[rialto] Re-sign rialto with the release key
Bug: 279886264
Test: atest --host sign_virt_apex_test
Test: sign_virt_apex <private key> <com.android.virt path>
Test: sign_virt_apex --verify <correct private key> <com.android.virt path>
Test: sign_virt_apex --verify <incorrect private key> <com.android.virt path> # Should throw AssertionError
Change-Id: Ibb3659139690cd4e4ebebe8bb0a1e9b32859b265
diff --git a/apex/Android.bp b/apex/Android.bp
index b09cf58..7c45cc5 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -99,6 +99,9 @@
"virtualizationservice",
],
filesystems: microdroid_filesystem_images,
+ prebuilts: [
+ "rialto_bin",
+ ],
},
x86_64: {
binaries: [
@@ -119,7 +122,6 @@
"microdroid_initrd_normal",
"microdroid.json",
"microdroid_kernel",
- "rialto_bin",
],
host_required: [
"vm_shell",
diff --git a/apex/sign_virt_apex.py b/apex/sign_virt_apex.py
index b21a355..1951260 100644
--- a/apex/sign_virt_apex.py
+++ b/apex/sign_virt_apex.py
@@ -422,6 +422,7 @@
'super.img': 'etc/fs/microdroid_super.img',
'initrd_normal.img': 'etc/microdroid_initrd_normal.img',
'initrd_debuggable.img': 'etc/microdroid_initrd_debuggable.img',
+ 'rialto': 'etc/rialto.bin',
}
def TargetFiles(input_dir):
@@ -512,6 +513,10 @@
f'gki-{ver}_initrd_normal.img',
f'gki-{ver}_initrd_debuggable.img')
+ # Re-sign rialto if it exists. Rialto only exists in arm64 environment.
+ if os.path.exists(files['rialto']):
+ Async(AddHashFooter, args, key, files['rialto'], partition_name='boot')
+
def VerifyVirtApex(args):
key = args.key
@@ -538,6 +543,9 @@
if IsInitrdImage(k):
# TODO(b/245277660): Verify that ramdisks contain the correct vbmeta digest
continue
+ if k == 'rialto' and not os.path.exists(f):
+ # Rialto only exists in arm64 environment.
+ continue
if k == 'super.img':
Async(check_avb_pubkey, system_a_img)
else: