Build vbmeta partitions with soong
AVB is Android Verified Boot:
https://source.android.com/docs/security/features/verifiedboot
It works by signing all the partitions, but then also including an extra
metadata paritition called vbmeta that depends on all the other
signed partitions. This creates a requirement that you update all those
partitions and the vbmeta partition together, so in order to relax that
requirement products can set up "chained" vbmeta partitions, where a
chained partition like vbmeta_system might contain the avb metadata for
just a few products. In cuttlefish vbmeta_system contains metadata about
product, system, and system_ext. Using chained partitions, that group of
partitions can be updated independently from the other signed
partitions.
Bug: 377563298
Test: m nothing (the diff test currently fails, but this is a start)
Change-Id: I397af3a418bd23bcbf8f620c436afcacf69974fd
diff --git a/filesystem/vbmeta.go b/filesystem/vbmeta.go
index 0bae479..6a3fc1f 100644
--- a/filesystem/vbmeta.go
+++ b/filesystem/vbmeta.go
@@ -25,19 +25,19 @@
)
func init() {
- android.RegisterModuleType("vbmeta", vbmetaFactory)
+ android.RegisterModuleType("vbmeta", VbmetaFactory)
}
type vbmeta struct {
android.ModuleBase
- properties vbmetaProperties
+ properties VbmetaProperties
output android.OutputPath
installDir android.InstallPath
}
-type vbmetaProperties struct {
+type VbmetaProperties struct {
// Name of the partition stored in vbmeta desc. Defaults to the name of this module.
Partition_name *string
@@ -50,9 +50,8 @@
// Algorithm that avbtool will use to sign this vbmeta image. Default is SHA256_RSA4096.
Algorithm *string
- // File whose content will provide the rollback index. If unspecified, the rollback index
- // is from PLATFORM_SECURITY_PATCH
- Rollback_index_file *string `android:"path"`
+ // The rollback index. If unspecified, the rollback index is from PLATFORM_SECURITY_PATCH
+ Rollback_index *int64
// Rollback index location of this vbmeta image. Must be 0, 1, 2, etc. Default is 0.
Rollback_index_location *int64
@@ -62,7 +61,7 @@
Partitions proptools.Configurable[[]string]
// List of chained partitions that this vbmeta deletages the verification.
- Chained_partitions []chainedPartitionProperties
+ Chained_partitions []ChainedPartitionProperties
// List of key-value pair of avb properties
Avb_properties []avbProperty
@@ -76,7 +75,7 @@
Value *string
}
-type chainedPartitionProperties struct {
+type ChainedPartitionProperties struct {
// Name of the chained partition
Name *string
@@ -95,7 +94,7 @@
}
// vbmeta is the partition image that has the verification information for other partitions.
-func vbmetaFactory() android.Module {
+func VbmetaFactory() android.Module {
module := &vbmeta{}
module.AddProperties(&module.properties)
android.InitAndroidArchModule(module, android.DeviceSupported, android.MultilibCommon)
@@ -217,15 +216,12 @@
// Returns the embedded shell command that prints the rollback index
func (v *vbmeta) rollbackIndexCommand(ctx android.ModuleContext) string {
- var cmd string
- if v.properties.Rollback_index_file != nil {
- f := android.PathForModuleSrc(ctx, proptools.String(v.properties.Rollback_index_file))
- cmd = "cat " + f.String()
+ if v.properties.Rollback_index != nil {
+ return fmt.Sprintf("%d", *v.properties.Rollback_index)
} else {
- cmd = "date -d 'TZ=\"GMT\" " + ctx.Config().PlatformSecurityPatch() + "' +%s"
+ // Take the first line and remove the newline char
+ return "$(date -d 'TZ=\"GMT\" " + ctx.Config().PlatformSecurityPatch() + "' +%s | head -1 | tr -d '\n'" + ")"
}
- // Take the first line and remove the newline char
- return "$(" + cmd + " | head -1 | tr -d '\n'" + ")"
}
// Extract public keys from chained_partitions.private_key. The keys are indexed with the partition