Fix remaining diffs for init_boot and boot images
- Add missing $(cat ) around the fingerprint file
- Add partition size to init_boot
- Add avb keys and algorithms to boot partitions. I used to switch
between the two modes in bootimg modules based on if a key was set,
but now that we are setting a key here I added an explicit mode
property.
- With all these, there are still diffs because avbtool.py introduces
randomness for the salt. If you patch out the randomness locally
the diffs come out clean.
Bug: 377562951
Bug: 377563630
Test: m soong_generated_boot_filesystem_test soong_generated_init_boot_filesystem_test
Change-Id: I448dfb431c240e8d06555fcc5d3e02660e8c2bfb
diff --git a/filesystem/bootimg.go b/filesystem/bootimg.go
index 90409b3..c8e27e5 100644
--- a/filesystem/bootimg.go
+++ b/filesystem/bootimg.go
@@ -80,6 +80,12 @@
// When set to true, sign the image with avbtool. Default is false.
Use_avb *bool
+ // This can either be "default", or "make_legacy". "make_legacy" will sign the boot image
+ // like how build/make/core/Makefile does, to get bit-for-bit backwards compatibility. But
+ // we may want to reconsider if it's necessary to have two modes in the future. The default
+ // is "default"
+ Avb_mode *string
+
// Name of the partition stored in vbmeta desc. Defaults to the name of this module.
Partition_name *string
@@ -90,6 +96,9 @@
// Hash and signing algorithm for avbtool. Default is SHA256_RSA4096.
Avb_algorithm *string
+ // The index used to prevent rollback of the image on device.
+ Avb_rollback_index *int64
+
// The security patch passed to as the com.android.build.<type>.security_patch avb property.
// Replacement for the make variables BOOT_SECURITY_PATCH / INIT_BOOT_SECURITY_PATCH.
Security_patch *string
@@ -197,16 +206,16 @@
output := unsignedOutput
if proptools.Bool(b.properties.Use_avb) {
- // This bootimg module supports 2 modes of avb signing, it picks between them based on
- // if the private key is specified or not. If there is a key, it does a signing process
- // similar to how the regular partitions (system, product, vendor, etc) are signed.
- // If the key is not provided, it will just add an avb footer to the image. The avb
- // footer only signing is how the make-built init_boot, boot, and vendor_boot images are
- // built.
- if proptools.String(b.properties.Avb_private_key) != "" {
+ // This bootimg module supports 2 modes of avb signing. It is not clear to this author
+ // why there are differences, but one of them is to match the behavior of make-built boot
+ // images.
+ switch proptools.StringDefault(b.properties.Avb_mode, "default") {
+ case "default":
output = b.signImage(ctx, unsignedOutput)
- } else {
+ case "make_legacy":
output = b.addAvbFooter(ctx, unsignedOutput, kernel)
+ default:
+ ctx.PropertyErrorf("avb_mode", `Unknown value for avb_mode, expected "default" or "make_legacy", got: %q`, *b.properties.Avb_mode)
}
}
@@ -328,13 +337,22 @@
cmd.FlagWithArg("--partition_name ", b.bootImageType.String())
+ if b.properties.Avb_algorithm != nil {
+ cmd.FlagWithArg("--algorithm ", proptools.NinjaAndShellEscape(*b.properties.Avb_algorithm))
+ }
+
+ if b.properties.Avb_private_key != nil {
+ key := android.PathForModuleSrc(ctx, proptools.String(b.properties.Avb_private_key))
+ cmd.FlagWithInput("--key ", key)
