Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 1c3d2fae40e2a10819fef94a81abcb8382a2b85c / . / apex / sign_virt_apex.py
blob: b659b73eb2ab8122e0437266e7c40fbb31f82492 [file] [log] [blame]
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]1#!/usr/bin/env python
2#
3# Copyright (C) 2021 The Android Open Source Project
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16"""sign_virt_apex is a command line tool for sign the Virt APEX file.
17
Jooyung Han98498f42022-02-07 15:23:08 +0900[diff] [blame]18Typical usage:
19 sign_virt_apex [-v] [--avbtool path_to_avbtool] [--signing_args args] payload_key payload_dir
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]20
21sign_virt_apex uses external tools which are assumed to be available via PATH.
22- avbtool (--avbtool can override the tool)
23- lpmake, lpunpack, simg2img, img2simg
24"""
25import argparse
Jooyung Han02dceed2021-11-08 17:50:22 +0900[diff] [blame]26import glob
27import hashlib
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]28import os
29import re
Jooyung Han98498f42022-02-07 15:23:08 +0900[diff] [blame]30import shlex
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]31import shutil
32import subprocess
33import sys
34import tempfile
35
36
37def ParseArgs(argv):
38 parser = argparse.ArgumentParser(description='Sign the Virt APEX')
Jooyung Han02dceed2021-11-08 17:50:22 +0900[diff] [blame]39 parser.add_argument('--verify', action='store_true',
40 help='Verify the Virt APEX')
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]41 parser.add_argument(
42 '-v', '--verbose',
43 action='store_true',
44 help='verbose execution')
45 parser.add_argument(
46 '--avbtool',
47 default='avbtool',
48 help='Optional flag that specifies the AVB tool to use. Defaults to `avbtool`.')
49 parser.add_argument(
Jooyung Han98498f42022-02-07 15:23:08 +0900[diff] [blame]50 '--signing_args',
51 help='the extra signing arguments passed to avbtool.'
52 )
53 parser.add_argument(
Jooyung Han1c3d2fa2022-02-24 02:35:59 +0900[diff] [blame^]54 '--key_override',
55 metavar="filename=key",
56 action='append',
57 help='Overrides a signing key for a file e.g. microdroid_bootloader=mykey (for testing)')
58 parser.add_argument(
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]59 'key',
60 help='path to the private key file.')
61 parser.add_argument(
62 'input_dir',
63 help='the directory having files to be packaged')
Jooyung Han1c3d2fa2022-02-24 02:35:59 +0900[diff] [blame^]64 args = parser.parse_args(argv)
65 # preprocess --key_override into a map
66 args.key_overrides = dict()
67 if args.key_override:
68 for pair in args.key_override:
69 name, key = pair.split('=')
70 args.key_overrides[name] = key
71 return args
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]72
73
74def RunCommand(args, cmd, env=None, expected_return_values={0}):
75 env = env or {}
76 env.update(os.environ.copy())
77
78 # TODO(b/193504286): we need a way to find other tool (cmd[0]) in various contexts
79 # e.g. sign_apex.py, sign_target_files_apk.py
80 if cmd[0] == 'avbtool':
81 cmd[0] = args.avbtool
82
83 if args.verbose:
84 print('Running: ' + ' '.join(cmd))
85 p = subprocess.Popen(
86 cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, env=env, universal_newlines=True)
87 output, _ = p.communicate()
88
89 if args.verbose or p.returncode not in expected_return_values:
90 print(output.rstrip())
91
92 assert p.returncode in expected_return_values, (
93 '%d Failed to execute: ' + ' '.join(cmd)) % p.returncode
94 return (output, p.returncode)
95
96
97def ReadBytesSize(value):
98 return int(value.removesuffix(' bytes'))
99
100
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]101def ExtractAvbPubkey(args, key, output):
102 RunCommand(args, ['avbtool', 'extract_public_key',
103 '--key', key, '--output', output])
104
105
106def AvbInfo(args, image_path):
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]107 """Parses avbtool --info image output
108
109 Args:
110 args: program arguments.
111 image_path: The path to the image.
112 descriptor_name: Descriptor name of interest.
