Build vbmeta partitions with soong
AVB is Android Verified Boot:
https://source.android.com/docs/security/features/verifiedboot
It works by signing all the partitions, but then also including an extra
metadata paritition called vbmeta that depends on all the other
signed partitions. This creates a requirement that you update all those
partitions and the vbmeta partition together, so in order to relax that
requirement products can set up "chained" vbmeta partitions, where a
chained partition like vbmeta_system might contain the avb metadata for
just a few products. In cuttlefish vbmeta_system contains metadata about
product, system, and system_ext. Using chained partitions, that group of
partitions can be updated independently from the other signed
partitions.
Bug: 377563298
Test: m nothing (the diff test currently fails, but this is a start)
Change-Id: I397af3a418bd23bcbf8f620c436afcacf69974fd
diff --git a/filesystem/android_device.go b/filesystem/android_device.go
index 9071272..2645dc4 100644
--- a/filesystem/android_device.go
+++ b/filesystem/android_device.go
@@ -34,6 +34,8 @@
Vendor_partition_name *string
// Name of the Odm partition filesystem module
Odm_partition_name *string
+ // The vbmeta partition and its "chained" partitions
+ Vbmeta_partitions []string
}
type androidDevice struct {
@@ -46,7 +48,6 @@
module := &androidDevice{}
module.AddProperties(&module.partitionProps)
android.InitAndroidMultiTargetsArchModule(module, android.DeviceSupported, android.MultilibCommon)
-
return module
}
@@ -69,6 +70,9 @@
addDependencyIfDefined(a.partitionProps.Product_partition_name)
addDependencyIfDefined(a.partitionProps.Vendor_partition_name)
addDependencyIfDefined(a.partitionProps.Odm_partition_name)
+ for _, vbmetaPartition := range a.partitionProps.Vbmeta_partitions {
+ ctx.AddDependency(ctx.Module(), filesystemDepTag, vbmetaPartition)
+ }
}
func (a *androidDevice) GenerateAndroidBuildActions(ctx android.ModuleContext) {