diff --git a/core/Makefile b/core/Makefile index 993765f962..9dfe8bea8b 100644 --- a/core/Makefile +++ b/core/Makefile @@ -1158,7 +1158,7 @@ BUILT_BOOTIMAGE_16K_TARGET := $(PRODUCT_OUT)/boot_16k.img BOARD_KERNEL_16K_BOOTIMAGE_PARTITION_SIZE := $(BOARD_BOOTIMAGE_PARTITION_SIZE) -$(BUILT_BOOTIMAGE_16K_TARGET): $(MKBOOTIMG) $(AVBTOOL) $(INTERNAL_BOOTIMAGE_FILES) $(BOARD_AVB_BOOT_KEY_PATH) $(INTERNAL_GKI_CERTIFICATE_DEPS) $(BUILT_KERNEL_16K_TARGET) +$(BUILT_BOOTIMAGE_16K_TARGET): $(MKBOOTIMG) $(AVBTOOL) $(INTERNAL_BOOTIMAGE_FILES) $(BOARD_AVB_BOOT_KEY_PATH) $(BUILT_KERNEL_16K_TARGET) $(call pretty,"Target boot 16k image: $@") $(call build_boot_from_kernel_avb_enabled,$@,$(BUILT_KERNEL_16K_TARGET)) @@ -1281,15 +1281,6 @@ endef define build_boot_from_kernel_avb_enabled $(eval kernel := $(2)) $(MKBOOTIMG) --kernel $(kernel) $(INTERNAL_BOOTIMAGE_ARGS) $(INTERNAL_MKBOOTIMG_VERSION_ARGS) $(BOARD_MKBOOTIMG_ARGS) --output $(1) - $(if $(BOARD_GKI_SIGNING_KEY_PATH), \ - $(eval boot_signature := $(call intermediates-dir-for,PACKAGING,generic_boot)/$(notdir $(1)).boot_signature) \ - $(eval kernel_signature := $(call intermediates-dir-for,PACKAGING,generic_kernel)/$(notdir $(kernel)).boot_signature) \ - $(call generate_generic_boot_image_certificate,$(1),$(boot_signature),boot,$(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS)) $(newline) \ - $(call generate_generic_boot_image_certificate,$(kernel),$(kernel_signature),generic_kernel,$(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS)) $(newline) \ - cat $(kernel_signature) >> $(boot_signature) $(newline) \ - $(call assert-max-image-size,$(boot_signature),16 << 10) $(newline) \ - truncate -s $$(( 16 << 10 )) $(boot_signature) $(newline) \ - cat "$(boot_signature)" >> $(1)) $(call assert-max-image-size,$(1),$(call get-hash-image-max-size,$(call get-bootimage-partition-size,$(1),boot))) $(AVBTOOL) add_hash_footer \ --image $(1) \ @@ -1340,51 +1331,9 @@ else ifndef BUILDING_VENDOR_BOOT_IMAGE # && BOARD_USES_GENERIC_KERNEL_IMAGE != t endif endif # BUILDING_VENDOR_BOOT_IMAGE == "" && BOARD_USES_GENERIC_KERNEL_IMAGE != true -ifdef BOARD_GKI_SIGNING_KEY_PATH - # GKI boot images will not set system version & SPL value in the header. - # They can be set by the device manufacturer in the AVB properties instead. - INTERNAL_MKBOOTIMG_VERSION_ARGS := -else - INTERNAL_MKBOOTIMG_VERSION_ARGS := \ - --os_version $(PLATFORM_VERSION_LAST_STABLE) \ - --os_patch_level $(PLATFORM_SECURITY_PATCH) -endif # BOARD_GKI_SIGNING_KEY_PATH - -# $(1): image target to certify -# $(2): out certificate target -# $(3): image name -# $(4): additional AVB arguments -define generate_generic_boot_image_certificate - rm -rf "$(2)" - mkdir -p "$(dir $(2))" - $(GENERATE_GKI_CERTIFICATE) $(INTERNAL_GKI_CERTIFICATE_ARGS) \ - --additional_avb_args "$(4)" \ - --name "$(3)" --output "$(2)" "$(1)" -endef - -INTERNAL_GKI_CERTIFICATE_ARGS := -INTERNAL_GKI_CERTIFICATE_DEPS := -ifdef BOARD_GKI_SIGNING_KEY_PATH - ifndef BOARD_GKI_SIGNING_ALGORITHM - $(error BOARD_GKI_SIGNING_ALGORITHM should be defined with BOARD_GKI_SIGNING_KEY_PATH) - endif - - INTERNAL_GKI_CERTIFICATE_ARGS := \ - --key "$(BOARD_GKI_SIGNING_KEY_PATH)" \ - --algorithm "$(BOARD_GKI_SIGNING_ALGORITHM)" \ - --avbtool "$(AVBTOOL)" - - # Quote and pass BOARD_GKI_SIGNING_SIGNATURE_ARGS as a single string argument. - ifdef BOARD_GKI_SIGNING_SIGNATURE_ARGS - INTERNAL_GKI_CERTIFICATE_ARGS += --additional_avb_args "$(BOARD_GKI_SIGNING_SIGNATURE_ARGS)" - endif - - INTERNAL_GKI_CERTIFICATE_DEPS := \ - $(GENERATE_GKI_CERTIFICATE) \ - $(BOARD_GKI_SIGNING_KEY_PATH) \ - $(AVBTOOL) - -endif +INTERNAL_MKBOOTIMG_VERSION_ARGS := \ + --os_version $(PLATFORM_VERSION_LAST_STABLE) \ + --os_patch_level $(PLATFORM_SECURITY_PATCH) # Define these only if we are building boot ifdef BUILDING_BOOT_IMAGE @@ -1404,17 +1353,17 @@ define build_boot_board_avb_enabled $(call build_boot_from_kernel_avb_enabled,$(1),$(kernel)) endef -$(INSTALLED_BOOTIMAGE_TARGET): $(MKBOOTIMG) $(AVBTOOL) $(INTERNAL_BOOTIMAGE_FILES) $(BOARD_AVB_BOOT_KEY_PATH) $(INTERNAL_GKI_CERTIFICATE_DEPS) +$(INSTALLED_BOOTIMAGE_TARGET): $(MKBOOTIMG) $(AVBTOOL) $(INTERNAL_BOOTIMAGE_FILES) $(BOARD_AVB_BOOT_KEY_PATH) $(call pretty,"Target boot image: $@") $(call build_boot_board_avb_enabled,$@) $(call declare-container-license-metadata,$(INSTALLED_BOOTIMAGE_TARGET),SPDX-license-identifier-GPL-2.0-only SPDX-license-identifier-Apache-2.0,restricted notice,$(BUILD_SYSTEM)/LINUX_KERNEL_COPYING build/soong/licenses/LICENSE,"Boot Image",boot) -$(call declare-container-license-deps,$(INSTALLED_BOOTIMAGE_TARGET),$(INTERNAL_BOOTIMAGE_FILES) $(INTERNAL_GKI_CERTIFICATE_DEPS),$(PRODUCT_OUT)/:/) +$(call declare-container-license-deps,$(INSTALLED_BOOTIMAGE_TARGET),$(INTERNAL_BOOTIMAGE_FILES),$(PRODUCT_OUT)/:/) UNMOUNTED_NOTICE_VENDOR_DEPS += $(INSTALLED_BOOTIMAGE_TARGET) .PHONY: bootimage-nodeps -bootimage-nodeps: $(MKBOOTIMG) $(AVBTOOL) $(BOARD_AVB_BOOT_KEY_PATH) $(INTERNAL_GKI_CERTIFICATE_DEPS) +bootimage-nodeps: $(MKBOOTIMG) $(AVBTOOL) $(BOARD_AVB_BOOT_KEY_PATH) @echo "make $@: ignoring dependencies" $(foreach b,$(INSTALLED_BOOTIMAGE_TARGET),$(call build_boot_board_avb_enabled,$(b))) @@ -5525,7 +5474,6 @@ INTERNAL_OTATOOLS_MODULES := \ fsck.erofs \ fsck.f2fs \ fs_config \ - generate_gki_certificate \ generate_verity_key \ host_init_verifier \ img2simg \ @@ -5810,11 +5758,6 @@ endif $(hide) echo 'recovery_mkbootimg_args=$(BOARD_RECOVERY_MKBOOTIMG_ARGS)' >> $@ $(hide) echo 'mkbootimg_version_args=$(INTERNAL_MKBOOTIMG_VERSION_ARGS)' >> $@ $(hide) echo 'mkbootimg_init_args=$(BOARD_MKBOOTIMG_INIT_ARGS)' >> $@ -ifdef BOARD_GKI_SIGNING_KEY_PATH - $(hide) echo 'gki_signing_key_path=$(BOARD_GKI_SIGNING_KEY_PATH)' >> $@ - $(hide) echo 'gki_signing_algorithm=$(BOARD_GKI_SIGNING_ALGORITHM)' >> $@ - $(hide) echo 'gki_signing_signature_args=$(BOARD_GKI_SIGNING_SIGNATURE_ARGS)' >> $@ -endif $(hide) echo "multistage_support=1" >> $@ $(hide) echo "blockimgdiff_versions=3,4" >> $@ ifeq ($(PRODUCT_BUILD_GENERIC_OTA_PACKAGE),true) diff --git a/core/board_config.mk b/core/board_config.mk index bd8d3763af..b8b16a17f8 100644 --- a/core/board_config.mk +++ b/core/board_config.mk @@ -161,9 +161,6 @@ _board_strip_list += BOARD_AVB_VENDOR_BOOT_ROLLBACK_INDEX_LOCATION _board_strip_list += BOARD_AVB_VENDOR_KERNEL_BOOT_KEY_PATH _board_strip_list += BOARD_AVB_VENDOR_KERNEL_BOOT_ALGORITHM _board_strip_list += BOARD_AVB_VENDOR_KERNEL_BOOT_ROLLBACK_INDEX_LOCATION -_board_strip_list += BOARD_GKI_SIGNING_SIGNATURE_ARGS -_board_strip_list += BOARD_GKI_SIGNING_ALGORITHM -_board_strip_list += BOARD_GKI_SIGNING_KEY_PATH _board_strip_list += BOARD_MKBOOTIMG_ARGS _board_strip_list += BOARD_VENDOR_BOOTIMAGE_PARTITION_SIZE _board_strip_list += BOARD_VENDOR_KERNEL_BOOTIMAGE_PARTITION_SIZE diff --git a/core/config.mk b/core/config.mk index 26bed993b2..6ad41d3c42 100644 --- a/core/config.mk +++ b/core/config.mk @@ -683,7 +683,6 @@ NANOPB_SRCS := $(HOST_OUT_EXECUTABLES)/protoc-gen-nanopb MKBOOTFS := $(HOST_OUT_EXECUTABLES)/mkbootfs$(HOST_EXECUTABLE_SUFFIX) MINIGZIP := $(GZIP) LZ4 := $(HOST_OUT_EXECUTABLES)/lz4$(HOST_EXECUTABLE_SUFFIX) -GENERATE_GKI_CERTIFICATE := $(HOST_OUT_EXECUTABLES)/generate_gki_certificate$(HOST_EXECUTABLE_SUFFIX) ifeq (,$(strip $(BOARD_CUSTOM_MKBOOTIMG))) MKBOOTIMG := $(HOST_OUT_EXECUTABLES)/mkbootimg$(HOST_EXECUTABLE_SUFFIX) else