113
114 Returns:
115 A pair of
116 - a dict that contains VBMeta info. None if there's no VBMeta info.
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]117 - a list of descriptors.
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]118 """
119 if not os.path.exists(image_path):
120 raise ValueError('Failed to find image: {}'.format(image_path))
121
122 output, ret_code = RunCommand(
123 args, ['avbtool', 'info_image', '--image', image_path], expected_return_values={0, 1})
124 if ret_code == 1:
125 return None, None
126
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]127 info, descriptors = {}, []
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]128
129 # Read `avbtool info_image` output as "key:value" lines
130 matcher = re.compile(r'^(\s*)([^:]+):\s*(.*)$')
131
132 def IterateLine(output):
133 for line in output.split('\n'):
134 line_info = matcher.match(line)
135 if not line_info:
136 continue
137 yield line_info.group(1), line_info.group(2), line_info.group(3)
138
139 gen = IterateLine(output)
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]140
141 def ReadDescriptors(cur_indent, cur_name, cur_value):
142 descriptor = cur_value if cur_name == 'Prop' else {}
143 descriptors.append((cur_name, descriptor))
144 for indent, key, value in gen:
145 if indent <= cur_indent:
146 # read descriptors recursively to pass the read key as descriptor name
147 ReadDescriptors(indent, key, value)
148 break
149 descriptor[key] = value
150
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]151 # Read VBMeta info
152 for _, key, value in gen:
153 if key == 'Descriptors':
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]154 ReadDescriptors(*next(gen))
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]155 break
156 info[key] = value
157
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]158 return info, descriptors
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]159
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]160
161# Look up a list of (key, value) with a key. Returns the value of the first matching pair.
162def LookUp(pairs, key):
163 for k, v in pairs:
164 if key == k:
165 return v
166 return None
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]167
168
169def AddHashFooter(args, key, image_path):
Jooyung Han1c3d2fa2022-02-24 02:35:59 +0900[diff] [blame^]170 if os.path.basename(image_path) in args.key_overrides:
171 key = args.key_overrides[os.path.basename(image_path)]
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]172 info, descriptors = AvbInfo(args, image_path)
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]173 if info:
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]174 descriptor = LookUp(descriptors, 'Hash descriptor')
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]175 image_size = ReadBytesSize(info['Image size'])
176 algorithm = info['Algorithm']
177 partition_name = descriptor['Partition Name']
178 partition_size = str(image_size)
179
180 cmd = ['avbtool', 'add_hash_footer',
181 '--key', key,
182 '--algorithm', algorithm,
183 '--partition_name', partition_name,
184 '--partition_size', partition_size,
185 '--image', image_path]
Jooyung Han98498f42022-02-07 15:23:08 +0900[diff] [blame]186 if args.signing_args:
187 cmd.extend(shlex.split(args.signing_args))
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]188 RunCommand(args, cmd)
189
190
191def AddHashTreeFooter(args, key, image_path):
Jooyung Han1c3d2fa2022-02-24 02:35:59 +0900[diff] [blame^]192 if os.path.basename(image_path) in args.key_overrides:
193 key = args.key_overrides[os.path.basename(image_path)]
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]194 info, descriptors = AvbInfo(args, image_path)
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]195 if info:
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]196 descriptor = LookUp(descriptors, 'Hashtree descriptor')
