -07:00
Elliott Hughes 2d208075c6 Merge \\\"Remove obsolete MTD support from the releasetools scripts.\\\" am: 63fc2b6766 am: ece6ff869c
am: f66d3e61f8

Change-Id: Ib754bc3e9b1c895d431e3b7be9e5435bb6b05fb5
2016-06-17 05:05:08 +00:00
Elliott Hughes f66d3e61f8 Merge \\"Remove obsolete MTD support from the releasetools scripts.\\" am: 63fc2b6766
am: ece6ff869c

Change-Id: I4b5f5b6a622a2fbb996861e8832e1fc1d12e6bf4
2016-06-17 05:02:05 +00:00
Elliott Hughes ece6ff869c Merge \"Remove obsolete MTD support from the releasetools scripts.\"
am: 63fc2b6766

Change-Id: I26ed21479ab52d535bcc99b13e55a1476a02f76c
2016-06-17 04:59:26 +00:00
Elliott Hughes 305b088729 Remove obsolete MTD support from the releasetools scripts.
Bug: http://b/29250988
Change-Id: I653dc306485c6b35411840b53211d42eb6d19e34
2016-06-16 20:48:47 -07:00
Mohamad Ayyash 44dc2a973f resolve merge conflicts of 8ebbc4e to nyc-mr1-dev
am: 423862500b

Change-Id: I8f8dd48e52c1ab7cb3462725569cf7c1e0443d38
2016-06-16 20:22:30 +00:00
Mohamad Ayyash 423862500b resolve merge conflicts of 8ebbc4e to nyc-mr1-dev
Change-Id: I2349bb3fede317487227b16cb7c7b093a93a3876
2016-06-16 13:11:45 -07:00
Mohamad Ayyash 3336f9ae67 Merge \"squashfs: make disable-4k-align a parameter\" into nyc-dev
am: 8ebbc4e7e2

Change-Id: Ia5c59b7bfc7f2b25fa9b13c2ce52c1bd75ccecce
2016-06-16 16:39:39 +00:00
Mohamad Ayyash 1b6d3485fc squashfs: make disable-4k-align a parameter
BUG: 29388879
Change-Id: I121d2b76db5fb269e2f7152abb2e78098437a0d5
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
2016-06-15 16:37:21 -07:00
Mohamad Ayyash c3216ac077 Merge \\"Pass block_list param to mksquashfs\\" into nyc-dev am: 3bddf74752
am: 52cef0d4f0

Change-Id: I0fe16c6b9728acf7b46f412d705fa0aacd2b4655
2016-06-15 17:02:47 +00:00
Mohamad Ayyash f80e55b821 Merge \"Pass block_list param to mksquashfs\" into nyc-dev
am: 3bddf74752

Change-Id: I713c6a60d10ef1e85475e462bb34c89751f74e7d
2016-06-15 16:58:36 +00:00
Mohamad Ayyash 52cef0d4f0 Merge \"Pass block_list param to mksquashfs\" into nyc-dev
am: 3bddf74752

Change-Id: I1679c255b297a36bc10b50ff9d6214c92d763489
2016-06-15 16:12:55 +00:00
Mohamad Ayyash c3484f7f64 Pass block_list param to mksquashfs
Needed to generate image.map and to optimize the OTA size

BUG: 22322817
Change-Id: I7802f4dbb9116a94ea99a00b68c3a7ff180ef08a
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
2016-06-13 09:48:05 -07:00
Mohamad Ayyash 000d71dc1d Pass squashfs block size as a parameter
am: dfec815882

* commit 'dfec815882d2253c6c9130e3241a1906161f3824':
  Pass squashfs block size as a parameter

Change-Id: Ie767254ce653b6a0d21ca9922434ad350fd61a48
2016-05-24 21:08:17 +00:00
Mohamad Ayyash dfec815882 Pass squashfs block size as a parameter
BUG: 28920352
Change-Id: Ifed02bd1565131814047991ec87fa61691bfe240
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
2016-05-24 20:55:13 +00:00
Mohamad Ayyash 465acf8631 Use fs_config files for mksquashfs
BUG: 27467028
Change-Id: I7648030ad4b31d70a5d439e9552fd2cbfe288b74
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
BUG: 28704419
2016-05-12 18:44:48 -07:00
Mohamad Ayyash 230ef583b0 Merge "Use fs_config files for mksquashfs" into nyc-dev
am: b354a61

* commit 'b354a61f3ec3b4c6463aac2a80f23e5772b6b164':
  Use fs_config files for mksquashfs

Change-Id: I422bd6f5b8e7e587bec3caef1525497904268a96
2016-04-08 17:52:24 +00:00
Mohamad Ayyash 8837882fb9 Use fs_config files for mksquashfs
BUG: 27467028
Change-Id: I7648030ad4b31d70a5d439e9552fd2cbfe288b74
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
2016-04-07 22:10:51 -07:00
Ying Wang be667a1128 Merge "Correct usage message for build_image.py" am: d63ec28
am: 334a418

* commit '334a4185a5ca29086963a8d450fb7a9e972cbd77':
  Correct usage message for build_image.py

Change-Id: Iee000ee9974b4cb7329fab87dc81fdba2affe93d
2016-04-07 22:24:15 +00:00
Maria Bornski 885dbb5111 Correct usage message for build_image.py
target_out_dir is now a required argument. Include this in the usage message.

