Salt init_boot and vendor_boot using the build number
If you don't provide a salt, avbtool uses random bytes as the salt.
The randomness is bad for build caching and being able to diff
partitions to ensure code changes aren't breaking anything.
It's not exactly clear if the salt is necessary at all or not, but
as an intermediate step, salt the images using the build number instead
of purely random bytes.
I've only done the init_boot and vendor_boot partitions in this cl,
but I plan to expand it to all the other partitions. There are other
diffs besides the avb hash in those partitions right now though so it's
harder to test.
Bug: 380508890
Test: m soong_generated_init_boot_filesystem_test
Change-Id: I56289509497a2f0d500ffbbd677517fa0f748340
diff --git a/core/Makefile b/core/Makefile
index 92dd86d..35a8a89 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -1596,6 +1596,7 @@
$(AVBTOOL) add_hash_footer \
--image $@ \
$(call get-partition-size-argument,$(BOARD_INIT_BOOT_IMAGE_PARTITION_SIZE)) \
+ --salt $$(sha256sum $(BUILD_NUMBER_FILE) $(BUILD_DATETIME_FILE) | cut -d " " -f 1 | tr -d '\n') \
--partition_name init_boot $(INTERNAL_AVB_INIT_BOOT_SIGNING_ARGS) \
$(BOARD_AVB_INIT_BOOT_ADD_HASH_FOOTER_ARGS)
@@ -1771,6 +1772,7 @@
$(AVBTOOL) add_hash_footer \
--image $@ \
$(call get-partition-size-argument,$(BOARD_VENDOR_BOOTIMAGE_PARTITION_SIZE)) \
+ --salt $$(sha256sum $(BUILD_NUMBER_FILE) $(BUILD_DATETIME_FILE) | cut -d " " -f 1 | tr -d '\n') \
--partition_name vendor_boot $(INTERNAL_AVB_VENDOR_BOOT_SIGNING_ARGS) \
$(BOARD_AVB_VENDOR_BOOT_ADD_HASH_FOOTER_ARGS)
else