diff options
| author | Tao Bao <tbao@google.com> | 2018-10-04 14:35:26 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2018-10-04 14:35:26 +0000 |
| commit | 4d36fcba8c7ff690d3ac725b9e0fc79719aeef64 (patch) | |
| tree | 282c8d3775b2e53dc7f1c743b2da49d9087babef | |
| parent | d6e5cb1addbdc00ac81f1228f4b62cc5b48c04cf (diff) | |
| parent | 2f057467eb699c02111c4c999d018414d9a9740b (diff) | |
| download | build-4d36fcba8c7ff690d3ac725b9e0fc79719aeef64.tar.gz | |
Merge "releasetools: build_image.BuildVerityTree() returns a tuple."
| -rwxr-xr-x | tools/releasetools/build_image.py | 9 | ||||
| -rw-r--r-- | tools/releasetools/verity_utils.py | 20 |
2 files changed, 15 insertions, 14 deletions
diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py index f1594d7322..d5ab05525e 100755 --- a/tools/releasetools/build_image.py +++ b/tools/releasetools/build_image.py @@ -330,7 +330,7 @@ def BuildVerityFEC(sparse_image_path, verity_path, verity_fec_path, "Failed to build FEC data:\n{}".format(output)) -def BuildVerityTree(sparse_image_path, verity_image_path, prop_dict): +def BuildVerityTree(sparse_image_path, verity_image_path): cmd = ["build_verity_tree", "-A", FIXED_SALT, sparse_image_path, verity_image_path] output, exit_code = RunCommand(cmd) @@ -338,8 +338,7 @@ def BuildVerityTree(sparse_image_path, verity_image_path, prop_dict): raise BuildImageError( "Failed to build verity tree:\n{}".format(output)) root, salt = output.split() - prop_dict["verity_root_hash"] = root - prop_dict["verity_salt"] = salt + return root, salt def BuildVerityMetadata(image_size, verity_metadata_path, root_hash, salt, @@ -453,11 +452,9 @@ def MakeVerityEnabledImage(out_file, fec_supported, prop_dict): verity_fec_path = os.path.join(tempdir_name, "verity_fec.img") # Build the verity tree and get the root hash and salt. - BuildVerityTree(out_file, verity_image_path, prop_dict) + root_hash, salt = BuildVerityTree(out_file, verity_image_path) # Build the metadata blocks. - root_hash = prop_dict["verity_root_hash"] - salt = prop_dict["verity_salt"] verity_disable = "verity_disable" in prop_dict BuildVerityMetadata( image_size, verity_metadata_path, root_hash, salt, block_dev, signer_path, diff --git a/tools/releasetools/verity_utils.py b/tools/releasetools/verity_utils.py index 0e605b172d..38ebcf5bf3 100644 --- a/tools/releasetools/verity_utils.py +++ b/tools/releasetools/verity_utils.py @@ -169,14 +169,17 @@ class VerifiedBootVersion1HashtreeInfoGenerator(HashtreeInfoGenerator): self.image.WriteRangeDataToFd(self.hashtree_info.filesystem_range, fd) generated_verity_tree = common.MakeTempFile(prefix="verity") - prop_dict = {} - BuildVerityTree(adjusted_partition, generated_verity_tree, prop_dict) - - assert prop_dict["verity_salt"] == self.hashtree_info.salt - if prop_dict["verity_root_hash"] != self.hashtree_info.root_hash: - print("Calculated verty root hash {} doesn't match the one in metadata" - " {}".format(prop_dict["verity_root_hash"], - self.hashtree_info.root_hash)) + root_hash, salt = BuildVerityTree(adjusted_partition, generated_verity_tree) + + # The salt should be always identical, as we use fixed value. + assert salt == self.hashtree_info.salt, \ + "Calculated salt {} doesn't match the one in metadata {}".format( + salt, self.hashtree_info.salt) + + if root_hash != self.hashtree_info.root_hash: + print( + "Calculated root hash {} doesn't match the one in metadata {}".format( + root_hash, self.hashtree_info.root_hash)) return False # Reads the generated hash tree and checks if it has the exact same bytes @@ -190,6 +193,7 @@ class VerifiedBootVersion1HashtreeInfoGenerator(HashtreeInfoGenerator): Returns: hashtree_info: The information needed to reconstruct the hashtree. + Raises: HashtreeInfoGenerationError: If we fail to generate the exact bytes of the hashtree. |