Loading core/Makefile +4 −51 Original line number Diff line number Diff line Loading @@ -1375,30 +1375,7 @@ bootimage-nodeps: $(MKBOOTIMG) $(AVBTOOL) $(BOARD_AVB_BOOT_KEY_PATH) @echo "make $@: ignoring dependencies" $(foreach b,$(INSTALLED_BOOTIMAGE_TARGET),$(call build_boot_board_avb_enabled,$(b))) else ifeq (true,$(PRODUCT_SUPPORTS_VBOOT)) # BOARD_AVB_ENABLE != true # $1: boot image target define build_boot_supports_vboot $(MKBOOTIMG) --kernel $(call bootimage-to-kernel,$(1)) $(INTERNAL_BOOTIMAGE_ARGS) $(INTERNAL_MKBOOTIMG_VERSION_ARGS) $(BOARD_MKBOOTIMG_ARGS) --output $(1).unsigned $(VBOOT_SIGNER) $(FUTILITY) $(1).unsigned $(PRODUCT_VBOOT_SIGNING_KEY).vbpubk $(PRODUCT_VBOOT_SIGNING_KEY).vbprivk $(PRODUCT_VBOOT_SIGNING_SUBKEY).vbprivk $(1).keyblock $(1) $(call assert-max-image-size,$(1),$(call get-bootimage-partition-size,$(1),boot)) endef $(INSTALLED_BOOTIMAGE_TARGET): $(MKBOOTIMG) $(INTERNAL_BOOTIMAGE_FILES) $(VBOOT_SIGNER) $(FUTILITY) $(call pretty,"Target boot image: $@") $(call build_boot_supports_vboot,$@) $(call declare-container-license-metadata,$(INSTALLED_BOOTIMAGE_TARGET),SPDX-license-identifier-GPL-2.0-only SPDX-license-identifier-Apache-2.0,restricted notice,$(BUILD_SYSTEM)/LINUX_KERNEL_COPYING build/soong/licenses/LICENSE,"Boot Image",boot) $(call declare-container-license-deps,$(INSTALLED_BOOTIMAGE_TARGET),$(INTERNAL_BOOTIMAGE_FILES),$(PRODUCT_OUT)/:/) UNMOUNTED_NOTICE_VENDOR_DEPS += $(INSTALLED_BOOTIMAGE_TARGET) .PHONY: bootimage-nodeps bootimage-nodeps: $(MKBOOTIMG) $(VBOOT_SIGNER) $(FUTILITY) @echo "make $@: ignoring dependencies" $(foreach b,$(INSTALLED_BOOTIMAGE_TARGET),$(call build_boot_supports_vboot,$(b))) else # PRODUCT_SUPPORTS_VBOOT != true else # BOARD_AVB_ENABLE != true # $1: boot image target define build_boot_novboot Loading Loading @@ -2233,11 +2210,6 @@ $(if $(PRODUCT_SYSTEM_EXT_VERITY_PARTITION),$(hide) echo "system_ext_verity_bloc $(if $(PRODUCT_VENDOR_DLKM_VERITY_PARTITION),$(hide) echo "vendor_dlkm_verity_block_device=$(PRODUCT_VENDOR_DLKM_VERITY_PARTITION)" >> $(1)) $(if $(PRODUCT_ODM_DLKM_VERITY_PARTITION),$(hide) echo "odm_dlkm_verity_block_device=$(PRODUCT_ODM_DLKM_VERITY_PARTITION)" >> $(1)) $(if $(PRODUCT_SYSTEM_DLKM_VERITY_PARTITION),$(hide) echo "system_dlkm_verity_block_device=$(PRODUCT_SYSTEM_DLKM_VERITY_PARTITION)" >> $(1)) $(if $(PRODUCT_SUPPORTS_VBOOT),$(hide) echo "vboot=$(PRODUCT_SUPPORTS_VBOOT)" >> $(1)) $(if $(PRODUCT_SUPPORTS_VBOOT),$(hide) echo "vboot_key=$(PRODUCT_VBOOT_SIGNING_KEY)" >> $(1)) $(if $(PRODUCT_SUPPORTS_VBOOT),$(hide) echo "vboot_subkey=$(PRODUCT_VBOOT_SIGNING_SUBKEY)" >> $(1)) $(if $(PRODUCT_SUPPORTS_VBOOT),$(hide) echo "futility=$(notdir $(FUTILITY))" >> $(1)) $(if $(PRODUCT_SUPPORTS_VBOOT),$(hide) echo "vboot_signer_cmd=$(VBOOT_SIGNER)" >> $(1)) $(if $(BOARD_AVB_ENABLE), \ $(hide) echo "avb_avbtool=$(notdir $(AVBTOOL))" >> $(1)$(newline) \ $(if $(filter $(2),system), \ Loading Loading @@ -2747,15 +2719,9 @@ $(recovery_ramdisk): $(INTERNAL_RECOVERY_RAMDISK_FILES_TIMESTAMP) # $(1): output file # $(2): optional kernel file define build-recoveryimage-target $(if $(filter true,$(PRODUCT_SUPPORTS_VBOOT)), \ $(MKBOOTIMG) $(if $(strip $(2)),--kernel $(strip $(2))) $(INTERNAL_RECOVERYIMAGE_ARGS) \ $(INTERNAL_MKBOOTIMG_VERSION_ARGS) $(BOARD_RECOVERY_MKBOOTIMG_ARGS) \ --output $(1).unsigned, \ $(MKBOOTIMG) $(if $(strip $(2)),--kernel $(strip $(2))) $(INTERNAL_RECOVERYIMAGE_ARGS) \ $(INTERNAL_MKBOOTIMG_VERSION_ARGS) \ $(BOARD_RECOVERY_MKBOOTIMG_ARGS) --output $(1)) $(if $(filter true,$(PRODUCT_SUPPORTS_VBOOT)), \ $(VBOOT_SIGNER) $(FUTILITY) $(1).unsigned $(PRODUCT_VBOOT_SIGNING_KEY).vbpubk $(PRODUCT_VBOOT_SIGNING_KEY).vbprivk $(PRODUCT_VBOOT_SIGNING_SUBKEY).vbprivk $(1).keyblock $(1)) $(BOARD_RECOVERY_MKBOOTIMG_ARGS) --output $(1) $(if $(filter true,$(BOARD_USES_RECOVERY_AS_BOOT)), \ $(call assert-max-image-size,$(1),$(call get-hash-image-max-size,$(call get-bootimage-partition-size,$(1),boot))), \ $(call assert-max-image-size,$(1),$(call get-hash-image-max-size,$(BOARD_RECOVERYIMAGE_PARTITION_SIZE)))) Loading @@ -2766,9 +2732,6 @@ define build-recoveryimage-target endef recoveryimage-deps := $(MKBOOTIMG) $(recovery_ramdisk) $(recovery_kernel) ifeq (true,$(PRODUCT_SUPPORTS_VBOOT)) recoveryimage-deps += $(VBOOT_SIGNER) endif ifeq (true,$(BOARD_AVB_ENABLE)) recoveryimage-deps += $(AVBTOOL) $(BOARD_AVB_BOOT_KEY_PATH) endif Loading Loading @@ -5651,12 +5614,6 @@ INTERNAL_OTATOOLS_MODULES += \ resize2fs \ soong_zip \ ifeq (true,$(PRODUCT_SUPPORTS_VBOOT)) INTERNAL_OTATOOLS_MODULES += \ futility-host \ vboot_signer endif INTERNAL_OTATOOLS_FILES := \ $(filter $(HOST_OUT)/%,$(call module-installed-files,$(INTERNAL_OTATOOLS_MODULES))) Loading Loading @@ -5692,10 +5649,6 @@ INTERNAL_OTATOOLS_PACKAGE_FILES += \ $(sort $(shell find external/avb/test/data -type f -name "testkey_*.pem" -o \ -name "atx_metadata.bin")) endif ifeq (true,$(PRODUCT_SUPPORTS_VBOOT)) INTERNAL_OTATOOLS_PACKAGE_FILES += \ $(sort $(shell find external/vboot_reference/tests/devkeys -type f)) endif INTERNAL_OTATOOLS_RELEASETOOLS := \ $(shell find build/make/tools/releasetools -name "*.pyc" -prune -o \ Loading core/config.mk +0 −2 Original line number Diff line number Diff line Loading @@ -718,8 +718,6 @@ APPEND2SIMG := $(HOST_OUT_EXECUTABLES)/append2simg VERITY_SIGNER := $(HOST_OUT_EXECUTABLES)/verity_signer BUILD_VERITY_METADATA := $(HOST_OUT_EXECUTABLES)/build_verity_metadata BUILD_VERITY_TREE := $(HOST_OUT_EXECUTABLES)/build_verity_tree