Loading tools/releasetools/build_image.py +11 −59 Original line number Diff line number Diff line Loading @@ -248,20 +248,9 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None): if fs_type.startswith("squash"): fs_spans_partition = False is_verity_partition = "verity_block_device" in prop_dict verity_supported = prop_dict.get("verity") == "true" verity_fec_supported = prop_dict.get("verity_fec") == "true" avb_footer_type = None if prop_dict.get("avb_hash_enable") == "true": avb_footer_type = "hash" elif prop_dict.get("avb_hashtree_enable") == "true": avb_footer_type = "hashtree" if avb_footer_type: avbtool = prop_dict.get("avb_avbtool") avb_signing_args = prop_dict.get( "avb_add_" + avb_footer_type + "_footer_args") # Get a builder for creating an image that's to be verified by Verified Boot, # or None if not applicable. verity_image_builder = verity_utils.CreateVerityImageBuilder(prop_dict) if (prop_dict.get("use_dynamic_partition_size") == "true" and "partition_size" not in prop_dict): Loading @@ -273,13 +262,8 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None): size += int(prop_dict.get("partition_reserved_size", BYTES_IN_MB * 16)) # Round this up to a multiple of 4K so that avbtool works size = common.RoundUpTo4K(size) # Adjust partition_size to add more space for AVB footer, to prevent # it from consuming partition_reserved_size. if avb_footer_type: size = verity_utils.AVBCalcMinPartitionSize( size, lambda x: verity_utils.AVBCalcMaxImageSize( avbtool, avb_footer_type, x, avb_signing_args)) if verity_image_builder: size = verity_image_builder.CalculateDynamicPartitionSize(size) prop_dict["partition_size"] = str(size) if fs_type.startswith("ext"): if "extfs_inode_count" not in prop_dict: Loading Loading @@ -316,19 +300,8 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None): prop_dict["image_size"] = prop_dict["partition_size"] # Adjust the image size to make room for the hashes if this is to be verified. if verity_supported and is_verity_partition: partition_size = int(prop_dict.get("partition_size")) image_size, verity_size = verity_utils.AdjustPartitionSizeForVerity( partition_size, verity_fec_supported) prop_dict["image_size"] = str(image_size) prop_dict["verity_size"] = str(verity_size) # Adjust the image size for AVB hash footer or AVB hashtree footer. if avb_footer_type: partition_size = prop_dict["partition_size"] # avb_add_hash_footer_args or avb_add_hashtree_footer_args. max_image_size = verity_utils.AVBCalcMaxImageSize( avbtool, avb_footer_type, partition_size, avb_signing_args) if verity_image_builder: max_image_size = verity_image_builder.CalculateMaxImageSize() prop_dict["image_size"] = str(max_image_size) if fs_type.startswith("ext"): Loading Loading @@ -441,33 +414,12 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None): if "partition_headroom" in prop_dict and fs_type.startswith("ext4"): CheckHeadroom(mkfs_output, prop_dict) if not fs_spans_partition: mount_point = prop_dict.get("mount_point") image_size = int(prop_dict["image_size"]) sparse_image_size = verity_utils.GetSimgSize(out_file) if sparse_image_size > image_size: raise BuildImageError( "Error: {} image size of {} is larger than partition size of " "{}".format(mount_point, sparse_image_size, image_size)) if verity_supported and is_verity_partition: verity_utils.ZeroPadSimg(out_file, image_size - sparse_image_size) if not fs_spans_partition and verity_image_builder: verity_image_builder.PadSparseImage(out_file) # Create the verified image if this is to be verified. if verity_supported and