+ }
+
if !b.bootImageType.isVendorBoot() {
cmd.FlagWithArg("--prop ", proptools.NinjaAndShellEscape(fmt.Sprintf(
"com.android.build.%s.os_version:%s", b.bootImageType.String(), ctx.Config().PlatformVersionLastStable())))
}
fingerprintFile := ctx.Config().BuildFingerprintFile(ctx)
- cmd.FlagWithArg("--prop ", fmt.Sprintf("com.android.build.%s.fingerprint:%s", b.bootImageType.String(), fingerprintFile.String()))
+ cmd.FlagWithArg("--prop ", fmt.Sprintf("com.android.build.%s.fingerprint:$(cat %s)", b.bootImageType.String(), fingerprintFile.String()))
cmd.OrderOnly(fingerprintFile)
if b.properties.Security_patch != nil {
@@ -342,6 +360,10 @@
"com.android.build.%s.security_patch:%s", b.bootImageType.String(), *b.properties.Security_patch)))
}
+ if b.properties.Avb_rollback_index != nil {
+ cmd.FlagWithArg("--rollback_index ", strconv.FormatInt(*b.properties.Avb_rollback_index, 10))
+ }
+
builder.Build("add_avb_footer", fmt.Sprintf("Adding avb footer to %s", b.BaseModuleName()))
return output
}
diff --git a/fsgen/boot_imgs.go b/fsgen/boot_imgs.go
index b651862..6647a9a 100644
--- a/fsgen/boot_imgs.go
+++ b/fsgen/boot_imgs.go
@@ -38,7 +38,8 @@
var partitionSize *int64
if partitionVariables.BoardBootimagePartitionSize != "" {
- parsed, err := strconv.ParseInt(partitionVariables.BoardBootimagePartitionSize, 10, 64)
+ // Base of zero will allow base 10 or base 16 if starting with 0x
+ parsed, err := strconv.ParseInt(partitionVariables.BoardBootimagePartitionSize, 0, 64)
if err != nil {
panic(fmt.Sprintf("BOARD_BOOTIMAGE_PARTITION_SIZE must be an int, got %s", partitionVariables.BoardBootimagePartitionSize))
}
@@ -50,16 +51,22 @@
securityPatch = &partitionVariables.BootSecurityPatch
}
+ avbInfo := getAvbInfo(ctx.Config(), "boot")
+
bootImageName := generatedModuleNameForPartition(ctx.Config(), "boot")
ctx.CreateModule(
filesystem.BootimgFactory,
&filesystem.BootimgProperties{
- Kernel_prebuilt: proptools.StringPtr(":" + kernelFilegroupName),
- Header_version: proptools.StringPtr(partitionVariables.BoardBootHeaderVersion),
- Partition_size: partitionSize,
- Use_avb: &partitionVariables.BoardAvbEnable,
- Security_patch: securityPatch,
+ Kernel_prebuilt: proptools.StringPtr(":" + kernelFilegroupName),
+ Header_version: proptools.StringPtr(partitionVariables.BoardBootHeaderVersion),
+ Partition_size: partitionSize,
+ Use_avb: avbInfo.avbEnable,
+ Avb_mode: avbInfo.avbMode,
+ Avb_private_key: avbInfo.avbkeyFilegroup,
+ Avb_rollback_index: avbInfo.avbRollbackIndex,
+ Avb_algorithm: avbInfo.avbAlgorithm,
+ Security_patch: securityPatch,
},
&struct {
Name *string
@@ -75,13 +82,19 @@
bootImageName := generatedModuleNameForPartition(ctx.Config(), "vendor_boot")
+ avbInfo := getAvbInfo(ctx.Config(), "vendor_boot")
+
ctx.CreateModule(
filesystem.BootimgFactory,
&filesystem.BootimgProperties{
- Boot_image_type: proptools.StringPtr("vendor_boot"),
- Ramdisk_module: proptools.StringPtr(generatedModuleNameForPartition(ctx.Config(), "vendor_ramdisk")),
- Header_version: proptools.StringPtr(partitionVariables.BoardBootHeaderVersion),
- Use_avb: &partitionVariables.BoardAvbEnable,
+ Boot_image_type: proptools.StringPtr("vendor_boot"),
+ Ramdisk_module: proptools.StringPtr(generatedModuleNameForPartition(ctx.Config(), "vendor_ramdisk")),
