diff options
author | Bowgo Tsai <bowgotsai@google.com> | 2022-04-01 13:05:40 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2022-04-01 13:05:40 +0000 |
commit | 2fe7d1583e874b45eb678d10e1450a6e70ff4cb4 (patch) | |
tree | 0a5007630beef34dd778f47911cd3557d655a7d6 | |
parent | 1780d636188bafb60590a9527bb5deefb2524855 (diff) | |
parent | 4b5ad16a3a1c0b887251580b29f25331261bd91e (diff) | |
download | mkbootimg-android13-qpr3-c-s7-release.tar.gz |
certify_bootimg: makes gki-info.txt optional am: 79627361ad am: 6236378e71 am: 8b855eb5f8 am: cade007f98 am: 4b5ad16a3aandroid-13.0.0_r83android-13.0.0_r82android-13.0.0_r81android-13.0.0_r80android-13.0.0_r79android-13.0.0_r78android-13.0.0_r77android-13.0.0_r76android-13.0.0_r75android-13.0.0_r74android-13.0.0_r73android-13.0.0_r72android-13.0.0_r71android-13.0.0_r70android-13.0.0_r69android-13.0.0_r68android-13.0.0_r67android-13.0.0_r66android-13.0.0_r65android-13.0.0_r64android-13.0.0_r63android-13.0.0_r62android-13.0.0_r61android-13.0.0_r60android-13.0.0_r59android-13.0.0_r58android-13.0.0_r56android-13.0.0_r54android-13.0.0_r53android-13.0.0_r52android-13.0.0_r51android-13.0.0_r50android-13.0.0_r49android-13.0.0_r48android-13.0.0_r47android-13.0.0_r46android-13.0.0_r45android-13.0.0_r44android-13.0.0_r43android-13.0.0_r42android-13.0.0_r41android-13.0.0_r40android-13.0.0_r39android-13.0.0_r38android-13.0.0_r37android-13.0.0_r36android-13.0.0_r35android-13.0.0_r34android-13.0.0_r33android-13.0.0_r32android13-qpr3-s9-releaseandroid13-qpr3-s8-releaseandroid13-qpr3-s7-releaseandroid13-qpr3-s6-releaseandroid13-qpr3-s5-releaseandroid13-qpr3-s4-releaseandroid13-qpr3-s3-releaseandroid13-qpr3-s2-releaseandroid13-qpr3-s14-releaseandroid13-qpr3-s13-releaseandroid13-qpr3-s12-releaseandroid13-qpr3-s11-releaseandroid13-qpr3-s10-releaseandroid13-qpr3-s1-releaseandroid13-qpr3-releaseandroid13-qpr3-c-s8-releaseandroid13-qpr3-c-s7-releaseandroid13-qpr3-c-s6-releaseandroid13-qpr3-c-s5-releaseandroid13-qpr3-c-s4-releaseandroid13-qpr3-c-s3-releaseandroid13-qpr3-c-s2-releaseandroid13-qpr3-c-s12-releaseandroid13-qpr3-c-s11-releaseandroid13-qpr3-c-s10-releaseandroid13-qpr3-c-s1-releaseandroid13-qpr2-s9-releaseandroid13-qpr2-s8-releaseandroid13-qpr2-s7-releaseandroid13-qpr2-s6-releaseandroid13-qpr2-s5-releaseandroid13-qpr2-s3-releaseandroid13-qpr2-s2-releaseandroid13-qpr2-s12-releaseandroid13-qpr2-s11-releaseandroid13-qpr2-s10-releaseandroid13-qpr2-s1-releaseandroid13-qpr2-releaseandroid13-qpr2-b-s1-releaseandroid13-d4-s2-releaseandroid13-d4-s1-releaseandroid13-d4-release
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/2051402
Change-Id: I82058f4ecb1017fa5c5d809397c5476bc46c6304
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rwxr-xr-x | gki/certify_bootimg.py | 8 | ||||
-rw-r--r-- | gki/certify_bootimg_test.py | 140 |
2 files changed, 136 insertions, 12 deletions
diff --git a/gki/certify_bootimg.py b/gki/certify_bootimg.py index 8067526..9a7b058 100755 --- a/gki/certify_bootimg.py +++ b/gki/certify_bootimg.py @@ -213,8 +213,12 @@ def certify_bootimg_zip(boot_img_zip, output_zip, algorithm, key, extra_args): with tempfile.TemporaryDirectory() as unzip_dir: shutil.unpack_archive(boot_img_zip, unzip_dir) - info_dict = load_dict_from_file(os.path.join(unzip_dir, 'gki-info.txt')) - extra_args.extend(shlex.split(info_dict['certify_bootimg_extra_args'])) + gki_info_file = os.path.join(unzip_dir, 'gki-info.txt') + if os.path.exists(gki_info_file): + info_dict = load_dict_from_file(gki_info_file) + if 'certify_bootimg_extra_args' in