FUTILITY := $(HOST_OUT_EXECUTABLES)/futility-host VBOOT_SIGNER := $(HOST_OUT_EXECUTABLES)/vboot_signer DEXDUMP := $(HOST_OUT_EXECUTABLES)/dexdump$(BUILD_EXECUTABLE_SUFFIX) PROFMAN := $(HOST_OUT_EXECUTABLES)/profman Loading core/product.mk +0 −1 Original line number Diff line number Diff line Loading @@ -160,7 +160,6 @@ _product_list_vars += PRODUCT_BOOT_JARS_EXTRA # List of jars to be included in the ART boot image for testing. _product_list_vars += PRODUCT_TEST_ONLY_ART_BOOT_IMAGE_JARS _product_single_value_vars += PRODUCT_SUPPORTS_VBOOT _product_list_vars += PRODUCT_SYSTEM_SERVER_APPS # List of system_server classpath jars on the platform. _product_list_vars += PRODUCT_SYSTEM_SERVER_JARS Loading target/product/vboot.mkdeleted 100644 → 0 +0 −25 Original line number Diff line number Diff line # # Copyright (C) 2015 The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Provides dependencies necessary for verified boot PRODUCT_SUPPORTS_VBOOT := true # The dev key is used to sign boot and recovery images. # We expect this file to exist with the suffixes ".vbprivk" and ".vbpupk". # TODO: find a proper location for this PRODUCT_VBOOT_SIGNING_KEY := external/vboot_reference/tests/devkeys/kernel_data_key PRODUCT_VBOOT_SIGNING_SUBKEY := external/vboot_reference/tests/devkeys/kernel_subkey tools/releasetools/common.py +1 −28 Original line number Diff line number Diff line Loading @@ -1784,11 +1784,6 @@ def _BuildBootableImage(image_name, sourcedir, fs_config_file, if has_ramdisk: cmd.extend(["--ramdisk", ramdisk_img.name]) img_unsigned = None if info_dict.get("vboot"): img_unsigned = tempfile.NamedTemporaryFile() cmd.extend(["--output", img_unsigned.name]) else: cmd.extend(["--output", img.name]) if partition_name == "recovery": Loading @@ -1801,28 +1796,6 @@ def _BuildBootableImage(image_name, sourcedir, fs_config_file, RunAndCheckOutput(cmd) # Sign the image if vboot is non-empty. if info_dict.get("vboot"): path = "/" + partition_name img_keyblock = tempfile.NamedTemporaryFile() # We have switched from the prebuilt futility binary to using the tool # (futility-host) built from the source. Override the setting in the old # TF.zip. futility = info_dict["futility"] if futility.startswith("prebuilts/"): futility = "futility-host" cmd = [info_dict["vboot_signer_cmd"], futility, img_unsigned.name, info_dict["vboot_key"] + ".vbpubk", info_dict["vboot_key"] + ".vbprivk", info_dict["vboot_subkey"] + ".vbprivk", img_keyblock.name, img.name] RunAndCheckOutput(cmd) # Clean up the temp files. img_unsigned.close() img_keyblock.close() # AVB: if enabled, calculate and add hash to boot.img or recovery.img. if info_dict.get("avb_enable") == "true": avbtool = info_dict["avb_avbtool"] Loading Loading
