diff --git a/core/Makefile b/core/Makefile index af9e93507c..1dc05cec3b 100644 --- a/core/Makefile +++ b/core/Makefile @@ -1409,6 +1409,12 @@ $(if $(BOARD_AVB_ENABLE),\ $(hide) echo "avb_system_key_path=$(BOARD_AVB_SYSTEM_KEY_PATH)" >> $(1) $(hide) echo "avb_system_algorithm=$(BOARD_AVB_SYSTEM_ALGORITHM)" >> $(1) $(hide) echo "avb_system_rollback_index_location=$(BOARD_AVB_SYSTEM_ROLLBACK_INDEX_LOCATION)" >> $(1))) +$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_system_other_hashtree_enable=$(BOARD_AVB_ENABLE)" >> $(1)) +$(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_system_other_add_hashtree_footer_args=$(BOARD_AVB_SYSTEM_OTHER_ADD_HASHTREE_FOOTER_ARGS)" >> $(1)) +$(if $(BOARD_AVB_ENABLE),\ + $(if $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH),\ + $(hide) echo "avb_system_other_key_path=$(BOARD_AVB_SYSTEM_OTHER_KEY_PATH)" >> $(1) + $(hide) echo "avb_system_other_algorithm=$(BOARD_AVB_SYSTEM_OTHER_ALGORITHM)" >> $(1))) $(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_vendor_hashtree_enable=$(BOARD_AVB_ENABLE)" >> $(1)) $(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_vendor_add_hashtree_footer_args=$(BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS)" >> $(1)) $(if $(BOARD_AVB_ENABLE),\ @@ -2811,6 +2817,23 @@ BOARD_AVB_ALGORITHM := SHA256_RSA4096 BOARD_AVB_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem endif +# AVB signing for system_other.img. +ifdef BUILDING_SYSTEM_OTHER_IMAGE +ifdef BOARD_AVB_SYSTEM_OTHER_KEY_PATH +$(if $(BOARD_AVB_SYSTEM_OTHER_ALGORITHM),,$(error BOARD_AVB_SYSTEM_OTHER_ALGORITHM is not defined)) +else +# If key path isn't specified, use the same key as BOARD_AVB_KEY_PATH. +BOARD_AVB_SYSTEM_OTHER_KEY_PATH := $(BOARD_AVB_KEY_PATH) +BOARD_AVB_SYSTEM_OTHER_ALGORITHM := $(BOARD_AVB_ALGORITHM) +endif + +ifndef BOARD_AVB_SYSTEM_OTHER_ROLLBACK_INDEX +BOARD_AVB_SYSTEM_OTHER_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP) +endif + +BOARD_AVB_SYSTEM_OTHER_ADD_HASHTREE_FOOTER_ARGS += --rollback_index $(BOARD_AVB_SYSTEM_OTHER_ROLLBACK_INDEX) +endif # end of AVB for BUILDING_SYSTEM_OTHER_IMAGE + INTERNAL_AVB_PARTITIONS_IN_CHAINED_VBMETA_IMAGES := \ $(BOARD_AVB_VBMETA_SYSTEM) \ $(BOARD_AVB_VBMETA_VENDOR) diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py index 8712d8582a..ba1d60ea97 100755 --- a/tools/releasetools/build_image.py +++ b/tools/releasetools/build_image.py @@ -569,11 +569,11 @@ def ImagePropFromGlobalDict(glob_dict, mount_point): elif mount_point == "system_other": # We inherit the selinux policies of /system since we contain some of its # files. - copy_prop("avb_system_hashtree_enable", "avb_hashtree_enable") - copy_prop("avb_system_add_hashtree_footer_args", + copy_prop("avb_system_other_hashtree_enable", "avb_hashtree_enable") + copy_prop("avb_system_other_add_hashtree_footer_args", "avb_add_hashtree_footer_args") - copy_prop("avb_system_key_path", "avb_key_path") - copy_prop("avb_system_algorithm", "avb_algorithm") + copy_prop("avb_system_other_key_path", "avb_key_path") + copy_prop("avb_system_other_algorithm", "avb_algorithm") copy_prop("fs_type", "fs_type") copy_prop("system_fs_type", "fs_type") copy_prop("system_size", "partition_size")