Avb sign boot images

	ProductUseDynamicPartitionSize bool   `json:",omitempty"`

	CopyImagesForTargetFilesZip    bool   `json:",omitempty"`

	VendorSecurityPatch string `json:",omitempty"`

	// Boot image stuff

	BuildingRamdiskImage            bool   `json:",omitempty"`

	ProductBuildBootImage           bool   `json:",omitempty"`

	BoardBootHeaderVersion          string `json:",omitempty"`

	TargetKernelPath                string `json:",omitempty"`

	BoardUsesGenericKernelImage     bool   `json:",omitempty"`

	BootSecurityPatch               string `json:",omitempty"`

	InitBootSecurityPatch           string `json:",omitempty"`

	// Avb (android verified boot) stuff

	BoardAvbEnable          bool                                `json:",omitempty"`

	// Hash and signing algorithm for avbtool. Default is SHA256_RSA4096.

	Avb_algorithm *string

	// The security patch passed to as the com.android.build.<type>.security_patch avb property.

	// Replacement for the make variables BOOT_SECURITY_PATCH / INIT_BOOT_SECURITY_PATCH.

	Security_patch *string

}

type bootImageType int

	return unsupported

}

func (b bootImageType) String() string {

	switch b {

	case boot:

		return "boot"

	case vendorBoot:

		return "vendor_boot"

	case initBoot:

		return "init_boot"

	default:

		panic("unknown boot image type")

	}

}

func (b bootImageType) isBoot() bool {

	return b == boot

}

func (b *bootimg) GenerateAndroidBuildActions(ctx android.ModuleContext) {

	b.bootImageType = toBootImageType(ctx, proptools.StringDefault(b.properties.Boot_image_type, "boot"))

	unsignedOutput := b.buildBootImage(ctx)

	if b.bootImageType == unsupported {

		return

	}

	kernelProp := proptools.String(b.properties.Kernel_prebuilt)

	if b.bootImageType.isVendorBoot() && kernelProp != "" {

		ctx.PropertyErrorf("kernel_prebuilt", "vendor_boot partition can't have kernel")

		return

	}

	if b.bootImageType.isBoot() && kernelProp == "" {

		ctx.PropertyErrorf("kernel_prebuilt", "boot partition must have kernel")

		return

	}

	var kernel android.Path

	if kernelProp != "" {

		kernel = android.PathForModuleSrc(ctx, kernelProp)

	}

	unsignedOutput := b.buildBootImage(ctx, kernel)

	output := unsignedOutput

	if proptools.Bool(b.properties.Use_avb) {

		// This bootimg module supports 2 modes of avb signing, it picks between them based on

		// if the private key is specified or not. If there is a key, it does a signing process

		// similar to how the regular partitions (system, product, vendor, etc) are signed.

		// If the key is not provided, it will just add an avb footer to the image. The avb

		// footer only signing is how the make-built init_boot, boot, and vendor_boot images are

		// built.

		if proptools.String(b.properties.Avb_private_key) != "" {

			output = b.signImage(ctx, unsignedOutput)

		} else {

			output = b.addAvbFooter(ctx, unsignedOutput, kernel)

		}

	}

	b.installDir = android.PathForModuleInstall(ctx, "etc")

	b.output = output

}

func (b *bootimg) buildBootImage(ctx android.ModuleContext) android.Path {

func (b *bootimg) buildBootImage(ctx android.ModuleContext, kernel android.Path) android.Path {

	output := android.PathForModuleOut(ctx, "unsigned", b.installFileName())

	builder := android.NewRuleBuilder(pctx, ctx)

	cmd := builder.Command().BuiltTool("mkbootimg")

	kernel := proptools.String(b.properties.Kernel_prebuilt)

	if b.bootImageType.isVendorBoot() && kernel != "" {

		ctx.PropertyErrorf("kernel_prebuilt", "vendor_boot partition can't have kernel")

		return output

	}

	if b.bootImageType.isBoot() && kernel == "" {

		ctx.PropertyErrorf("kernel_prebuilt", "boot partition must have kernel")

		return output

	}

	if kernel != "" {

		cmd.FlagWithInput("--kernel ", android.PathForModuleSrc(ctx, kernel))

	if kernel != nil {

		cmd.FlagWithInput("--kernel ", kernel)

	}

	// These arguments are passed for boot.img and init_boot.img generation

	return output

}

func (b *bootimg) addAvbFooter(ctx android.ModuleContext, unsignedImage android.Path, kernel android.Path) android.Path {

	output := android.PathForModuleOut(ctx, b.installFileName())

	builder := android.NewRuleBuilder(pctx, ctx)

	builder.Command().Text("cp").Input(unsignedImage).Output(output)

	cmd := builder.Command().BuiltTool("avbtool").

