Merge "Generate care_map.txt when AVB is enabled"
diff --git a/core/Makefile b/core/Makefile
index 99fb775..ac8b2f2 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -941,10 +941,10 @@
$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT),$(hide) echo "futility=$(notdir $(FUTILITY))" >> $(1))
$(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT),$(hide) echo "vboot_signer_cmd=$(VBOOT_SIGNER)" >> $(1))
$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_signing_args=$(INTERNAL_AVB_SIGNING_ARGS)" >> $(1))
-$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_avbtool=$(AVBTOOL)" >> $(1))
-$(if $(BOARD_AVB_ENABLE),$(hide) echo "system_avb_enable=$(BOARD_AVB_ENABLE)" >> $(1))
+$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_avbtool=$(notdir $(AVBTOOL))" >> $(1))
+$(if $(BOARD_AVB_ENABLE),$(hide) echo "system_avb_hashtree_enable=$(BOARD_AVB_ENABLE)" >> $(1))
$(if $(BOARD_AVB_ENABLE),$(hide) echo "system_avb_add_hashtree_footer_args=$(BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS)" >> $(1))
-$(if $(BOARD_AVB_ENABLE),$(hide) echo "vendor_avb_enable=$(BOARD_AVB_ENABLE)" >> $(1))
+$(if $(BOARD_AVB_ENABLE),$(hide) echo "vendor_avb_hashtree_enable=$(BOARD_AVB_ENABLE)" >> $(1))
$(if $(BOARD_AVB_ENABLE),$(hide) echo "vendor_avb_add_hashtree_footer_args=$(BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS)" >> $(1))
$(if $(filter true,$(BOARD_USES_RECOVERY_AS_BOOT)),\
$(hide) echo "recovery_as_boot=true" >> $(1))
@@ -1879,6 +1879,7 @@
$(HOST_OUT_JAVA_LIBRARIES)/dumpkey.jar \
$(HOST_OUT_JAVA_LIBRARIES)/signapk.jar \
$(HOST_OUT_JAVA_LIBRARIES)/BootSignature.jar \
+ $(HOST_OUT_JAVA_LIBRARIES)/VeritySigner.jar \
$(HOST_OUT_EXECUTABLES)/make_ext4fs \
$(HOST_OUT_EXECUTABLES)/mkuserimg.sh \
$(HOST_OUT_EXECUTABLES)/mke2fs \
@@ -1900,6 +1901,7 @@
$(HOST_OUT_EXECUTABLES)/brillo_update_payload \
$(HOST_OUT_EXECUTABLES)/lib/shflags/shflags \
$(HOST_OUT_EXECUTABLES)/delta_generator \
+ $(AVBTOOL) \
$(BLK_ALLOC_TO_BASE_FS)
ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT))
@@ -1942,23 +1944,32 @@
BUILT_OTATOOLS_PACKAGE := $(PRODUCT_OUT)/otatools.zip
$(BUILT_OTATOOLS_PACKAGE): zip_root := $(call intermediates-dir-for,PACKAGING,otatools)/otatools
-$(BUILT_OTATOOLS_PACKAGE): $(OTATOOLS) | $(ACP)
+OTATOOLS_DEPS := \
+ system/extras/verity/build_verity_metadata.py \
+ system/extras/ext4_utils/mke2fs.conf \
+ external/avb/test/data/testkey_rsa4096.pem \
+ $(shell find build/target/product/security -type f -name \*.x509.pem -o -name \*.pk8 -o \
+ -name verity_key | sort) \
+ $(shell find device vendor -type f -name \*.pk8 -o -name verifiedboot\* -o \
+ -name \*.x509.pem -o -name oem\*.prop | sort)
+
+OTATOOLS_RELEASETOOLS := \
+ $(shell find build/tools/releasetools -name \*.pyc -prune -o -type f | sort)
+
+ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT))
+OTATOOLS_DEPS += \
+ $(shell find external/vboot_reference/tests/devkeys -type f | sort)
+endif
+
+$(BUILT_OTATOOLS_PACKAGE): $(OTATOOLS) $(OTATOOLS_DEPS) $(OTATOOLS_RELEASETOOLS) | $(ACP)
@echo "Package OTA tools: $@"
$(hide) rm -rf $@ $(zip_root)