is_verity_partition: verity_utils.MakeVerityEnabledImage( out_file, verity_fec_supported, prop_dict) # Add AVB HASH or HASHTREE footer (metadata). if avb_footer_type: partition_size = prop_dict["partition_size"] partition_name = prop_dict["partition_name"] # key_path and algorithm are only available when chain partition is used. key_path = prop_dict.get("avb_key_path") algorithm = prop_dict.get("avb_algorithm") salt = prop_dict.get("avb_salt") verity_utils.AVBAddFooter( out_file, avbtool, avb_footer_type, partition_size, partition_name, key_path, algorithm, salt, avb_signing_args) if verity_image_builder: verity_image_builder.Build(out_file) if run_e2fsck and prop_dict.get("skip_fsck") != "true": unsparse_image = UnsparseImage(out_file, replace=False) Loading tools/releasetools/test_validate_target_files.py +12 −13 Original line number Diff line number Diff line Loading @@ -24,6 +24,7 @@ import common import test_utils import verity_utils from validate_target_files import ValidateVerifiedBootImages from verity_utils import CreateVerityImageBuilder class ValidateTargetFilesTest(test_utils.ReleaseToolsTestCase): Loading Loading @@ -107,10 +108,16 @@ class ValidateTargetFilesTest(test_utils.ReleaseToolsTestCase): options) def _generate_system_image(self, output_file): verity_fec = True partition_size = 1024 * 1024 image_size, verity_size = verity_utils.AdjustPartitionSizeForVerity( partition_size, verity_fec) prop_dict = { 'partition_size': str(1024 * 1024), 'verity': 'true', 'verity_block_device': '/dev/block/system', 'verity_key' : os.path.join(self.testdata_dir, 'testkey'), 'verity_fec': "true", 'verity_signer_cmd': 'verity_signer', } verity_image_builder = CreateVerityImageBuilder(prop_dict) image_size = verity_image_builder.CalculateMaxImageSize() # Use an empty root directory. system_root = common.MakeTempDir() Loading @@ -124,15 +131,7 @@ class ValidateTargetFilesTest(test_utils.ReleaseToolsTestCase): stdoutdata)) # Append the verity metadata. prop_dict = { 'partition_size' : str(partition_size), 'image_size' : str(image_size), 'verity_block_device' : '/dev/block/system', 'verity_key' : os.path.join(self.testdata_dir, 'testkey'), 'verity_signer_cmd' : 'verity_signer', 'verity_size' : str(verity_size), } verity_utils.MakeVerityEnabledImage(output_file, verity_fec, prop_dict) verity_image_builder.Build(output_file) def test_ValidateVerifiedBootImages_systemImage(self): input_tmp = common.MakeTempDir() Loading tools/releasetools/test_verity_utils.py +34 −20 Original line number Diff line number Diff line Loading @@ -25,10 +25,11 @@ import sparse_img from rangelib import RangeSet from test_utils import get_testdata_dir, ReleaseToolsTestCase from verity_utils import ( AdjustPartitionSizeForVerity, AVBCalcMinPartitionSize, BLOCK_SIZE, CreateHashtreeInfoGenerator, HashtreeInfo, MakeVerityEnabledImage, CreateHashtreeInfoGenerator, CreateVerityImageBuilder, HashtreeInfo, VerifiedBootVersion1HashtreeInfoGenerator) BLOCK_SIZE = common.BLOCK_SIZE class VerifiedBootVersion1HashtreeInfoGeneratorTest(ReleaseToolsTestCase): Loading Loading @@ -64,8 +65,17 @@ class VerifiedBootVersion1HashtreeInfoGeneratorTest(ReleaseToolsTestCase): def _generate_image(self): partition_size = 1024 * 1024 adjusted_size, verity_size = AdjustPartitionSizeForVerity( partition_size, True) prop_dict = { 'partition_size': str(partition_size), 'verity': 'true', 'verity_block_device': '/dev/block/system', 'verity_key': os.path.join(self.testdata_dir, 'testkey'), 'verity_fec': 'true', 'verity_signer_cmd': 'verity_signer', } verity_image_builder = CreateVerityImageBuilder(prop_dict) self.assertIsNotNone(verity_image_builder) adjusted_size = verity_image_builder.CalculateMaxImageSize() raw_image = "" for i in range(adjusted_size): Loading @@ -74,15 +84,7 @@ class VerifiedBootVersion1HashtreeInfoGeneratorTest(ReleaseToolsTestCase): output_file = self._create_simg(raw_image) # Append the verity metadata. prop_dict = { 'partition_size': str(partition_size), 'image_size': str(adjusted_size), 'verity_block_device': '/dev/block/system', 'verity_key': os.path.join(self.testdata_dir, 'testkey'), 'verity_signer_cmd': 'verity_signer', 'verity_size': str(verity_size), } MakeVerityEnabledImage(output_file, True, prop_dict) verity_image_builder.Build(output_file) return output_file Loading Loading @@ -163,23 +165,33 @@ class VerifiedBootVersion1HashtreeInfoGeneratorTest(ReleaseToolsTestCase): self.assertEqual(self.expected_root_hash, info.root_hash) class VerityUtilsTest(ReleaseToolsTestCase): class VerifiedBootVersion2VerityImageBuilderTest(ReleaseToolsTestCase): def setUp(self): # To test AVBCalcMinPartitionSize(), by using 200MB to 2GB image size. # To test CalculateMinPartitionSize(), by using 200MB to 2GB image size. # - 51200 = 200MB * 1024 * 1024 / 4096 # - 524288 = 2GB * 1024 * 1024 * 1024 / 4096 self._image_sizes = [BLOCK_SIZE * random.randint(51200, 524288) + offset for offset in range(BLOCK_SIZE)] def test_AVBCalcMinPartitionSize_LinearFooterSize(self): prop_dict = { 'partition_size': None, 'partition_name': 'system', 'avb_avbtool': 'avbtool', 'avb_hashtree_enable': 'true', 'avb_add_hashtree_footer_args': None, } self.builder = CreateVerityImageBuilder(prop_dict) self.assertEqual(2, self.builder.version) def test_CalculateMinPartitionSize_LinearFooterSize(self): """Tests with footer size which is linear to partition size.""" for image_size in self._image_sizes: for ratio in 0.95, 0.56, 0.22: expected_size = common.RoundUpTo4K(int(math.ceil(image_size / ratio))) self.assertEqual( expected_size, AVBCalcMinPartitionSize( self.builder.CalculateMinPartitionSize( image_size, lambda x, ratio=ratio: int(x * ratio))) def test_AVBCalcMinPartitionSize_SlowerGrowthFooterSize(self): Loading @@ -191,7 +203,8 @@ class VerityUtilsTest(ReleaseToolsTestCase): return partition_size - int(math.pow(partition_size, 0.95)) for image_size in self._image_sizes: min_partition_size = AVBCalcMinPartitionSize(image_size, _SizeCalculator) min_partition_size = self.builder.CalculateMinPartitionSize( image_size, _SizeCalculator) # Checks min_partition_size can accommodate image_size. self.assertGreaterEqual( _SizeCalculator(min_partition_size), Loading @@ -201,7 +214,7 @@ class VerityUtilsTest(ReleaseToolsTestCase): _SizeCalculator(min_partition_size - BLOCK_SIZE), image_size) def test_AVBCalcMinPartitionSize_FasterGrowthFooterSize(self): def test_CalculateMinPartitionSize_FasterGrowthFooterSize(self): """Tests with footer size which grows faster than partition size.""" def _SizeCalculator(partition_size): Loading @@ -211,7 +224,8 @@ class VerityUtilsTest(ReleaseToolsTestCase): return int(math.pow(partition_size, 0.95)) for image_size in self._image_sizes: min_partition_size = AVBCalcMinPartitionSize(image_size, _SizeCalculator) min_partition_size = self.builder.CalculateMinPartitionSize( image_size, _SizeCalculator) # Checks min_partition_size can accommodate image_size. self.assertGreaterEqual( _SizeCalculator(min_partition_size), Loading tools/releasetools/verity_utils.py +358 −215 File changed.Preview size limit exceeded, changes collapsed. Show changes Loading
