diff options
author | Bowgo Tsai <bowgotsai@google.com> | 2022-03-18 15:55:31 +0800 |
---|---|---|
committer | Bowgo Tsai <bowgotsai@google.com> | 2022-03-21 16:12:18 +0800 |
commit | 67def5e80a68acfbb9b25e932328dff0fcbbbcb2 (patch) | |
tree | 692ff3e30430fd948752dea6bce04280bb5ceb75 | |
parent | 045c41a6aaab9eb2d5b0c4bb5df5caa1aeee9846 (diff) | |
download | mkbootimg-67def5e80a68acfbb9b25e932328dff0fcbbbcb2.tar.gz |
certify_bootimg: support gki-info.txt
Support reading gki-info.txt from a boot-img.zip, to append
additional settings. e.g., adding BRANCH or BUILD_NUMBER info
into the AVB props of the boot signatures.
Bug: 223288963
Test: atest --host certify_bootimg_test
Change-Id: Ic88602a0d08154e47c0f9f63d946e04ea114d0d4
-rwxr-xr-x | gki/certify_bootimg.py | 19 | ||||
-rw-r--r-- | gki/certify_bootimg_test.py | 35 |
2 files changed, 50 insertions, 4 deletions
diff --git a/gki/certify_bootimg.py b/gki/certify_bootimg.py index 5b642c5..57b124a 100755 --- a/gki/certify_bootimg.py +++ b/gki/certify_bootimg.py @@ -151,6 +151,20 @@ def add_avb_footer(image, partition_size): subprocess.check_call(avbtool_cmd) +def load_dict_from_file(path): + """Loads key=value pairs from |path| and returns a dict.""" + d = {} + with open(path, 'r', encoding='utf-8') as f: + for line in f: + line = line.strip() + if not line or line.startswith('#'): + continue + if '=' in line: + name, value = line.split('=', 1) + d[name] = value + return d + + def parse_cmdline(): """Parse command-line options.""" parser = ArgumentParser(add_help=True) @@ -203,10 +217,15 @@ def certify_bootimg_zip(boot_img_zip, output_zip, algorithm, key, extra_args): """Similar to certify_bootimg(), but for a zip archive of boot images.""" with tempfile.TemporaryDirectory() as unzip_dir: shutil.unpack_archive(boot_img_zip, unzip_dir) + + info_dict = load_dict_from_file(os.path.join(unzip_dir, 'gki-info.txt')) + extra_args.extend(info_dict['certify_bootimg_extra_args'].split()) + for boot_img in glob.glob(os.path.join(unzip_dir, 'boot-*.img')): print(f'Certifying {os.path.basename(boot_img)} ...') certify_bootimg(boot_img=boot_img, output_img=boot_img, algorithm=algorithm, key=key, extra_args=extra_args) + print(f'Making certified archive: {output_zip}') archive_base_name = os.path.splitext(output_zip)[0] shutil.make_archive(archive_base_name, 'zip', unzip_dir) diff --git a/gki/certify_bootimg_test.py b/gki/certify_bootimg_test.py index c84b58b..4c1ef1e 100644 --- a/gki/certify_bootimg_test.py +++ b/gki/certify_bootimg_test.py @@ -71,6 +71,9 @@ def generate_test_boot_image(boot_img, kernel_size=4096, seed='kernel', def generate_test_boot_image_archive(output_zip, boot_img_info): """Generates a zip archive of test boot images. + It also adds a file gki-info.txt, which contains additional settings for + for `certify_bootimg --extra_args`. + Args: output_zip: the output zip archive, e.g., /path/to/boot-img.zip. boot_img_info: a list of (boot_image_name, kernel_size, @@ -86,6 +89,14 @@ def generate_test_boot_image_archive(output_zip, boot_img_info): seed=name, avb_partition_size=partition_size) + gki_info = os.path.join(temp_out_dir, 'gki-info.txt') + with open(gki_info, 'w', encoding='utf-8') as f: + f.write('certify_bootimg_extra_args=' + '--prop KERNEL_RELEASE:5.10.42' + '-android13-0-00544-ged21d463f856 ' + '--prop BRANCH:android13-5.10-2022-05 ' + '--prop BUILD_NUMBER:ab8295296\n') + archive_base_name = os.path.splitext(output_zip)[0] shutil.make_archive(archive_base_name, 'zip', temp_out_dir) @@ -309,7 +320,7 @@ class CertifyBootimgTest(unittest.TestCase): 'Minimum libavb version: 1.0\n' 'Header Block: 256 bytes\n' 'Authentication Block: 576 bytes\n' - 'Auxiliary Block: 1344 bytes\n' + 'Auxiliary Block: 1536 bytes\n' 'Public key (sha1): ' '2597c218aae470a130f61162feaae70afd97f011\n' 'Algorithm: SHA256_RSA4096\n' # RSA4096 @@ -329,13 +340,17 @@ class CertifyBootimgTest(unittest.TestCase): ' Flags: 0\n' " Prop: foo -> 'bar'\n" " Prop: gki -> 'nice'\n" + " Prop: KERNEL_RELEASE -> '5.10.42-android13-0-00544-" + "ged21d463f856'\n" + " Prop: BRANCH -> 'android13-5.10-2022-05'\n" + " Prop: BUILD_NUMBER -> 'ab8295296'\n" ) self._EXPECTED_BOOT_1_0_SIGNATURE2_RSA4096 = ( # pylint: disable=C0103 'Minimum libavb version: 1.0\n' 'Header Block: 256 bytes\n' 'Authentication Block: 576 bytes\n' - 'Auxiliary Block: 1344 bytes\n' + 'Auxiliary Block: 1536 bytes\n' 'Public key (sha1): ' '2597c218aae470a130f61162feaae70afd97f011\n' 'Algorithm: SHA256_RSA4096\n' # RSA4096 @@ -355,13 +370,17 @@ class CertifyBootimgTest(unittest.TestCase): ' Flags: 0\n' " Prop: foo -> 'bar'\n" " Prop: gki -> 'nice'\n" + " Prop: KERNEL_RELEASE -> '5.10.42-android13-0-00544-" + "ged21d463f856'\n" + " Prop: BRANCH -> 'android13-5.10-2022-05'\n" + " Prop: BUILD_NUMBER -> 'ab8295296'\n" ) self._EXPECTED_BOOT_2_0_SIGNATURE1_RSA4096 = ( # pylint: disable=C0103 'Minimum libavb version: 1.0\n' 'Header Block: 256 bytes\n' 'Authentication Block: 576 bytes\n' - 'Auxiliary Block: 1344 bytes\n' + 'Auxiliary Block: 1536 bytes\n' 'Public key (sha1): ' '2597c218aae470a130f61162feaae70afd97f011\n' 'Algorithm: SHA256_RSA4096\n' # RSA4096 @@ -381,13 +400,17 @@ class CertifyBootimgTest(unittest.TestCase): ' Flags: 0\n' " Prop: foo -> 'bar'\n" " Prop: gki -> 'nice'\n" + " Prop: KERNEL_RELEASE -> '5.10.42-android13-0-00544-" + "ged21d463f856'\n" + " Prop: BRANCH -> 'android13-5.10-2022-05'\n" + " Prop: BUILD_NUMBER -> 'ab8295296'\n" ) self._EXPECTED_BOOT_2_0_SIGNATURE2_RSA4096 = ( # pylint: disable=C0103 'Minimum libavb version: 1.0\n' 'Header Block: 256 bytes\n' 'Authentication Block: 576 bytes\n' - 'Auxiliary Block: 1344 bytes\n' + 'Auxiliary Block: 1536 bytes\n' 'Public key (sha1): ' '2597c218aae470a130f61162feaae70afd97f011\n' 'Algorithm: SHA256_RSA4096\n' # RSA4096 @@ -407,6 +430,10 @@ class CertifyBootimgTest(unittest.TestCase): ' Flags: 0\n' " Prop: foo -> 'bar'\n" " Prop: gki -> 'nice'\n" + " Prop: KERNEL_RELEASE -> '5.10.42-android13-0-00544-" + "ged21d463f856'\n" + " Prop: BRANCH -> 'android13-5.10-2022-05'\n" + " Prop: BUILD_NUMBER -> 'ab8295296'\n" ) def _test_boot_signatures(self, signatures_dir, expected_signatures_info): |