- $(hide) mkdir -p $(dir $@) $(zip_root)/bin $(zip_root)/framework $(zip_root)/releasetools $(zip_root)/system/extras/verity $(zip_root)/system/extras/ext4_utils
+ $(hide) mkdir -p $(dir $@) $(zip_root)/bin $(zip_root)/framework $(zip_root)/releasetools
$(call copy-files-with-structure,$(OTATOOLS),$(HOST_OUT)/,$(zip_root))
- $(hide) $(ACP) $(HOST_OUT_JAVA_LIBRARIES)/VeritySigner.jar $(zip_root)/framework/
- $(hide) $(ACP) -p system/extras/verity/build_verity_metadata.py $(zip_root)/system/extras/verity/
- $(hide) $(ACP) -p system/extras/ext4_utils/mke2fs.conf $(zip_root)/system/extras/ext4_utils/
$(hide) $(ACP) -r -d -p build/tools/releasetools/* $(zip_root)/releasetools
-ifeq (true,$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT))
- $(hide) mkdir -p $(zip_root)/external/vboot_reference/tests/devkeys
- $(hide) $(ACP) -r -d -p external/vboot_reference/tests/devkeys/* $(zip_root)/external/vboot_reference/tests/devkeys
-endif
$(hide) rm -rf $@ $(zip_root)/releasetools/*.pyc
$(hide) (cd $(zip_root) && zip -qryX $(abspath $@) *)
- $(hide) zip -qryX $(abspath $@) build/target/product/security/
- $(hide) find device vendor -name \*.pk8 -o -name verifiedboot\* -o -name \*.x509.pem -o -name oem\*.prop | xargs zip -qryX $(abspath $@)>/dev/null || true
+ $(hide) echo $(OTATOOLS_DEPS) | xargs zip -qryX $(abspath $@)>/dev/null || true
.PHONY: otatools-package
otatools-package: $(BUILT_OTATOOLS_PACKAGE)
diff --git a/core/config.mk b/core/config.mk
index 4e785bc..f5e0aa6 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -79,6 +79,10 @@
# Some specific paths to tools
SRC_DROIDDOC_DIR := $(TOPDIR)build/tools/droiddoc
+# Set up efficient math functions which are used in make.
+# Here since this file is included by envsetup as well as during build.
+include $(BUILD_SYSTEM)/math.mk
+
# Various mappings to avoid hard-coding paths all over the place
include $(BUILD_SYSTEM)/pathmap.mk
diff --git a/core/definitions.mk b/core/definitions.mk
index b76b434..15ef6f4 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -846,10 +846,10 @@
## Use echo-(warning|error) in a build rule
## Use pretty-(warning|error) instead of $(warning)/$(error)
###########################################################
-ESC_BOLD := \e[1m
-ESC_WARNING := \e[35m
-ESC_ERROR := \e[31m
-ESC_RESET := \e[0m
+ESC_BOLD := \033[1m
+ESC_WARNING := \033[35m
+ESC_ERROR := \033[31m
+ESC_RESET := \033[0m
# $(1): path (and optionally line) information
# $(2): message to print
@@ -3159,68 +3159,6 @@
endef
###########################################################
-# Basic math functions for positive integers <= 100
-#
-# (SDK versions for example)
-###########################################################
-__MATH_NUMBERS := 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 \
- 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 \
- 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 \
- 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 \
- 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
-
-# Returns true if $(1) is a positive integer <= 100, otherwise returns nothing.
