StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Validate AVB props in vbmeta image

Browse Source 
Bug: 183055693
Test: th
Test: validate_target_files signed-redfin-target_files-7119741.zip

Change-Id: I027d474ba3eb6af5e05866551ff9ea506825a326
This commit is contained in:
Kelvin Zhang
2021-05-25 09:17:38 -04:00
parent 38d4a2a19e
commit 4093d60f35
1 changed files with 46 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
tools/releasetools/validate_target_files.py
View File

@@ -194,7 +194,8 @@ def ValidateInstallRecoveryScript(input_tmp, info_dict):
# Check we have the same recovery target in the check and flash commands. # Check we have the same recovery target in the check and flash commands.
assert check_partition == flash_partition, \ assert check_partition == flash_partition, \
"Mismatching targets: {} vs {}".format(check_partition, flash_partition) "Mismatching targets: {} vs {}".format(
check_partition, flash_partition)
# Validate the SHA-1 of the recovery image. # Validate the SHA-1 of the recovery image.
recovery_sha1 = flash_partition.split(':')[3] recovery_sha1 = flash_partition.split(':')[3]
@@ -248,6 +249,29 @@ def symlinkIfNotExists(src, dst):
os.symlink(os.path.join(src, filename), os.path.join(dst, filename)) os.symlink(os.path.join(src, filename), os.path.join(dst, filename))
def ValidatePartitionFingerprints(input_tmp, info_dict):
build_info = common.BuildInfo(info_dict)
# Expected format:
# Prop: com.android.build.vendor.fingerprint -> 'generic/aosp_cf_x86_64_phone/vsoc_x86_64:S/AOSP.MASTER/7335886:userdebug/test-keys'
# Prop: com.android.build.vendor_boot.fingerprint -> 'generic/aosp_cf_x86_64_phone/vsoc_x86_64:S/AOSP.MASTER/7335886:userdebug/test-keys'
p = re.compile(
r"Prop: com.android.build.(?P<partition>\w+).fingerprint -> '(?P<fingerprint>[\w\/:\.-]+)'")
for vbmeta_partition in ["vbmeta", "vbmeta_system"]:
image = os.path.join(input_tmp, "IMAGES", vbmeta_partition + ".img")
output = common.RunAndCheckOutput(
[info_dict["avb_avbtool"], "info_image", "--image", image])
matches = p.findall(output)
for (partition, fingerprint) in matches:
actual_fingerprint = build_info.GetPartitionFingerprint(
partition)
if actual_fingerprint is None:
logging.warning(
"Failed to get fingerprint for partition %s", partition)
continue
assert fingerprint == actual_fingerprint, "Fingerprint mismatch for partition {}, expected: {} actual: {}".format(
partition, fingerprint, actual_fingerprint)
def ValidateVerifiedBootImages(input_tmp, info_dict, options): def ValidateVerifiedBootImages(input_tmp, info_dict, options):
"""Validates the Verified Boot related images. """Validates the Verified Boot related images.
@@ -325,7 +349,8 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options):
if info_dict.get("system_root_image") != "true": if info_dict.get("system_root_image") != "true":
verity_key_ramdisk = os.path.join( verity_key_ramdisk = os.path.join(
input_tmp, 'BOOT', 'RAMDISK', 'verity_key') input_tmp, 'BOOT', 'RAMDISK', 'verity_key')
assert os.path.exists(verity_key_ramdisk), 'Missing verity_key in ramdisk' assert os.path.exists(
verity_key_ramdisk), 'Missing verity_key in ramdisk'
assert filecmp.cmp( assert filecmp.cmp(
verity_key_mincrypt, verity_key_ramdisk, shallow=False), \ verity_key_mincrypt, verity_key_ramdisk, shallow=False), \
@@ -362,6 +387,8 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options):
if key is None: if key is None:
key = info_dict['avb_vbmeta_key_path'] key = info_dict['avb_vbmeta_key_path']
ValidatePartitionFingerprints(input_tmp, info_dict)
# avbtool verifies all the images that have descriptors listed in vbmeta. # avbtool verifies all the images that have descriptors listed in vbmeta.
# Using `--follow_chain_partitions` so it would additionally verify chained # Using `--follow_chain_partitions` so it would additionally verify chained
# vbmeta partitions (e.g. vbmeta_system). # vbmeta partitions (e.g. vbmeta_system).