Merge changes from topic "rialto-resign" into main
* changes:
Fill missing avb property when resigning virt apex.
[rialto] Re-sign rialto with the release key
diff --git a/apex/Android.bp b/apex/Android.bp
index b09cf58..7c45cc5 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -99,6 +99,9 @@
"virtualizationservice",
],
filesystems: microdroid_filesystem_images,
+ prebuilts: [
+ "rialto_bin",
+ ],
},
x86_64: {
binaries: [
@@ -119,7 +122,6 @@
"microdroid_initrd_normal",
"microdroid.json",
"microdroid_kernel",
- "rialto_bin",
],
host_required: [
"vm_shell",
diff --git a/apex/sign_virt_apex.py b/apex/sign_virt_apex.py
index b21a355..ffc1697 100644
--- a/apex/sign_virt_apex.py
+++ b/apex/sign_virt_apex.py
@@ -212,11 +212,18 @@
def LookUp(pairs, key):
return [v for (k, v) in pairs if k == key]
+# Extract properties from the descriptors of original vbmeta image,
+# append to command as parameter.
+def AppendPropArgument(cmd, descriptors):
+ for prop in LookUp(descriptors, 'Prop'):
+ cmd.append('--prop')
+ result = re.match(r"(.+) -> '(.+)'", prop)
+ cmd.append(result.group(1) + ":" + result.group(2))
def AddHashFooter(args, key, image_path, partition_name, additional_descriptors=None):
if os.path.basename(image_path) in args.key_overrides:
key = args.key_overrides[os.path.basename(image_path)]
- info, _ = AvbInfo(args, image_path)
+ info, descriptors = AvbInfo(args, image_path)
if info:
image_size = ReadBytesSize(info['Image size'])
algorithm = info['Algorithm']
@@ -228,6 +235,7 @@
'--partition_name', partition_name,
'--partition_size', partition_size,
'--image', image_path]
+ AppendPropArgument(cmd, descriptors)
if args.signing_args:
cmd.extend(shlex.split(args.signing_args))
if additional_descriptors:
@@ -258,6 +266,7 @@
'--do_not_generate_fec',
'--hash_algorithm', hash_algorithm,
'--image', image_path]
+ AppendPropArgument(cmd, descriptors)
if args.signing_args:
cmd.extend(shlex.split(args.signing_args))
RunCommand(args, cmd)
@@ -422,6 +431,7 @@
'super.img': 'etc/fs/microdroid_super.img',
'initrd_normal.img': 'etc/microdroid_initrd_normal.img',
'initrd_debuggable.img': 'etc/microdroid_initrd_debuggable.img',
+ 'rialto': 'etc/rialto.bin',
}
def TargetFiles(input_dir):
@@ -512,6 +522,10 @@
f'gki-{ver}_initrd_normal.img',
f'gki-{ver}_initrd_debuggable.img')
+ # Re-sign rialto if it exists. Rialto only exists in arm64 environment.
+ if os.path.exists(files['rialto']):
+ Async(AddHashFooter, args, key, files['rialto'], partition_name='boot')
+
def VerifyVirtApex(args):
key = args.key
@@ -538,6 +552,9 @@
if IsInitrdImage(k):
# TODO(b/245277660): Verify that ramdisks contain the correct vbmeta digest
continue
+ if k == 'rialto' and not os.path.exists(f):
+ # Rialto only exists in arm64 environment.
+ continue
if k == 'super.img':
Async(check_avb_pubkey, system_a_img)
else: