AVB: support signing vendor.img

Uses avbtool to sign vendor.img if BOARD_AVB_ENABLE is set.
It also allows appending additional arguments to avbtool via
BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS.

e.g.,
  BOARD_AVB_ENABLE := true
  BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS := --generate_fec

Bug: 35415839
Test: "make" with the above variables and use avbtool to check vbmeta is
      appended to vendor.img
Test: "make dist" with the above variables

Change-Id: I8ada38dff3def6d34613e77c67944def8a49f464

tools/releasetools/add_img_to_target_files.py

@@ -285,7 +285,8 @@ def AddUserdata(output_zip, prefix="IMAGES/"):
   img.Write()
 
 
-def AddVBMeta(output_zip, boot_img_path, system_img_path, prefix="IMAGES/"):
+def AddVBMeta(output_zip, boot_img_path, system_img_path, vendor_img_path,
+              prefix="IMAGES/"):
   """Create a VBMeta image and store it in output_zip."""
   img = OutputFile(output_zip, OPTIONS.input_tmp, prefix, "vbmeta.img")
   avbtool = os.getenv('AVBTOOL') or "avbtool"
@@ -294,6 +295,8 @@ def AddVBMeta(output_zip, boot_img_path, system_img_path, prefix="IMAGES/"):
          "--include_descriptors_from_image", boot_img_path,
          "--include_descriptors_from_image", system_img_path,
          "--generate_dm_verity_cmdline_from_hashtree", system_img_path]
+  if vendor_img_path is not None:
+    cmd.extend(["--include_descriptors_from_image", vendor_img_path])
   common.AppendAVBSigningArgs(cmd)
   args = OPTIONS.info_dict.get("board_avb_make_vbmeta_image_args", None)
   if args and args.strip():
@@ -477,7 +480,7 @@ def AddImagesToTargetFiles(filename):
   if OPTIONS.info_dict.get("board_avb_enable", None) == "true":
     banner("vbmeta")
     boot_contents = boot_image.WriteToTemp()
-    AddVBMeta(output_zip, boot_contents.name, system_img_path)
+    AddVBMeta(output_zip, boot_contents.name, system_img_path, vendor_img_path)
 
   # For devices using A/B update, copy over images from RADIO/ and/or
   # VENDOR_IMAGES/ to IMAGES/ and make sure we have all the needed