-define math_is_number
-$(strip \
- $(if $(1),,$(error Argument missing)) \
- $(if $(word 2,$(1)),$(error Multiple words in a single argument: $(1))) \
- $(if $(filter $(1),$(__MATH_NUMBERS)),true))
-endef
-
-#$(warning true == $(call math_is_number,2))
-#$(warning == $(call math_is_number,foo))
-#$(call math_is_number,1 2)
-#$(call math_is_number,no 2)
-
-define _math_check_valid
-$(if $(call math_is_number,$(1)),,$(error Only positive integers <= 100 are supported (not $(1))))
-endef
-
-#$(call _math_check_valid,0)
-#$(call _math_check_valid,1)
-#$(call _math_check_valid,100)
-#$(call _math_check_valid,101)
-#$(call _math_check_valid,)
-#$(call _math_check_valid,1 2)
-
-# Returns the greater of $1 or $2.
-# If $1 or $2 is not a positive integer <= 100, then an error is generated.
-define math_max
-$(strip $(call _math_check_valid,$(1)) $(call _math_check_valid,$(2)) \
- $(lastword $(filter $(1) $(2),$(__MATH_NUMBERS))))
-endef
-
-#$(call math_max)
-#$(call math_max,1)
-#$(call math_max,1 2,3)
-#$(warning 1 == $(call math_max,1,1))
-#$(warning 42 == $(call math_max,5,42))
-#$(warning 42 == $(call math_max,42,5))
-
-define math_gt_or_eq
-$(if $(filter $(1),$(call math_max,$(1),$(2))),true)
-endef
-
-#$(warning $(call math_gt_or_eq, 2, 1))
-#$(warning $(call math_gt_or_eq, 1, 1))
-#$(warning $(if $(call math_gt_or_eq, 1, 2),false,true))
-
-# $1 is the variable name to increment
-define inc_and_print
-$(strip $(eval $(1) := $($(1)) .)$(words $($(1))))
-endef
-
-###########################################################
## Compatibility suite tools
###########################################################
diff --git a/core/math.mk b/core/math.mk
new file mode 100644
index 0000000..047d046
--- /dev/null
+++ b/core/math.mk
@@ -0,0 +1,77 @@
+#
+# Copyright (C) 2017 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+###########################################################
+# Basic math functions for positive integers <= 100
+#
+# (SDK versions for example)
+###########################################################
+__MATH_NUMBERS := 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 \
+ 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 \
+ 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 \
+ 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 \
+ 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
+
+# Returns true if $(1) is a positive integer <= 100, otherwise returns nothing.
+define math_is_number
+$(strip \
+ $(if $(1),,$(error Argument missing)) \
+ $(if $(word 2,$(1)),$(error Multiple words in a single argument: $(1))) \
+ $(if $(filter $(1),$(__MATH_NUMBERS)),true))
+endef
+
+#$(warning true == $(call math_is_number,2))
+#$(warning == $(call math_is_number,foo))
+#$(call math_is_number,1 2)
+#$(call math_is_number,no 2)
+
+define _math_check_valid
+$(if $(call math_is_number,$(1)),,$(error Only positive integers <= 100 are supported (not $(1))))
+endef
+
+#$(call _math_check_valid,0)
+#$(call _math_check_valid,1)
+#$(call _math_check_valid,100)
+#$(call _math_check_valid,101)
+#$(call _math_check_valid,)
+#$(call _math_check_valid,1 2)
+
+# Returns the greater of $1 or $2.
+# If $1 or $2 is not a positive integer <= 100, then an error is generated.
