Add security patch level to update manifest
When installing a full OTA, the target build might have a newer
timestamp but older SPL. In these caess, update_engine will fail to
recognize the SPL downgrade and skip data wipe, causing /data decryption
to fail on next reboot. To fix this issue, add a SPL field to update
manifest. update_engine will check this field on OTA install and
schedule data wipe as needed.
Test: install OTA with newer timestamp but older SPL, make sure data wipe is scheduled
Bug: 242812845
Change-Id: I9d1dd73b46323939bbf990e29da5cc0ba79f86e2
diff --git a/scripts/brillo_update_payload b/scripts/brillo_update_payload
index b2d6080..6652b38 100755
--- a/scripts/brillo_update_payload
+++ b/scripts/brillo_update_payload
@@ -220,6 +220,8 @@
"Required if --enabled_lz4diff true is passed. Path to liblz4.so. delta_generator will use this copy of liblz4.so for compression. It is important that this copy of liblz4.so is the same as the one on source build."
DEFINE_string erofs_compression_param "" \
"Compression parameter passed to mkfs.erofs's -z option."
+ DEFINE_string security_patch_level "" \
+ "Optional: security patch level of this OTA"
fi
if [[ "${COMMAND}" == "hash" || "${COMMAND}" == "sign" ]]; then
DEFINE_string unsigned_payload "" "Path to the input unsigned payload."
@@ -776,6 +778,10 @@
GENERATOR_ARGS+=( --max_timestamp="${FLAGS_max_timestamp}" )
fi
+ if [[ -n "${FLAGS_security_patch_level}" ]]; then
+ GENERATOR_ARGS+=( --security_patch_level="${FLAGS_security_patch_level}" )
+ fi
+
if [[ -n "${FLAGS_partition_timestamps}" ]]; then
GENERATOR_ARGS+=( --partition_timestamps="${FLAGS_partition_timestamps}" )
fi