Mount system and vendor over dm-verity
This CL fixes a series of mistakes which let the system and the vendor
partition be mounted without dm-verity.
* avb=vbmeta and avb=vbmeta_system flags are added to fstab so that the
partitions are mounted over dm-verity
* uboot script is modified to append avb_bootargs into bootargs so that
avb parameters like the root hash, etc. are passed to the kernel via
cmdline
* The boot partition is no longer a chained partition. Its hashtree is
included in vbmeta.img directly. This is firstly because we don't have a
need to update the kernel independently from other partitions. And
secondly, boot as a chained partition requires us to create
/dev/block/by-name/boot during the first stage init, which require
additional-but-useless entry in fstab.
* Name of the logical partitions in super.img is changed to system_a and
vendor_a from system and vendor, respectively.
Bug: 198303625
Test: boot microdroid. `ls /dev/block/mapper` shows
```
drwxr-xr-x 3 root root 160 2021-09-01 03:10 .
drwxr-xr-x 5 root root 1180 2021-09-01 03:10 ..
drwxr-xr-x 2 root root 140 2021-09-01 03:10 by-uuid
lrwxrwxrwx 1 root root 15 2021-09-01 03:10 microdroid-apk -> /dev/block/dm-4
lrwxrwxrwx 1 root root 15 2021-09-01 03:10 system-verity -> /dev/block/dm-2
lrwxrwxrwx 1 root root 15 2021-09-01 03:10 system_a -> /dev/block/dm-0
lrwxrwxrwx 1 root root 15 2021-09-01 03:10 vendor-verity -> /dev/block/dm-3
lrwxrwxrwx 1 root root 15 2021-09-01 03:10 vendor_a -> /dev/block/dm-1
```
Change-Id: I6b485d841d9bd774ab964fd9ae7d2e0a15795b14
diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index 47271a7..17cb615 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -165,6 +165,7 @@
android_filesystem {
name: "microdroid_vendor",
+ partition_name: "vendor",
use_avb: true,
deps: [
"android.hardware.security.keymint-service.microdroid",
@@ -194,11 +195,11 @@
size: "auto",
default_group: [
{
- name: "system",
+ name: "system_a",
filesystem: ":microdroid",
},
{
- name: "vendor",
+ name: "vendor_a",
filesystem: ":microdroid_vendor",
},
],
@@ -419,11 +420,6 @@
rollback_index_location: 1,
private_key: ":avb_testkey_rsa4096",
},
- {
- name: "boot",
- rollback_index_location: 2,
- private_key: ":avb_testkey_rsa4096",
- },
],
}
@@ -433,6 +429,7 @@
private_key: ":avb_testkey_rsa4096",
partitions: [
"microdroid",
+ "microdroid_boot-5.10",
],
}
diff --git a/microdroid/fstab.microdroid b/microdroid/fstab.microdroid
index 129718e..f0e70b6 100644
--- a/microdroid/fstab.microdroid
+++ b/microdroid/fstab.microdroid
@@ -1,2 +1,2 @@
-system /system ext4 noatime,ro,errors=panic wait,first_stage_mount,logical
-vendor /vendor ext4 noatime,ro,errors=panic wait,first_stage_mount,logical
+system /system ext4 noatime,ro,errors=panic wait,slotselect,avb=vbmeta_system,first_stage_mount,logical
+vendor /vendor ext4 noatime,ro,errors=panic wait,slotselect,avb=vbmeta,first_stage_mount,logical
diff --git a/microdroid/uboot-env-x86_64.txt b/microdroid/uboot-env-x86_64.txt
index 1abafa6..fabe5b4 100644
--- a/microdroid/uboot-env-x86_64.txt
+++ b/microdroid/uboot-env-x86_64.txt
@@ -3,7 +3,7 @@
# Boot the device following the Android boot procedure
# `0` is the disk number of os_composite.img
# `a` and `_a` are the slot index for A/B
-bootcmd=avb init virtio 0 && avb verify _a && boot_android virtio 0 a
+bootcmd=avb init virtio 0 && avb verify _a && env set bootargs "$bootargs $avb_bootargs" && boot_android virtio 0 a
bootdelay=0
diff --git a/microdroid/uboot-env.txt b/microdroid/uboot-env.txt
index 585702e..2c5bee7 100644
--- a/microdroid/uboot-env.txt
+++ b/microdroid/uboot-env.txt
@@ -3,7 +3,7 @@
# Boot the device following the Android boot procedure
# `0` is the disk number of os_composite.img
# `a` and `_a` are the slot index for A/B
-bootcmd=avb init virtio 0 && avb verify _a && boot_android virtio 0 a
+bootcmd=avb init virtio 0 && avb verify _a && env set bootargs "$bootargs $avb_bootargs" && boot_android virtio 0 a
bootdelay=0
fdtaddr=0x80000000