Use sha256 to build the hashtree in avb image
The hashtree is used in verified boot, and sha256 is more robust against
malicious attacks. Also, sha256 uses the same space as sha1 in the
hashtree. And there isn't much performance regression per
https://b.corp.google.com/issues/156162446#comment18
By putting the config in BoardConfigMainlineCommon.mk, we enable sha256
on all Pixels. And devices who want to use a different hash algorithm
can override it in it's own board configs.
Bug: 156162446
Test: boot the device and check performance
Change-Id: I9f1d3bcf241bc65adf10376cc5ae7ab1986216fa
diff --git a/target/board/BoardConfigPixelCommon.mk b/target/board/BoardConfigPixelCommon.mk
new file mode 100644
index 0000000..a970fec
--- /dev/null
+++ b/target/board/BoardConfigPixelCommon.mk
@@ -0,0 +1,18 @@
+# BoardConfigPixelCommon.mk
+#
+# Common compile-time definitions for Pixel devices.
+
+# Using sha256 for dm-verity partitions. b/156162446
+# system, system_other, system_ext and product.
+BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
+BOARD_AVB_SYSTEM_OTHER_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
+BOARD_AVB_SYSTEM_EXT_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
+BOARD_AVB_PRODUCT_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
+
+# vendor and odm.
+BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
+BOARD_AVB_ODM_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
+
+# vendor_dlkm and odm_dlkm.
+BOARD_AVB_VENDOR_DLKM_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256
+BOARD_AVB_ODM_DLKM_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256