[avb_footer] Include initrd_* hashes as hash descriptors in kernel footer
This cl also removes the old initrd_* digests included as prop of kernel
hash descriptor.
The new footer will have 3 hash descriptors for kernel, initrd_normal
and initrd_debug.
This is the reland of the change aosp/2375868. The build of initrd on
linux-x86 that has incorrect format (b/264940248) is disabled in this
cl.
Bug: 260821553
Test: m microdroid_kernel_signed and inspect the output using `avbtool
info_image --image <output>`
Change-Id: I401e476f34dcd0ae0dd07e50d8fe19e3f2533d9a
diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index ecaadf8..b46f112 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -538,6 +538,46 @@
srcs: ["bootconfig.normal"],
}
+// python -c "import hashlib; print(hashlib.sha256(b'initrd_normal').hexdigest())"
+initrd_normal_salt = "8041a07d54ac82290f6d90bac1fa8d7fdbc4db974d101d60faf294749d1ebaf8"
+
+avb_gen_vbmeta_image {
+ name: "microdroid_initrd_normal_hashdesc",
+ src: ":microdroid_initrd_normal",
+ partition_name: "vbmeta_initrd_normal",
+ salt: initrd_normal_salt,
+ enabled: false,
+ arch: {
+ // Microdroid kernel is only available in these architectures.
+ arm64: {
+ enabled: true,
+ },
+ x86_64: {
+ enabled: true,
+ },
+ },
+}
+
+// python -c "import hashlib; print(hashlib.sha256(b'initrd_debug').hexdigest())"
+initrd_debug_salt = "8ab9dc9cb7e6456700ff6ef18c6b4c3acc24c5fa5381b829563f8d7a415d869a"
+
+avb_gen_vbmeta_image {
+ name: "microdroid_initrd_debug_hashdesc",
+ src: ":microdroid_initrd_debuggable",
+ partition_name: "vbmeta_initrd_debug",
+ salt: initrd_debug_salt,
+ enabled: false,
+ arch: {
+ // Microdroid kernel is only available in these architectures.
+ arm64: {
+ enabled: true,
+ },
+ x86_64: {
+ enabled: true,
+ },
+ },
+}
+
avb_add_hash_footer {
name: "microdroid_kernel_signed",
src: "empty_kernel",
@@ -556,11 +596,9 @@
enabled: true,
},
},
- props: [
- {
- name: "trusted_ramdisk",
- file: ":microdroid_initrd_hashes",
- },
+ include_descriptors_from_images: [
+ ":microdroid_initrd_normal_hashdesc",
+ ":microdroid_initrd_debug_hashdesc",
],
}
diff --git a/microdroid/initrd/Android.bp b/microdroid/initrd/Android.bp
index d05ea86..4531583 100644
--- a/microdroid/initrd/Android.bp
+++ b/microdroid/initrd/Android.bp
@@ -122,28 +122,3 @@
},
filename: "microdroid_initrd_normal.img",
}
-
-genrule {
- name: "microdroid_initrd_normal.sha256",
- srcs: [":microdroid_initrd_normal"],
- cmd: "cat $(in) | sha256sum | cut -d' ' -f1 > $(out)",
- out: ["hash"],
-}
-
-genrule {
- name: "microdroid_initrd_debuggable.sha256",
- srcs: [":microdroid_initrd_debuggable"],
- cmd: "cat $(in) | sha256sum | cut -d' ' -f1 > $(out)",
- out: ["hash"],
-}
-
-genrule {
- name: "microdroid_initrd_hashes",
- srcs: [
- ":microdroid_initrd_normal.sha256",
- ":microdroid_initrd_debuggable.sha256",
- ],
- // join the hashes with commas
- cmd: "cat $(in) | tr '\n' ',' > $(out) && truncate -s -1 $(out)",
- out: ["output"],
-}