		Text("add_hash_footer").

		FlagWithInput("--image ", output)

	if b.properties.Partition_size != nil {

		cmd.FlagWithArg("--partition_size ", strconv.FormatInt(*b.properties.Partition_size, 10))

	} else {

		cmd.Flag("--dynamic_partition_size")

	}

	if kernel != nil {

		cmd.Textf(`--salt $(sha256sum "%s" | cut -d " " -f 1)`, kernel.String())

		cmd.Implicit(kernel)

	}

	cmd.FlagWithArg("--partition_name ", b.bootImageType.String())

	if !b.bootImageType.isVendorBoot() {

		cmd.FlagWithArg("--prop ", proptools.NinjaAndShellEscape(fmt.Sprintf(

			"com.android.build.%s.os_version:%s", b.bootImageType.String(), ctx.Config().PlatformVersionLastStable())))

	}

	fingerprintFile := ctx.Config().BuildFingerprintFile(ctx)

	cmd.FlagWithArg("--prop ", fmt.Sprintf("com.android.build.%s.fingerprint:%s", b.bootImageType.String(), fingerprintFile.String()))

	cmd.OrderOnly(fingerprintFile)

	if b.properties.Security_patch != nil {

		cmd.FlagWithArg("--prop ", proptools.NinjaAndShellEscape(fmt.Sprintf(

			"com.android.build.%s.security_patch:%s", b.bootImageType.String(), *b.properties.Security_patch)))

	}

	builder.Build("add_avb_footer", fmt.Sprintf("Adding avb footer to %s", b.BaseModuleName()))

	return output

}

func (b *bootimg) signImage(ctx android.ModuleContext, unsignedImage android.Path) android.Path {

	propFile, toolDeps := b.buildPropFile(ctx)

		partitionSize = &parsed

	}

	var securityPatch *string

	if partitionVariables.BootSecurityPatch != "" {

		securityPatch = &partitionVariables.BootSecurityPatch

	}

	bootImageName := generatedModuleNameForPartition(ctx.Config(), "boot")

	ctx.CreateModule(

			Kernel_prebuilt: proptools.StringPtr(":" + kernelFilegroupName),

			Header_version:  proptools.StringPtr(partitionVariables.BoardBootHeaderVersion),

			Partition_size:  partitionSize,

			Use_avb:         &partitionVariables.BoardAvbEnable,

			Security_patch:  securityPatch,

		},

		&struct {

			Name *string

			Boot_image_type: proptools.StringPtr("vendor_boot"),

			Ramdisk_module:  proptools.StringPtr(generatedModuleNameForPartition(ctx.Config(), "vendor_ramdisk")),

			Header_version:  proptools.StringPtr(partitionVariables.BoardBootHeaderVersion),

			Use_avb:         &partitionVariables.BoardAvbEnable,

		},

		&struct {

			Name *string

	bootImageName := generatedModuleNameForPartition(ctx.Config(), "init_boot")

	var securityPatch *string

	if partitionVariables.InitBootSecurityPatch != "" {

		securityPatch = &partitionVariables.InitBootSecurityPatch

	} else if partitionVariables.BootSecurityPatch != "" {

		securityPatch = &partitionVariables.BootSecurityPatch

	}

	ctx.CreateModule(

		filesystem.BootimgFactory,

		&filesystem.BootimgProperties{

			Boot_image_type: proptools.StringPtr("init_boot"),

			Ramdisk_module:  proptools.StringPtr(generatedModuleNameForPartition(ctx.Config(), "ramdisk")),

			Header_version:  proptools.StringPtr(partitionVariables.BoardBootHeaderVersion),

			Use_avb:         &partitionVariables.BoardAvbEnable,

			Security_patch:  securityPatch,

		},

		&struct {

			Name *string