Change-Id: If77d94ec5350b2c737d1dd1df28a51167b173058
2016-04-06 17:26:31 -07:00
Mohamad Ayyash f876555893 Hook incremental ext4 image generation into build
Allows passing the *.base_fs or *.map files for system and vendor in
INTERNAL_SYSTEM_BASE_FS_PATH and INTERNAL_VENDOR_BASE_FS_PATH variables
respectively.

Internal Design Doc: go/incremental-ext4
BUG: 26839493
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>

Change-Id: Ie57ef6dbfa6084268b6535fe0a673a3b4aaa6e2f
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
2016-03-03 12:07:21 -08:00
Sami Tolvanen 405e71dcd3 Fix metadata location when file system doesn't span the partition
Pad the sparse image with a zero fill chunk to correctly position
verity and FEC metadata at the end of the partition.

Bug: 27073791
Change-Id: I9f70d579a42e5007d50e9c02a98a608d2815f0ed
(cherry picked from commit 6a8781a251)
2016-02-10 10:53:47 -08:00
Sami Tolvanen 6a8781a251 Fix metadata location when file system doesn't span the partition
Pad the sparse image with a zero fill chunk to correctly position
verity and FEC metadata at the end of the partition.

Bug: 27073791
Change-Id: I9f70d579a42e5007d50e9c02a98a608d2815f0ed
2016-02-10 09:37:59 -08:00
Patrick Tjin e11aa50bb2 Add compressor options for squashfs vendor images
Change-Id: I4f9f5d62e24654cb37d436cb73dd5893aed30fa8
2016-02-09 15:41:07 -08:00
Sami Tolvanen 4a0600406e build_image: don't call append2simg for FEC
append2simg can be slow, so generate error correction data before verity
data is appended, and append all metadata to the image at the same time.

Needs matching changes from
  I09349368925e5e2f2a7961a712a1e933eb0b9ec8

Bug: 26251929
Change-Id: Iea8cee0aee353b4d029d9581e8fbd68ec7b7dd4b
2015-12-18 15:50:25 +00:00
Sami Tolvanen ff914f5dd0 build_image: remove an unnecessary call to append2simg
append2simg on a large image is fairly slow, so append verity metadata to
the hash tree to avoid two calls.

Bug: 26251929
Change-Id: I5ec84dcd6e8500e990af13b1f9cef5e809b41605
2015-12-18 13:28:25 +00:00
Todd Poynor b2a555e6fc Make squashfs sparse image generation optional
Allow non-sparse squashfs image generation, a la ext filesystems.

Bug: 26218766
Change-Id: Ifd596af16411e0cf69a2e7e05d725fd9442dc79c
2015-12-15 20:11:12 -08:00
Sami Tolvanen f99b53143d Error correction: Append codes to verified partitions
Append error-correcting codes to verified partitions provided that
PRODUCT_SUPPORTS_VERITY_FEC is true.

This moves verity metadata to be after the hash tree, and requires
matching changes from
  Ide48f581bbba77aed6132f77b309db71630d81ed

Bug: 21893453
Change-Id: I6945cbab99e214566a1f9d3702333f2dbbc35816
2015-10-14 18:06:20 +01:00
Tao Bao ce9635ec7a am 2124d7e1: Merge "Only use a fixed timestamp when packaging."
* commit '2124d7e1e2dec91ce4ab15c6a215d61f7693a8d6':
  Only use a fixed timestamp when packaging.
2015-09-30 23:50:49 +00:00
Tao Bao 822f5840c0 Only use a fixed timestamp when packaging.
[1] changed to use a fixed timestamp for all the generated images
(either the one under $ANDROID_PRODUCT_OUT/ or the one added into the
target_files zip). It makes 'adb sync' after 'fastboot flashall' to
resync all the files. This CL changes to use a fixed timestamp only when
packaging into the target_files zip.

[1]: commit 052ae3542b

Bug: 24377993
Bug: 24536411
Change-Id: I209318966109fd4902468dfe96caf777464f9fe1
2015-09-30 16:01:14 -07:00
Tao Bao 9a5afa5242 am 5e23069b: Merge "build_image.py: Use a fixed timestamp in the generated image."
* commit '5e23069bceebfbf17f67c709bad495d707b194dc':
  build_image.py: Use a fixed timestamp in the generated image.
2015-09-28 21:16:34 +00:00
Tao Bao 052ae3542b build_image.py: Use a fixed timestamp in the generated image.
Bug: 24377993
Change-Id: I9b1433c8c877dc2a391615bb016b8970426e9f70
2015-09-28 13:44:13 -07:00