Also install verity_key to ramdisk for non-system-as-root target.
The commit in d14b895665
(https://android-review.googlesource.com/c/platform/build/+/728287)
changed partition layout, to always build the root dir into system.img,
even for devices not using system-as-root (i.e. the ones with separate
boot ramdisk).
With the new layout, there will be two root dirs for non-system-as-root
targets during the boot. If such a device uses Verified Boot 1.0,
/verity_key needs to be available in both roots, to establish the chain
of trust.
- bootloader uses the baked-in key to verify boot.img; it then loads
the ramdisk from the verified boot.img
- First stage init uses /verity_key (in ramdisk) to verify and mount
system.img at /system, then chroot's to it
- Second stage init uses /verity_key (in system.img) to verify and
mount other partitions
This CL adds rules to additionally install verity_key into ramdisk for
such targets.
Bug: 139770257
Test: Set up a target to use non-system-as-root
(BOARD_BUILD_SYSTEM_ROOT_IMAGE != true). `m dist`.
Test: Check that both ROOT/verity_key and BOOT/RAMDISK/verity_key exist
in the built target_files.zip.
Test: Run validate_target_files to validate the above target_files.zip.
$ validate_target_files \
--verity_key_mincrypt /path/to/verity_key \
target_files.zip
Test: Run sign_target_files_apks to sign the above target. Re-run
validate_target_files on the signed target_files.zip.
Test: python -m unittest test_validate_target_files
Change-Id: Ibe7e771c8c376429add85851ac86055564765d3c
This commit is contained in:
Tao Bao
@@ -276,15 +276,12 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options):
|
||||
# Verify verity signed system images in Verified Boot 1.0. Note that not using
|
||||
# 'elif' here, since 'boot_signer' and 'verity' are not bundled in VB 1.0.
|
||||
if info_dict.get('verity') == 'true':
|
||||
# First verify that the verity key that's built into the root image (as
|
||||
# /verity_key) matches the one given via command line, if any.
|
||||
if info_dict.get("system_root_image") == "true":
|
||||
verity_key_mincrypt = os.path.join(input_tmp, 'ROOT', 'verity_key')
|
||||
else:
|
||||
verity_key_mincrypt = os.path.join(
|
||||
input_tmp, 'BOOT', 'RAMDISK', 'verity_key')
|
||||
# First verify that the verity key is built into the root image (regardless
|
||||
# of system-as-root).
|
||||
verity_key_mincrypt = os.path.join(input_tmp, 'ROOT', 'verity_key')
|
||||
assert os.path.exists(verity_key_mincrypt), 'Missing verity_key'
|
||||
|
||||
# Verify /verity_key matches the one given via command line, if any.
|
||||
if options['verity_key_mincrypt'] is None:
|
||||
logging.warn(
|
||||
'Skipped checking the content of /verity_key, as the key file not '
|
||||
@@ -295,6 +292,18 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options):
|
||||
"Mismatching mincrypt verity key files"
|
||||
logging.info('Verified the content of /verity_key')
|
||||
|
||||
# For devices with a separate ramdisk (i.e. non-system-as-root), there must
|
||||
# be a copy in ramdisk.
|
||||
if info_dict.get("system_root_image") != "true":
|
||||
verity_key_ramdisk = os.path.join(
|
||||
input_tmp, 'BOOT', 'RAMDISK', 'verity_key')
|
||||
assert os.path.exists(verity_key_ramdisk), 'Missing verity_key in ramdisk'
|
||||
|
||||
assert filecmp.cmp(
|
||||
verity_key_mincrypt, verity_key_ramdisk, shallow=False), \
|
||||
'Mismatching verity_key files in root and ramdisk'
|
||||
logging.info('Verified the content of /verity_key in ramdisk')
|
||||
|
||||
# Then verify the verity signed system/vendor/product images, against the
|
||||
# verity pubkey in mincrypt format.
|
||||
for image in ('system.img', 'vendor.img', 'product.img'):
|
||||
|
||||
Reference in New Issue
Block a user