This updates the build system for the new Android Verified Boot
codebase. As this is based on Brillo Verified Boot, this change replaces
the existing BVB support.
Android Verified Boot is enabled by the BOARD_AVB_ENABLE variable
BOARD_AVB_ENABLE := true
This will make the build system create vbmeta.img which will contain a
hash descriptor for boot.img, a hashtree descriptor for system.img, a
kernel-cmdline descriptor for setting up dm-verity for system.img and
append a hash-tree to system.img.
Additionally, the descriptors are left in boot.img and system.img so a
third party can create their own vbmeta.img file linking - using the
option --chain_partition - to these images. If this is not needed
footers can be erased using the 'avbtool erase_footer' command. It's
also harmless to just leave them in the images.
By default, the algorithm SHA256_RSA4096 is used with a test key from
the AVB source directory. This can be overriden by the
BOARD_AVB_ALGORITHM and BOARD_AVB_KEY_PATH variables to use e.g. a
4096-bit RSA key and SHA-512:
BOARD_AVB_ALGORITHM := SHA512_RSA4096
BOARD_AVB_KEY_PATH := /path/to/rsa_key_4096bits.pem
To prevent rollback attacks, the rollback index should be increased on a
regular basis. The rollback index can be set with the
BOARD_AVB_ROLLBACK_INDEX variable:
BOARD_AVB_ROLLBACK_INDEX := 5
If this is not set, the rollback index defaults to 0.
The variable BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS can be used to specify
additional options passed to 'avbtool make_vbmeta_image'. Typical
options to be used here include '--prop', '--prop_from_file', and
'--chain_partition'.
The variable BOARD_AVBTOOL_BOOT_ADD_HASH_FOOTER_ARGS can be used to
specify additional options passed to 'avbtool add_hash_footer' for
boot.img. Typical options to be used here include '--hash_algorithm' and
'--salt'.
The variable BOARD_AVBTOOL_SYSTEM_ADD_HASHTREE_FOOTER_ARGS can be used
to specify additional options passed to 'avbtool add_hashtree_footer'
for systems.img. Typical options to be used here include
'--hash_algorithm', '--salt', and '--block_size'.
BUG=31264226
TEST=Manually tested on edison-eng by inspecting {boot, system,
vbmeta}.img in out/ directory as well as their counterparts in
the IMAGES/ directory of edision-target_files-eng.zeuthen.zip
Merged-In: Ic9a61cfc65c148b12996e57f04da5432eef6b982
Change-Id: I97042655bca15e7eac899f12c5bada2f6184d307
Currently it supports verifying packages signed with RSA algorithms
(v1-v4 as in bootable/recovery/verifier.cpp). No support for ECDSA (v5)
signed packages yet.
$ ./build/tools/releasetools/check_ota_package_signature.py \
bootable/recovery/tests/testdata/testkey_v1.x509.pem \
bootable/recovery/tests/testdata/otasigned_v1.zip
Package: bootable/recovery/tests/testdata/otasigned_v1.zip
Certificate: bootable/recovery/tests/testdata/testkey_v1.x509.pem
Comment length: 1738
Signed data length: 2269
Use SHA-256: False
Digest: 115e688ec3b77743070b743453e2fc6ce8754484
VERIFIED
Bug: 31523193
Test: Used the tool to verify existing packages (like above).
Change-Id: I71d3569e858c729cb64825c5c7688ededc397aa8
This was printing "error:", but not actually triggering an error.
Instead of trying to write a single line bash script to handle this,
move the actual check into python. This allows us to print all of the
errors for a single module before triggering the failure.
Also updates the warning format and the warn.py script to properly parse
these warning. Many of the java:sdk -> java:platform warnings are false
positives due to the lack of LOCAL_SDK_VERSION markings on prebuilts.
Individual tags can be marked as warnings now, which lets us check for
system libraries linking against vendor libraries (which won't work on
AOSP). I'm not sure this is a completely valid check, which one reason
that it's just a warning.
Test: m all_link_types (with some missing libs commented out)
Change-Id: I333e418c9a4511b7c7e826891ae481da08fbf6f9
* Use 't1' CSS class for main warning tables,
and default table style for new warning count table.
* Count total skipped warnings.
* Append count of warnings in each severity header.
* Fix some skipped warning patterns and count/dump skipped warnings.
