Support devices without fs-verity.
On devices that don't have fs-verity, we now use so-called "full
verification": after the artifacts are generated, we compute their
digests, and store the files along with their digests in a new proto
file, along with a signature using the same (early boot) key.
Then, once we reboot, load in the same proto file, verify the signature,
and re-compute the digests to make sure they match the ones in the proto
(since those are digests we can trust).
Note that the current implementation still skips the crucial verify step,
because the current implementation is not very efficient, and we want to
avoid regressing boot time.
At the same time, this proto file is still useful even for devices that
do have fs-verity, because fs-verity itself doesn't protect against
files being moved around; so even when we do have fs-verity, make sure
the root hash of each file is the same as it was when we compiled the
artifacts the first time.
Bug: 165630556
Test: Local
Change-Id: If2b736fcc14256e183c931722f95b0f18ca17703
6 files changed