From e97e0cb16b7e86a0f7bfefd2e72eb2a81b5184fa Mon Sep 17 00:00:00 2001 From: "Ray-cy.lee" Date: Tue, 27 Jun 2023 11:44:46 +0800 Subject: [PATCH] Add the option for custom_image to be AVB or NONAVB Check BOARD_AVB_$(call to-upper,$(partition))_KEY_PATH to decide whether custom_image should sign AVB or not. If key path isn't set, the custom image will be excluded from AVB and copied to /IMAGES in target-files directly. This allows vendor to use custom_images flow packing unsigned image. And to every non-avb custom partition, one image whose name is partition name must be added in its BOARD__IMAGE_LIST. BOARD_CUSTOMIMAGES_PARTITION_LIST := tvconfig BOARD_TVCONFIG_IMAGE_LIST := \ device/xxxx/yyyy/tvconfig.img \ device/xxxx/yyyy/tvconfig_custom1.img Test: 1) Build image, target-files, OTA package by m and m dist 2) Sign images by sign_target_files_apk.py Fix: 285227850 Change-Id: I7477dafe023e4b168f0f08fb7aedd9e511a60e1b --- core/Makefile | 49 +++++++++++++++---- tools/releasetools/add_img_to_target_files.py | 46 +++++++++++------ tools/releasetools/sign_target_files_apks.py | 3 +- 3 files changed, 72 insertions(+), 26 deletions(-) diff --git a/core/Makefile b/core/Makefile index 00ab3f8106..f2540ea9aa 100644 --- a/core/Makefile +++ b/core/Makefile @@ -4200,6 +4200,13 @@ INSTALLED_CUSTOMIMAGES_TARGET := ifneq ($(strip $(BOARD_CUSTOMIMAGES_PARTITION_LIST)),) INTERNAL_AVB_CUSTOMIMAGES_SIGNING_ARGS := +BOARD_AVB_CUSTOMIMAGES_PARTITION_LIST := +# If BOARD_AVB_$(call to-upper,$(partition))_KEY_PATH is set, the image will be included in +# BOARD_AVB_CUSTOMIMAGES_PARTITION_LIST, otherwise the image won't be AVB signed. +$(foreach partition,$(BOARD_CUSTOMIMAGES_PARTITION_LIST), \ + $(if $(BOARD_AVB_$(call to-upper,$(partition))_KEY_PATH), \ + $(eval BOARD_AVB_CUSTOMIMAGES_PARTITION_LIST += $(partition)) \ + $(eval BOARD_$(call to-upper,$(partition))_IMAGE_LIST := $(BOARD_AVB_$(call to-upper,$(partition))_IMAGE_LIST)))) # Sign custom image. # $(1): the prebuilt custom image. @@ -4224,9 +4231,26 @@ endif INSTALLED_CUSTOMIMAGES_TARGET += $(3) endef -$(foreach partition,$(BOARD_CUSTOMIMAGES_PARTITION_LIST), \ +# Copy unsigned custom image. +# $(1): the prebuilt custom image. +# $(2): the signed custom image target. +define copy_custom_image +$(2): $(1) $(INTERNAL_USERIMAGES_DEPS) + @echo Target custom image: $(2) + mkdir -p $(dir $(2)) + cp $(1) $(2) +INSTALLED_CUSTOMIMAGES_TARGET += $(2) +endef + +# Add AVB custom image to droid target +$(foreach partition,$(BOARD_AVB_CUSTOMIMAGES_PARTITION_LIST), \ $(foreach image,$(BOARD_AVB_$(call to-upper,$(partition))_IMAGE_LIST), \ $(eval $(call sign_custom_image,$(image),$(partition),$(PRODUCT_OUT)/$(notdir $(image)))))) + +# Add unsigned custom image to droid target +$(foreach partition,$(filter-out $(BOARD_AVB_CUSTOMIMAGES_PARTITION_LIST), $(BOARD_CUSTOMIMAGES_PARTITION_LIST)), \ + $(foreach image,$(BOARD_$(call to-upper,$(partition))_IMAGE_LIST), \ + $(eval $(call copy_custom_image,$(image),$(PRODUCT_OUT)/$(notdir $(image)))))) endif # ----------------------------------------------------------------- @@ -4503,7 +4527,9 @@ define check-and-set-custom-avb-chain-args $(eval part := $(1)) $(eval PART=$(call to-upper,$(part))) $(eval _rollback_index_location := BOARD_AVB_$(PART)_ROLLBACK_INDEX_LOCATION) +$(eval _key_path := BOARD_AVB_$(PART)_KEY_PATH) $(if $($(_rollback_index_location)),,$(error $(_rollback_index_location) is not defined)) +$(if $($(_key_path)),,$(error $(_key_path) is not defined)) INTERNAL_AVB_MAKE_VBMETA_IMAGE_ARGS += \ --chain_partition $(part):$($(_rollback_index_location)):$(AVB_CHAIN_KEY_DIR)/$(part).avbpubkey @@ -4583,8 +4609,8 @@ $(foreach partition,$(BOARD_AVB_VBMETA_CUSTOM_PARTITIONS),$(eval $(call check-an $(foreach partition,$(BOARD_AVB_VBMETA_CUSTOM_PARTITIONS),$(eval BOARD_AVB_MAKE_VBMETA_$(call to-upper,$(partition))_IMAGE_ARGS += --padding_size 4096)) endif -ifneq ($(strip $(BOARD_CUSTOMIMAGES_PARTITION_LIST)),) -$(foreach partition,$(BOARD_CUSTOMIMAGES_PARTITION_LIST), \ +ifneq ($(strip $(BOARD_AVB_CUSTOMIMAGES_PARTITION_LIST)),) +$(foreach partition,$(BOARD_AVB_CUSTOMIMAGES_PARTITION_LIST), \ $(eval $(call check-and-set-custom-avb-chain-args,$(partition)))) endif @@ -4671,8 +4697,8 @@ define extract-avb-chain-public-keys $(if $(BOARD_AVB_VBMETA_VENDOR_KEY_PATH),\ $(hide) $(AVBTOOL) extract_public_key --key $(BOARD_AVB_VBMETA_VENDOR_KEY_PATH) \ --output $(1)/vbmeta_vendor.avbpubkey) - $(if $(BOARD_CUSTOMIMAGES_PARTITION_LIST),\ - $(hide) $(foreach partition,$(BOARD_CUSTOMIMAGES_PARTITION_LIST), \ + $(if $(BOARD_AVB_CUSTOMIMAGES_PARTITION_LIST),\ + $(hide) $(foreach partition,$(BOARD_AVB_CUSTOMIMAGES_PARTITION_LIST), \ $(AVBTOOL) extract_public_key --key $(BOARD_AVB_$(call to-upper,$(partition))_KEY_PATH) \ --output $(1)/$(partition).avbpubkey;)) \ $(if $(BOARD_AVB_VBMETA_CUSTOM_PARTITIONS),\ @@ -5591,15 +5617,20 @@ ifdef BOARD_AVB_RECOVERY_KEY_PATH $(hide) echo "avb_recovery_rollback_index_location=$(BOARD_AVB_RECOVERY_ROLLBACK_INDEX_LOCATION)" >> $@ endif # BOARD_AVB_RECOVERY_KEY_PATH ifneq (,$(strip $(BOARD_CUSTOMIMAGES_PARTITION_LIST))) - $(hide) echo "avb_custom_images_partition_list=$(BOARD_CUSTOMIMAGES_PARTITION_LIST)" >> $@ - $(hide) $(foreach partition,$(BOARD_CUSTOMIMAGES_PARTITION_LIST), \ + $(hide) echo "custom_images_partition_list=$(filter-out $(BOARD_AVB_CUSTOMIMAGES_PARTITION_LIST), $(BOARD_CUSTOMIMAGES_PARTITION_LIST))" >> $@ + $(hide) $(foreach partition,$(filter-out $(BOARD_AVB_CUSTOMIMAGES_PARTITION_LIST), $(BOARD_CUSTOMIMAGES_PARTITION_LIST)), \ + echo "$(partition)_image_list=$(foreach image,$(BOARD_$(call to-upper,$(partition))_IMAGE_LIST),$(notdir $(image)))" >> $@;) +endif # BOARD_CUSTOMIMAGES_PARTITION_LIST +ifneq (,$(strip $(BOARD_AVB_CUSTOMIMAGES_PARTITION_LIST))) + $(hide) echo "avb_custom_images_partition_list=$(BOARD_AVB_CUSTOMIMAGES_PARTITION_LIST)" >> $@ + $(hide) $(foreach partition,$(BOARD_AVB_CUSTOMIMAGES_PARTITION_LIST), \ echo "avb_$(partition)_key_path=$(BOARD_AVB_$(call to-upper,$(partition))_KEY_PATH)" >> $@; \ echo "avb_$(partition)_algorithm=$(BOARD_AVB_$(call to-upper,$(partition))_ALGORITHM)" >> $@; \ echo "avb_$(partition)_add_hashtree_footer_args=$(BOARD_AVB_$(call