Fix remaining diffs for init_boot and boot images
- Add missing $(cat ) around the fingerprint file
- Add partition size to init_boot
- Add avb keys and algorithms to boot partitions. I used to switch
between the two modes in bootimg modules based on if a key was set,
but now that we are setting a key here I added an explicit mode
property.
- With all these, there are still diffs because avbtool.py introduces
randomness for the salt. If you patch out the randomness locally
the diffs come out clean.
Bug: 377562951
Bug: 377563630
Test: m soong_generated_boot_filesystem_test soong_generated_init_boot_filesystem_test
Change-Id: I448dfb431c240e8d06555fcc5d3e02660e8c2bfb
diff --git a/filesystem/bootimg.go b/filesystem/bootimg.go
index 90409b3..c8e27e5 100644
--- a/filesystem/bootimg.go
+++ b/filesystem/bootimg.go
@@ -80,6 +80,12 @@
// When set to true, sign the image with avbtool. Default is false.
Use_avb *bool
+ // This can either be "default", or "make_legacy". "make_legacy" will sign the boot image
+ // like how build/make/core/Makefile does, to get bit-for-bit backwards compatibility. But
+ // we may want to reconsider if it's necessary to have two modes in the future. The default
+ // is "default"
+ Avb_mode *string
+
// Name of the partition stored in vbmeta desc. Defaults to the name of this module.
Partition_name *string
@@ -90,6 +96,9 @@
// Hash and signing algorithm for avbtool. Default is SHA256_RSA4096.
Avb_algorithm *string
+ // The index used to prevent rollback of the image on device.
+ Avb_rollback_index *int64
+
// The security patch passed to as the com.android.build.<type>.security_patch avb property.
// Replacement for the make variables BOOT_SECURITY_PATCH / INIT_BOOT_SECURITY_PATCH.
Security_patch *string
@@ -197,16 +206,16 @@
output := unsignedOutput
if proptools.Bool(b.properties.Use_avb) {
- // This bootimg module supports 2 modes of avb signing, it picks between them based on
- // if the private key is specified or not. If there is a key, it does a signing process
- // similar to how the regular partitions (system, product, vendor, etc) are signed.
- // If the key is not provided, it will just add an avb footer to the image. The avb
- // footer only signing is how the make-built init_boot, boot, and vendor_boot images are
- // built.
- if proptools.String(b.properties.Avb_private_key) != "" {
+ // This bootimg module supports 2 modes of avb signing. It is not clear to this author
+ // why there are differences, but one of them is to match the behavior of make-built boot
+ // images.
+ switch proptools.StringDefault(b.properties.Avb_mode, "default") {
+ case "default":
output = b.signImage(ctx, unsignedOutput)
- } else {
+ case "make_legacy":
output = b.addAvbFooter(ctx, unsignedOutput, kernel)
+ default:
+ ctx.PropertyErrorf("avb_mode", `Unknown value for avb_mode, expected "default" or "make_legacy", got: %q`, *b.properties.Avb_mode)
}
}
@@ -328,13 +337,22 @@
cmd.FlagWithArg("--partition_name ", b.bootImageType.String())
+ if b.properties.Avb_algorithm != nil {
+ cmd.FlagWithArg("--algorithm ", proptools.NinjaAndShellEscape(*b.properties.Avb_algorithm))
+ }
+
+ if b.properties.Avb_private_key != nil {
+ key := android.PathForModuleSrc(ctx, proptools.String(b.properties.Avb_private_key))
+ cmd.FlagWithInput("--key ", key)
+ }
+
if !b.bootImageType.isVendorBoot() {
cmd.FlagWithArg("--prop ", proptools.NinjaAndShellEscape(fmt.Sprintf(
"com.android.build.%s.os_version:%s", b.bootImageType.String(), ctx.Config().PlatformVersionLastStable())))
}
fingerprintFile := ctx.Config().BuildFingerprintFile(ctx)
- cmd.FlagWithArg("--prop ", fmt.Sprintf("com.android.build.%s.fingerprint:%s", b.bootImageType.String(), fingerprintFile.String()))
+ cmd.FlagWithArg("--prop ", fmt.Sprintf("com.android.build.%s.fingerprint:$(cat %s)", b.bootImageType.String(), fingerprintFile.String()))
cmd.OrderOnly(fingerprintFile)
if b.properties.Security_patch != nil {
@@ -342,6 +360,10 @@
"com.android.build.%s.security_patch:%s", b.bootImageType.String(), *b.properties.Security_patch)))
}
+ if b.properties.Avb_rollback_index != nil {
+ cmd.FlagWithArg("--rollback_index ", strconv.FormatInt(*b.properties.Avb_rollback_index, 10))
+ }
+
builder.Build("add_avb_footer", fmt.Sprintf("Adding avb footer to %s", b.BaseModuleName()))
return output
}