info_dict: + extra_args.extend( + shlex.split(info_dict['certify_bootimg_extra_args'])) for boot_img in glob.glob(os.path.join(unzip_dir, 'boot-*.img')): print(f'Certifying {os.path.basename(boot_img)} ...') diff --git a/gki/certify_bootimg_test.py b/gki/certify_bootimg_test.py index 5fffed2..8c7c4d3 100644 --- a/gki/certify_bootimg_test.py +++ b/gki/certify_bootimg_test.py @@ -68,7 +68,7 @@ def generate_test_boot_image(boot_img, kernel_size=4096, seed='kernel', subprocess.check_call(avbtool_cmd) -def generate_test_boot_image_archive(output_zip, boot_img_info): +def generate_test_boot_image_archive(output_zip, boot_img_info, gki_info=None): """Generates a zip archive of test boot images. It also adds a file gki-info.txt, which contains additional settings for @@ -80,6 +80,8 @@ def generate_test_boot_image_archive(output_zip, boot_img_info): partition_size) tuples. e.g., [('boot-1.0.img', 4096, 4 * 1024), ('boot-2.0.img', 8192, 8 * 1024)]. + gki_info: the file content to be written into 'gki-info.txt' in the + |output_zip|. """ with tempfile.TemporaryDirectory() as temp_out_dir: for name, kernel_size, partition_size in boot_img_info: @@ -89,14 +91,10 @@ def generate_test_boot_image_archive(output_zip, boot_img_info): seed=name, avb_partition_size=partition_size) - gki_info = os.path.join(temp_out_dir, 'gki-info.txt') - with open(gki_info, 'w', encoding='utf-8') as f: - f.write('certify_bootimg_extra_args=' - '--prop KERNEL_RELEASE:5.10.42' - '-android13-0-00544-ged21d463f856 ' - '--prop BRANCH:android13-5.10-2022-05 ' - '--prop BUILD_NUMBER:ab8295296 ' - '--prop SPACE:"nice to meet you"\n') + if gki_info: + gki_info_path = os.path.join(temp_out_dir, 'gki-info.txt') + with open(gki_info_path, 'w', encoding='utf-8') as f: + f.write(gki_info) archive_base_name = os.path.splitext(output_zip)[0] shutil.make_archive(archive_base_name, 'zip', temp_out_dir) @@ -441,6 +439,58 @@ class CertifyBootimgTest(unittest.TestCase): " Prop: SPACE -> 'nice to meet you'\n" ) + self._EXPECTED_BOOT_3_0_SIGNATURE1_RSA4096 = ( # pylint: disable=C0103 + 'Minimum libavb version: 1.0\n' + 'Header Block: 256 bytes\n' + 'Authentication Block: 576 bytes\n' + 'Auxiliary Block: 1344 bytes\n' + 'Public key (sha1): ' + '2597c218aae470a130f61162feaae70afd97f011\n' + 'Algorithm: SHA256_RSA4096\n' # RSA4096 + 'Rollback Index: 0\n' + 'Flags: 0\n' + 'Rollback Index Location: 0\n' + "Release String: 'avbtool 1.2.0'\n" + 'Descriptors:\n' + ' Hash descriptor:\n' + ' Image Size: 12288 bytes\n' + ' Hash Algorithm: sha256\n' + ' Partition Name: boot\n' # boot + ' Salt: d00df00d\n' + ' Digest: ' + '9b9cd845a367d7fc9b61d6ac02b0e7c9' + 'dc3d3b219abf60dd6e19359f0353c917\n' + ' Flags: 0\n' + " Prop: gki -> 'nice'\n" + " Prop: space -> 'nice to meet you'\n" + ) + + self._EXPECTED_BOOT_3_0_SIGNATURE2_RSA4096 = ( # pylint: disable=C0103 + 'Minimum libavb version: 1.0\n' + 'Header Block: 256 bytes\n' + 'Authentication Block: 576 bytes\n' + 'Auxiliary Block: 1344 bytes\n' + 'Public key (sha1): ' + '2597c218aae470a130f61162feaae70afd97f011\n' + 'Algorithm: SHA256_RSA4096\n' # RSA4096 + 'Rollback Index: 0\n' + 'Flags: 0\n' + 'Rollback Index Location: 0\n' + "Release String: 'avbtool 1.2.0'\n" + 'Descriptors:\n' + ' Hash descriptor:\n' + ' Image Size: 8192 bytes\n' + ' Hash Algorithm: sha256\n' + ' Partition Name: generic_kernel\n' # generic_kernel + ' Salt: d00df00d\n' + ' Digest: ' + '0cd7d331ed9b32dcd92f00e2cac75595' + '52199170afe788a8fcf1954f9ea072d0\n' + ' Flags: 0\n' + " Prop: gki -> 'nice'\n" + " Prop: space -> 'nice to meet you'\n" + ) + def _test_boot_signatures(self, signatures_dir, expected_signatures_info): """Tests the info of each boot signature under the signature directory. @@ -600,11 +650,18 @@ class CertifyBootimgTest(unittest.TestCase): """Tests certify_bootimg for a boot-img.zip.""" with tempfile.TemporaryDirectory() as temp_out_dir: boot_img_zip = os.path.join(temp_out_dir, 'boot-img.zip') + gki_info = ('certify_bootimg_extra_args=' + '--prop KERNEL_RELEASE:5.10.42' + '-android13-0-00544-ged21d463f856 ' + '--prop BRANCH:android13-5.10-2022-05 ' + '--prop BUILD_NUMBER:ab8295296 ' + '--prop SPACE:"nice to meet you"\n') generate_test_boot_image_archive( boot_img_zip, # A list of (boot_img_name, kernel_size, partition_size). [('boot-1.0.img', 8 * 1024, 128 * 1024), - ('boot-2.0.img', 16 * 1024, 256 * 1024)]) + ('boot-2.0.img', 16 * 1024, 256 * 1024)], + gki_info) # Certify the boot image archive, with a RSA4096 key. boot_certified_img_zip = os.path.join(temp_out_dir, @@ -643,6 +700,69 @@ class CertifyBootimgTest(unittest.TestCase): 'boot-2.0/boot_signature2': self._EXPECTED_BOOT_2_0_SIGNATURE2_RSA4096}) + def test_certify_bootimg_archive_without_gki_info(self): + """Tests certify_bootimg for a boot-img.zip.""" + with tempfile.TemporaryDirectory() as temp_out_dir: + boot_img_zip = os.path.join(temp_out_dir, 'boot-img.zip') + + # Checks ceritfy_bootimg works for a boot-img.zip without a + # gki-info.txt. + generate_test_boot_image_archive( + boot_img_zip, + # A list of (boot_img_name, kernel_size, partition_size). + [('boot-3.0.img', 8 * 1024, 128 * 1024)], + gki_info=None) + # Certify the boot image archive, with a RSA4096 key. + boot_certified_img_zip = os.path.join(temp_out_dir, + 'boot-certified-img.zip') + certify_bootimg_cmds = [ + 'certify_bootimg', + '--boot_img_zip', boot_img_zip, + '--algorithm', 'SHA256_RSA4096', + '--key', './testdata/testkey_rsa4096.pem', + '--extra_args', '--prop gki:nice ' + '--prop space:"nice to meet you"', + '--output', boot_certified_img_zip, + ] + subprocess.run(certify_bootimg_cmds, check=True, cwd=self._exec_dir) + + # Checks ceritfy_bootimg works for a boot-img.zip with a special + # gki-info.txt. + generate_test_boot_image_archive( + boot_img_zip, + # A list of (boot_img_name, kernel_size, partition_size). + [('boot-3.0.img', 8 * 1024, 128 * 1024)], + gki_info='a=b\n' + 'c=d\n') + # Certify the boot image archive, with a RSA4096 key. + boot_certified_img_zip = os.path.join(temp_out_dir, + 'boot-certified-img.zip') + certify_bootimg_cmds = [ + 'certify_bootimg', + '--boot_img_zip', boot_img_zip, + '--algorithm', 'SHA256_RSA4096', + '--key', './testdata/testkey_rsa4096.pem', + '--extra_args', '--prop gki:nice ' + '--prop space:"nice to meet you"', + '--output', boot_certified_img_zip, + ] + subprocess.run(certify_bootimg_cmds, check=True, cwd=self._exec_dir) + + extract_boot_archive_with_signatures(boot_certified_img_zip, + temp_out_dir) + + # Checks an AVB footer exists and the image size remains. + boot_3_img = os.path.join(temp_out_dir, 'boot-3.0.img') + self.assertTrue(has_avb_footer(boot_3_img)) + self.assertEqual(os.path.getsize(boot_3_img), 128 * 1024) + + self._test_boot_signatures( + temp_out_dir, + {'boot-3.0/boot_signature1': + self._EXPECTED_BOOT_3_0_SIGNATURE1_RSA4096, + 'boot-3.0/boot_signature2': + self._EXPECTED_BOOT_3_0_SIGNATURE2_RSA4096}) + # I don't know how, but we need both the logger configuration and verbosity # level > 2 to make atest work. And yes this line needs to be at the very top |