tools/releasetools/build_image.py +11 −59 Original line number Diff line number Diff line Loading @@ -248,20 +248,9 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None): if fs_type.startswith("squash"): fs_spans_partition = False is_verity_partition = "verity_block_device" in prop_dict verity_supported = prop_dict.get("verity") == "true" verity_fec_supported = prop_dict.get("verity_fec") == "true" avb_footer_type = None if prop_dict.get("avb_hash_enable") == "true": avb_footer_type = "hash" elif prop_dict.get("avb_hashtree_enable") == "true": avb_footer_type = "hashtree" if avb_footer_type: avbtool = prop_dict.get("avb_avbtool") avb_signing_args = prop_dict.get( "avb_add_" + avb_footer_type + "_footer_args") # Get a builder for creating an image that's to be verified by Verified Boot, # or None if not applicable. verity_image_builder = verity_utils.CreateVerityImageBuilder(prop_dict) if (prop_dict.get("use_dynamic_partition_size") == "true" and "partition_size" not in prop_dict): Loading @@ -273,13 +262,8 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None): size += int(prop_dict.get("partition_reserved_size", BYTES_IN_MB * 16)) # Round this up to a multiple of 4K so that avbtool works size = common.RoundUpTo4K(size) # Adjust partition_size to add more space for AVB footer, to prevent # it from consuming partition_reserved_size. if avb_footer_type: size = verity_utils.AVBCalcMinPartitionSize( size, lambda x: verity_utils.AVBCalcMaxImageSize( avbtool, avb_footer_type, x, avb_signing_args)) if verity_image_builder: size = verity_image_builder.CalculateDynamicPartitionSize(size) prop_dict["partition_size"] = str(size) if fs_type.startswith("ext"): if "extfs_inode_count" not in prop_dict: Loading Loading @@ -316,19 +300,8 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None): prop_dict["image_size"] = prop_dict["partition_size"] # Adjust the image size to make room for the hashes if this is to be verified. if verity_supported and is_verity_partition: partition_size = int(prop_dict.get("partition_size")) image_size, verity_size = verity_utils.AdjustPartitionSizeForVerity( partition_size, verity_fec_supported) prop_dict["image_size"] = str(image_size) prop_dict["verity_size"] = str(verity_size) # Adjust the image size for AVB hash footer or AVB hashtree footer. if avb_footer_type: partition_size = prop_dict["partition_size"] # avb_add_hash_footer_args or avb_add_hashtree_footer_args. max_image_size = verity_utils.AVBCalcMaxImageSize( avbtool, avb_footer_type, partition_size, avb_signing_args) if verity_image_builder: max_image_size = verity_image_builder.CalculateMaxImageSize() prop_dict["image_size"] = str(max_image_size) if fs_type.startswith("ext"): Loading Loading @@ -441,33 +414,12 @@ def BuildImage(in_dir, prop_dict, out_file, target_out=None): if "partition_headroom" in prop_dict and fs_type.startswith("ext4"): CheckHeadroom(mkfs_output, prop_dict) if not fs_spans_partition: mount_point = prop_dict.get("mount_point") image_size = int(prop_dict["image_size"]) sparse_image_size = verity_utils.GetSimgSize(out_file) if sparse_image_size > image_size: raise BuildImageError( "Error: {} image size of {} is larger than partition size of " "{}".format(mount_point, sparse_image_size, image_size)) if verity_supported and is_verity_partition: verity_utils.ZeroPadSimg(out_file, image_size - sparse_image_size) if not fs_spans_partition and verity_image_builder: verity_image_builder.PadSparseImage(out_file) # Create the verified image if this is to be verified. if verity_supported and