Remove verity related props from build_image.py
We are removing VB related functionalities from release tools. This
change remove the verity related props in build_image.py, and also
remove VB1.0 bootimage builder, which will be unreachable without these
props.
Bug: 241044073
Test: atest under build/make
Change-Id: Ib3f1c100c2c6c9e63a64f49269619b76074a27fd
diff --git a/tools/releasetools/add_img_to_target_files.py b/tools/releasetools/add_img_to_target_files.py
index 3e87c54..b396188 100644
--- a/tools/releasetools/add_img_to_target_files.py
+++ b/tools/releasetools/add_img_to_target_files.py
@@ -457,8 +457,7 @@
# Set the '_image_size' for given image size.
is_verity_partition = "verity_block_device" in image_props
- verity_supported = (image_props.get("verity") == "true" or
- image_props.get("avb_enable") == "true")
+ verity_supported = (image_props.get("avb_enable") == "true")
is_avb_enable = image_props.get("avb_hashtree_enable") == "true"
if verity_supported and (is_verity_partition or is_avb_enable):
image_size = image_props.get("image_size")
diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index 6d7895e..e52214e 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py
@@ -671,11 +671,6 @@
"f2fs_sparse_flag",
"skip_fsck",
"ext_mkuserimg",
- "verity",
- "verity_key",
- "verity_signer_cmd",
- "verity_fec",
- "verity_disable",
"avb_enable",
"avb_avbtool",
"use_dynamic_partition_size",
diff --git a/tools/releasetools/test_verity_utils.py b/tools/releasetools/test_verity_utils.py
index e2a022a..32f7cce 100644
--- a/tools/releasetools/test_verity_utils.py
+++ b/tools/releasetools/test_verity_utils.py
@@ -171,105 +171,6 @@
self.assertEqual(self.expected_root_hash, info.root_hash)
-class VerifiedBootVersion1VerityImageBuilderTest(ReleaseToolsTestCase):
-
- DEFAULT_PARTITION_SIZE = 4096 * 1024
- DEFAULT_PROP_DICT = {
- 'partition_size': str(DEFAULT_PARTITION_SIZE),
- 'verity': 'true',
- 'verity_block_device': '/dev/block/system',
- 'verity_key': os.path.join(get_testdata_dir(), 'testkey'),
- 'verity_fec': 'true',
- 'verity_signer_cmd': 'verity_signer',
- }
-
- def test_init(self):
- prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT)
- verity_image_builder = CreateVerityImageBuilder(prop_dict)
- self.assertIsNotNone(verity_image_builder)
- self.assertEqual(1, verity_image_builder.version)
-
- def test_init_MissingProps(self):
- prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT)
- del prop_dict['verity']
- self.assertIsNone(CreateVerityImageBuilder(prop_dict))
-
- prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT)
- del prop_dict['verity_block_device']
- self.assertIsNone(CreateVerityImageBuilder(prop_dict))
-
- @SkipIfExternalToolsUnavailable()
- def test_CalculateMaxImageSize(self):
- verity_image_builder = CreateVerityImageBuilder(self.DEFAULT_PROP_DICT)
- size = verity_image_builder.CalculateMaxImageSize()
- self.assertLess(size, self.DEFAULT_PARTITION_SIZE)
-
- # Same result by explicitly passing the partition size.
- self.assertEqual(
- verity_image_builder.CalculateMaxImageSize(),
- verity_image_builder.CalculateMaxImageSize(
- self.DEFAULT_PARTITION_SIZE))
-
- @staticmethod
- def _BuildAndVerify(prop, verify_key):
- verity_image_builder = CreateVerityImageBuilder(prop)
- image_size = verity_image_builder.CalculateMaxImageSize()
-
- # Build the sparse image with verity metadata.
- input_dir = common.MakeTempDir()
- image = common.MakeTempFile(suffix='.img')
- cmd = ['mkuserimg_mke2fs', input_dir, image, 'ext4', '/system',
- str(image_size), '-j', '0', '-s']
- common.RunAndCheckOutput(cmd)
- verity_image_builder.Build(image)
-
- # Verify the verity metadata.
- cmd = ['verity_verifier', image, '-mincrypt', verify_key]
- common.RunAndCheckOutput(cmd)
-
- @SkipIfExternalToolsUnavailable()
- def test_Build(self):
- self._BuildAndVerify(
- self.DEFAULT_PROP_DICT,
- os.path.join(get_testdata_dir(), 'testkey_mincrypt'))
-
- @SkipIfExternalToolsUnavailable()
- def test_Build_ValidationCheck(self):
- # A validity check for the test itself: the image shouldn't be verifiable
- # with wrong key.
- self.assertRaises(
- common.ExternalError,
- self._BuildAndVerify,
- self.DEFAULT_PROP_DICT,
- os.path.join(get_testdata_dir(), 'verity_mincrypt'))
-
- @SkipIfExternalToolsUnavailable()
- def test_Build_FecDisabled(self):
- prop_dict = copy.deepcopy(self.DEFAULT_PROP_DICT)
- del prop_dict['verity_fec']
- self._BuildAndVerify(
- prop_dict,
- os.path.join(get_testdata_dir(), 'testkey_mincrypt'))
-
- @SkipIfExternalToolsUnavailable()
- def test_Build_SquashFs(self):
- verity_image_builder = CreateVerityImageBuilder(self.DEFAULT_PROP_DICT)
- verity_image_builder.CalculateMaxImageSize()
-
- # Build the sparse image with verity metadata.
- input_dir = common.MakeTempDir()
- image = common.MakeTempFile(suffix='.img')
- cmd = ['mksquashfsimage.sh', input_dir, image, '-s']
- common.RunAndCheckOutput(cmd)
- verity_image_builder.PadSparseImage(image)
- verity_image_builder.Build(image)
-
- # Verify the verity metadata.
- cmd = ["verity_verifier", image, '-mincrypt',
- os.path.join(get_testdata_dir(), 'testkey_mincrypt')]
- common.RunAndCheckOutput(cmd)
-
-
class VerifiedBootVersion2VerityImageBuilderTest(ReleaseToolsTestCase):
DEFAULT_PROP_DICT = {
diff --git a/tools/releasetools/verity_utils.py b/tools/releasetools/verity_utils.py
index d55ad88..efb3008 100644
--- a/tools/releasetools/verity_utils.py
+++ b/tools/releasetools/verity_utils.py
@@ -166,23 +166,6 @@
if partition_size:
partition_size = int(partition_size)
- # Verified Boot 1.0
- verity_supported = prop_dict.get("verity") == "true"
- is_verity_partition = "verity_block_device" in prop_dict
- if verity_supported and is_verity_partition:
- if OPTIONS.verity_signer_path is not None:
- signer_path = OPTIONS.verity_signer_path
- else:
- signer_path = prop_dict["verity_signer_cmd"]
- return Version1VerityImageBuilder(
- partition_size,
- prop_dict["verity_block_device"],
- prop_dict.get("verity_fec") == "true",
- signer_path,
- prop_dict["verity_key"] + ".pk8",
- OPTIONS.verity_signer_args,
- "verity_disable" in prop_dict)
-
# Verified Boot 2.0
if (prop_dict.get("avb_hash_enable") == "true" or
prop_dict.get("avb_hashtree_enable") == "true"):
@@ -245,125 +228,6 @@
raise NotImplementedError
-class Version1VerityImageBuilder(VerityImageBuilder):
- """A VerityImageBuilder for Verified Boot 1.0."""
-
- def __init__(self, partition_size, block_dev, fec_supported, signer_path,
- signer_key, signer_args, verity_disable):
- self.version = 1
- self.partition_size = partition_size
- self.block_device = block_dev
- self.fec_supported = fec_supported
- self.signer_path = signer_path
- self.signer_key = signer_key
- self.signer_args = signer_args
- self.verity_disable = verity_disable
- self.image_size = None
- self.verity_size = None
-
- def CalculateDynamicPartitionSize(self, image_size):
- # This needs to be implemented. Note that returning the given image size as
- # the partition size doesn't make sense, as it will fail later.
