p96705831
/
platform_build
forked from openkylin/platform_build
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
platform_build/tools
History
Bowgo Tsai b23656df31 Support AVB signing for BOARD_PREBUILT_BOOTIMAGE 
Devices using GKI architecture will use a prebuilt boot.img.
However, we should still sign this prebuilt boot.img with
device-specific AVB keys.

Steps to test the CL.
1. In a device BoardConfig.mk:

   # Uses a prebuilt boot.img
   TARGET_NO_KERNEL := true
   BOARD_PREBUILT_BOOTIMAGE := device/google/redbull/boot.img

   # Enable chained vbmeta for the boot image.
   # The following can be absent, where the hash descriptor of the
   # 'boot' partition will be stored then signed in vbmeta.img instead.
   BOARD_AVB_BOOT_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem
   BOARD_AVB_BOOT_ALGORITHM := SHA256_RSA4096
   BOARD_AVB_BOOT_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP)
   BOARD_AVB_BOOT_ROLLBACK_INDEX_LOCATION := 2

2. `make bootimage`, then `avbtool info_image --image $OUT/boot.img`,
    checks the image is re-signed with a device-specific key

3. `make dist` to generate out/dist/TF.zip

4. `unzip out/dist/TF.zip IMAGES/boot.img`

5. `avbtool info_image --image out/dist/IMAGES/boot.img`,
    checks the image is re-signed with a device-specific key

6. `sign_target_files_apks \
      --avb_boot_key=external/avb/test/data/testkey_rsa8192.pem \
      --avb_boot_algorithm=SHA256_RSA8192 \
      --avb_boot_extra_args="--prop test:sign" \
      ./out/dist/*-target_files-eng.*.zip signed.zip`, resign the TF.zip

7. `unzip signed.zip IMAGES/boot.img`, then use `avbtool info_image` to
   check the boot.img is re-signed with the --avb_boot_key in step 6.

Bug: 188485657
Test: above steps
Change-Id: I7ee8b3ffe6a86aaca34bbb7a8898a97b3f8bd801
Merged-In: I7ee8b3ffe6a86aaca34bbb7a8898a97b3f8bd801
(cherry picked from commit cf9ead8972dd2b7c90772b6a1fd26bd4311a7c74)
 		2021-05-26 09:11:00 +08:00
..
acp [LSC] Add LOCAL_LICENSE_KINDS to build/make 2021-02-14 10:37:20 -08:00
apicheck [LSC] Add LOCAL_LICENSE_KINDS to build/make 2021-02-14 10:37:20 -08:00
atree [LSC] Add LOCAL_LICENSE_KINDS to build/make 2021-02-14 10:37:20 -08:00
docker docker: update sha256sum for repo version 1.25 2019-04-11 13:38:05 -07:00
droiddoc [LSC] Add LOCAL_LICENSE_KINDS to build/make 2021-02-14 10:37:20 -08:00
fs_config [LSC] Add LOCAL_LICENSE_KINDS to build/make 2021-02-14 10:37:20 -08:00
fs_get_stats [LSC] Add LOCAL_LICENSE_KINDS to build/make 2021-02-14 10:37:20 -08:00
libhost [LSC] Add LOCAL_LICENSE_KINDS to build/make 2021-02-14 10:37:20 -08:00
product_config ALLOW_RULES_IN_PRODUCT_CONFIG 2021-02-23 22:40:39 -08:00
rbcrun Always use /bin/sh to run the command. 2021-04-01 16:44:47 -07:00
releasetools Support AVB signing for BOARD_PREBUILT_BOOTIMAGE 2021-05-26 09:11:00 +08:00
signapk [LSC] Add LOCAL_LICENSE_KINDS to build/make 2021-02-14 10:37:20 -08:00
signtos [LSC] Add LOCAL_LICENSE_KINDS to build/make 2021-02-14 10:37:20 -08:00
warn Fix more pylint warnings. 2021-04-30 14:32:25 -07:00
zipalign zipalign: clarify the help for -p slightly. 2021-04-05 16:02:16 -07:00
ziptime [LSC] Add LOCAL_LICENSE_KINDS to build/make 2021-02-14 10:37:20 -08:00
Android.bp [LSC] Add LOCAL_LICENSE_KINDS to build/make 2021-02-14 10:37:20 -08:00
OWNERS Use multiple globs/emails in per-file syntax 2018-08-20 14:16:04 -07:00
auto_gen_test_config.py Update auto-gen test config template with PARAMETERIZED_STRINGS 2020-05-18 09:58:18 +08:00
auto_gen_test_config_test.py Migrate build/make to androidx.test 2018-12-13 19:06:34 -08:00
brillo-clang-format
build-license-metadata.sh Fix bug: repeated restricted effective conditions. 2021-04-15 10:59:40 -07:00
buildinfo.sh Don't set the build id if we need to append the digest 2021-05-06 00:32:56 +00:00
check_elf_file.py Merge changes from topic "exclude-system-shared-libs-from-elfcheck-suggestions" 2020-09-28 03:54:27 +00:00
check_identical_lib.sh Add more details to divergent vndk lib error. 2020-08-06 18:02:31 +00:00
check_radio_versions.py
checkowners.py Accept the "file:(project:)?filePath" directive. 2019-03-12 11:56:33 -07:00
compare_builds.py Add tool to find problems with build repeatability. 2021-02-11 08:52:44 +00:00
compare_fileslist.py
event_log_tags.py logtags: Support # line comments. 2019-11-29 15:28:48 +00:00
exercise_compare_builds Add tool to find problems with build repeatability. 2021-02-11 08:52:44 +00:00
extract_kernel.py extract_kernel: make it py2/py3 compatible 2021-02-07 17:05:53 +08:00
fat16copy.py fat16copy: Allow to copy files to an existing directory. 2017-02-13 16:00:07 +00:00
fileslist_util.py build: tools: Add json collection of installed files with hashes. 2016-10-20 10:07:13 -07:00
filter-product-graph.py
findleaves.py findleaves: Fix typo for --dir argument 2018-08-16 02:30:45 +02:00
fixlinebreaks.sh
generate-enforce-rro-android-manifest.py Put DEVICE/PRODUCT overlays in different partitions 2019-03-22 13:25:20 +00:00
generate-notice-files.py Fix bug: include all dirs not just the last one. 2021-04-13 13:14:13 -07:00
generate-self-extracting-archive.py Fix comment to reflect that the value passed to head is actually the size 2019-12-06 19:13:21 -08:00
java-event-log-tags.py Allow converting logtags to java without merged logtags file 2017-11-16 14:58:05 -08:00
java-layers.py
merge-event-log-tags.py
mk2bp_catalog.py Add CSV output of remaining makefiles for bp converstion 2020-09-10 14:09:29 -07:00
normalize_path.py
parsedeps.py
post_process_props.py Remove grf_required_api_level 2021-04-13 17:58:59 +09:00
post_process_props_unittest.xml Support optional prop assignments 2020-06-30 18:44:01 +09:00
print_module_licenses.sh
product_debug.py
soong_to_convert.py Add mk2bp_catalog.py that outputs more data about makefiles to be converted to soong. 2020-07-16 18:19:15 -07:00
test_extract_kernel.py extract_kernel: make it py2/py3 compatible 2021-02-07 17:05:53 +08:00
test_post_process_props.py Remove grf_required_api_level 2021-04-13 17:58:59 +09:00
warn.py Fix/suppress most pylint and gpylint warnings 2021-04-28 14:57:56 -07:00