commit 336b3ba20b4f077dc0781a85bb0e0f79eacfdf69
author Cole Faust <colefaust@google.com> Tue Nov 19 16:34:29 2024 -0800
committer Cole Faust <colefaust@google.com> Wed Nov 20 12:44:27 2024 -0800
tree ee8ae844b6b067e0b4305ad7858fdc0d2a251128
parent ebf7c1f33fe280d032c6aeb281b51e23dddb2383

Avb sign boot images

The bootimg module had a very different implementation of avb signing
than what was in make. Add an alternate implemenation that is used
when avb_private_key is not set.

Bug: 377562951
Test: m nothing --no-skip-soong-tests
Change-Id: I253bcc8135f3d294eb6e09f39429c84c7c0fc037

fsgen/boot_imgs.go

diff --git a/fsgen/boot_imgs.go b/fsgen/boot_imgs.go
index 630aaff..b651862 100644
--- a/fsgen/boot_imgs.go
+++ b/fsgen/boot_imgs.go
@@ -45,6 +45,11 @@
 		partitionSize = &parsed
 	}
 
+	var securityPatch *string
+	if partitionVariables.BootSecurityPatch != "" {
+		securityPatch = &partitionVariables.BootSecurityPatch
+	}
+
 	bootImageName := generatedModuleNameForPartition(ctx.Config(), "boot")
 
 	ctx.CreateModule(
@@ -53,6 +58,8 @@
 			Kernel_prebuilt: proptools.StringPtr(":" + kernelFilegroupName),
 			Header_version:  proptools.StringPtr(partitionVariables.BoardBootHeaderVersion),
 			Partition_size:  partitionSize,
+			Use_avb:         &partitionVariables.BoardAvbEnable,
+			Security_patch:  securityPatch,
 		},
 		&struct {
 			Name *string
@@ -74,6 +81,7 @@
 			Boot_image_type: proptools.StringPtr("vendor_boot"),
 			Ramdisk_module:  proptools.StringPtr(generatedModuleNameForPartition(ctx.Config(), "vendor_ramdisk")),
 			Header_version:  proptools.StringPtr(partitionVariables.BoardBootHeaderVersion),
+			Use_avb:         &partitionVariables.BoardAvbEnable,
 		},
 		&struct {
 			Name *string
@@ -89,12 +97,21 @@
 
 	bootImageName := generatedModuleNameForPartition(ctx.Config(), "init_boot")
 
+	var securityPatch *string
+	if partitionVariables.InitBootSecurityPatch != "" {
+		securityPatch = &partitionVariables.InitBootSecurityPatch
+	} else if partitionVariables.BootSecurityPatch != "" {
+		securityPatch = &partitionVariables.BootSecurityPatch
+	}
+
 	ctx.CreateModule(
 		filesystem.BootimgFactory,
 		&filesystem.BootimgProperties{
 			Boot_image_type: proptools.StringPtr("init_boot"),
 			Ramdisk_module:  proptools.StringPtr(generatedModuleNameForPartition(ctx.Config(), "ramdisk")),
 			Header_version:  proptools.StringPtr(partitionVariables.BoardBootHeaderVersion),
+			Use_avb:         &partitionVariables.BoardAvbEnable,
+			Security_patch:  securityPatch,
 		},
 		&struct {
 			Name *string