to-upper,$(partition))_ADD_HASHTREE_FOOTER_ARGS)" >> $@; \ echo "avb_$(partition)_rollback_index_location=$(BOARD_AVB_$(call to-upper,$(partition))_ROLLBACK_INDEX_LOCATION)" >> $@; \ echo "avb_$(partition)_partition_size=$(BOARD_AVB_$(call to-upper,$(partition))_PARTITION_SIZE)" >> $@; \ echo "avb_$(partition)_image_list=$(foreach image,$(BOARD_AVB_$(call to-upper,$(partition))_IMAGE_LIST),$(notdir $(image)))" >> $@;) -endif # BOARD_CUSTOMIMAGES_PARTITION_LIST +endif # BOARD_AVB_CUSTOMIMAGES_PARTITION_LIST ifneq (,$(strip $(BOARD_AVB_VBMETA_SYSTEM))) $(hide) echo "avb_vbmeta_system=$(BOARD_AVB_VBMETA_SYSTEM)" >> $@ $(hide) echo "avb_vbmeta_system_args=$(BOARD_AVB_MAKE_VBMETA_SYSTEM_IMAGE_ARGS)" >> $@ @@ -6410,7 +6441,7 @@ endif ifneq ($(strip $(BOARD_CUSTOMIMAGES_PARTITION_LIST)),) $(hide) mkdir -p $(zip_root)/PREBUILT_IMAGES $(hide) $(foreach partition,$(BOARD_CUSTOMIMAGES_PARTITION_LIST), \ - $(foreach image,$(BOARD_AVB_$(call to-upper,$(partition))_IMAGE_LIST),cp $(image) $(zip_root)/PREBUILT_IMAGES/;)) + $(foreach image,$(BOARD_$(call to-upper,$(partition))_IMAGE_LIST),cp $(image) $(zip_root)/PREBUILT_IMAGES/;)) endif # BOARD_CUSTOMIMAGES_PARTITION_LIST @# The radio images in BOARD_PACK_RADIOIMAGES will be additionally copied from RADIO/ into @# IMAGES/, which then will be added into -img.zip. Such images must be listed in diff --git a/tools/releasetools/add_img_to_target_files.py b/tools/releasetools/add_img_to_target_files.py index 465d222a83..6a80a3f7ef 100644 --- a/tools/releasetools/add_img_to_target_files.py +++ b/tools/releasetools/add_img_to_target_files.py @@ -517,12 +517,14 @@ def AddPvmfw(output_zip): return img.name -def AddCustomImages(output_zip, partition_name): - """Adds and signs custom images in IMAGES/. +def AddCustomImages(output_zip, partition_name, image_list): + """Adds and signs avb custom images as needed in IMAGES/. Args: output_zip: The output zip file (needs to be already open), or None to write images to OPTIONS.input_tmp/. + partition_name: The custom image partition name. + image_list: The image list of the custom image partition. Uses the image under IMAGES/ if it already exists. Otherwise looks for the image under PREBUILT_IMAGES/, signs it as needed, and returns the image name. @@ -531,19 +533,20 @@ def AddCustomImages(output_zip, partition_name): AssertionError: If image can't be found. """ + builder = None key_path = OPTIONS.info_dict.get("avb_{}_key_path".format(partition_name)) - algorithm = OPTIONS.info_dict.get("avb_{}_algorithm".format(partition_name)) - extra_args = OPTIONS.info_dict.get( - "avb_{}_add_hashtree_footer_args".format(partition_name)) - partition_size = OPTIONS.info_dict.get( - "avb_{}_partition_size".format(partition_name)) + if key_path is not None: + algorithm = OPTIONS.info_dict.get("avb_{}_algorithm".format(partition_name)) + extra_args = OPTIONS.info_dict.get( + "avb_{}_add_hashtree_footer_args".format(partition_name)) + partition_size = OPTIONS.info_dict.get( + "avb_{}_partition_size".format(partition_name)) - builder = verity_utils.CreateCustomImageBuilder( - OPTIONS.info_dict, partition_name, partition_size, - key_path, algorithm, extra_args) + builder = verity_utils.CreateCustomImageBuilder( + OPTIONS.info_dict, partition_name, partition_size, + key_path, algorithm, extra_args) - for img_name in OPTIONS.info_dict.get( - "avb_{}_image_list".format(partition_name)).split(): + for img_name in image_list: custom_image = OutputFile( output_zip, OPTIONS.input_tmp, "IMAGES", img_name) if os.path.exists(custom_image.name): @@ -1098,18 +1101,29 @@ def AddImagesToTargetFiles(filename): # Custom images. custom_partitions = OPTIONS.info_dict.get( - "avb_custom_images_partition_list", "").strip().split() + "custom_images_partition_list", "").strip().split() for partition_name in custom_partitions: partition_name = partition_name.strip() banner("custom images for " + partition_name) - partitions[partition_name] = AddCustomImages(output_zip, partition_name) + image_list = OPTIONS.info_dict.get( + "{}_image_list".format(partition_name)).split() + partitions[partition_name] = AddCustomImages(output_zip, partition_name, image_list) + + avb_custom_partitions = OPTIONS.info_dict.get( + "avb_custom_images_partition_list", "").strip().split() + for partition_name in avb_custom_partitions: + partition_name = partition_name.strip() + banner("avb custom images for " + partition_name) + image_list = OPTIONS.info_dict.get( + "avb_{}_image_list".format(partition_name)).split() + partitions[partition_name] = AddCustomImages(output_zip, partition_name, image_list) if OPTIONS.info_dict.get("avb_enable") == "true": # vbmeta_partitions includes the partitions that should be included into # top-level vbmeta.img, which are the ones that are not included in any # chained VBMeta image plus the chained VBMeta images themselves. - # Currently custom_partitions are all chained to VBMeta image. - vbmeta_partitions = common.AVB_PARTITIONS[:] + tuple(custom_partitions) + # Currently avb_custom_partitions are all chained to VBMeta image. + vbmeta_partitions = common.AVB_PARTITIONS[:] + tuple(avb_custom_partitions) vbmeta_system = OPTIONS.info_dict.get("avb_vbmeta_system", "").strip() if vbmeta_system: diff --git a/tools/releasetools/sign_target_files_apks.py b/tools/releasetools/sign_target_files_apks.py index 8291448249..1041832161 100755 --- a/tools/releasetools/sign_target_files_apks.py +++ b/tools/releasetools/sign_target_files_apks.py @@ -1237,8 +1237,9 @@ def BuildVendorPartitions(output_zip_path): vendor_misc_info["board_bpt_enable"] = "false" # partition-table vendor_misc_info["has_dtbo"] = "false" # dtbo vendor_misc_info["has_pvmfw"] = "false" # pvmfw - vendor_misc_info["avb_custom_images_partition_list"] = "" # custom images + vendor_misc_info["avb_custom_images_partition_list"] = "" # avb custom images vendor_misc_info["avb_building_vbmeta_image"] = "false" # skip building vbmeta + vendor_misc_info["custom_images_partition_list"] = "" # custom images vendor_misc_info["use_dynamic_partitions"] = "false" # super_empty vendor_misc_info["build_super_partition"] = "false" # super split vendor_misc_info["avb_vbmeta_system"] = "" # skip building vbmeta_system