| Age | Commit message (Collapse) | Author |
|---|
|
Bug: N/A
Test: builds
Change-Id: I7f13cd6c3edcff436676e93ca305e07ba6a92b08
|
|
Bug: 34220783
Change-Id: I9a140ed7bafdb8342dbdc2c7143a765acb86ecb9
|
|
Bug: 34220783
Change-Id: I33b2ecafaebe46a45c176d5debe821ec1ecaa25b
|
|
Bug: 34220783
Change-Id: Ia8da0c96a0384826afd8b089101468ac388d0ca2
|
|
libfec_rs_host is now renamed to libfec_rs.
Bug: 34220783
Change-Id: I70dd794cbf2ed2f118849371379e424159b312a4
|
|
The current VerityVerifier.jar cannot verify verity images with FEC
metadata (since N). Replace it with a new verity verifier that uses
libfec to parse and verify verity metadata.
It accepts the same command line arguments as the old verity_verifier
script.
Usage: verity_verifier <image> -mincrypt <verity_key>
image the image file (raw or sparse image) to be verified
verity_key the verity key in mincrypt format (/verity_key on device)
Bug: 32173582
Test: $ verity_verifier $OUT/system.img -mincrypt $OUT/root/verity_key
VERIFIED
Change-Id: I8624973715dcd0f6d89d408c1c97bf584b50ce06
|
|
Host libraries don't need to have a different name from the device target.
Bug: None
Test: `make dist`
Change-Id: Ib7709a327ac2fdbdfb131e40f578217633e1f996
|
|
|
|
Convert build_verity_metadata.py to subprocess instead of commands
module.
Bug: 31500725
Test: build_verity_metadata.py executes successfully
Change-Id: I9a0db78390d330710e62a710f8f957743aebd822
|
|
|
|
verify_boot_signature currently verifies the signature in the boot image
(against the certificate embedded in the image).
This CL supports additionally verifying the signature against the given
OEM pubkey (a fixed, tamper-protected key available to the bootloader).
Usage: verify_boot_signature <path-to-boot-image>
verify_boot_signature <path-to-boot-image> <pubkey>
- Locally built boot image is signed with the default key.
$ openssl x509 -pubkey -noout -in build/target/product/security/verity.x509.pem > pubkey.pem
$ verify_boot_signature $OUT/boot.img pubkey.pem; echo $?
Signature is VALID
0
- Signed boot image should be verified with the OEM pubkey.
$ verify_boot_signature boot.img bullhead_pub.pem; echo $?
Signature is VALID
0
- Locally built boot image can be verified with its embedded certificate
but not with the OEM pubkey. This will lead to the YELLOW boot state.
$ verify_boot_signature $OUT/boot.img; echo $?
Signature is VALID
0
$ verify_boot_signature $OUT/boot.img bullhead_pub.pem; echo $?
<...>
1
Bug: 32173582
Test: See above.
Change-Id: I11043eb796ccd128885e7412e65981cbd0183fb2
|
|
Use argparse to parse input parameters for future extension.
Add 'build' and 'size' as two sub-commands.
- 'build_verity_metadata.py -s SIZE' becomes
'build_verity_metadata.py size SIZE'.
- 'build_verity_metadata.py BLOCKS METADATA_IMAGE ...' becomes
'build_verity_metadata.py build BLOCKS METADATA_IMAGE ...'.
The 'build' command now accepts an optional argument '--signer_args' to
specify signer specific arguments.
Bug: 31500665
Test: Building and signing work w/ and w/o --signer_args.
Change-Id: I3cfd2b584efad216b91d5fcd0314f4468ff7450f
|
|
So we can do "#include <ext4_utils/make_ext4fs.h>" without adding
"LOCAL_C_INCLUDES += system/extras/ext4_utils".
Also clean up the #include lines in system/extras/ext4_utils/.
Test: `m checkbuild` works.
Change-Id: I3c8b07c9b6f5996160e0cb6d9d069579b1609f60
|
|
Add an option to insert padding between ECC data and fec_header to
make it easier to position the header at the end of the partition.
Bug: 28865197
Change-Id: I8c11401df56d15362fe3eb3c2a6a91ea82b02a83
|
|
Change-Id: Ic925814191b8ac952b584a994cf455f871a8ee0c
|
|
Change-Id: If4b32546c6678afaaebffbcf1fbeee17a1879561
|
|
Bug: http://b/30708454
Change-Id: I471ed5e3be92d60a88bf75ed5e427f7e34eefbc3
|
|
|
|
* Use const reference type for for-loop index variables
to avoid unnecessary copy.
Bug: 30413223
Change-Id: I9819261087a5385fe580f805be44a2407f35cdf5
Test: build with WITH_TIDY=1
|
|
There's no need to use a different name for target and host moudles. In
Soong, it's better to use the same for both, as target and host modules
can be defined at the same time.
Change-Id: I4b3ffd0b4abcd10490578d623ae140df5c19dc76
|
|
This signer is unnecessary, because we are not using keystores.
Change-Id: Iede3b54ac137e79c51f7e673e7e32ac5717e9661
|
|
Adjust code and dependencies to use BoringSSL + libcrypto_utils
instead of libmincrypt.