+ Header_version: proptools.StringPtr(partitionVariables.BoardBootHeaderVersion),
+ Use_avb: avbInfo.avbEnable,
+ Avb_mode: avbInfo.avbMode,
+ Avb_private_key: avbInfo.avbkeyFilegroup,
+ Avb_rollback_index: avbInfo.avbRollbackIndex,
+ Avb_algorithm: avbInfo.avbAlgorithm,
},
&struct {
Name *string
@@ -104,14 +117,31 @@
securityPatch = &partitionVariables.BootSecurityPatch
}
+ var partitionSize *int64
+ if partitionVariables.BoardInitBootimagePartitionSize != "" {
+ // Base of zero will allow base 10 or base 16 if starting with 0x
+ parsed, err := strconv.ParseInt(partitionVariables.BoardInitBootimagePartitionSize, 0, 64)
+ if err != nil {
+ panic(fmt.Sprintf("BOARD_INIT_BOOT_IMAGE_PARTITION_SIZE must be an int, got %s", partitionVariables.BoardInitBootimagePartitionSize))
+ }
+ partitionSize = &parsed
+ }
+
+ avbInfo := getAvbInfo(ctx.Config(), "init_boot")
+
ctx.CreateModule(
filesystem.BootimgFactory,
&filesystem.BootimgProperties{
- Boot_image_type: proptools.StringPtr("init_boot"),
- Ramdisk_module: proptools.StringPtr(generatedModuleNameForPartition(ctx.Config(), "ramdisk")),
- Header_version: proptools.StringPtr(partitionVariables.BoardBootHeaderVersion),
- Use_avb: &partitionVariables.BoardAvbEnable,
- Security_patch: securityPatch,
+ Boot_image_type: proptools.StringPtr("init_boot"),
+ Ramdisk_module: proptools.StringPtr(generatedModuleNameForPartition(ctx.Config(), "ramdisk")),
+ Header_version: proptools.StringPtr(partitionVariables.BoardBootHeaderVersion),
+ Security_patch: securityPatch,
+ Partition_size: partitionSize,
+ Use_avb: avbInfo.avbEnable,
+ Avb_mode: avbInfo.avbMode,
+ Avb_private_key: avbInfo.avbkeyFilegroup,
+ Avb_rollback_index: avbInfo.avbRollbackIndex,
+ Avb_algorithm: avbInfo.avbAlgorithm,
},
&struct {
Name *string
diff --git a/fsgen/filesystem_creator.go b/fsgen/filesystem_creator.go
index 6bfb097..d4301f9 100644
--- a/fsgen/filesystem_creator.go
+++ b/fsgen/filesystem_creator.go
@@ -546,42 +546,21 @@
}
func generateFsProps(ctx android.EarlyModuleContext, partitionType string) (*filesystem.FilesystemProperties, bool) {
- fsGenState := ctx.Config().Get(fsGenStateOnceKey).(*FsGenState)
fsProps := &filesystem.FilesystemProperties{}
partitionVars := ctx.Config().ProductVariables().PartitionVarsForSoongMigrationOnlyDoNotUse
- var boardAvbEnable bool
- var boardAvbKeyPath string
- var boardAvbAlgorithm string
- var boardAvbRollbackIndex string
+ var avbInfo avbInfo
var fsType string
if strings.Contains(partitionType, "ramdisk") {
fsType = "compressed_cpio"
} else {
specificPartitionVars := partitionVars.PartitionQualifiedVariables[partitionType]
fsType = specificPartitionVars.BoardFileSystemType
- boardAvbEnable = partitionVars.BoardAvbEnable
- boardAvbKeyPath = specificPartitionVars.BoardAvbKeyPath
- boardAvbAlgorithm = specificPartitionVars.BoardAvbAlgorithm
- boardAvbRollbackIndex = specificPartitionVars.BoardAvbRollbackIndex
- if boardAvbEnable {
- if boardAvbKeyPath == "" {
- boardAvbKeyPath = partitionVars.BoardAvbKeyPath
- }
- if boardAvbAlgorithm == "" {
- boardAvbAlgorithm = partitionVars.BoardAvbAlgorithm
- }
- if boardAvbRollbackIndex == "" {
- boardAvbRollbackIndex = partitionVars.BoardAvbRollbackIndex
- }
- }
+ avbInfo = getAvbInfo(ctx.Config(), partitionType)
if fsType == "" {
fsType = "ext4" //default
