Fix missing avb keys
Previously we were using the "specific" board avb key path, but it's
actually common for the partition-specific avb key to not be set and
instead fall back to the global avb key. Add that fallback to the
global avb key.
Also, now that we're properly using the keys, generate filegroups
for the keys as they're often in a different folder. Also use
pre-existing filegroups where possible.
Bug: 377563298
Test: m product_config_to_bp and check the generated bp file for avb keys
Change-Id: Iafef06b95c895c47d5b55c8aef2061a636754b28
diff --git a/fsgen/filesystem_creator.go b/fsgen/filesystem_creator.go
index d46f679..c74579a 100644
--- a/fsgen/filesystem_creator.go
+++ b/fsgen/filesystem_creator.go
@@ -64,6 +64,7 @@
generatedPrebuiltEtcModuleNames := createPrebuiltEtcModules(ctx)
avbpubkeyGenerated := createAvbpubkeyModule(ctx)
createFsGenState(ctx, generatedPrebuiltEtcModuleNames, avbpubkeyGenerated)
+ module.createAvbKeyFilegroups(ctx)
module.createInternalModules(ctx)
})
@@ -254,6 +255,51 @@
return true
}
+// Creates filegroups for the files specified in BOARD_(partition_)AVB_KEY_PATH
+func (f *filesystemCreator) createAvbKeyFilegroups(ctx android.LoadHookContext) {
+ partitionVars := ctx.Config().ProductVariables().PartitionVarsForSoongMigrationOnlyDoNotUse
+ var files []string
+
+ if len(partitionVars.BoardAvbKeyPath) > 0 {
+ files = append(files, partitionVars.BoardAvbKeyPath)
+ }
+ for _, partition := range android.SortedKeys(partitionVars.PartitionQualifiedVariables) {
+ specificPartitionVars := partitionVars.PartitionQualifiedVariables[partition]
+ if len(specificPartitionVars.BoardAvbKeyPath) > 0 {
+ files = append(files, specificPartitionVars.BoardAvbKeyPath)
+ }
+ }
+
+ fsGenState := ctx.Config().Get(fsGenStateOnceKey).(*FsGenState)
+ for _, file := range files {
+ if _, ok := fsGenState.avbKeyFilegroups[file]; ok {
+ continue
+ }
+ if file == "external/avb/test/data/testkey_rsa4096.pem" {
+ // There already exists a checked-in filegroup for this commonly-used key, just use that
+ fsGenState.avbKeyFilegroups[file] = "avb_testkey_rsa4096"
+ continue
+ }
+ dir := filepath.Dir(file)
+ base := filepath.Base(file)
+ name := fmt.Sprintf("avb_key_%x", strings.ReplaceAll(file, "/", "_"))
+ ctx.CreateModuleInDirectory(
+ android.FileGroupFactory,
+ dir,
+ &struct {
+ Name *string
+ Srcs []string
+ Visibility []string
+ }{
+ Name: proptools.StringPtr(name),
+ Srcs: []string{base},
+ Visibility: []string{"//visibility:public"},
+ },
+ )
+ fsGenState.avbKeyFilegroups[file] = name
+ }
+}
+
// createPrebuiltKernelModules creates `prebuilt_kernel_modules`. These modules will be added to deps of the
// autogenerated *_dlkm filsystem modules. Each _dlkm partition should have a single prebuilt_kernel_modules dependency.
// This ensures that the depmod artifacts (modules.* installed in /lib/modules/) are generated with a complete view.
@@ -419,21 +465,41 @@
}
func generateFsProps(ctx android.EarlyModuleContext, partitionType string) (*filesystem.FilesystemProperties, bool) {
+ fsGenState := ctx.Config().Get(fsGenStateOnceKey).(*FsGenState)
fsProps := &filesystem.FilesystemProperties{}
partitionVars := ctx.Config().ProductVariables().PartitionVarsForSoongMigrationOnlyDoNotUse
- var specificPartitionVars android.PartitionQualifiedVariablesType
var boardAvbEnable bool
+ var boardAvbKeyPath string
+ var boardAvbAlgorithm string
+ var boardAvbRollbackIndex string
var fsType string
if strings.Contains(partitionType, "ramdisk") {
fsType = "compressed_cpio"
} else {
- specificPartitionVars = partitionVars.PartitionQualifiedVariables[partitionType]
- boardAvbEnable = partitionVars.BoardAvbEnable
+ specificPartitionVars := partitionVars.PartitionQualifiedVariables[partitionType]
fsType = specificPartitionVars.BoardFileSystemType
+ boardAvbEnable = partitionVars.BoardAvbEnable
+ boardAvbKeyPath = specificPartitionVars.BoardAvbKeyPath
+ boardAvbAlgorithm = specificPartitionVars.BoardAvbAlgorithm
+ boardAvbRollbackIndex = specificPartitionVars.BoardAvbRollbackIndex
+ if boardAvbEnable {
+ if boardAvbKeyPath == "" {
+ boardAvbKeyPath = partitionVars.BoardAvbKeyPath
+ }
+ if boardAvbAlgorithm == "" {
+ boardAvbAlgorithm = partitionVars.BoardAvbAlgorithm
+ }
+ if boardAvbRollbackIndex == "" {
+ boardAvbRollbackIndex = partitionVars.BoardAvbRollbackIndex
+ }
+ }
+ if fsType == "" {
+ fsType = "ext4" //default
+ }
}
- if fsType == "" {
- fsType = "ext4" //default
+ if boardAvbKeyPath != "" {
+ boardAvbKeyPath = ":" + fsGenState.avbKeyFilegroups[boardAvbKeyPath]
}
fsProps.Type = proptools.StringPtr(fsType)
@@ -449,11 +515,11 @@
// BOARD_AVB_ENABLE
fsProps.Use_avb = proptools.BoolPtr(boardAvbEnable)
// BOARD_AVB_KEY_PATH
- fsProps.Avb_private_key = proptools.StringPtr(specificPartitionVars.BoardAvbKeyPath)
+ fsProps.Avb_private_key = proptools.StringPtr(boardAvbKeyPath)
// BOARD_AVB_ALGORITHM
- fsProps.Avb_algorithm = proptools.StringPtr(specificPartitionVars.BoardAvbAlgorithm)
+ fsProps.Avb_algorithm = proptools.StringPtr(boardAvbAlgorithm)
// BOARD_AVB_SYSTEM_ROLLBACK_INDEX
- if rollbackIndex, err := strconv.ParseInt(specificPartitionVars.BoardAvbRollbackIndex, 10, 64); err == nil {
+ if rollbackIndex, err := strconv.ParseInt(boardAvbRollbackIndex, 10, 64); err == nil {
fsProps.Rollback_index = proptools.Int64Ptr(rollbackIndex)
}