StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AVB: decouple vbmeta.img from recovery.img for non-A/B devices

Browse Source 
For following cases:
Case 1: A/B devices: no change
Case 2: non-A/B devices, with unsigned recovery image:
    not allowed anymore by mandating BOARD_AVB_RECOVERY_KEY_PATH
Case 3: non-A/B devices, with signed recovery image:
    vbmeta.img should not include ChainPartitionDescriptor of recovery.img,
    otherwise device can not even boot into normal mode if recovery partition
    is damaged

This CL will cause a build break if BOARD_AVB_RECOVERY_KEY_PATH
is not set for non-A/B targets with recovery.img
The following is an example to fix the build break by specifying
AVB signing configs for the recovery.img.

BOARD_AVB_RECOVERY_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem
BOARD_AVB_RECOVERY_ALGORITHM := SHA256_RSA2048
BOARD_AVB_RECOVERY_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP)
BOARD_AVB_RECOVERY_ROLLBACK_INDEX_LOCATION := 2

Also note that libavb in bootloader needs an update to include this
commit Iaa886037edb18c2ff6c60fa2a7f883ab7303ba1a, to support verifying
recovery.img independently (not through vbmeta.img).

Bug: 130351427
Test (Case 3):
  normal   mode: avb_slot_verify(flags=AVB_SLOT_VERIFY_FLAGS_NONE)
  recovery mode: avb_slot_verify(flags=AVB_SLOT_VERIFY_FLAGS_NO_VBMETA_PARTITION)
Test: PYTHONPATH=build/make/tools/releasetools \
    python -m unittest test_validate_target_files
Test: Use a lunch'd target. `atest --host releasetools_test releasetools_py3_test`
Test: validate_target_files.py with Case-3 target files
Change-Id: I2a73252b385fa463b4abd444923a8acc473df0b4
This commit is contained in:
cfig
2019-09-20 22:45:06 +08:00
committed by Bowgo Tsai
parent 818df7b0d0
commit 1aeef725a7
3 changed files with 53 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
tools/releasetools/common.py
View File

@@ -873,10 +873,20 @@ def GetAvbPartitionArg(partition, image, info_dict=None):
# Check if chain partition is used.
key_path = info_dict.get("avb_" + partition + "_key_path")
if key_path:
chained_partition_arg = GetAvbChainedPartitionArg(partition, info_dict)
return ["--chain_partition", chained_partition_arg]
return ["--include_descriptors_from_image", image]
if not key_path:
return ["--include_descriptors_from_image", image]
# For a non-A/B device, we don't chain /recovery nor include its descriptor
# into vbmeta.img. The recovery image will be configured on an independent
# boot chain, to be verified with AVB_SLOT_VERIFY_FLAGS_NO_VBMETA_PARTITION.
# See details at
# https://android.googlesource.com/platform/external/avb/+/master/README.md#booting-into-recovery.
if OPTIONS.info_dict.get("ab_update") != "true" and partition == "recovery":
return []
# Otherwise chain the partition into vbmeta.
chained_partition_arg = GetAvbChainedPartitionArg(partition, info_dict)
return ["--chain_partition", chained_partition_arg]
def GetAvbChainedPartitionArg(partition, info_dict, key=None):