* Add dumpskippedanchors function to fix expand_collapse
error when --byproject flag is used and severity.SKIP
is not emitted.
* Minor coding style changes:
* Loop through severity.kinds.
* Remove unused import.
* Add spaces around assignment operators.
* Adjust indentation.
Bug: 31377083
Test: run warn.py with build.log
Change-Id: I68949edc4601b10ea2f7ac84e48e6c3da4ab1e4f
This workaround to clean package intermediates is no longer necessary,
as ninja reruns commands whose command line changes.
Test: switch between product overlays that use add-resource, verify
R.java is regenerated.
Change-Id: Icb1f76360e39882e4401180414a031956777b020
The switch to apksig changed the Created-By header value in .SF file
from "1.0 (Android SignApk)" to "1.0 (Android apksigner)". This commit
reverts the value back to "1.0 (Android SignApk)".
Change-Id: I2fc462cade40a5b31bb6191996fd6f18fabbf08f
fat16copy.py can be used to copy files or directories in to the root of
a fat16 image.
Usage: fat16copy <image> <file> [<file> ...]
Test: Used to compose a Raspberry Pi 3 boot image
Bug: 28912590
Change-Id: I29c9eec3786e2c5cc94f9a160360bac850809a93
For some partition sizes, we currently build an image that's 1-2
blocks smaller than the actual partition, which causes fs_mgr to
not find metadata. This change adds padding to FEC metadata that
correctly positions the metadata header at the end.
Bug: 28865197
Change-Id: Ie0e044715a9c5ae8ba395e7d2ff9fbd7cffc0b4c
The output will be in the `m dist` results as soong_to_convert.txt, or
can be built using:
$ m $OUT/soong_to_convert.txt
The output is a list of modules that are probably ready to convert to
Soong:
# Blocked on Module (potential problems)
283 libEGL (srcs_dotarm)
246 libicuuc (dotdot_incs dotdot_srcs)
221 libspeexresampler
215 libcamera_metadata
...
0 zram-perf (dotdot_incs)
The number at the beginning of the line shows how many native modules
depend on that module.
All of their dependencies have been satisfied, and any potential
problems that Make can detect are listed in parenthesis after the
module:
dotdot_srcs: LOCAL_SRC_FILES contains paths outside $(LOCAL_PATH)
dotdot_incs: LOCAL_C_INCLUDES contains paths include '..'
srcs_dotarm: LOCAL_SRC_FILES contains source files like <...>.c.arm
aidl: LOCAL_SRC_FILES contains .aidl sources
dbus: LOCAL_SRC_FILES contains .dbus-xml sources
objc: LOCAL_SRC_FILES contains Objective-C sources
proto: LOCAL_SRC_FILES contains .proto sources
rs: LOCAL_SRC_FILES contains renderscript sources
vts: LOCAL_SRC_FILES contains .vts sources
Not all problems can be discovered, but this is a starting point.
Change-Id: I45674fe93fd267d4d1fb0bc3bc9aa025e20c5ac6
* Generalize regular expression to match new warning messages.
* Remove old unused pattern.
Change-Id: I54f2e5bdb255b290cb3751ba56558f5fe8d7245e
Test: Run warn.py with build.log
The userdata.img and cache.img entries are not useful in signed builds;
because fastboot doesn't look at these two entries in the *img.zip when
flashing a device. And they aren't used elsewhere. Therefore, skip
building the image files for them when signing the target files with
sign_target_files_apks. Also, add an option "--is_signing" to avoid
adding these two images when we call add_img_to_target_files.
Change-Id: I39ba91a86d9a856d7d01771f6d1403dbf21f2011
Test: Run sign_target_files_apks on a target file and userdata/cache.img doesn't not generate.
Bug: 30642470
add_img_to_target_files.py fails when the target_files.zip is over 4GiB
when adding IMAGES/ folder. Specify the flag to allow creating
target_files.zip with ZIP64 extension.
Other zip artifacts (-img.zip, -ota.zip etc) remain in non-ZIP64 format.
zip2zip is not affected, which still creates non-ZIP64 zips even when
copying from target_files in ZIP64.
Bug: 30961841
Test: "make dist" with large system image and check the artifacts.
Change-Id: I0568745f01ef8f0239081f783eac92288d4fdd84
Do not copy the "META/care_map.txt" from the source zipfile when
signing the target files with sign_target_files_apks. Because we'll
generate a new care_map after rebuilding the system/vendor images;
and we'll write the new "META/care_map.txt" to the signed-target-file.
