Loading core/Makefile +1 −0 Original line number Diff line number Diff line Loading @@ -997,6 +997,7 @@ $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verit $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_key=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_SIGNING_KEY)" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_signer_cmd=$(notdir $(VERITY_SIGNER))" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY_FEC),$(hide) echo "verity_fec=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY_FEC)" >> $(1)) $(if $(filter eng, $(TARGET_BUILD_VARIANT)),$(hide) echo "verity_disable=true" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_VERITY_PARTITION),$(hide) echo "system_verity_block_device=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_VERITY_PARTITION)" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VENDOR_VERITY_PARTITION),$(hide) echo "vendor_verity_block_device=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VENDOR_VERITY_PARTITION)" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT),$(hide) echo "vboot=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT)" >> $(1)) Loading core/tasks/tools/build_custom_image.mk +1 −0 Original line number Diff line number Diff line Loading @@ -135,6 +135,7 @@ $(my_built_custom_image): $(INTERNAL_USERIMAGES_DEPS) $(my_built_modules) $(my_i echo "verity_block_device=$(PRIVATE_VERITY_BLOCK_DEVICE)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt) $(if $(PRIVATE_SUPPORT_VERITY_FEC),\ $(hide) echo "verity_fec=$(PRIVATE_SUPPORT_VERITY_FEC)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt) $(if $(filter eng, $(TARGET_BUILD_VARIANT)),$(hide) echo "verity_disable=true" >> $(PRIVATE_INTERMEDIATES)/image_info.txt) $(hide) echo "avb_avbtool=$(PRIVATE_AVB_AVBTOOL)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt $(if $(PRIVATE_AVB_KEY_PATH),\ $(hide) echo "avb_key_path=$(PRIVATE_AVB_KEY_PATH)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt;\ Loading target/product/verity.mk +10 −14 Original line number Diff line number Diff line Loading @@ -14,11 +14,8 @@ # limitations under the License. # # Provides dependencies necessary for verified boot (only for user and # userdebug builds) # Provides dependencies necessary for verified boot. user_variant := $(filter user userdebug,$(TARGET_BUILD_VARIANT)) ifneq (,$(user_variant)) PRODUCT_SUPPORTS_BOOT_SIGNER := true PRODUCT_SUPPORTS_VERITY := true PRODUCT_SUPPORTS_VERITY_FEC := true Loading @@ -30,4 +27,3 @@ ifneq (,$(user_variant)) PRODUCT_PACKAGES += \ verity_key endif tools/releasetools/build_image.py +8 −2 Original line number Diff line number Diff line Loading @@ -225,12 +225,15 @@ def BuildVerityTree(sparse_image_path, verity_image_path, prop_dict): return True def BuildVerityMetadata(image_size, verity_metadata_path, root_hash, salt, block_device, signer_path, key, signer_args): block_device, signer_path, key, signer_args, verity_disable): cmd = ["system/extras/verity/build_verity_metadata.py", "build", str(image_size), verity_metadata_path, root_hash, salt, block_device, signer_path, key] if signer_args: cmd.append("--signer_args=\"%s\"" % (' '.join(signer_args),)) if verity_disable: cmd.append("--verity_disable") output, exit_code = RunCommand(cmd) if exit_code != 0: print "Could not build verity metadata! Error: %s" % output Loading Loading @@ -334,8 +337,10 @@ def MakeVerityEnabledImage(out_file, fec_supported, prop_dict): # build the metadata blocks root_hash = prop_dict["verity_root_hash"] salt = prop_dict["verity_salt"] verity_disable = "verity_disable" in prop_dict if not BuildVerityMetadata(image_size, verity_metadata_path, root_hash, salt, block_dev, signer_path, signer_key, signer_args): block_dev, signer_path, signer_key, signer_args, verity_disable): shutil.rmtree(tempdir_name, ignore_errors=True) return False Loading Loading @@ -644,6 +649,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point): "verity_key", "verity_signer_cmd", "verity_fec", "verity_disable", "avb_enable", "avb_avbtool", "avb_salt", Loading Loading
