Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 055128bf authored by Tianjie's avatar Tianjie Committed by Tianjie Xu
Browse files

Use sha256 to build the hashtree in avb image 

The hashtree is used in verified boot, and sha256 is more robust against
malicious attacks. Also, sha256 uses the same space as sha1 in the
hashtree. And there isn't much performance regression per
https://b.corp.google.com/issues/156162446#comment18

By putting the config in BoardConfigMainlineCommon.mk, we enable sha256
on all Pixels. And devices who want to use a different hash algorithm
can override it in it's own board configs.

Bug: 156162446
Test: boot the device and check performance
Change-Id: I9f1d3bcf241bc65adf10376cc5ae7ab1986216fa
parent 33571ac8

target/board/BoardConfigPixelCommon.mk

0 → 100644
+18 −0
Original line number Diff line number Diff line 
# BoardConfigPixelCommon.mk

#

# Common compile-time definitions for Pixel devices.



# Using sha256 for dm-verity partitions. b/156162446

# system, system_other, system_ext and product.

BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256

BOARD_AVB_SYSTEM_OTHER_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256

BOARD_AVB_SYSTEM_EXT_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256

BOARD_AVB_PRODUCT_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256



# vendor and odm.

BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256

BOARD_AVB_ODM_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256



# vendor_dlkm and odm_dlkm.

BOARD_AVB_VENDOR_DLKM_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256

BOARD_AVB_ODM_DLKM_ADD_HASHTREE_FOOTER_ARGS += --hash_algorithm sha256