BUILD_HOST_EXECUTABLE modules are substantially deprecated, but some
partners are still using them for their bits with the workaround
provided in the product definition. This fixes a build error where
the host module doesn't have a linkable ELF note archive.
MTE is not intended for host modules, and it's fine for us to say
"host module using AndroidMk - no MTE for you" if this changes.
Test: Manually tested using a BUILD_HOST_EXECUTABLE module.
Change-Id: Ifedff39f2f03c08bfb644221d2ab1b88e635c8a3
Devices using GKI architecture will use a prebuilt boot.img.
However, we should still sign this prebuilt boot.img with
device-specific AVB keys.
Steps to test the CL.
1. In a device BoardConfig.mk:
# Uses a prebuilt boot.img
TARGET_NO_KERNEL := true
BOARD_PREBUILT_BOOTIMAGE := device/google/redbull/boot.img
# Enable chained vbmeta for the boot image.
# The following can be absent, where the hash descriptor of the
# 'boot' partition will be stored then signed in vbmeta.img instead.
BOARD_AVB_BOOT_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem
BOARD_AVB_BOOT_ALGORITHM := SHA256_RSA4096
BOARD_AVB_BOOT_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP)
BOARD_AVB_BOOT_ROLLBACK_INDEX_LOCATION := 2
2. `make bootimage`, then `avbtool info_image --image $OUT/boot.img`,
checks the image is re-signed with a device-specific key
3. `make dist` to generate out/dist/TF.zip
4. `unzip out/dist/TF.zip IMAGES/boot.img`
5. `avbtool info_image --image out/dist/IMAGES/boot.img`,
checks the image is re-signed with a device-specific key
6. `sign_target_files_apks \
--avb_boot_key=external/avb/test/data/testkey_rsa8192.pem \
--avb_boot_algorithm=SHA256_RSA8192 \
--avb_boot_extra_args="--prop test:sign" \
./out/dist/*-target_files-eng.*.zip signed.zip`, resign the TF.zip
7. `unzip signed.zip IMAGES/boot.img`, then use `avbtool info_image` to
check the boot.img is re-signed with the --avb_boot_key in step 6.
Bug: 188485657
Test: above steps
Change-Id: I7ee8b3ffe6a86aaca34bbb7a8898a97b3f8bd801
`b` is a function that combines:
1. Integrated generation of a synthetic bazel workspace, containing
symlinks to BUILD and bzl files alongside symlinks to the source tree.
This is the --package_path of the bazel build.
2. Running the Bazel build itself with b's entire argv.
A user accustomed to typing `bazel build <targets>` would
now type `b build <targets>`.
Test: source build/envsetup.sh; b build //bionic/...; b cquery --output=label_kind //bionic/...
Fixes: 188490434
Change-Id: I36e366108b024c09945d764a1115786658e03681
Mark ANGLE as product-specific and remove building the APK. CuttleFish
will continue to build the ANGLE libraries directly.
Bug: b/187342779
Test: launch_cvd --restart_subprocesses=false --start_webrtc=true --gpu_mode=guest_swiftshader
Change-Id: I6cd379a11e0c198ad72636253f1a33f2d1fc798f
There are GKI arm64 and x86_64 now. The patch restructures the
GKI common settings to a new common BoardConfig file
"BoardConfigGkiCommon.mk".
It includes the ramdisk and boot image settings for GKI.
The patch also removes obsolete TARGET_PRELINK_MODULE.
Bug: 177859525
Bug: 181277965
Test: lunch gsi_arm64-userdebug ; make dist
Test: lunch gsi_x86_64-userdebug ; make dist
Change-Id: I204c8937d97140cc3c6ed3473d494f03f534ed75
Test: th
Test: Manual OTA test on bramble, pause/resume multiple times
Test: verity enabled, VABC enabled OTA
Test: verity enabled, VABC disabled OTA
Test: verity disabled, VABC enabled OTA
Test: verity disabled, VABC disabled OTA
Change-Id: Ia236984b158761f84f54ab7a6d3d49491c249546
Starting from Android 10, the system.img layout consists of
$TARGET_SYSTEM_OUT and $TARGET_ROOT_OUT, and is mounted by the
init as root. That is, system.img is always created as if
BOARD_BUILD_SYSTEM_ROOT_IMAGE was set.
https://source.android.com/devices/bootloader/partitions/system-as-root
The previous concern is that there might be compatibility issues between
the ramdisk contained in boot.img with a newer system.img. But this is
no longer an issue after we always mount the system.img as root.
