[avb] Collect hash descriptors when verification succeeds
This cl uses `avb_descriptor_foreach()` to collect all the
hash descriptors once the verification succeeds and checks
that there's no unknown, duplicated or non-hash descriptor
in the vbmeta.
We will extract the partition digest from the collected
hash descriptors later.
Bug: 256148034
Bug: 265897559
Test: m pvmfw_img && atest libpvmfw_avb.integration_test
Change-Id: Ifa0a91f1e4384007e58d99585d72cdee81bd8dbc
diff --git a/pvmfw/avb/Android.bp b/pvmfw/avb/Android.bp
index 837f747..fb950b7 100644
--- a/pvmfw/avb/Android.bp
+++ b/pvmfw/avb/Android.bp
@@ -9,6 +9,7 @@
prefer_rlib: true,
rustlibs: [
"libavb_bindgen",
+ "libtinyvec_nostd",
],
whole_static_libs: [
"libavb",
@@ -37,6 +38,7 @@
":microdroid_initrd_debuggable",
":test_image_with_one_hashdesc",
":test_image_with_non_initrd_hashdesc",
+ ":test_image_with_initrd_and_non_initrd_desc",
":test_image_with_prop_desc",
":unsigned_test_image",
],
@@ -78,18 +80,40 @@
src: ":unsigned_test_image",
partition_name: "boot",
private_key: ":pvmfw_sign_key",
- salt: "1111",
+ salt: "3322",
include_descriptors_from_images: [
":test_non_initrd_hashdesc",
],
}
avb_add_hash_footer {
+ name: "test_image_with_initrd_and_non_initrd_desc",
+ src: ":unsigned_test_image",
+ partition_name: "boot",
+ private_key: ":pvmfw_sign_key",
+ salt: "3241",
+ include_descriptors_from_images: [
+ ":microdroid_initrd_normal_hashdesc",
+ ":test_non_initrd_hashdesc",
+ ],
+ enabled: false,
+ arch: {
+ // microdroid_initrd_normal_hashdesc is only available in these architectures.
+ arm64: {
+ enabled: true,
+ },
+ x86_64: {
+ enabled: true,
+ },
+ },
+}
+
+avb_add_hash_footer {
name: "test_image_with_prop_desc",
src: ":unsigned_test_image",
partition_name: "boot",
private_key: ":pvmfw_sign_key",
- salt: "1111",
+ salt: "2134",
props: [
{
name: "mock_prop",