Loading core/Makefile +6 −5 Original line number Diff line number Diff line Loading @@ -661,6 +661,11 @@ $(if $(BOARD_OEMIMAGE_PARTITION_SIZE),$(hide) echo "oem_size=$(BOARD_OEMIMAGE_PA $(if $(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG),$(hide) echo "extfs_sparse_flag=$(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG)" >> $(1)) $(if $(mkyaffs2_extra_flags),$(hide) echo "mkyaffs2_extra_flags=$(mkyaffs2_extra_flags)" >> $(1)) $(hide) echo "selinux_fc=$(SELINUX_FC)" >> $(1) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY), $(hide) echo "verity=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY)" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_block_device=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_PARTITION)" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_key=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_SIGNING_KEY)" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_signer_cmd=$(VERITY_SIGNER)" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_mountpoint=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_MOUNTPOINT)" >> $(1)) $(if $(2),$(hide) $(foreach kv,$(2),echo "$(kv)" >> $(1);)) endef Loading Loading @@ -865,11 +870,7 @@ define build-systemimage-target @echo "Target system fs image: $(1)" @mkdir -p $(dir $(1)) $(systemimage_intermediates) && rm -rf $(systemimage_intermediates)/system_image_info.txt $(call generate-userimage-prop-dictionary, $(systemimage_intermediates)/system_image_info.txt, \ skip_fsck=true \ verity=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY) \ verity_block_device=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_PARTITION) \ verity_key=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_SIGNING_KEY) \ verity_signer_cmd=$(VERITY_SIGNER)) skip_fsck=true) $(hide) PATH=$(foreach p,$(INTERNAL_USERIMAGES_BINARY_PATHS),$(p):)$$PATH \ ./build/tools/releasetools/build_image.py \ $(TARGET_OUT) $(systemimage_intermediates)/system_image_info.txt $(1) Loading core/product.mk +2 −1 Original line number Diff line number Diff line Loading @@ -104,7 +104,8 @@ _product_var_list := \ PRODUCT_OEM_PROPERTIES \ PRODUCT_SYSTEM_PROPERTY_BLACKLIST \ PRODUCT_VERITY_PARTITION \ PRODUCT_VERITY_SIGNING_KEY PRODUCT_VERITY_SIGNING_KEY \ PRODUCT_VERITY_MOUNTPOINT define dump-product $(info ==== $(1) ====)\ Loading target/product/verity.mk +1 −0 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ PRODUCT_SUPPORTS_VERITY := true PRODUCT_VERITY_SIGNING_KEY := build/target/product/security/verity_private_dev_key PRODUCT_VERITY_MOUNTPOINT := system PRODUCT_PACKAGES += \ verity_key tools/releasetools/build_image.py +6 −3 Original line number Diff line number Diff line Loading @@ -222,8 +222,10 @@ def BuildImage(in_dir, prop_dict, out_file): fs_type = prop_dict.get("fs_type", "") run_fsck = False is_verity_partition = prop_dict.get("mount_point") == prop_dict.get("verity_mountpoint") verity_supported = prop_dict.get("verity") == "true" # adjust the partition size to make room for the hashes if this is to be verified if prop_dict.get("verity") == "true": if verity_supported and is_verity_partition: partition_size = int(prop_dict.get("partition_size")) adjusted_size = AdjustPartitionSizeForVerity(partition_size) if not adjusted_size: Loading Loading @@ -258,7 +260,7 @@ def BuildImage(in_dir, prop_dict, out_file): return False # create the verified image if this is to be verified if prop_dict.get("verity") == "true": if verity_supported and is_verity_partition: if not MakeVerityEnabledImage(out_file, prop_dict): return False Loading Loading @@ -301,7 +303,8 @@ def ImagePropFromGlobalDict(glob_dict, mount_point): "verity", "verity_block_device", "verity_key", "verity_signer_cmd" "verity_signer_cmd", "verity_mountpoint" ) for p in common_props: copy_prop(p, p) Loading Loading