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]197 image_size = ReadBytesSize(info['Image size'])
198 algorithm = info['Algorithm']
199 partition_name = descriptor['Partition Name']
200 partition_size = str(image_size)
201
202 cmd = ['avbtool', 'add_hashtree_footer',
203 '--key', key,
204 '--algorithm', algorithm,
205 '--partition_name', partition_name,
206 '--partition_size', partition_size,
207 '--do_not_generate_fec',
208 '--image', image_path]
Jooyung Han98498f42022-02-07 15:23:08 +0900[diff] [blame]209 if args.signing_args:
210 cmd.extend(shlex.split(args.signing_args))
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]211 RunCommand(args, cmd)
212
213
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]214def MakeVbmetaImage(args, key, vbmeta_img, images=None, chained_partitions=None):
Jooyung Han1c3d2fa2022-02-24 02:35:59 +0900[diff] [blame^]215 if os.path.basename(vbmeta_img) in args.key_overrides:
216 key = args.key_overrides[os.path.basename(vbmeta_img)]
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]217 info, descriptors = AvbInfo(args, vbmeta_img)
218 if info is None:
219 return
220
221 with TempDirectory() as work_dir:
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]222 algorithm = info['Algorithm']
223 rollback_index = info['Rollback Index']
224 rollback_index_location = info['Rollback Index Location']
225
226 cmd = ['avbtool', 'make_vbmeta_image',
227 '--key', key,
228 '--algorithm', algorithm,
229 '--rollback_index', rollback_index,
230 '--rollback_index_location', rollback_index_location,
231 '--output', vbmeta_img]
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]232 if images:
233 for img in images:
234 cmd.extend(['--include_descriptors_from_image', img])
235
236 # replace pubkeys of chained_partitions as well
237 for name, descriptor in descriptors:
238 if name == 'Chain Partition descriptor':
239 part_name = descriptor['Partition Name']
240 ril = descriptor['Rollback Index Location']
241 part_key = chained_partitions[part_name]
242 avbpubkey = os.path.join(work_dir, part_name + '.avbpubkey')
243 ExtractAvbPubkey(args, part_key, avbpubkey)
244 cmd.extend(['--chain_partition', '%s:%s:%s' %
245 (part_name, ril, avbpubkey)])
246
Jooyung Han98498f42022-02-07 15:23:08 +0900[diff] [blame]247 if args.signing_args:
248 cmd.extend(shlex.split(args.signing_args))
249
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]250 RunCommand(args, cmd)
251 # libavb expects to be able to read the maximum vbmeta size, so we must provide a partition
252 # which matches this or the read will fail.
253 RunCommand(args, ['truncate', '-s', '65536', vbmeta_img])
254
255
256class TempDirectory(object):
257
258 def __enter__(self):
259 self.name = tempfile.mkdtemp()
260 return self.name
261
262 def __exit__(self, *unused):
263 shutil.rmtree(self.name)
264
265
266def MakeSuperImage(args, partitions, output):
267 with TempDirectory() as work_dir:
268 cmd = ['lpmake', '--device-size=auto', '--metadata-slots=2', # A/B
269 '--metadata-size=65536', '--sparse', '--output=' + output]
270
271 for part, img in partitions.items():
272 tmp_img = os.path.join(work_dir, part)
273 RunCommand(args, ['img2simg', img, tmp_img])
274
275 image_arg = '--image=%s=%s' % (part, img)
276 partition_arg = '--partition=%s:readonly:%d:default' % (
277 part, os.path.getsize(img))
278 cmd.extend([image_arg, partition_arg])
279
280 RunCommand(args, cmd)
281
282
Jooyung Han31b1c2b2021-10-27 03:35:42 +0900[diff] [blame]283def ReplaceBootloaderPubkey(args, key, bootloader, bootloader_pubkey):
Jooyung Han1c3d2fa2022-02-24 02:35:59 +0900[diff] [blame^]284 if os.path.basename(bootloader) in args.key_overrides:
285 key = args.key_overrides[os.path.basename(bootloader)]
Jooyung Han31b1c2b2021-10-27 03:35:42 +0900[diff] [blame]286 # read old pubkey before replacement
287 with open(bootloader_pubkey, 'rb') as f:
288 old_pubkey = f.read()
289
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]290 # replace bootloader pubkey (overwrite the old one with the new one)
