Commit 9bd832a0 authored Feb 06, 2020 by Tianjie Xu

Remove the key parameter when verifying avb images in validate_target_files

If a key is specified, the avbtool always use the input key to verify
all the chained images. And this will cause failures when the vbmeta &
system use different keys (e.g. RSA 4096 vs RSA2048). Because the public
key to vbmeta will always fail to verify the system image. Remove the
'--key' parameter in the verification command, so the avbtool will use
the embedded public in the image.

Test: validate target-file from sdk_gphone_x86_64
Bug: 148916990
Change-Id: I9d31be0f8c32af605af94fa73d07818f40f51ec4

parent 24e2f7c0

tools/releasetools/validate_target_files.py

+1 −1

Original line number	Diff line number	Diff line
		@@ -350,7 +350,7 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options):
		# vbmeta partitions (e.g. vbmeta_system).
		image = os.path.join(input_tmp, 'IMAGES', 'vbmeta.img')
		cmd = [info_dict['avb_avbtool'], 'verify_image', '--image', image,
		'--key', key, '--follow_chain_partitions']
		'--follow_chain_partitions']

		# Append the args for chained partitions if any.
		for partition in common.AVB_PARTITIONS + common.AVB_VBMETA_PARTITIONS: