Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a81d4299 authored by Tao Bao's avatar Tao Bao
Browse files

releasetools: Re-enable verifying AVB-signed images. 

This reverts commit 9788b4ed. All the
blocking issues have been addressed.

Fixes: 120517892
Test: Run validate_target_files.py on crosshatch signed
      target_files.zip.
Change-Id: I95de241e159998e002dedddafea65953b1a1b263
parent 07279505

tools/releasetools/validate_target_files.py

+25 −3
Original line number Diff line number Diff line
@@ -318,9 +318,31 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options): 
  if info_dict.get("avb_enable") == "true":

    logging.info('Verifying Verified Boot 2.0 (AVB) images...')



    # TODO(b/120517892): Temporarily disable the verification for AVB-signed

    # images. Needing supporting changes in caller to pass in the desired keys.

    logging.info('Temporarily disabled due to b/120517892')

    key = options['verity_key']

    if key is None:

      key = info_dict['avb_vbmeta_key_path']



    # avbtool verifies all the images that have descriptors listed in vbmeta.

    image = os.path.join(input_tmp, 'IMAGES', 'vbmeta.img')

    cmd = ['avbtool', 'verify_image', '--image', image, '--key', key]



    # Append the args for chained partitions if any.

    for partition in common.AVB_PARTITIONS:

      key_name = 'avb_' + partition + '_key_path'

      if info_dict.get(key_name) is not None:

        chained_partition_arg = common.GetAvbChainedPartitionArg(

            partition, info_dict, options[key_name])

        cmd.extend(["--expected_chain_partition", chained_partition_arg])



    proc = common.Run(cmd)

    stdoutdata, _ = proc.communicate()

    assert proc.returncode == 0, \

        'Failed to verify {} with avbtool (key: {}):\n{}'.format(

            image, key, stdoutdata)



    logging.info(

        'Verified %s with avbtool (key: %s):\n%s', image, key,

        stdoutdata.rstrip())





def main():