core/Makefile +4 −51 Original line number Diff line number Diff line Loading @@ -1375,30 +1375,7 @@ bootimage-nodeps: $(MKBOOTIMG) $(AVBTOOL) $(BOARD_AVB_BOOT_KEY_PATH) @echo "make $@: ignoring dependencies" $(foreach b,$(INSTALLED_BOOTIMAGE_TARGET),$(call build_boot_board_avb_enabled,$(b))) else ifeq (true,$(PRODUCT_SUPPORTS_VBOOT)) # BOARD_AVB_ENABLE != true # $1: boot image target define build_boot_supports_vboot $(MKBOOTIMG) --kernel $(call bootimage-to-kernel,$(1)) $(INTERNAL_BOOTIMAGE_ARGS) $(INTERNAL_MKBOOTIMG_VERSION_ARGS) $(BOARD_MKBOOTIMG_ARGS) --output $(1).unsigned $(VBOOT_SIGNER) $(FUTILITY) $(1).unsigned $(PRODUCT_VBOOT_SIGNING_KEY).vbpubk $(PRODUCT_VBOOT_SIGNING_KEY).vbprivk $(PRODUCT_VBOOT_SIGNING_SUBKEY).vbprivk $(1).keyblock $(1) $(call assert-max-image-size,$(1),$(call get-bootimage-partition-size,$(1),boot)) endef $(INSTALLED_BOOTIMAGE_TARGET): $(MKBOOTIMG) $(INTERNAL_BOOTIMAGE_FILES) $(VBOOT_SIGNER) $(FUTILITY) $(call pretty,"Target boot image: $@") $(call build_boot_supports_vboot,$@) $(call declare-container-license-metadata,$(INSTALLED_BOOTIMAGE_TARGET),SPDX-license-identifier-GPL-2.0-only SPDX-license-identifier-Apache-2.0,restricted notice,$(BUILD_SYSTEM)/LINUX_KERNEL_COPYING build/soong/licenses/LICENSE,"Boot Image",boot) $(call declare-container-license-deps,$(INSTALLED_BOOTIMAGE_TARGET),$(INTERNAL_BOOTIMAGE_FILES),$(PRODUCT_OUT)/:/) UNMOUNTED_NOTICE_VENDOR_DEPS += $(INSTALLED_BOOTIMAGE_TARGET) .PHONY: bootimage-nodeps bootimage-nodeps: $(MKBOOTIMG) $(VBOOT_SIGNER) $(FUTILITY) @echo "make $@: ignoring dependencies" $(foreach b,$(INSTALLED_BOOTIMAGE_TARGET),$(call build_boot_supports_vboot,$(b))) else # PRODUCT_SUPPORTS_VBOOT != true else # BOARD_AVB_ENABLE != true # $1: boot image target define build_boot_novboot Loading Loading @@ -2233,11 +2210,6 @@ $(if $(PRODUCT_SYSTEM_EXT_VERITY_PARTITION),$(hide) echo "system_ext_verity_bloc $(if $(PRODUCT_VENDOR_DLKM_VERITY_PARTITION),$(hide) echo "vendor_dlkm_verity_block_device=$(PRODUCT_VENDOR_DLKM_VERITY_PARTITION)" >> $(1)) $(if $(PRODUCT_ODM_DLKM_VERITY_PARTITION),$(hide) echo "odm_dlkm_verity_block_device=$(PRODUCT_ODM_DLKM_VERITY_PARTITION)" >> $(1)) $(if $(PRODUCT_SYSTEM_DLKM_VERITY_PARTITION),$(hide) echo "system_dlkm_verity_block_device=$(PRODUCT_SYSTEM_DLKM_VERITY_PARTITION)" >> $(1)) $(if $(PRODUCT_SUPPORTS_VBOOT),$(hide) echo "vboot=$(PRODUCT_SUPPORTS_VBOOT)" >> $(1)) $(if $(PRODUCT_SUPPORTS_VBOOT),$(hide) echo "vboot_key=$(PRODUCT_VBOOT_SIGNING_KEY)" >> $(1)) $(if $(PRODUCT_SUPPORTS_VBOOT),$(hide) echo "vboot_subkey=$(PRODUCT_VBOOT_SIGNING_SUBKEY)" >> $(1)) $(if $(PRODUCT_SUPPORTS_VBOOT),$(hide) echo "futility=$(notdir $(FUTILITY))" >> $(1)) $(if $(PRODUCT_SUPPORTS_VBOOT),$(hide) echo "vboot_signer_cmd=$(VBOOT_SIGNER)" >> $(1)) $(if $(BOARD_AVB_ENABLE), \ $(hide) echo "avb_avbtool=$(notdir $(AVBTOOL))" >> $(1)$(newline) \ $(if $(filter $(2),system), \ Loading Loading @@ -2747,15 +2719,9 @@ $(recovery_ramdisk): $(INTERNAL_RECOVERY_RAMDISK_FILES_TIMESTAMP) # $(1): output file # $(2): optional kernel file define build-recoveryimage-target $(if $(filter true,$(PRODUCT_SUPPORTS_VBOOT)), \ $(MKBOOTIMG) $(if $(strip $(2)),--kernel $(strip $(2))) $(INTERNAL_RECOVERYIMAGE_ARGS) \ $(INTERNAL_MKBOOTIMG_VERSION_ARGS) $(BOARD_RECOVERY_MKBOOTIMG_ARGS) \ --output $(1).unsigned, \ $(MKBOOTIMG) $(if $(strip $(2)),--kernel $(strip $(2))) $(INTERNAL_RECOVERYIMAGE_ARGS) \ $(INTERNAL_MKBOOTIMG_VERSION_ARGS) \ $(BOARD_RECOVERY_MKBOOTIMG_ARGS) --output $(1)) $(if $(filter true,$(PRODUCT_SUPPORTS_VBOOT)), \ $(VBOOT_SIGNER) $(FUTILITY) $(1).unsigned $(PRODUCT_VBOOT_SIGNING_KEY).vbpubk $(PRODUCT_VBOOT_SIGNING_KEY).vbprivk $(PRODUCT_VBOOT_SIGNING_SUBKEY).vbprivk $(1).keyblock $(1)) $(BOARD_RECOVERY_MKBOOTIMG_ARGS) --output $(1) $(if $(filter true,$(BOARD_USES_RECOVERY_AS_BOOT)), \ $(call assert-max-image-size,$(1),$(call get-hash-image-max-size,$(call get-bootimage-partition-size,$(1),boot))), \ $(call assert-max-image-size,$(1),$(call get-hash-image-max-size,$(BOARD_RECOVERYIMAGE_PARTITION_SIZE)))) Loading @@ -2766,9 +2732,6 @@ define build-recoveryimage-target endef recoveryimage-deps := $(MKBOOTIMG) $(recovery_ramdisk) $(recovery_kernel) ifeq (true,$(PRODUCT_SUPPORTS_VBOOT)) recoveryimage-deps += $(VBOOT_SIGNER) endif ifeq (true,$(BOARD_AVB_ENABLE)) recoveryimage-deps += $(AVBTOOL) $(BOARD_AVB_BOOT_KEY_PATH) endif Loading Loading @@ -5651,12 +5614,6 @@ INTERNAL_OTATOOLS_MODULES += \ resize2fs \ soong_zip \ ifeq (true,$(PRODUCT_SUPPORTS_VBOOT)) INTERNAL_OTATOOLS_MODULES += \ futility-host \ vboot_signer endif INTERNAL_OTATOOLS_FILES := \ $(filter $(HOST_OUT)/%,$(call module-installed-files,$(INTERNAL_OTATOOLS_MODULES))) Loading Loading @@ -5692,10 +5649,6 @@ INTERNAL_OTATOOLS_PACKAGE_FILES += \ $(sort $(shell find external/avb/test/data -type f -name "testkey_*.pem" -o \ -name "atx_metadata.bin")) endif ifeq (true,$(PRODUCT_SUPPORTS_VBOOT)) INTERNAL_OTATOOLS_PACKAGE_FILES += \ $(sort $(shell find external/vboot_reference/tests/devkeys -type f)) endif INTERNAL_OTATOOLS_RELEASETOOLS := \ $(shell find build/make/tools/releasetools -name "*.pyc" -prune -o \ Loading
core/config.mk +0 −2 Original line number Diff line number Diff line Loading @@ -718,8 +718,6 @@ APPEND2SIMG := $(HOST_OUT_EXECUTABLES)/append2simg VERITY_SIGNER := $(HOST_OUT_EXECUTABLES)/verity_signer BUILD_VERITY_METADATA := $(HOST_OUT_EXECUTABLES)/build_verity_metadata BUILD_VERITY_TREE := $(HOST_OUT_EXECUTABLES)/build_verity_tree FUTILITY := $(HOST_OUT_EXECUTABLES)/futility-host VBOOT_SIGNER := $(HOST_OUT_EXECUTABLES)/vboot_signer DEXDUMP := $(HOST_OUT_EXECUTABLES)/dexdump$(BUILD_EXECUTABLE_SUFFIX) PROFMAN := $(HOST_OUT_EXECUTABLES)/profman Loading
