Loading core/Makefile +6 −1 Original line number Diff line number Diff line Loading @@ -1436,7 +1436,8 @@ $(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_system_other_add_hashtree_footer_args $(if $(BOARD_AVB_ENABLE),\ $(if $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH),\ $(hide) echo "avb_system_other_key_path=$(BOARD_AVB_SYSTEM_OTHER_KEY_PATH)" >> $(1) $(hide) echo "avb_system_other_algorithm=$(BOARD_AVB_SYSTEM_OTHER_ALGORITHM)" >> $(1))) $(hide) echo "avb_system_other_algorithm=$(BOARD_AVB_SYSTEM_OTHER_ALGORITHM)" >> $(1) $(hide) echo "avb_system_extract_system_other_key=true" >> $(1))) $(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_vendor_hashtree_enable=$(BOARD_AVB_ENABLE)" >> $(1)) $(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_vendor_add_hashtree_footer_args=$(BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS)" >> $(1)) $(if $(BOARD_AVB_ENABLE),\ Loading Loading @@ -2941,6 +2942,10 @@ BOARD_AVB_SYSTEM_OTHER_KEY_PATH := $(BOARD_AVB_KEY_PATH) BOARD_AVB_SYSTEM_OTHER_ALGORITHM := $(BOARD_AVB_ALGORITHM) endif # To extract the public key of SYSTEM_OTHER_KEY_PATH will into system.img: # /system/etc/security/avb/system_other.avbpubkey. FULL_SYSTEMIMAGE_DEPS += $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH) ifndef BOARD_AVB_SYSTEM_OTHER_ROLLBACK_INDEX BOARD_AVB_SYSTEM_OTHER_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP) endif Loading tools/releasetools/build_image.py +21 −0 Original line number Diff line number Diff line Loading @@ -739,6 +739,26 @@ def SaveGlobalDict(filename, glob_dict): with open(filename, "w") as f: f.writelines(["%s=%s" % (key, value) for (key, value) in glob_dict.items()]) def ExtractSystemOtherAvbKey(in_dir, glob_dict): if glob_dict.get("avb_system_extract_system_other_key") != "true": return extract_to = os.path.join(in_dir, "etc/security/avb/system_other.avbpubkey") extract_to_dir = os.path.dirname(extract_to) if os.path.isdir(extract_to_dir): shutil.rmtree(extract_to_dir) elif os.path.isfile(extract_to_dir): os.remove(extract_to_dir) os.mkdir(extract_to_dir); # Extracts the public key used to sign system_other.img, into system.img: # /system/etc/security/avb/system_other.avbpubkey. avbtool = os.getenv('AVBTOOL') or glob_dict.get("avb_avbtool") extract_from = glob_dict.get("avb_system_other_key_path") cmd = [avbtool, "extract_public_key", "--key", extract_from, "--output", extract_to] common.RunAndCheckOutput(cmd, verbose=False) def main(argv): if len(argv) < 4 or len(argv) > 5: Loading @@ -763,6 +783,7 @@ def main(argv): mount_point = "" if image_filename == "system.img": mount_point = "system" ExtractSystemOtherAvbKey(in_dir, glob_dict) elif image_filename == "system_other.img": mount_point = "system_other" elif image_filename == "userdata.img": Loading Loading
core/Makefile +6 −1 Original line number Diff line number Diff line Loading @@ -1436,7 +1436,8 @@ $(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_system_other_add_hashtree_footer_args $(if $(BOARD_AVB_ENABLE),\ $(if $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH),\ $(hide) echo "avb_system_other_key_path=$(BOARD_AVB_SYSTEM_OTHER_KEY_PATH)" >> $(1) $(hide) echo "avb_system_other_algorithm=$(BOARD_AVB_SYSTEM_OTHER_ALGORITHM)" >> $(1))) $(hide) echo "avb_system_other_algorithm=$(BOARD_AVB_SYSTEM_OTHER_ALGORITHM)" >> $(1) $(hide) echo "avb_system_extract_system_other_key=true" >> $(1))) $(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_vendor_hashtree_enable=$(BOARD_AVB_ENABLE)" >> $(1)) $(if $(BOARD_AVB_ENABLE),$(hide) echo "avb_vendor_add_hashtree_footer_args=$(BOARD_AVB_VENDOR_ADD_HASHTREE_FOOTER_ARGS)" >> $(1)) $(if $(BOARD_AVB_ENABLE),\ Loading Loading @@ -2941,6 +2942,10 @@ BOARD_AVB_SYSTEM_OTHER_KEY_PATH := $(BOARD_AVB_KEY_PATH) BOARD_AVB_SYSTEM_OTHER_ALGORITHM := $(BOARD_AVB_ALGORITHM) endif # To extract the public key of SYSTEM_OTHER_KEY_PATH will into system.img: # /system/etc/security/avb/system_other.avbpubkey. FULL_SYSTEMIMAGE_DEPS += $(BOARD_AVB_SYSTEM_OTHER_KEY_PATH) ifndef BOARD_AVB_SYSTEM_OTHER_ROLLBACK_INDEX BOARD_AVB_SYSTEM_OTHER_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP) endif Loading
tools/releasetools/build_image.py +21 −0 Original line number Diff line number Diff line Loading @@ -739,6 +739,26 @@ def SaveGlobalDict(filename, glob_dict): with open(filename, "w") as f: f.writelines(["%s=%s" % (key, value) for (key, value) in glob_dict.items()]) def ExtractSystemOtherAvbKey(in_dir, glob_dict): if glob_dict.get("avb_system_extract_system_other_key") != "true": return extract_to = os.path.join(in_dir, "etc/security/avb/system_other.avbpubkey") extract_to_dir = os.path.dirname(extract_to) if os.path.isdir(extract_to_dir): shutil.rmtree(extract_to_dir) elif os.path.isfile(extract_to_dir): os.remove(extract_to_dir) os.mkdir(extract_to_dir); # Extracts the public key used to sign system_other.img, into system.img: # /system/etc/security/avb/system_other.avbpubkey. avbtool = os.getenv('AVBTOOL') or glob_dict.get("avb_avbtool") extract_from = glob_dict.get("avb_system_other_key_path") cmd = [avbtool, "extract_public_key", "--key", extract_from, "--output", extract_to] common.RunAndCheckOutput(cmd, verbose=False) def main(argv): if len(argv) < 4 or len(argv) > 5: Loading @@ -763,6 +783,7 @@ def main(argv): mount_point = "" if image_filename == "system.img": mount_point = "system" ExtractSystemOtherAvbKey(in_dir, glob_dict) elif image_filename == "system_other.img": mount_point = "system_other" elif image_filename == "userdata.img": Loading