Bug: 187157581
Test: Tree Hugger
Change-Id: I4537e6ce6fb39b4b86caac82a13716abf515ffd6
Devices that launched before Android S must still be able to access
debugfs.
Bug: 188022148
Test: build boot
Change-Id: I18ecec3f7daf5a1085de40606640ead63457c4b2
This reverts commit a700ad4651.
Reason for revert: relanding original CL with correct Merged-In tag.
Use "Merged-In" tag from CL ag/14062434 to prevent merging in the
stage-aosp-master branch. That CL is unrelated to the current CL,
but related to <uses-library> checks in general.
Bug: 132357300
Change-Id: I10de5b56c51a0407bf027e0be5ac3b0b307cf100
Test: treehugger
Merged-In: I21712e5197b3cb06e82e476f4c2f7277142034e9
Use "Merged-In" tag from CL ag/14063987 to prevent merging in the
rvc-qpr-dev-plus-aosp branch. That CL is unrelated to the current CL,
but related to <uses-library> checks in general.
Bug: 132357300
Test: treehugger
Change-Id: If31a9ed148e4f1195bf916a650d0afafef3d6915
Merged-In: I26f2887357193b0d4bb951fa5bb09384c149b381
(cherry picked from commit feeb6bcd1e)
build_image adds additional parameters (uuid, hash_seed) if
prop_dict["ext_mkuserimg"] is set to "mkuserimg_mke2fs".
The comparison does not take paths into consideration, so passing a
full path to mkuserimg_mke2fs would cause the parameters to not
be included.
This is currently not an issue for aosp builds, but could cause problems
for customized build systems.
Bug: 187742822
Test: Manual, using vendor build system, also executed 'm droid'
Change-Id: I7a8973dd0c4d8a39aea5aafcfe1aa69750fb1449
In the release signing process, it uses --signing_helper_with_files
for avbtool. This can be done by passing
--gki_signing_signature_args="--signing_helper_with_files=/path/to/helper.sh"
for mkbootimg.
However, this only works when there is a default value of
"gki_signing_signature_args" in the misc_info.txt, to be appended
with more extra args. Adding a default value "--prop foo:bar" to make
it work.
Note: also move the BOARD_GKI_* signing config to
BoardConfigGsiCommon.mk, so we don't have to duplicate the settings
for each architecture.
Bug: 178559811
Bug: 177862434
Test: `make bootimage`
`unpack_bootimg --boot_img $OUT/boot.img --out unpack`
`avbtool info_image --image ./unpack/boot_signature`
Change-Id: I8bd8ad3acf324931b47d45fd30bc590206b1927e
If the build prop ro.build.id isn't set at build time, init will
set it at runtime. The logic is appending the vbmeta digest to
the ro.build.legacy.id.
Make the same change in ota scripts, so the correct build fingerprint
will be saved in the ota metadata.
Bug: 186786987
Test: generate an OTA, check the metadata
Change-Id: I278f59c41c1f98d4cbea749e5d9e4eaf7a6b9565
Commit I8bd8ad3acf324931b47d45fd30bc590206b1927e adds a default
value of "gki_signing_signature_args" in the misc_info.txt for
release signing to work. However, it's better to replace the default
value entirely (e.g., --prop foo:bar) as there is no need to include
them in the final release-signed image.
Bug: 178559811
Bug: 177862434
Test: atest releasetools_test
Test: atest releasetools_py3_test
Change-Id: I060b5a7076ff3e5d883abeb7d72f3db887c9fd69
