Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 06b5c469 authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Use deterministic salt for boot image avb footer" into main am:... 

Merge "Use deterministic salt for boot image avb footer" into main am: 2b181f9a am: 006c13c2 am: efc6bdd9

Original change: https://android-review.googlesource.com/c/platform/build/+/2768202



Change-Id: I857d4b32fcbd848362dae06c0113f0b18587dd76
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 0b2321ae efc6bdd9

core/Makefile

+1 −0
Original line number Diff line number Diff line
@@ -1233,6 +1233,7 @@ define build_boot_from_kernel_avb_enabled 
  $(AVBTOOL) add_hash_footer \

          --image $(1) \

          $(call get-partition-size-argument,$(call get-bootimage-partition-size,$(1),boot)) \

          --salt `sha256sum "$(kernel)" | cut -d " " -f 1` \

          --partition_name boot $(INTERNAL_AVB_BOOT_SIGNING_ARGS) \

          $(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS)

endef

tools/releasetools/common.py

+8 −3
Original line number Diff line number Diff line
@@ -1410,7 +1410,7 @@ def RunHostInitVerifier(product_out, partition_map): 
  return RunAndCheckOutput(cmd)





def AppendAVBSigningArgs(cmd, partition):

def AppendAVBSigningArgs(cmd, partition, avb_salt=None):

  """Append signing arguments for avbtool."""

  # e.g., "--key path/to/signing_key --algorithm SHA256_RSA4096"

  key_path = ResolveAVBSigningPathArgs(
@@ -1418,6 +1418,7 @@ def AppendAVBSigningArgs(cmd, partition): 
  algorithm = OPTIONS.info_dict.get("avb_" + partition + "_algorithm")

  if key_path and algorithm:

    cmd.extend(["--key", key_path, "--algorithm", algorithm])

  if avb_salt is None:

    avb_salt = OPTIONS.info_dict.get("avb_salt")

  # make_vbmeta_image doesn't like "--salt" (and it's not needed).

  if avb_salt and not partition.startswith("vbmeta"):
@@ -1825,7 +1826,11 @@ def _BuildBootableImage(image_name, sourcedir, fs_config_file, 
    cmd = [avbtool, "add_hash_footer", "--image", img.name,

           "--partition_size", str(part_size), "--partition_name",

           partition_name]

    AppendAVBSigningArgs(cmd, partition_name)

    salt = None

    if kernel_path is not None:

      with open(kernel_path, "rb") as fp:

        salt = sha256(fp.read()).hexdigest()

    AppendAVBSigningArgs(cmd, partition_name, salt)

    args = info_dict.get("avb_" + partition_name + "_add_hash_footer_args")

    if args and args.strip():

      split_args = ResolveAVBSigningPathArgs(shlex.split(args))