Loading core/Makefile +8 −0 Original line number Original line Diff line number Diff line Loading @@ -3699,7 +3699,9 @@ endif # BOARD_PREBUILT_DTBOIMAGE # Protected VM firmware image # Protected VM firmware image ifeq ($(BOARD_USES_PVMFWIMAGE),true) ifeq ($(BOARD_USES_PVMFWIMAGE),true) INSTALLED_PVMFWIMAGE_TARGET := $(PRODUCT_OUT)/pvmfw.img INSTALLED_PVMFWIMAGE_TARGET := $(PRODUCT_OUT)/pvmfw.img INSTALLED_PVMFW_EMBEDDED_AVBKEY_TARGET := $(PRODUCT_OUT)/pvmfw_embedded.avbpubkey INTERNAL_PREBUILT_PVMFWIMAGE := packages/modules/Virtualization/pvmfw/pvmfw.img INTERNAL_PREBUILT_PVMFWIMAGE := packages/modules/Virtualization/pvmfw/pvmfw.img INTERNAL_PVMFW_EMBEDDED_AVBKEY := external/avb/test/data/testkey_rsa4096_pub.bin ifdef BOARD_PREBUILT_PVMFWIMAGE ifdef BOARD_PREBUILT_PVMFWIMAGE PREBUILT_PVMFWIMAGE_TARGET := $(BOARD_PREBUILT_PVMFWIMAGE) PREBUILT_PVMFWIMAGE_TARGET := $(BOARD_PREBUILT_PVMFWIMAGE) Loading @@ -3719,6 +3721,10 @@ else $(eval $(call copy-one-file,$(PREBUILT_PVMFWIMAGE_TARGET),$(INSTALLED_PVMFWIMAGE_TARGET))) $(eval $(call copy-one-file,$(PREBUILT_PVMFWIMAGE_TARGET),$(INSTALLED_PVMFWIMAGE_TARGET))) endif endif $(INSTALLED_PVMFWIMAGE_TARGET): $(INSTALLED_PVMFW_EMBEDDED_AVBKEY_TARGET) $(eval $(call copy-one-file,$(INTERNAL_PVMFW_EMBEDDED_AVBKEY),$(INSTALLED_PVMFW_EMBEDDED_AVBKEY_TARGET))) endif # BOARD_USES_PVMFWIMAGE endif # BOARD_USES_PVMFWIMAGE # Returns a list of image targets corresponding to the given list of partitions. For example, it # Returns a list of image targets corresponding to the given list of partitions. For example, it Loading Loading @@ -5305,6 +5311,7 @@ $(BUILT_TARGET_FILES_PACKAGE): \ $(INSTALLED_CACHEIMAGE_TARGET) \ $(INSTALLED_CACHEIMAGE_TARGET) \ $(INSTALLED_DTBOIMAGE_TARGET) \ $(INSTALLED_DTBOIMAGE_TARGET) \ $(INSTALLED_PVMFWIMAGE_TARGET) \ $(INSTALLED_PVMFWIMAGE_TARGET) \ $(INSTALLED_PVMFW_EMBEDDED_AVBKEY_TARGET) \ $(INSTALLED_CUSTOMIMAGES_TARGET) \ $(INSTALLED_CUSTOMIMAGES_TARGET) \ $(INSTALLED_ANDROID_INFO_TXT_TARGET) \ $(INSTALLED_ANDROID_INFO_TXT_TARGET) \ $(INSTALLED_KERNEL_TARGET) \ $(INSTALLED_KERNEL_TARGET) \ Loading Loading @@ -5642,6 +5649,7 @@ endif # BOARD_PREBUILT_DTBOIMAGE ifeq ($(BOARD_USES_PVMFWIMAGE),true) ifeq ($(BOARD_USES_PVMFWIMAGE),true) $(hide) mkdir -p $(zip_root)/PREBUILT_IMAGES $(hide) mkdir -p $(zip_root)/PREBUILT_IMAGES $(hide) cp $(INSTALLED_PVMFWIMAGE_TARGET) $(zip_root)/PREBUILT_IMAGES/ $(hide) cp $(INSTALLED_PVMFWIMAGE_TARGET) $(zip_root)/PREBUILT_IMAGES/ $(hide) cp $(INSTALLED_PVMFW_EMBEDDED_AVBKEY_TARGET) $(zip_root)/PREBUILT_IMAGES/ endif endif ifdef BOARD_PREBUILT_BOOTLOADER ifdef BOARD_PREBUILT_BOOTLOADER $(hide) mkdir -p $(zip_root)/IMAGES $(hide) mkdir -p $(zip_root)/IMAGES Loading tools/releasetools/sign_target_files_apks.py +33 −0 Original line number Original line Diff line number Diff line Loading @@ -688,6 +688,39 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info, print(" Rewriting AVB public key of system_other in /product") print(" Rewriting AVB public key of system_other in /product") common.ZipWrite(output_tf_zip, public_key, filename) common.ZipWrite(output_tf_zip, public_key, filename) # Updates pvmfw embedded public key with the virt APEX payload key. elif filename == "PREBUILT_IMAGES/pvmfw.img": # Find the name of the virt APEX in the target files. namelist = input_tf_zip.namelist() apex_gen = (GetApexFilename(f) for f in namelist if IsApexFile(f)) virt_apex_re = re.compile("^com\.([^\.]+\.)?android\.virt\.apex$") virt_apex = next((a for a in apex_gen if virt_apex_re.match(a)), None) if not virt_apex: print("Removing %s from ramdisk: virt APEX not found" % filename) else: print("Replacing %s embedded key with %s key" % (filename, virt_apex)) # Get the current and new embedded keys. payload_key, container_key, sign_tool = apex_keys[virt_apex] new_pubkey_path = common.ExtractAvbPublicKey( misc_info['avb_avbtool'], payload_key) with open(new_pubkey_path, 'rb') as f: new_pubkey = f.read() pubkey_info = copy.copy( input_tf_zip.getinfo("PREBUILT_IMAGES/pvmfw_embedded.avbpubkey")) old_pubkey = input_tf_zip.read(pubkey_info.filename) # Validate the keys and image. if len(old_pubkey) != len(new_pubkey): raise common.ExternalError("pvmfw embedded public key size mismatch") pos = data.find(old_pubkey) if pos == -1: raise common.ExternalError("pvmfw embedded public key not found") # Replace the key and copy new files. new_data = data[:pos] + new_pubkey + data[pos+len(old_pubkey):] common.ZipWriteStr(output_tf_zip, out_info, new_data) common.ZipWriteStr(output_tf_zip, pubkey_info, new_pubkey) elif filename == "PREBUILT_IMAGES/pvmfw_embedded.avbpubkey": pass # Should NOT sign boot-debug.img. # Should NOT sign boot-debug.img. elif filename in ( elif filename in ( "BOOT/RAMDISK/force_debuggable", "BOOT/RAMDISK/force_debuggable", Loading Loading
core/Makefile +8 −0 Original line number Original line Diff line number Diff line Loading @@ -3699,7 +3699,9 @@ endif # BOARD_PREBUILT_DTBOIMAGE # Protected VM firmware image # Protected VM firmware image ifeq ($(BOARD_USES_PVMFWIMAGE),true) ifeq ($(BOARD_USES_PVMFWIMAGE),true) INSTALLED_PVMFWIMAGE_TARGET := $(PRODUCT_OUT)/pvmfw.img INSTALLED_PVMFWIMAGE_TARGET := $(PRODUCT_OUT)/pvmfw.img INSTALLED_PVMFW_EMBEDDED_AVBKEY_TARGET := $(PRODUCT_OUT)/pvmfw_embedded.avbpubkey INTERNAL_PREBUILT_PVMFWIMAGE := packages/modules/Virtualization/pvmfw/pvmfw.img INTERNAL_PREBUILT_PVMFWIMAGE := packages/modules/Virtualization/pvmfw/pvmfw.img INTERNAL_PVMFW_EMBEDDED_AVBKEY := external/avb/test/data/testkey_rsa4096_pub.bin ifdef BOARD_PREBUILT_PVMFWIMAGE ifdef BOARD_PREBUILT_PVMFWIMAGE PREBUILT_PVMFWIMAGE_TARGET := $(BOARD_PREBUILT_PVMFWIMAGE) PREBUILT_PVMFWIMAGE_TARGET := $(BOARD_PREBUILT_PVMFWIMAGE) Loading @@ -3719,6 +3721,10 @@ else $(eval $(call copy-one-file,$(PREBUILT_PVMFWIMAGE_TARGET),$(INSTALLED_PVMFWIMAGE_TARGET))) $(eval $(call copy-one-file,$(PREBUILT_PVMFWIMAGE_TARGET),$(INSTALLED_PVMFWIMAGE_TARGET))) endif endif $(INSTALLED_PVMFWIMAGE_TARGET): $(INSTALLED_PVMFW_EMBEDDED_AVBKEY_TARGET) $(eval $(call copy-one-file,$(INTERNAL_PVMFW_EMBEDDED_AVBKEY),$(INSTALLED_PVMFW_EMBEDDED_AVBKEY_TARGET))) endif # BOARD_USES_PVMFWIMAGE endif # BOARD_USES_PVMFWIMAGE # Returns a list of image targets corresponding to the given list of partitions. For example, it # Returns a list of image targets corresponding to the given list of partitions. For example, it Loading Loading @@ -5305,6 +5311,7 @@ $(BUILT_TARGET_FILES_PACKAGE): \ $(INSTALLED_CACHEIMAGE_TARGET) \ $(INSTALLED_CACHEIMAGE_TARGET) \ $(INSTALLED_DTBOIMAGE_TARGET) \ $(INSTALLED_DTBOIMAGE_TARGET) \ $(INSTALLED_PVMFWIMAGE_TARGET) \ $(INSTALLED_PVMFWIMAGE_TARGET) \ $(INSTALLED_PVMFW_EMBEDDED_AVBKEY_TARGET) \ $(INSTALLED_CUSTOMIMAGES_TARGET) \ $(INSTALLED_CUSTOMIMAGES_TARGET) \ $(INSTALLED_ANDROID_INFO_TXT_TARGET) \ $(INSTALLED_ANDROID_INFO_TXT_TARGET) \ $(INSTALLED_KERNEL_TARGET) \ $(INSTALLED_KERNEL_TARGET) \ Loading Loading @@ -5642,6 +5649,7 @@ endif # BOARD_PREBUILT_DTBOIMAGE ifeq ($(BOARD_USES_PVMFWIMAGE),true) ifeq ($(BOARD_USES_PVMFWIMAGE),true) $(hide) mkdir -p $(zip_root)/PREBUILT_IMAGES $(hide) mkdir -p $(zip_root)/PREBUILT_IMAGES $(hide) cp $(INSTALLED_PVMFWIMAGE_TARGET) $(zip_root)/PREBUILT_IMAGES/ $(hide) cp $(INSTALLED_PVMFWIMAGE_TARGET) $(zip_root)/PREBUILT_IMAGES/ $(hide) cp $(INSTALLED_PVMFW_EMBEDDED_AVBKEY_TARGET) $(zip_root)/PREBUILT_IMAGES/ endif endif ifdef BOARD_PREBUILT_BOOTLOADER ifdef BOARD_PREBUILT_BOOTLOADER $(hide) mkdir -p $(zip_root)/IMAGES $(hide) mkdir -p $(zip_root)/IMAGES Loading
tools/releasetools/sign_target_files_apks.py +33 −0 Original line number Original line Diff line number Diff line Loading @@ -688,6 +688,39 @@ def ProcessTargetFiles(input_tf_zip, output_tf_zip, misc_info, print(" Rewriting AVB public key of system_other in /product") print(" Rewriting AVB public key of system_other in /product") common.ZipWrite(output_tf_zip, public_key, filename) common.ZipWrite(output_tf_zip, public_key, filename) # Updates pvmfw embedded public key with the virt APEX payload key. elif filename == "PREBUILT_IMAGES/pvmfw.img": # Find the name of the virt APEX in the target files. namelist = input_tf_zip.namelist() apex_gen = (GetApexFilename(f) for f in namelist if IsApexFile(f)) virt_apex_re = re.compile("^com\.([^\.]+\.)?android\.virt\.apex$") virt_apex = next((a for a in apex_gen if virt_apex_re.match(a)), None) if not virt_apex: print("Removing %s from ramdisk: virt APEX not found" % filename) else: print("Replacing %s embedded key with %s key" % (filename, virt_apex)) # Get the current and new embedded keys. payload_key, container_key, sign_tool = apex_keys[virt_apex] new_pubkey_path = common.ExtractAvbPublicKey( misc_info['avb_avbtool'], payload_key) with open(new_pubkey_path, 'rb') as f: new_pubkey = f.read() pubkey_info = copy.copy( input_tf_zip.getinfo("PREBUILT_IMAGES/pvmfw_embedded.avbpubkey")) old_pubkey = input_tf_zip.read(pubkey_info.filename) # Validate the keys and image. if len(old_pubkey) != len(new_pubkey): raise common.ExternalError("pvmfw embedded public key size mismatch") pos = data.find(old_pubkey) if pos == -1: raise common.ExternalError("pvmfw embedded public key not found") # Replace the key and copy new files. new_data = data[:pos] + new_pubkey + data[pos+len(old_pubkey):] common.ZipWriteStr(output_tf_zip, out_info, new_data) common.ZipWriteStr(output_tf_zip, pubkey_info, new_pubkey) elif filename == "PREBUILT_IMAGES/pvmfw_embedded.avbpubkey": pass # Should NOT sign boot-debug.img. # Should NOT sign boot-debug.img. elif filename in ( elif filename in ( "BOOT/RAMDISK/force_debuggable", "BOOT/RAMDISK/force_debuggable", Loading