+define math_max
+$(strip $(call _math_check_valid,$(1)) $(call _math_check_valid,$(2)) \
+ $(lastword $(filter $(1) $(2),$(__MATH_NUMBERS))))
+endef
+
+#$(call math_max)
+#$(call math_max,1)
+#$(call math_max,1 2,3)
+#$(warning 1 == $(call math_max,1,1))
+#$(warning 42 == $(call math_max,5,42))
+#$(warning 42 == $(call math_max,42,5))
+
+define math_gt_or_eq
+$(if $(filter $(1),$(call math_max,$(1),$(2))),true)
+endef
+
+#$(warning $(call math_gt_or_eq, 2, 1))
+#$(warning $(call math_gt_or_eq, 1, 1))
+#$(warning $(if $(call math_gt_or_eq, 1, 2),false,true))
+
+# $1 is the variable name to increment
+define inc_and_print
+$(strip $(eval $(1) := $($(1)) .)$(words $($(1))))
+endef
diff --git a/core/tasks/build_custom_images.mk b/core/tasks/build_custom_images.mk
index c5f2a96..0750217 100644
--- a/core/tasks/build_custom_images.mk
+++ b/core/tasks/build_custom_images.mk
@@ -37,6 +37,14 @@
# - CUSTOM_IMAGE_SELINUX, set to "true" if the image supports selinux.
# - CUSTOM_IMAGE_SUPPORT_VERITY, set to "true" if the product supports verity.
# - CUSTOM_IMAGE_VERITY_BLOCK_DEVICE
+# - CUSTOM_IMAGE_AVB_HASH_ENABLE, set to "true" to add AVB HASH footer.
+# - CUSTOM_IMAGE_AVB_ADD_HASH_FOOTER_ARGS, additional args of AVB HASH footer.
+# - CUSTOM_IMAGE_AVB_HASHTREE_ENABLE, set to "true" to add AVB HASHTREE
+# footer.
+# - CUSTOM_IMAGE_AVB_ADD_HASHTREE_FOOTER_ARGS, additional args of AVB
+# HASHTREE footer.
+# - CUSTOM_IMAGE_AVB_KEY_PATH, custom AVB signing key.
+# - CUSTOM_IMAGE_AVB_ALGORITHM, custom AVB signing algorithm.
#
# To build all those images, run "make custom_images".
@@ -54,8 +62,12 @@
CUSTOM_IMAGE_SELINUX \
CUSTOM_IMAGE_SUPPORT_VERITY \
CUSTOM_IMAGE_VERITY_BLOCK_DEVICE \
- CUSTOM_IMAGE_AVB_ENABLE \
+ CUSTOM_IMAGE_AVB_HASH_ENABLE \
+ CUSTOM_IMAGE_AVB_ADD_HASH_FOOTER_ARGS \
+ CUSTOM_IMAGE_AVB_HASHTREE_ENABLE \
CUSTOM_IMAGE_AVB_ADD_HASHTREE_FOOTER_ARGS \
+ CUSTOM_IMAGE_AVB_KEY_PATH \
+ CUSTOM_IMAGE_AVB_ALGORITHM \
# We don't expect product makefile to inherit/override PRODUCT_CUSTOM_IMAGE_MAKEFILES,
# so we don't put it in the _product_var_list.
diff --git a/core/tasks/tools/build_custom_image.mk b/core/tasks/tools/build_custom_image.mk
index f916e86..8c098d6 100644
--- a/core/tasks/tools/build_custom_image.mk
+++ b/core/tasks/tools/build_custom_image.mk
@@ -62,6 +62,14 @@
$(eval my_image_copy_files += $(src))\
$(eval my_copy_pairs += $(src):$(my_staging_dir)/$(word 2,$(pair))))
+ifndef CUSTOM_IMAGE_AVB_KEY_PATH
+# If key path isn't specified, use the default signing args.