core/Makefile +6 −5 Original line number Diff line number Diff line Loading @@ -661,6 +661,11 @@ $(if $(BOARD_OEMIMAGE_PARTITION_SIZE),$(hide) echo "oem_size=$(BOARD_OEMIMAGE_PA $(if $(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG),$(hide) echo "extfs_sparse_flag=$(INTERNAL_USERIMAGES_SPARSE_EXT_FLAG)" >> $(1)) $(if $(mkyaffs2_extra_flags),$(hide) echo "mkyaffs2_extra_flags=$(mkyaffs2_extra_flags)" >> $(1)) $(hide) echo "selinux_fc=$(SELINUX_FC)" >> $(1) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY), $(hide) echo "verity=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY)" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_block_device=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_PARTITION)" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_key=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_SIGNING_KEY)" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_signer_cmd=$(VERITY_SIGNER)" >> $(1)) $(if $(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY),$(hide) echo "verity_mountpoint=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_MOUNTPOINT)" >> $(1)) $(if $(2),$(hide) $(foreach kv,$(2),echo "$(kv)" >> $(1);)) endef Loading Loading @@ -865,11 +870,7 @@ define build-systemimage-target @echo "Target system fs image: $(1)" @mkdir -p $(dir $(1)) $(systemimage_intermediates) && rm -rf $(systemimage_intermediates)/system_image_info.txt $(call generate-userimage-prop-dictionary, $(systemimage_intermediates)/system_image_info.txt, \ skip_fsck=true \ verity=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_SUPPORTS_VERITY) \ verity_block_device=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_PARTITION) \ verity_key=$(PRODUCTS.$(INTERNAL_PRODUCT).PRODUCT_VERITY_SIGNING_KEY) \ verity_signer_cmd=$(VERITY_SIGNER)) skip_fsck=true) $(hide) PATH=$(foreach p,$(INTERNAL_USERIMAGES_BINARY_PATHS),$(p):)$$PATH \ ./build/tools/releasetools/build_image.py \ $(TARGET_OUT) $(systemimage_intermediates)/system_image_info.txt $(1) Loading
core/product.mk +2 −1 Original line number Diff line number Diff line Loading @@ -104,7 +104,8 @@ _product_var_list := \ PRODUCT_OEM_PROPERTIES \ PRODUCT_SYSTEM_PROPERTY_BLACKLIST \ PRODUCT_VERITY_PARTITION \ PRODUCT_VERITY_SIGNING_KEY PRODUCT_VERITY_SIGNING_KEY \ PRODUCT_VERITY_MOUNTPOINT define dump-product $(info ==== $(1) ====)\ Loading
target/product/verity.mk +1 −0 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ PRODUCT_SUPPORTS_VERITY := true PRODUCT_VERITY_SIGNING_KEY := build/target/product/security/verity_private_dev_key PRODUCT_VERITY_MOUNTPOINT := system PRODUCT_PACKAGES += \ verity_key
tools/releasetools/build_image.py +6 −3 Original line number Diff line number Diff line Loading @@ -222,8 +222,10 @@ def BuildImage(in_dir, prop_dict, out_file): fs_type = prop_dict.get("fs_type", "") run_fsck = False is_verity_partition = prop_dict.get("mount_point") == prop_dict.get("verity_mountpoint") verity_supported = prop_dict.get("verity") == "true" # adjust the partition size to make room for the hashes if this is to be verified if prop_dict.get("verity") == "true": if verity_supported and is_verity_partition: partition_size = int(prop_dict.get("partition_size")) adjusted_size = AdjustPartitionSizeForVerity(partition_size) if not adjusted_size: Loading Loading @@ -258,7 +260,7 @@ def BuildImage(in_dir, prop_dict, out_file): return False # create the verified image if this is to be verified if prop_dict.get("verity") == "true": if verity_supported and is_verity_partition: if not MakeVerityEnabledImage(out_file, prop_dict): return False Loading Loading @@ -301,7 +303,8 @@ def ImagePropFromGlobalDict(glob_dict, mount_point): "verity", "verity_block_device", "verity_key", "verity_signer_cmd" "verity_signer_cmd", "verity_mountpoint" ) for p in common_props: copy_prop(p, p) Loading