- raise NotImplementedError
-
- def CalculateMaxImageSize(self, partition_size=None):
- """Calculates the max image size by accounting for the verity metadata.
-
- Args:
- partition_size: The partition size, which defaults to self.partition_size
- if unspecified.
-
- Returns:
- The size of the image adjusted for verity metadata.
- """
- if partition_size is None:
- partition_size = self.partition_size
- assert partition_size > 0, \
- "Invalid partition size: {}".format(partition_size)
-
- hi = partition_size
- if hi % BLOCK_SIZE != 0:
- hi = (hi // BLOCK_SIZE) * BLOCK_SIZE
-
- # verity tree and fec sizes depend on the partition size, which
- # means this estimate is always going to be unnecessarily small
- verity_size = GetVeritySize(hi, self.fec_supported)
- lo = partition_size - verity_size
- result = lo
-
- # do a binary search for the optimal size
- while lo < hi:
- i = ((lo + hi) // (2 * BLOCK_SIZE)) * BLOCK_SIZE
- v = GetVeritySize(i, self.fec_supported)
- if i + v <= partition_size:
- if result < i:
- result = i
- verity_size = v
- lo = i + BLOCK_SIZE
- else:
- hi = i
-
- self.image_size = result
- self.verity_size = verity_size
-
- logger.info(
- "Calculated image size for verity: partition_size %d, image_size %d, "
- "verity_size %d", partition_size, result, verity_size)
- return result
-
- def Build(self, out_file):
- """Creates an image that is verifiable using dm-verity.
-
- Args:
- out_file: the output image.
-
- Returns:
- AssertionError: On invalid partition sizes.
- BuildVerityImageError: On other errors.
- """
- image_size = int(self.image_size)
- tempdir_name = common.MakeTempDir(suffix="_verity_images")
-
- # Get partial image paths.
- verity_image_path = os.path.join(tempdir_name, "verity.img")
- verity_metadata_path = os.path.join(tempdir_name, "verity_metadata.img")
-
- # Build the verity tree and get the root hash and salt.
- root_hash, salt = BuildVerityTree(out_file, verity_image_path)
-
- # Build the metadata blocks.
- BuildVerityMetadata(
- image_size, verity_metadata_path, root_hash, salt, self.block_device,
- self.signer_path, self.signer_key, self.signer_args,
- self.verity_disable)
-
- padding_size = self.partition_size - self.image_size - self.verity_size
- assert padding_size >= 0
-
- # Build the full verified image.
- Append(
- verity_image_path, verity_metadata_path,
- "Failed to append verity metadata")
-
- if self.fec_supported:
- # Build FEC for the entire partition, including metadata.
- verity_fec_path = os.path.join(tempdir_name, "verity_fec.img")
- BuildVerityFEC(
- out_file, verity_image_path, verity_fec_path, padding_size)
- Append(verity_image_path, verity_fec_path, "Failed to append FEC")
-
- Append2Simg(
- out_file, verity_image_path, "Failed to append verity data")
-
- def PadSparseImage(self, out_file):
- sparse_image_size = GetSimgSize(out_file)
- if sparse_image_size > self.image_size:
- raise BuildVerityImageError(
- "Error: image size of {} is larger than partition size of "
- "{}".format(sparse_image_size, self.image_size))
- ZeroPadSimg(out_file, self.image_size - sparse_image_size)
-
-
class VerifiedBootVersion2VerityImageBuilder(VerityImageBuilder):
"""A VerityImageBuilder for Verified Boot 2.0."""
@@ -536,15 +400,7 @@
def CreateHashtreeInfoGenerator(partition_name, block_size, info_dict):
- generator = None
- if (info_dict.get("verity") == "true" and
- info_dict.get("{}_verity_block_device".format(partition_name))):
- partition_size = info_dict["{}_size".format(partition_name)]
- fec_supported = info_dict.get("verity_fec") == "true"
- generator = VerifiedBootVersion1HashtreeInfoGenerator(
- partition_size, block_size, fec_supported)
-
- return generator
+ return None
class HashtreeInfoGenerator(object):