291 ExtractAvbPubkey(args, key, bootloader_pubkey)
Jooyung Han31b1c2b2021-10-27 03:35:42 +0900[diff] [blame]292
293 # read new pubkey
294 with open(bootloader_pubkey, 'rb') as f:
295 new_pubkey = f.read()
296
297 assert len(old_pubkey) == len(new_pubkey)
298
299 # replace pubkey embedded in bootloader
300 with open(bootloader, 'r+b') as bl_f:
301 pos = bl_f.read().find(old_pubkey)
302 assert pos != -1
303 bl_f.seek(pos)
304 bl_f.write(new_pubkey)
305
306
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]307def SignVirtApex(args):
308 key = args.key
309 input_dir = args.input_dir
310
311 # target files in the Virt APEX
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]312 bootloader_pubkey = os.path.join(
313 input_dir, 'etc', 'microdroid_bootloader.avbpubkey')
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]314 bootloader = os.path.join(input_dir, 'etc', 'microdroid_bootloader')
315 boot_img = os.path.join(input_dir, 'etc', 'fs', 'microdroid_boot-5.10.img')
316 vendor_boot_img = os.path.join(
317 input_dir, 'etc', 'fs', 'microdroid_vendor_boot-5.10.img')
Devin Mooredc9158e2022-01-10 18:51:12 +0000[diff] [blame]318 init_boot_img = os.path.join(
319 input_dir, 'etc', 'fs', 'microdroid_init_boot.img')
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]320 super_img = os.path.join(input_dir, 'etc', 'fs', 'microdroid_super.img')
321 vbmeta_img = os.path.join(input_dir, 'etc', 'fs', 'microdroid_vbmeta.img')
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]322 vbmeta_bootconfig_img = os.path.join(
323 input_dir, 'etc', 'fs', 'microdroid_vbmeta_bootconfig.img')
324 bootconfig_normal = os.path.join(
325 input_dir, 'etc', 'microdroid_bootconfig.normal')
326 bootconfig_app_debuggable = os.path.join(
327 input_dir, 'etc', 'microdroid_bootconfig.app_debuggable')
328 bootconfig_full_debuggable = os.path.join(
329 input_dir, 'etc', 'microdroid_bootconfig.full_debuggable')
Jiyong Park34ad9182022-01-28 21:29:48 +0900[diff] [blame]330 uboot_env_img = os.path.join(
331 input_dir, 'etc', 'uboot_env.img')
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]332
Jooyung Han31b1c2b2021-10-27 03:35:42 +0900[diff] [blame]333 # Key(pubkey) for bootloader should match with the one used to make VBmeta below
334 # while it's okay to use different keys for other image files.
335 ReplaceBootloaderPubkey(args, key, bootloader, bootloader_pubkey)
336
Devin Mooredc9158e2022-01-10 18:51:12 +0000[diff] [blame]337 # re-sign bootloader, boot.img, vendor_boot.img, and init_boot.img
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]338 AddHashFooter(args, key, bootloader)
339 AddHashFooter(args, key, boot_img)
340 AddHashFooter(args, key, vendor_boot_img)
Devin Mooredc9158e2022-01-10 18:51:12 +0000[diff] [blame]341 AddHashFooter(args, key, init_boot_img)
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]342
343 # re-sign super.img
344 with TempDirectory() as work_dir:
345 # unpack super.img
346 tmp_super_img = os.path.join(work_dir, 'super.img')
347 RunCommand(args, ['simg2img', super_img, tmp_super_img])
348 RunCommand(args, ['lpunpack', tmp_super_img, work_dir])
349
350 system_a_img = os.path.join(work_dir, 'system_a.img')
351 vendor_a_img = os.path.join(work_dir, 'vendor_a.img')
352 partitions = {"system_a": system_a_img, "vendor_a": vendor_a_img}
353
354 # re-sign partitions in super.img
355 for img in partitions.values():
356 AddHashTreeFooter(args, key, img)
357
358 # re-pack super.img
359 MakeSuperImage(args, partitions, super_img)
360
Devin Mooredc9158e2022-01-10 18:51:12 +0000[diff] [blame]361 # re-generate vbmeta from re-signed {boot, vendor_boot, init_boot, system_a, vendor_a}.img
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]362 # Ideally, making VBmeta should be done out of TempDirectory block. But doing it here
363 # to avoid unpacking re-signed super.img for system/vendor images which are available
364 # in this block.