core/product.mk +0 −1 Original line number Diff line number Diff line Loading @@ -160,7 +160,6 @@ _product_list_vars += PRODUCT_BOOT_JARS_EXTRA # List of jars to be included in the ART boot image for testing. _product_list_vars += PRODUCT_TEST_ONLY_ART_BOOT_IMAGE_JARS _product_single_value_vars += PRODUCT_SUPPORTS_VBOOT _product_list_vars += PRODUCT_SYSTEM_SERVER_APPS # List of system_server classpath jars on the platform. _product_list_vars += PRODUCT_SYSTEM_SERVER_JARS Loading
target/product/vboot.mkdeleted 100644 → 0 +0 −25 Original line number Diff line number Diff line # # Copyright (C) 2015 The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Provides dependencies necessary for verified boot PRODUCT_SUPPORTS_VBOOT := true # The dev key is used to sign boot and recovery images. # We expect this file to exist with the suffixes ".vbprivk" and ".vbpupk". # TODO: find a proper location for this PRODUCT_VBOOT_SIGNING_KEY := external/vboot_reference/tests/devkeys/kernel_data_key PRODUCT_VBOOT_SIGNING_SUBKEY := external/vboot_reference/tests/devkeys/kernel_subkey
tools/releasetools/common.py +1 −28 Original line number Diff line number Diff line Loading @@ -1784,11 +1784,6 @@ def _BuildBootableImage(image_name, sourcedir, fs_config_file, if has_ramdisk: cmd.extend(["--ramdisk", ramdisk_img.name]) img_unsigned = None if info_dict.get("vboot"): img_unsigned = tempfile.NamedTemporaryFile() cmd.extend(["--output", img_unsigned.name]) else: cmd.extend(["--output", img.name]) if partition_name == "recovery": Loading @@ -1801,28 +1796,6 @@ def _BuildBootableImage(image_name, sourcedir, fs_config_file, RunAndCheckOutput(cmd) # Sign the image if vboot is non-empty. if info_dict.get("vboot"): path = "/" + partition_name img_keyblock = tempfile.NamedTemporaryFile() # We have switched from the prebuilt futility binary to using the tool # (futility-host) built from the source. Override the setting in the old # TF.zip. futility = info_dict["futility"] if futility.startswith("prebuilts/"): futility = "futility-host" cmd = [info_dict["vboot_signer_cmd"], futility, img_unsigned.name, info_dict["vboot_key"] + ".vbpubk", info_dict["vboot_key"] + ".vbprivk", info_dict["vboot_subkey"] + ".vbprivk", img_keyblock.name, img.name] RunAndCheckOutput(cmd) # Clean up the temp files. img_unsigned.close() img_keyblock.close() # AVB: if enabled, calculate and add hash to boot.img or recovery.img. if info_dict.get("avb_enable") == "true": avbtool = info_dict["avb_avbtool"] Loading
