StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f354b178b15451bc86d38c88daacb55f313e589a
build/core/tasks/build_custom_images.mk
Bowgo Tsai 7ea994b21c Support signing custom images with AVB HASH or AVB HASHTREE 
`make custom_images` supports to build different kinds of *non-droid* images,
e.g., odm.img. Adding the support of signing them with either AVB HASH footer
or AVB HASHTREE footer. The user can use HASH for small images and
HASHTREE for large images.

Sample signing configurations:
 * AVB HASH footer:
   - CUSTOM_IMAGE_AVB_HASH_ENABLE := true
   - CUSTOM_IMAGE_AVB_ADD_HASH_FOOTER_ARGS := --append_to_release_string my_odm_image

 * AVB HASHTREE footer:
   - CUSTOM_IMAGE_AVB_HASHTREE_ENABLE := true
   - CUSTOM_IMAGE_AVB_ADD_HASHTREE_FOOTER_ARGS := --fec_num_roots 8

 * Using custom signing key:
   - CUSTOM_IMAGE_AVB_ALGORITHM := SHA256_RSA2048
   - CUSTOM_IMAGE_AVB_KEY_PATH := external/avb/test/data/testkey_rsa2048.pem

Bug: 36701014
Test: `make custom_images` with AVB HASH footer
Test: `make custom_images` with AVB HASHTREE footer
Test: `make droid` to check system.img is still properly signed with AVB HASHTREE
Test: `make droid` to check vendor.img is still properly signed with AVB HASHTREE

Change-Id: I8dc420e12e37e9a631345c0cd883339db05d489f
2017-05-24 14:21:03 +08:00

79 lines
3.4 KiB
Makefile
Raw Blame History

#
# Copyright (C) 2015 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Build additional images requested by the product makefile.
# This script gives the ability to build multiple additional images and you can
# configure what modules/files to include in each image.
# 1. Define PRODUCT_CUSTOM_IMAGE_MAKEFILES in your product makefile.
# PRODUCT_CUSTOM_IMAGE_MAKEFILES is a list of makefiles.
# Each makefile configures an image.
# For image configuration makefile foo/bar/xyz.mk, the built image file name
# will be xyz.img. So make sure they won't conflict.
# 2. In each image's configuration makefile, you can define variables:
# - CUSTOM_IMAGE_MOUNT_POINT, the mount point, such as "oem", "odm" etc.
# - CUSTOM_IMAGE_PARTITION_SIZE
# - CUSTOM_IMAGE_FILE_SYSTEM_TYPE
# - CUSTOM_IMAGE_DICT_FILE, a text file defines a dictionary accepted by
# BuildImage() in tools/releasetools/build_image.py.
# - CUSTOM_IMAGE_MODULES, a list of module names you want to include in
# the image; Not only the module itself will be installed to proper path in
# the image, you can also piggyback additional files/directories with the
# module's LOCAL_PICKUP_FILES.
# - CUSTOM_IMAGE_COPY_FILES, a list of "<src>:<dest>" to be copied to the
# image. <dest> is relativ to the root of the image.
# - CUSTOM_IMAGE_SELINUX, set to "true" if the image supports selinux.
# - CUSTOM_IMAGE_SUPPORT_VERITY, set to "true" if the product supports verity.
# - CUSTOM_IMAGE_VERITY_BLOCK_DEVICE
# - CUSTOM_IMAGE_AVB_HASH_ENABLE, set to "true" to add AVB HASH footer.
# - CUSTOM_IMAGE_AVB_ADD_HASH_FOOTER_ARGS, additional args of AVB HASH footer.
# - CUSTOM_IMAGE_AVB_HASHTREE_ENABLE, set to "true" to add AVB HASHTREE
# footer.
# - CUSTOM_IMAGE_AVB_ADD_HASHTREE_FOOTER_ARGS, additional args of AVB
# HASHTREE footer.
# - CUSTOM_IMAGE_AVB_KEY_PATH, custom AVB signing key.
# - CUSTOM_IMAGE_AVB_ALGORITHM, custom AVB signing algorithm.
#
# To build all those images, run "make custom_images".
ifneq ($(filter $(MAKECMDGOALS),custom_images),)
.PHONY: custom_images
custom_image_parameter_variables := \
CUSTOM_IMAGE_MOUNT_POINT \
CUSTOM_IMAGE_PARTITION_SIZE \
CUSTOM_IMAGE_FILE_SYSTEM_TYPE \
CUSTOM_IMAGE_DICT_FILE \
CUSTOM_IMAGE_MODULES \
CUSTOM_IMAGE_COPY_FILES \
CUSTOM_IMAGE_SELINUX \
CUSTOM_IMAGE_SUPPORT_VERITY \
CUSTOM_IMAGE_VERITY_BLOCK_DEVICE \
CUSTOM_IMAGE_AVB_HASH_ENABLE \
CUSTOM_IMAGE_AVB_ADD_HASH_FOOTER_ARGS \
CUSTOM_IMAGE_AVB_HASHTREE_ENABLE \
CUSTOM_IMAGE_AVB_ADD_HASHTREE_FOOTER_ARGS \
CUSTOM_IMAGE_AVB_KEY_PATH \
CUSTOM_IMAGE_AVB_ALGORITHM \
# We don't expect product makefile to inherit/override PRODUCT_CUSTOM_IMAGE_MAKEFILES,
# so we don't put it in the _product_var_list.
$(foreach mk, $(PRODUCT_CUSTOM_IMAGE_MAKEFILES),\
$(eval my_custom_imag_makefile := $(mk))\
$(eval include $(BUILD_SYSTEM)/tasks/tools/build_custom_image.mk))
endif
Reference in New Issue View Git Blame Copy Permalink