Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c2a56476 authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Use deterministic salt for boot image avb footer" into main am:... 

Merge "Use deterministic salt for boot image avb footer" into main am: 2b181f9a am: 006c13c2 am: efc6bdd9 am: 06b5c469

Original change: https://android-review.googlesource.com/c/platform/build/+/2768202



Change-Id: I6259a6a2b61df7d05475a0db8725b3d8cc24602d
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents b6a2e011 06b5c469

core/Makefile

+1 −0
Original line number Diff line number Diff line
@@ -1233,6 +1233,7 @@ define build_boot_from_kernel_avb_enabled 
  $(AVBTOOL) add_hash_footer \

          --image $(1) \

          $(call get-partition-size-argument,$(call get-bootimage-partition-size,$(1),boot)) \

          --salt `sha256sum "$(kernel)" | cut -d " " -f 1` \

          --partition_name boot $(INTERNAL_AVB_BOOT_SIGNING_ARGS) \

          $(BOARD_AVB_BOOT_ADD_HASH_FOOTER_ARGS)

endef

tools/releasetools/common.py

+8 −3
Original line number Diff line number Diff line
@@ -1410,7 +1410,7 @@ def RunHostInitVerifier(product_out, partition_map): 
  return RunAndCheckOutput(cmd)





def AppendAVBSigningArgs(cmd, partition):

def AppendAVBSigningArgs(cmd, partition, avb_salt=None):

  """Append signing arguments for avbtool."""

  # e.g., "--key path/to/signing_key --algorithm SHA256_RSA4096"

  key_path = ResolveAVBSigningPathArgs(
@@ -1418,6 +1418,7 @@ def AppendAVBSigningArgs(cmd, partition): 
  algorithm = OPTIONS.info_dict.get("avb_" + partition + "_algorithm")

  if key_path and algorithm:

    cmd.extend(["--key", key_path, "--algorithm", algorithm])

  if avb_salt is None:

    avb_salt = OPTIONS.info_dict.get("avb_salt")

  # make_vbmeta_image doesn't like "--salt" (and it's not needed).

  if avb_salt and not partition.startswith("vbmeta"):
@@ -1825,7 +1826,11 @@ def _BuildBootableImage(image_name, sourcedir, fs_config_file, 
    cmd = [avbtool, "add_hash_footer", "--image", img.name,

           "--partition_size", str(part_size), "--partition_name",

           partition_name]

    AppendAVBSigningArgs(cmd, partition_name)

    salt = None

    if kernel_path is not None:

      with open(kernel_path, "rb") as fp:

        salt = sha256(fp.read()).hexdigest()

    AppendAVBSigningArgs(cmd, partition_name, salt)

    args = info_dict.get("avb_" + partition_name + "_add_hash_footer_args")

    if args and args.strip():

      split_args = ResolveAVBSigningPathArgs(shlex.split(args))