+my_avb_signing_args := $(INTERNAL_AVB_SIGNING_ARGS)
+else
+my_avb_signing_args := \
+ --algorithm $(CUSTOM_IMAGE_AVB_ALGORITHM) --key $(CUSTOM_IMAGE_AVB_KEY_PATH)
+endif
+
$(my_built_custom_image): PRIVATE_INTERMEDIATES := $(intermediates)
$(my_built_custom_image): PRIVATE_MOUNT_POINT := $(CUSTOM_IMAGE_MOUNT_POINT)
$(my_built_custom_image): PRIVATE_PARTITION_SIZE := $(CUSTOM_IMAGE_PARTITION_SIZE)
@@ -74,10 +82,16 @@
$(my_built_custom_image): PRIVATE_VERITY_KEY := $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_SIGNING_KEY)
$(my_built_custom_image): PRIVATE_VERITY_BLOCK_DEVICE := $(CUSTOM_IMAGE_VERITY_BLOCK_DEVICE)
$(my_built_custom_image): PRIVATE_DICT_FILE := $(CUSTOM_IMAGE_DICT_FILE)
-$(my_built_custom_image): PRIVATE_AVB_ENABLE := $(CUSTOM_IMAGE_AVB_ENABLE)
+$(my_built_custom_image): PRIVATE_AVB_AVBTOOL := $(AVBTOOL)
+$(my_built_custom_image): PRIVATE_AVB_SIGNING_ARGS := $(my_avb_signing_args)
+$(my_built_custom_image): PRIVATE_AVB_HASH_ENABLE := $(CUSTOM_IMAGE_AVB_HASH_ENABLE)
+$(my_built_custom_image): PRIVATE_AVB_ADD_HASH_FOOTER_ARGS := $(CUSTOM_IMAGE_AVB_ADD_HASH_FOOTER_ARGS)
+$(my_built_custom_image): PRIVATE_AVB_HASHTREE_ENABLE := $(CUSTOM_IMAGE_AVB_HASHTREE_ENABLE)
$(my_built_custom_image): PRIVATE_AVB_ADD_HASHTREE_FOOTER_ARGS := $(CUSTOM_IMAGE_AVB_ADD_HASHTREE_FOOTER_ARGS)
-ifeq (true,$(CUSTOM_IMAGE_AVB_ENABLE))
+ifeq (true,$(filter true, $(CUSTOM_IMAGE_AVB_HASH_ENABLE) $(CUSTOM_IMAGE_AVB_HASHTREE_ENABLE)))
$(my_built_custom_image): $(AVBTOOL)
+else ifneq (,$(filter true, $(CUSTOM_IMAGE_AVB_HASH_ENABLE) $(CUSTOM_IMAGE_AVB_HASHTREE_ENABLE)))
+ $(error Cannot set both CUSTOM_IMAGE_AVB_HASH_ENABLE and CUSTOM_IMAGE_AVB_HASHTREE_ENABLE to true)
endif
$(my_built_custom_image): $(INTERNAL_USERIMAGES_DEPS) $(my_built_modules) $(my_image_copy_files) \
$(CUSTOM_IMAGE_DICT_FILE)
@@ -93,6 +107,7 @@
# Generate the dict.
$(hide) echo "# For all accepted properties, see BuildImage() in tools/releasetools/build_image.py" > $(PRIVATE_INTERMEDIATES)/image_info.txt
$(hide) echo "mount_point=$(PRIVATE_MOUNT_POINT)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt
+ $(hide) echo "partition_name=$(PRIVATE_MOUNT_POINT)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt
$(hide) echo "fs_type=$(PRIVATE_FILE_SYSTEM_TYPE)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt
$(hide) echo "partition_size=$(PRIVATE_PARTITION_SIZE)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt
$(hide) echo "ext_mkuserimg=$(notdir $(MKEXTUSERIMG))" >> $(PRIVATE_INTERMEDIATES)/image_info.txt
@@ -102,10 +117,13 @@
echo "verity_key=$(PRIVATE_VERITY_KEY)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt;\
echo "verity_signer_cmd=$(VERITY_SIGNER)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt;\
echo "verity_block_device=$(PRIVATE_VERITY_BLOCK_DEVICE)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt)
- $(if $(PRIVATE_AVB_ENABLE),\
- $(hide) echo "avb_enable=$(PRIVATE_AVB_ENABLE)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt;\
- echo "avb_avbtool=$(AVBTOOL)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt;\
- echo "avb_signing_args=$(INTERNAL_AVB_SIGNING_ARGS)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt;\
+ $(hide) echo "avb_avbtool=$(PRIVATE_AVB_AVBTOOL)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt
+ $(hide) echo "avb_signing_args=$(PRIVATE_AVB_SIGNING_ARGS)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt
+ $(if $(PRIVATE_AVB_HASH_ENABLE),\
+ $(hide) echo "avb_hash_enable=$(PRIVATE_AVB_HASH_ENABLE)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt;\
+ echo "avb_add_hash_footer_args=$(PRIVATE_AVB_ADD_HASH_FOOTER_ARGS)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt)
+ $(if $(PRIVATE_AVB_HASHTREE_ENABLE),\
+ $(hide) echo "avb_hashtree_enable=$(PRIVATE_AVB_HASHTREE_ENABLE)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt;\
echo "avb_add_hashtree_footer_args=$(PRIVATE_AVB_ADD_HASHTREE_FOOTER_ARGS)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt)
$(if $(PRIVATE_DICT_FILE),\
$(hide) echo "# Properties from $(PRIVATE_DICT_FILE)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt;\
diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index 82a21f3..de75a6b 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py
@@ -97,18 +97,19 @@
simg = sparse_img.SparseImage(image_file, mode="r+b", build_map=False)
simg.AppendFillChunk(0, blocks)
-def AVBCalcMaxImageSize(avbtool, partition_size, additional_args):
+def AVBCalcMaxImageSize(avbtool, footer_type, partition_size, additional_args):
"""Calculates max image size for a given partition size.
Args:
avbtool: String with path to avbtool.
+ footer_type: 'hash' or 'hashtree' for generating footer.
partition_size: The size of the partition in question.
additional_args: Additional arguments to pass to 'avbtool
add_hashtree_image'.
Returns:
The maximum image size or 0 if an error occurred.
"""
- cmdline = "%s add_hashtree_footer " % avbtool
+ cmdline = "%s add_%s_footer " % (avbtool, footer_type)
cmdline += "--partition_size %d " % partition_size
cmdline += "--calc_max_image_size "
cmdline += additional_args
@@ -118,13 +119,14 @@
else:
return int(output)
-def AVBAddHashtree(image_path, avbtool, partition_size, partition_name,
- signing_args, additional_args):
+def AVBAddFooter(image_path, avbtool, footer_type, partition_size,
+ partition_name, signing_args, additional_args):
"""Adds dm-verity hashtree and AVB metadata to an image.
Args:
image_path: Path to image to modify.
avbtool: String with path to avbtool.
+ footer_type: 'hash' or 'hashtree' for generating footer.
partition_size: The size of the partition in question.
partition_name: The name of the partition - will be embedded in metadata.
signing_args: Arguments for signing the image.
@@ -133,7 +135,7 @@
Returns:
True if the operation succeeded.
"""
- cmdline = "%s add_hashtree_footer " % avbtool
+ cmdline = "%s add_%s_footer " % (avbtool, footer_type)
cmdline += "--partition_size %d " % partition_size
cmdline += "--partition_name %s " % partition_name
cmdline += "--image %s " % image_path
@@ -410,12 +412,19 @@
prop_dict["original_partition_size"] = str(partition_size)
prop_dict["verity_size"] = str(verity_size)
- # Adjust partition size for AVB.
- if prop_dict.get("avb_enable") == "true":
+ # Adjust partition size for AVB hash footer or AVB hashtree footer.
+ avb_footer_type = ''
+ if prop_dict.get("avb_hash_enable") == "true":
+ avb_footer_type = 'hash'
+ elif prop_dict.get("avb_hashtree_enable") == "true":
+ avb_footer_type = 'hashtree'
+
+ if avb_footer_type:
avbtool = prop_dict.get("avb_avbtool")
partition_size = int(prop_dict.get("partition_size"))
- additional_args = prop_dict["avb_add_hashtree_footer_args"]
- max_image_size = AVBCalcMaxImageSize(avbtool, partition_size,
+ # avb_add_hash_footer_args or avb_add_hashtree_footer_args.