Change-Id: Id1b4ee538923e9dac68a7db2521b70007119c268
|
|
Change-Id: I87252e179e191c6210d26e4055bee03fb43d8ba7
|
|
Make it possible to encode input files in pieces (not with -m).
Bug: 26251929
Change-Id: I09349368925e5e2f2a7961a712a1e933eb0b9ec8
|
|
Change-Id: Ic15d4778c7accd1382de0b440a437aba2cf67016
|
|
Since the header is now at the end, no need to take that into account
when reporting metadata location.
Change-Id: I825b5ae9d35b3ca69dead37f246568b4700298a2
|
|
|
|
Move the verity metadata block after the hash tree to make locating
it easier and more reliable.
Needs matching changes from
I6945cbab99e214566a1f9d3702333f2dbbc35816
Change-Id: Ide48f581bbba77aed6132f77b309db71630d81ed
|
|
* commit '92e11ea1b900fc89cf98604a9e2ebb5c7d570a01':
Add NOTICE files
|
|
Bug: 24571219
Change-Id: Ib7a4374974c2d0d9225caa1e43d0b78251a36bd2
|
|
The BORINGSSL_201509 define was used to make updating BoringSSL in
external/boringssl less painful. It allowed code to compile with either
the old BoringSSL (which didn't define BORINGSSL_201509) or with the new
(which does).
Now that the new version has landed, this change removes that support.
Change-Id: I19e661419f830459d015bf14e7905af2ec41b735
|
|
* commit '482fe9e37737e5d6c7d0a4e0fe303e7d097971aa':
fec: enable building on Mac
|
|
Enable the host libfec and the fec tool to be built on Mac with the
help of <utils/Compat.h>.
Change-Id: I5e7c9fac11f4a00814bad92734e703ec8dc22dc9
|
|
* commit '3625af964efa97cc7163f88ff711e67fab57af23':
Error correction: Add a tool for en/decoding files
|
|
Add fec, a tool for generating error-correcting codes for files
and recovering them.
Bug: 21893453
Change-Id: I389c92e5cc7f825d632759b9f96045767e74120a
|
|
certificate"
* commit '510ade28faa0a940965dc2d379c42fa45cdea395':
boot_signer: allow verification using an external certificate
|
|
Add a -certificate parameter, which allows one to specify an external
public key certificate to use for verifying boot image signatures:
boot_signer -verify boot.img -certificate cert.x509.pem
This makes it possible to confirm that the boot image has been signed
with a specific key.
Change-Id: I41f1a05e1c8be3bfac2a86678d81beaae0e371bb
|
|
* commit '65fd650a4ae3d8602bffc0fa469695228209e38b':
Prepare for BoringSSL update.
|
|
This change tweaks things as needed so that the code will compile
against both the BoringSSL that's currently in Android and a version
from upstream. The BORINGSSL_201509 define is temporary to allow the
switch to happen without breaking the build and a followup change will
remove it.
In this case, we backed off on removing |ERR_print_errors|, despite it
being a wart in the layering of the code.
Change-Id: I2f2f567cfc37fe2d5a69742302c5a92d289b814f
|
|
* commit '31d0d7cbc1f4ed6a9295dd326104b8071478f924':
Add <endian.h> back and stop building one tool for the Mac.
|
|
We can't stop building all this stuff until we clean up the build
system to not require the OTA tools on Mac OS. This code does actually
use htobe64 and so should have included <endian.h>, so put that back.
Change-Id: I2807b4f237d3e26d470652f373f2de85864691c4
|
|
* commit '4361173d8b9d348e9566f754044db3fedfdf47eb':
Another go at fixing the Mac build.
|
|
I don't want to have to work out how to disable building OTAs on Macs --
though we should -- but it actually looks like this file didn't need the
problematic header file anyway.
Change-Id: I9d7eff8e72192958b3e880ae48fef194820ce148
|
|
Change-Id: I1a298440130d6310523babdbbbf67c0fc1d8d48a
|
|
Change-Id: I4d389d7050970d8fd460a4238e8c2963211780b4
|
|
* commit 'd31c4c3a363b3b4b0018d81c2bdbcb15a06e5007':
Exclude verify_boot_signature from Mac build.
|
|
verify_boot_signature doesn't build on Mac currently.
Temporarily exclude it from Mac build.
Bug: 21669400
Change-Id: I7b978adafefb700d65f6fc10f69c949fce94c236
|
|
This is a reland of aa24bc89b78a5981df7618bdef78b7b49ffad14d which was
reverted in 291e20dab39783c7074191ff2d2de9b86465c10f because it broke
the git_master-gpl builder.
This version of the change uses crypto.h as a proxy for mem.h because
it'll work in both BoringSSL and OpenSSL.
(cherry picked from commit a83adf6354f3073a1938ffcd6cadd5c357856de5)
Bug: 21085331
Change-Id: I9e4c9e4d459c2e31f74180b3a3b2ab139ab76e80
|
|
* commit 'f044a21af13472bed9d74b96829a0e5597af0a7a':
Fix unused result warnings in system/extras/verity.
|
|
* commit 'd30f68d1d436f2669084315324bc1f64a581b3aa':
system/extra: include more of what you use.
|