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]365 MakeVbmetaImage(args, key, vbmeta_img, images=[
Devin Mooredc9158e2022-01-10 18:51:12 +0000[diff] [blame]366 boot_img, vendor_boot_img, init_boot_img, system_a_img, vendor_a_img])
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]367
Jiyong Park34ad9182022-01-28 21:29:48 +0900[diff] [blame]368 # Re-sign bootconfigs and the uboot_env with the same key
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]369 bootconfig_sign_key = key
370 AddHashFooter(args, bootconfig_sign_key, bootconfig_normal)
371 AddHashFooter(args, bootconfig_sign_key, bootconfig_app_debuggable)
372 AddHashFooter(args, bootconfig_sign_key, bootconfig_full_debuggable)
Jiyong Park34ad9182022-01-28 21:29:48 +0900[diff] [blame]373 AddHashFooter(args, bootconfig_sign_key, uboot_env_img)
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]374
Jiyong Park34ad9182022-01-28 21:29:48 +0900[diff] [blame]375 # Re-sign vbmeta_bootconfig with chained_partitions to "bootconfig" and
376 # "uboot_env". Note that, for now, `key` and `bootconfig_sign_key` are the
377 # same, but technically they can be different. Vbmeta records pubkeys which
378 # signed chained partitions.
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]379 MakeVbmetaImage(args, key, vbmeta_bootconfig_img, chained_partitions={
Jiyong Park34ad9182022-01-28 21:29:48 +0900[diff] [blame]380 'bootconfig': bootconfig_sign_key,
381 'uboot_env': bootconfig_sign_key,
382 })
Jooyung Han832d11d2021-11-08 12:51:47 +0900[diff] [blame]383
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]384
Jooyung Han02dceed2021-11-08 17:50:22 +0900[diff] [blame]385def VerifyVirtApex(args):
386 # Generator to emit avbtool-signed items along with its pubkey digest.
387 # This supports lpmake-packed images as well.
388 def Recur(target_dir):
389 for file in glob.glob(os.path.join(target_dir, 'etc', '**', '*'), recursive=True):
390 cur_item = os.path.relpath(file, target_dir)
391
392 if not os.path.isfile(file):
393 continue
394
395 # avbpubkey
396 if cur_item == 'etc/microdroid_bootloader.avbpubkey':
397 with open(file, 'rb') as f:
398 yield (cur_item, hashlib.sha1(f.read()).hexdigest())
399 continue
400
401 # avbtool signed
402 info, _ = AvbInfo(args, file)
403 if info:
404 yield (cur_item, info['Public key (sha1)'])
405 continue
406
407 # logical partition
408 with TempDirectory() as tmp_dir:
409 unsparsed = os.path.join(tmp_dir, os.path.basename(file))
410 _, rc = RunCommand(
411 # exit with 255 if it's not sparsed
412 args, ['simg2img', file, unsparsed], expected_return_values={0, 255})
413 if rc == 0:
414 with TempDirectory() as unpack_dir:
415 # exit with 64 if it's not a logical partition.
416 _, rc = RunCommand(
417 args, ['lpunpack', unsparsed, unpack_dir], expected_return_values={0, 64})
418 if rc == 0:
419 nested_items = list(Recur(unpack_dir))
420 if len(nested_items) > 0:
421 for (item, key) in nested_items:
422 yield ('%s!/%s' % (cur_item, item), key)
423 continue
424 # Read pubkey digest
425 with TempDirectory() as tmp_dir:
426 pubkey_file = os.path.join(tmp_dir, 'avbpubkey')
427 ExtractAvbPubkey(args, args.key, pubkey_file)
428 with open(pubkey_file, 'rb') as f:
429 pubkey_digest = hashlib.sha1(f.read()).hexdigest()
430
431 # Check every avbtool-signed item against the input key
432 for (item, pubkey) in Recur(args.input_dir):
433 assert pubkey == pubkey_digest, '%s: key mismatch: %s != %s' % (
434 item, pubkey, pubkey_digest)
435
436
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]437def main(argv):
438 try:
439 args = ParseArgs(argv)
Jooyung Han02dceed2021-11-08 17:50:22 +0900[diff] [blame]440 if args.verify:
441 VerifyVirtApex(args)
442 else:
443 SignVirtApex(args)
Jooyung Han504105f2021-10-26 15:54:50 +0900[diff] [blame]444 except Exception as e:
445 print(e)
446 sys.exit(1)
447
448
449if __name__ == '__main__':
450 main(sys.argv[1:])