+ additional_args = prop_dict["avb_add_" + avb_footer_type + "_footer_args"]
+ max_image_size = AVBCalcMaxImageSize(avbtool, avb_footer_type, partition_size,
additional_args)
if max_image_size == 0:
return False
@@ -561,15 +570,16 @@
if not MakeVerityEnabledImage(out_file, verity_fec_supported, prop_dict):
return False
- # Add AVB hashtree and metadata.
- if "avb_enable" in prop_dict:
+ # Add AVB HASH or HASHTREE footer (metadata).
+ if avb_footer_type:
avbtool = prop_dict.get("avb_avbtool")
original_partition_size = int(prop_dict.get("original_partition_size"))
partition_name = prop_dict["partition_name"]
signing_args = prop_dict["avb_signing_args"]
- additional_args = prop_dict["avb_add_hashtree_footer_args"]
- if not AVBAddHashtree(out_file, avbtool, original_partition_size,
- partition_name, signing_args, additional_args):
+ # avb_add_hash_footer_args or avb_add_hashtree_footer_args
+ additional_args = prop_dict["avb_add_" + avb_footer_type + "_footer_args"]
+ if not AVBAddFooter(out_file, avbtool, avb_footer_type, original_partition_size,
+ partition_name, signing_args, additional_args):
return False
if run_fsck and prop_dict.get("skip_fsck") != "true":
@@ -640,7 +650,7 @@
copy_prop("system_squashfs_block_size", "squashfs_block_size")
copy_prop("system_squashfs_disable_4k_align", "squashfs_disable_4k_align")
copy_prop("system_base_fs_file", "base_fs_file")
- copy_prop("system_avb_enable", "avb_enable")
+ copy_prop("system_avb_hashtree_enable", "avb_hashtree_enable")
copy_prop("system_avb_add_hashtree_footer_args",
"avb_add_hashtree_footer_args")
copy_prop("system_extfs_inode_count", "extfs_inode_count")
@@ -657,7 +667,7 @@
copy_prop("system_squashfs_compressor_opt", "squashfs_compressor_opt")
copy_prop("system_squashfs_block_size", "squashfs_block_size")
copy_prop("system_base_fs_file", "base_fs_file")
- copy_prop("system_avb_enable", "avb_enable")
+ copy_prop("system_avb_hashtree_enable", "avb_hashtree_enable")
copy_prop("system_avb_add_hashtree_footer_args",
"avb_add_hashtree_footer_args")
copy_prop("system_extfs_inode_count", "extfs_inode_count")
@@ -682,7 +692,7 @@
copy_prop("vendor_squashfs_block_size", "squashfs_block_size")
copy_prop("vendor_squashfs_disable_4k_align", "squashfs_disable_4k_align")
copy_prop("vendor_base_fs_file", "base_fs_file")
- copy_prop("vendor_avb_enable", "avb_enable")
+ copy_prop("vendor_avb_hashtree_enable", "avb_hashtree_enable")
copy_prop("vendor_avb_add_hashtree_footer_args",
"avb_add_hashtree_footer_args")
copy_prop("vendor_extfs_inode_count", "extfs_inode_count")
