releasetools: Support verifying AVB signed images with chained partitions.

For example, verify a target_files.zip that has system AVB-signed as a chained partition. $ build/make/tools/releasetools/validate_target_files.py \ signed-target_files-4904652.zip \ --verity_key verifiedboot_pub.pem \ --avb_system_key_path system_pub.pem Note that verifiedboot_pub.pem should be the key (either public or private) to verify vbmeta.img, and 'system_pub.pem' should be the key (either public or private) for the chained partition of system. testdata/testkey.key is the private key converted from testdata/testkey.pk8 for testing purpose (`openssl pkcs8 -in testdata/testkey.pk8 -inform DER -out testdata/testkey.key -nocrypt`). Bug: 63706333 Test: python -m unittest test_common Test: python -m unittest test_add_img_to_target_files Test: `m dist` on aosp_walleye-userdebug; Run validate_target_files.py on the generated target_files.zip. Test: Set up walleye with chained system partition; `m dist`; Run validate_target_files.py on the generated target_files.zip. Change-Id: I38517ab39baf8a5bc1a6062fab2fe229b68e897d
2018-07-22 12:40:45 -07:00
parent 540a71d2b3
commit 02a0859b3c
5 changed files with 134 additions and 17 deletions
--- a/tools/releasetools/test_common.py
+++ b/tools/releasetools/test_common.py
@@ -524,6 +524,9 @@ class CommonApkUtilsTest(unittest.TestCase):

 class CommonUtilsTest(unittest.TestCase):

+  def setUp(self):
+    self.testdata_dir = test_utils.get_testdata_dir()
+
  def tearDown(self):
    common.Cleanup()

@@ -730,6 +733,56 @@ class CommonUtilsTest(unittest.TestCase):
          AssertionError, common.GetSparseImage, 'system', tempdir, input_zip,
          False)

+  def test_GetAvbChainedPartitionArg(self):
+    pubkey = os.path.join(self.testdata_dir, 'testkey.pubkey.pem')
+    info_dict = {
+        'avb_avbtool': 'avbtool',
+        'avb_system_key_path': pubkey,
+        'avb_system_rollback_index_location': 2,
+    }
+    args = common.GetAvbChainedPartitionArg('system', info_dict).split(':')
+    self.assertEqual(3, len(args))
+    self.assertEqual('system', args[0])
+    self.assertEqual('2', args[1])
+    self.assertTrue(os.path.exists(args[2]))
+
+  def test_GetAvbChainedPartitionArg_withPrivateKey(self):
+    key = os.path.join(self.testdata_dir, 'testkey.key')
+    info_dict = {
+        'avb_avbtool': 'avbtool',
+        'avb_product_key_path': key,
+        'avb_product_rollback_index_location': 2,
+    }
+    args = common.GetAvbChainedPartitionArg('product', info_dict).split(':')
+    self.assertEqual(3, len(args))
+    self.assertEqual('product', args[0])
+    self.assertEqual('2', args[1])
+    self.assertTrue(os.path.exists(args[2]))
+
+  def test_GetAvbChainedPartitionArg_withSpecifiedKey(self):
+    info_dict = {
+        'avb_avbtool': 'avbtool',
+        'avb_system_key_path': 'does-not-exist',
+        'avb_system_rollback_index_location': 2,
+    }
+    pubkey = os.path.join(self.testdata_dir, 'testkey.pubkey.pem')
+    args = common.GetAvbChainedPartitionArg(
+        'system', info_dict, pubkey).split(':')
+    self.assertEqual(3, len(args))
+    self.assertEqual('system', args[0])
+    self.assertEqual('2', args[1])
+    self.assertTrue(os.path.exists(args[2]))
+
+  def test_GetAvbChainedPartitionArg_invalidKey(self):
+    pubkey = os.path.join(self.testdata_dir, 'testkey_with_passwd.x509.pem')
+    info_dict = {
+        'avb_avbtool': 'avbtool',
+        'avb_system_key_path': pubkey,
+        'avb_system_rollback_index_location': 2,
+    }
+    self.assertRaises(
+        AssertionError, common.GetAvbChainedPartitionArg, 'system', info_dict)
+

 class InstallRecoveryScriptFormatTest(unittest.TestCase):
  """Checks the format of install-recovery.sh.