core/Makefile +1 −0 Original line number Diff line number Diff line Loading @@ -997,6 +997,7 @@ $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verit $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_key=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_SIGNING_KEY)" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_signer_cmd=$(notdir $(VERITY_SIGNER))" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY_FEC),$(hide) echo "verity_fec=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY_FEC)" >> $(1)) $(if $(filter eng, $(TARGET_BUILD_VARIANT)),$(hide) echo "verity_disable=true" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_VERITY_PARTITION),$(hide) echo "system_verity_block_device=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SYSTEM_VERITY_PARTITION)" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VENDOR_VERITY_PARTITION),$(hide) echo "vendor_verity_block_device=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VENDOR_VERITY_PARTITION)" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT),$(hide) echo "vboot=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VBOOT)" >> $(1)) Loading
core/tasks/tools/build_custom_image.mk +1 −0 Original line number Diff line number Diff line Loading @@ -135,6 +135,7 @@ $(my_built_custom_image): $(INTERNAL_USERIMAGES_DEPS) $(my_built_modules) $(my_i echo "verity_block_device=$(PRIVATE_VERITY_BLOCK_DEVICE)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt) $(if $(PRIVATE_SUPPORT_VERITY_FEC),\ $(hide) echo "verity_fec=$(PRIVATE_SUPPORT_VERITY_FEC)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt) $(if $(filter eng, $(TARGET_BUILD_VARIANT)),$(hide) echo "verity_disable=true" >> $(PRIVATE_INTERMEDIATES)/image_info.txt) $(hide) echo "avb_avbtool=$(PRIVATE_AVB_AVBTOOL)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt $(if $(PRIVATE_AVB_KEY_PATH),\ $(hide) echo "avb_key_path=$(PRIVATE_AVB_KEY_PATH)" >> $(PRIVATE_INTERMEDIATES)/image_info.txt;\ Loading
target/product/verity.mk +10 −14 Original line number Diff line number Diff line Loading @@ -14,11 +14,8 @@ # limitations under the License. # # Provides dependencies necessary for verified boot (only for user and # userdebug builds) # Provides dependencies necessary for verified boot. user_variant := $(filter user userdebug,$(TARGET_BUILD_VARIANT)) ifneq (,$(user_variant)) PRODUCT_SUPPORTS_BOOT_SIGNER := true PRODUCT_SUPPORTS_VERITY := true PRODUCT_SUPPORTS_VERITY_FEC := true Loading @@ -30,4 +27,3 @@ ifneq (,$(user_variant)) PRODUCT_PACKAGES += \ verity_key endif
tools/releasetools/build_image.py +8 −2 Original line number Diff line number Diff line Loading @@ -225,12 +225,15 @@ def BuildVerityTree(sparse_image_path, verity_image_path, prop_dict): return True def BuildVerityMetadata(image_size, verity_metadata_path, root_hash, salt, block_device, signer_path, key, signer_args): block_device, signer_path, key, signer_args, verity_disable): cmd = ["system/extras/verity/build_verity_metadata.py", "build", str(image_size), verity_metadata_path, root_hash, salt, block_device, signer_path, key] if signer_args: cmd.append("--signer_args=\"%s\"" % (' '.join(signer_args),)) if verity_disable: cmd.append("--verity_disable") output, exit_code = RunCommand(cmd) if exit_code != 0: print "Could not build verity metadata! Error: %s" % output Loading Loading @@ -334,8 +337,10 @@ def MakeVerityEnabledImage(out_file, fec_supported, prop_dict): # build the metadata blocks root_hash = prop_dict["verity_root_hash"] salt = prop_dict["verity_salt"] verity_disable = "verity_disable" in prop_dict if not BuildVerityMetadata(image_size, verity_metadata_path, root_hash, salt, block_dev, signer_path, signer_key, signer_args): block_dev, signer_path, signer_key, signer_args, verity_disable): shutil.rmtree(tempdir_name, ignore_errors=True) return False Loading Loading @@ -644,6 +649,7 @@ def ImagePropFromGlobalDict(glob_dict, mount_point): "verity_key", "verity_signer_cmd", "verity_fec", "verity_disable", "avb_enable", "avb_avbtool", "avb_salt", Loading