diff --git a/tools/releasetools/common.py b/tools/releasetools/common.py
index 925a523..c022d24 100644
--- a/tools/releasetools/common.py
+++ b/tools/releasetools/common.py
@@ -491,7 +491,7 @@
# AVB: if enabled, calculate and add hash to boot.img.
if info_dict.get("board_avb_enable", None) == "true":
- avbtool = os.getenv('AVBTOOL') or "avbtool"
+ avbtool = os.getenv('AVBTOOL') or OPTIONS.info_dict["avb_avbtool"]
part_size = info_dict.get("boot_size", None)
cmd = [avbtool, "add_hash_footer", "--image", img.name,
"--partition_size", str(part_size), "--partition_name", "boot"]
diff --git a/tools/releasetools/edify_generator.py b/tools/releasetools/edify_generator.py
index 2a9a417..7883fe6 100644
--- a/tools/releasetools/edify_generator.py
+++ b/tools/releasetools/edify_generator.py
@@ -230,11 +230,6 @@
p.mount_point, mount_flags))
self.mounts.add(p.mount_point)
- def UnpackPackageDir(self, src, dst):
- """Unpack a given directory from the OTA package into the given
- destination directory."""
- self.script.append('package_extract_dir("%s", "%s");' % (src, dst))
-
def Comment(self, comment):
"""Write a comment into the update script."""
self.script.append("")
diff --git a/tools/releasetools/img_from_target_files.py b/tools/releasetools/img_from_target_files.py
index fd98ad2..4422b53 100755
--- a/tools/releasetools/img_from_target_files.py
+++ b/tools/releasetools/img_from_target_files.py
@@ -71,63 +71,23 @@
common.Usage(__doc__)
sys.exit(1)
- OPTIONS.input_tmp, input_zip = common.UnzipTemp(args[0])
+ OPTIONS.input_tmp, input_zip = common.UnzipTemp(
+ args[0], ["IMAGES/*", "OTA/*"])
output_zip = zipfile.ZipFile(args[1], "w", compression=zipfile.ZIP_DEFLATED)
CopyInfo(output_zip)
try:
- done = False
images_path = os.path.join(OPTIONS.input_tmp, "IMAGES")
- if os.path.exists(images_path):
- # If this is a new target-files, it already contains the images,
- # and all we have to do is copy them to the output zip.
- images = os.listdir(images_path)
- if images:
- for image in images:
- if bootable_only and image not in ("boot.img", "recovery.img"):
- continue
- if not image.endswith(".img"):
- continue
- if image == "recovery-two-step.img":
- continue
- common.ZipWrite(
- output_zip, os.path.join(images_path, image), image)
- done = True
-
- if not done:
- # We have an old target-files that doesn't already contain the
- # images, so build them.
- import add_img_to_target_files
-
- OPTIONS.info_dict = common.LoadInfoDict(input_zip, OPTIONS.input_tmp)
-
- boot_image = common.GetBootableImage(
- "boot.img", "boot.img", OPTIONS.input_tmp, "BOOT")
- if boot_image:
- boot_image.AddToZip(output_zip)
-
- if OPTIONS.info_dict.get("no_recovery") != "true":
- recovery_image = common.GetBootableImage(
- "recovery.img", "recovery.img", OPTIONS.input_tmp, "RECOVERY")
- if recovery_image:
- recovery_image.AddToZip(output_zip)
-
- def banner(s):
- print("\n\n++++ " + s + " ++++\n\n")
-
- if not bootable_only:
- banner("AddSystem")
- add_img_to_target_files.AddSystem(output_zip, prefix="")
- try:
- input_zip.getinfo("VENDOR/")
- banner("AddVendor")
- add_img_to_target_files.AddVendor(output_zip, prefix="")
- except KeyError:
- pass # no vendor partition for this device
- banner("AddUserdata")
- add_img_to_target_files.AddUserdata(output_zip, prefix="")
- banner("AddCache")
- add_img_to_target_files.AddCache(output_zip, prefix="")
+ # A target-files zip must contain the images since Lollipop.
+ assert os.path.exists(images_path)
+ for image in sorted(os.listdir(images_path)):
+ if bootable_only and image not in ("boot.img", "recovery.img"):
+ continue
+ if not image.endswith(".img"):
+ continue
+ if image == "recovery-two-step.img":
+ continue
+ common.ZipWrite(output_zip, os.path.join(images_path, image), image)
finally:
print("cleaning up...")