}
}
- if boardAvbKeyPath != "" {
- boardAvbKeyPath = ":" + fsGenState.avbKeyFilegroups[boardAvbKeyPath]
- }
fsProps.Type = proptools.StringPtr(fsType)
if filesystem.GetFsTypeFromString(ctx, *fsProps.Type).IsUnknown() {
@@ -594,15 +573,13 @@
fsProps.Unchecked_module = proptools.BoolPtr(true)
// BOARD_AVB_ENABLE
- fsProps.Use_avb = proptools.BoolPtr(boardAvbEnable)
+ fsProps.Use_avb = avbInfo.avbEnable
// BOARD_AVB_KEY_PATH
- fsProps.Avb_private_key = proptools.StringPtr(boardAvbKeyPath)
+ fsProps.Avb_private_key = avbInfo.avbkeyFilegroup
// BOARD_AVB_ALGORITHM
- fsProps.Avb_algorithm = proptools.StringPtr(boardAvbAlgorithm)
+ fsProps.Avb_algorithm = avbInfo.avbAlgorithm
// BOARD_AVB_SYSTEM_ROLLBACK_INDEX
- if rollbackIndex, err := strconv.ParseInt(boardAvbRollbackIndex, 10, 64); err == nil {
- fsProps.Rollback_index = proptools.Int64Ptr(rollbackIndex)
- }
+ fsProps.Rollback_index = avbInfo.avbRollbackIndex
fsProps.Partition_name = proptools.StringPtr(partitionType)
@@ -629,6 +606,55 @@
return fsProps, true
}
+type avbInfo struct {
+ avbEnable *bool
+ avbKeyPath *string
+ avbkeyFilegroup *string
+ avbAlgorithm *string
+ avbRollbackIndex *int64
+ avbMode *string
+}
+
+func getAvbInfo(config android.Config, partitionType string) avbInfo {
+ partitionVars := config.ProductVariables().PartitionVarsForSoongMigrationOnlyDoNotUse
+ specificPartitionVars := partitionVars.PartitionQualifiedVariables[partitionType]
+ var result avbInfo
+ boardAvbEnable := partitionVars.BoardAvbEnable
+ if boardAvbEnable {
+ result.avbEnable = proptools.BoolPtr(true)
+ if specificPartitionVars.BoardAvbKeyPath != "" {
+ result.avbKeyPath = proptools.StringPtr(specificPartitionVars.BoardAvbKeyPath)
+ } else if partitionVars.BoardAvbKeyPath != "" {
+ result.avbKeyPath = proptools.StringPtr(partitionVars.BoardAvbKeyPath)
+ }
+ if specificPartitionVars.BoardAvbAlgorithm != "" {
+ result.avbAlgorithm = proptools.StringPtr(specificPartitionVars.BoardAvbAlgorithm)
+ } else if partitionVars.BoardAvbAlgorithm != "" {
+ result.avbAlgorithm = proptools.StringPtr(partitionVars.BoardAvbAlgorithm)
+ }
+ if specificPartitionVars.BoardAvbRollbackIndex != "" {
+ parsed, err := strconv.ParseInt(specificPartitionVars.BoardAvbRollbackIndex, 10, 64)
+ if err != nil {
+ panic(fmt.Sprintf("Rollback index must be an int, got %s", specificPartitionVars.BoardAvbRollbackIndex))
+ }
+ result.avbRollbackIndex = &parsed
+ } else if partitionVars.BoardAvbRollbackIndex != "" {
+ parsed, err := strconv.ParseInt(partitionVars.BoardAvbRollbackIndex, 10, 64)
+ if err != nil {
+ panic(fmt.Sprintf("Rollback index must be an int, got %s", partitionVars.BoardAvbRollbackIndex))
+ }
+ result.avbRollbackIndex = &parsed
+ }
+ result.avbMode = proptools.StringPtr("make_legacy")
+ }
+ if result.avbKeyPath != nil {
+ fsGenState := config.Get(fsGenStateOnceKey).(*FsGenState)
+ filegroup := fsGenState.avbKeyFilegroups[*result.avbKeyPath]
+ result.avbkeyFilegroup = proptools.StringPtr(":" + filegroup)
+ }
+ return result
+}
+
func (f *filesystemCreator) createFileListDiffTest(ctx android.ModuleContext, partitionType string) android.Path {
partitionModuleName := generatedModuleNameForPartition(ctx.Config(), partitionType)
systemImage := ctx.GetDirectDepWithTag(partitionModuleName, generatedFilesystemDepTag)