Change-Id: I6919cfdf8314a4084b5f612a9c89469f391486a4
Test: Run sign_target_files_apks locally, and the entry is updated.
Bug: 30812253
On A/B devices (i.e. system_root_image="true"), /default.prop is
packaged at ROOT/default.prop (as opposed to BOOT/RAMDISK/default.prop
for non-A/B devices). Update the path so that we handle properties like
ro.bootimage.build.fingerprint properly.
The one for recovery is not affected, which stays at
BOOT/RAMDISK/default.prop for A/B devices and gets updated correctly.
Bug: 30811237
Test: Verify the property in the generated signed-TF.zip.
Change-Id: Id201a042d7ea988a64f89c6d04f43326a9851e27
The update-payload-key is used by update_engine_sideload from recovery
to verify an update payload.
Bug: 27178350
Change-Id: I7a0a307ae565e5e9cbf2c9b58fbcc055e87771ce
* LOCAL_CLANG_EXCEPTION_PROJECTS is the list of project prefixes.
* New warning message is detected by warn.py as high severity.
Bug: 30575506
Change-Id: I87a38b2ba6bab1d2e5e7a9d5ec9557f0e609727c
Test: build and find new warning in build.log
We were using the package name as the key to index APKs. APKs from the
same package got messed up and gave wrong signature summary. Switch to
using the package filename as the key, which is identical in a given build.
Also fix the trailing space when printing the signature summary.
Bug: 30418268
Test: Run with a target_files.zip that has multiple APKs from the same package.
Change-Id: I6317e8c05e987c5690915e05c294153d10e2f0ab
* Use const reference parameter type to avoid unnecessary copy.
Bug: 30407689
Change-Id: Iefab05c077367f272abf545036b853e8a295c8cd
Test: build with WITH_TIDY=1
* Use --byproject flag to dump warnings in HTML file by projects.
* Add external/google and vendor/google projects, vs other
external/non-google and vendor/non-google projects.
* Refactor code in dumpcategory to dump warnings by projects
when --byproject is specified.
* Recognize new compiler -Wvarargs warning pattern.
* No change to default HTML output format.
Change-Id: I2406ad392ab18683357ff0ee0cf6c41f87cf399c
Test: run through current build.log files.
* This enables 5 performance related checks:
performance-faster-string-find
performance-for-range-copy
performance-implicit-cast-in-loop
performance-unnecessary-copy-initialization
performance-unnecessary-value-param
* Recognize these new warnings in warn.py.
Bug: http://b/27779618
Change-Id: I7af3fdc262dd44db90d3b62eb37c5eac5a2eaa01
Test: build with WITH_TIDY=1 and run warn.py with build.log
* No change to html output, except removing unused "PageTop" anchor.
* Add --gencsv flag to output a CSV file instead of html file.
CSV files are combined to a table for dashboard charts.
* Count warnings from selected source project directories.
* CSV output lines are:
num_of_warnings,project_name,warning_description
* project_name is empty for sum of warnings from all projects.
* warning_description could be:
(1) "<severity>: <warning type description>"
for one warning type, or
(2) "<severity> warnings"
for all warning types of the severity.
Change-Id: I1cf976ed0cf142091226b22665b7f28d383608fd
Test: run through current build.log files.
* Count new clang-tidy warnings:
google-runtime-references
google-runtime-operator
* Count new clang warnings:
-Wconst-conversion similar to -Wliteral-conversion
-Wundefined-var-template
* Modified static analyzer warning message about
"Null passed to a callee that requires a non-null ..."
* Disable google-runtime-references by default and
disable misc-macro-parentheses in vendor projects;
too many old C/C++ code have this warning.
Change-Id: Ib35e0af85875aada17c92b0237b76cd5ae3bfcc8
Test: build with clang-tidy.
Used to skip only immediately followed identical warning lines.
Now classifywarning is called only once for each unique warning line.
Change-Id: Ie3b77ded70b41dafad91c042dbe15ad2be119e62
Test: run through build.log file
We should disable using imgdiff if *any* of the source and target
partitions uses squashfs.
Bug: 30004734
Test: Create an incremental with two builds with one of them uses squashfs.
Change-Id: I826cd13d7b852c548e4b45e61f5ae00f6407cac3
(cherry picked from commit f8acad1480)