is_verity_partition: verity_utils.MakeVerityEnabledImage( out_file, verity_fec_supported, prop_dict) # Add AVB HASH or HASHTREE footer (metadata). if avb_footer_type: partition_size = prop_dict["partition_size"] partition_name = prop_dict["partition_name"] # key_path and algorithm are only available when chain partition is used. key_path = prop_dict.get("avb_key_path") algorithm = prop_dict.get("avb_algorithm") salt = prop_dict.get("avb_salt") verity_utils.AVBAddFooter( out_file, avbtool, avb_footer_type, partition_size, partition_name, key_path, algorithm, salt, avb_signing_args) if verity_image_builder: verity_image_builder.Build(out_file) if run_e2fsck and prop_dict.get("skip_fsck") != "true": unsparse_image = UnsparseImage(out_file, replace=False) Loading
tools/releasetools/test_validate_target_files.py +12 −13 Original line number Diff line number Diff line Loading @@ -24,6 +24,7 @@ import common import test_utils import verity_utils from validate_target_files import ValidateVerifiedBootImages from verity_utils import CreateVerityImageBuilder class ValidateTargetFilesTest(test_utils.ReleaseToolsTestCase): Loading Loading @@ -107,10 +108,16 @@ class ValidateTargetFilesTest(test_utils.ReleaseToolsTestCase): options) def _generate_system_image(self, output_file): verity_fec = True partition_size = 1024 * 1024 image_size, verity_size = verity_utils.AdjustPartitionSizeForVerity( partition_size, verity_fec) prop_dict = { 'partition_size': str(1024 * 1024), 'verity': 'true', 'verity_block_device': '/dev/block/system', 'verity_key' : os.path.join(self.testdata_dir, 'testkey'), 'verity_fec': "true", 'verity_signer_cmd': 'verity_signer', } verity_image_builder = CreateVerityImageBuilder(prop_dict) image_size = verity_image_builder.CalculateMaxImageSize() # Use an empty root directory. system_root = common.MakeTempDir() Loading @@ -124,15 +131,7 @@ class ValidateTargetFilesTest(test_utils.ReleaseToolsTestCase): stdoutdata)) # Append the verity metadata. prop_dict = { 'partition_size' : str(partition_size), 'image_size' : str(image_size), 'verity_block_device' : '/dev/block/system', 'verity_key' : os.path.join(self.testdata_dir, 'testkey'), 'verity_signer_cmd' : 'verity_signer', 'verity_size' : str(verity_size), } verity_utils.MakeVerityEnabledImage(output_file, verity_fec, prop_dict) verity_image_builder.Build(output_file) def test_ValidateVerifiedBootImages_systemImage(self): input_tmp = common.MakeTempDir() Loading
tools/releasetools/test_verity_utils.py +34 −20 Original line number Diff line number Diff line Loading @@ -25,10 +25,11 @@ import sparse_img from rangelib import RangeSet from test_utils import get_testdata_dir, ReleaseToolsTestCase from verity_utils import ( AdjustPartitionSizeForVerity, AVBCalcMinPartitionSize, BLOCK_SIZE, CreateHashtreeInfoGenerator, HashtreeInfo, MakeVerityEnabledImage, CreateHashtreeInfoGenerator, CreateVerityImageBuilder, HashtreeInfo, VerifiedBootVersion1HashtreeInfoGenerator) BLOCK_SIZE = common.BLOCK_SIZE class VerifiedBootVersion1HashtreeInfoGeneratorTest(ReleaseToolsTestCase): Loading Loading @@ -64,8 +65,17 @@ class VerifiedBootVersion1HashtreeInfoGeneratorTest(ReleaseToolsTestCase): def _generate_image(self): partition_size = 1024 * 1024 adjusted_size, verity_size = AdjustPartitionSizeForVerity( partition_size, True) prop_dict = { 'partition_size': str(partition_size), 'verity': 'true', 'verity_block_device': '/dev/block/system', 'verity_key': os.path.join(self.testdata_dir, 'testkey'), 'verity_fec': 'true', 'verity_signer_cmd': 'verity_signer', } verity_image_builder = CreateVerityImageBuilder(prop_dict) self.assertIsNotNone(verity_image_builder) adjusted_size = verity_image_builder.CalculateMaxImageSize() raw_image = "" for i in range(adjusted_size): Loading @@ -74,15 +84,7 @@ class VerifiedBootVersion1HashtreeInfoGeneratorTest(ReleaseToolsTestCase): output_file = self._create_simg(raw_image) # Append the verity metadata. prop_dict = { 'partition_size': str(partition_size), 'image_size': str(adjusted_size), 'verity_block_device': '/dev/block/system', 'verity_key': os.path.join(self.testdata_dir, 'testkey'), 'verity_signer_cmd': 'verity_signer', 'verity_size': str(verity_size), } MakeVerityEnabledImage(output_file, True, prop_dict) verity_image_builder.Build(output_file) return output_file Loading Loading @@ -163,23 +165,33 @@ class VerifiedBootVersion1HashtreeInfoGeneratorTest(ReleaseToolsTestCase): self.assertEqual(self.expected_root_hash, info.root_hash) class VerityUtilsTest(ReleaseToolsTestCase): class VerifiedBootVersion2VerityImageBuilderTest(ReleaseToolsTestCase): def setUp(self): # To test AVBCalcMinPartitionSize(), by using 200MB to 2GB image size. # To test CalculateMinPartitionSize(), by using 200MB to 2GB image size. # - 51200 = 200MB * 1024 * 1024 / 4096 # - 524288 = 2GB * 1024 * 1024 * 1024 / 4096 self._image_sizes = [BLOCK_SIZE * random.randint(51200, 524288) + offset for offset in range(BLOCK_SIZE)] def test_AVBCalcMinPartitionSize_LinearFooterSize(self): prop_dict = { 'partition_size': None, 'partition_name': 'system', 'avb_avbtool': 'avbtool', 'avb_hashtree_enable': 'true', 'avb_add_hashtree_footer_args': None, } self.builder = CreateVerityImageBuilder(prop_dict) self.assertEqual(2, self.builder.version) def test_CalculateMinPartitionSize_LinearFooterSize(self): """Tests with footer size which is linear to partition size.""" for image_size in self._image_sizes: for ratio in 0.95, 0.56, 0.22: expected_size = common.RoundUpTo4K(int(math.ceil(image_size / ratio))) self.assertEqual( expected_size, AVBCalcMinPartitionSize( self.builder.CalculateMinPartitionSize( image_size, lambda x, ratio=ratio: int(x * ratio))) def test_AVBCalcMinPartitionSize_SlowerGrowthFooterSize(self): Loading @@ -191,7 +203,8 @@ class VerityUtilsTest(ReleaseToolsTestCase): return partition_size - int(math.pow(partition_size, 0.95)) for image_size in self._image_sizes: min_partition_size = AVBCalcMinPartitionSize(image_size, _SizeCalculator) min_partition_size = self.builder.CalculateMinPartitionSize( image_size, _SizeCalculator) # Checks min_partition_size can accommodate image_size. self.assertGreaterEqual( _SizeCalculator(min_partition_size), Loading @@ -201,7 +214,7 @@ class VerityUtilsTest(ReleaseToolsTestCase): _SizeCalculator(min_partition_size - BLOCK_SIZE), image_size) def test_AVBCalcMinPartitionSize_FasterGrowthFooterSize(self): def test_CalculateMinPartitionSize_FasterGrowthFooterSize(self): """Tests with footer size which grows faster than partition size.""" def _SizeCalculator(partition_size): Loading @@ -211,7 +224,8 @@ class VerityUtilsTest(ReleaseToolsTestCase): return int(math.pow(partition_size, 0.95)) for image_size in self._image_sizes: min_partition_size = AVBCalcMinPartitionSize(image_size, _SizeCalculator) min_partition_size = self.builder.CalculateMinPartitionSize( image_size, _SizeCalculator) # Checks min_partition_size can accommodate image_size. self.assertGreaterEqual( _SizeCalculator(min_partition_size), Loading
tools/releasetools/verity_utils.py +358 −215 File changed.Preview size limit exceeded, changes collapsed. Show changes
