Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 11b548d4 authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Use deterministic salt for boot image avb footer" into main am:... 

Merge "Use deterministic salt for boot image avb footer" into main am: 2b181f9a am: 006c13c2 am: efc6bdd9 am: 06b5c469 am: c2a56476

Original change: https://android-review.googlesource.com/c/platform/build/+/2768202



Change-Id: Id4f20c8a4726a1efeef04ef2363e94291e2835b9
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 67ae02b7 c2a56476

core/Makefile

+1 −0
Original line number Diff line number Diff line
@@ -1233,6 +1233,7 @@ define build_boot_from_kernel_avb_enabled 
  $(AVBTOOL) add_hash_footer \

          --image $(1) \

          $(call get-partition-size-argument,$(call get-bootimage-partition-size,$(1),boot)) \

          --salt `sha256sum "$(kernel)" | cut -d " " -f 1` \

          --partition_name boot $(INTERNAL_AVB_BOOT_SIGNING_ARGS) \

          $(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS)

endef

tools/releasetools/common.py

+8 −3
Original line number Diff line number Diff line
@@ -1410,7 +1410,7 @@ def RunHostInitVerifier(product_out, partition_map): 
  return RunAndCheckOutput(cmd)





def AppendAVBSigningArgs(cmd, partition):

def AppendAVBSigningArgs(cmd, partition, avb_salt=None):

  """Append signing arguments for avbtool."""

  # e.g., "--key path/to/signing_key --algorithm SHA256_RSA4096"

  key_path = ResolveAVBSigningPathArgs(
@@ -1418,6 +1418,7 @@ def AppendAVBSigningArgs(cmd, partition): 
  algorithm = OPTIONS.info_dict.get("avb_" + partition + "_algorithm")

  if key_path and algorithm:

    cmd.extend(["--key", key_path, "--algorithm", algorithm])

  if avb_salt is None:

    avb_salt = OPTIONS.info_dict.get("avb_salt")

  # make_vbmeta_image doesn't like "--salt" (and it's not needed).

  if avb_salt and not partition.startswith("vbmeta"):
@@ -1825,7 +1826,11 @@ def _BuildBootableImage(image_name, sourcedir, fs_config_file, 
    cmd = [avbtool, "add_hash_footer", "--image", img.name,

           "--partition_size", str(part_size), "--partition_name",

           partition_name]

    AppendAVBSigningArgs(cmd, partition_name)

    salt = None

    if kernel_path is not None:

      with open(kernel_path, "rb") as fp:

        salt = sha256(fp.read()).hexdigest()

    AppendAVBSigningArgs(cmd, partition_name, salt)

    args = info_dict.get("avb_" + partition_name + "_add_hash_footer_args")

    if args and args.strip():

      split_args = ResolveAVBSigningPathArgs(shlex.split(args))