certify_bootimg: support gki-info.txt

Support reading gki-info.txt from a boot-img.zip, to append additional settings. e.g., adding BRANCH or BUILD_NUMBER info into the AVB props of the boot signatures. Bug: 223288963 Test: atest --host certify_bootimg_test Change-Id: Ic88602a0d08154e47c0f9f63d946e04ea114d0d4
author: Bowgo Tsai <bowgotsai@google.com> 2022-03-18 15:55:31 +0800
committer: Bowgo Tsai <bowgotsai@google.com> 2022-03-21 16:12:18 +0800
commit: 67def5e80a68acfbb9b25e932328dff0fcbbbcb2 (patch)
tree: 692ff3e30430fd948752dea6bce04280bb5ceb75
parent: 045c41a6aaab9eb2d5b0c4bb5df5caa1aeee9846 (diff)
download: mkbootimg-67def5e80a68acfbb9b25e932328dff0fcbbbcb2.tar.gz
2 files changed, 50 insertions, 4 deletions
diff --git a/gki/certify_bootimg.py b/gki/certify_bootimg.py
index 5b642c5..57b124a 100755
--- a/gki/certify_bootimg.py
+++ b/gki/certify_bootimg.py
@@ -151,6 +151,20 @@ def add_avb_footer(image, partition_size):
     subprocess.check_call(avbtool_cmd)
 
 
+def load_dict_from_file(path):
+    """Loads key=value pairs from |path| and returns a dict."""
+    d = {}
+    with open(path, 'r', encoding='utf-8') as f:
+        for line in f:
+            line = line.strip()
+            if not line or line.startswith('#'):
+                continue
+            if '=' in line:
+                name, value = line.split('=', 1)
+                d[name] = value
+    return d
+
+
 def parse_cmdline():
     """Parse command-line options."""
     parser = ArgumentParser(add_help=True)
@@ -203,10 +217,15 @@ def certify_bootimg_zip(boot_img_zip, output_zip, algorithm, key, extra_args):
     """Similar to certify_bootimg(), but for a zip archive of boot images."""
     with tempfile.TemporaryDirectory() as unzip_dir:
         shutil.unpack_archive(boot_img_zip, unzip_dir)
+
+        info_dict = load_dict_from_file(os.path.join(unzip_dir, 'gki-info.txt'))
+        extra_args.extend(info_dict['certify_bootimg_extra_args'].split())
+
         for boot_img in glob.glob(os.path.join(unzip_dir, 'boot-*.img')):
             print(f'Certifying {os.path.basename(boot_img)} ...')
             certify_bootimg(boot_img=boot_img, output_img=boot_img,
                             algorithm=algorithm, key=key, extra_args=extra_args)
+
         print(f'Making certified archive: {output_zip}')
         archive_base_name = os.path.splitext(output_zip)[0]
         shutil.make_archive(archive_base_name, 'zip', unzip_dir)
diff --git a/gki/certify_bootimg_test.py b/gki/certify_bootimg_test.py
index c84b58b..4c1ef1e 100644
--- a/gki/certify_bootimg_test.py
+++ b/gki/certify_bootimg_test.py
@@ -71,6 +71,9 @@ def generate_test_boot_image(boot_img, kernel_size=4096, seed='kernel',
 def generate_test_boot_image_archive(output_zip, boot_img_info):
     """Generates a zip archive of test boot images.
 
+    It also adds a file gki-info.txt, which contains additional settings for
+    for `certify_bootimg --extra_args`.
+
     Args:
         output_zip: the output zip archive, e.g., /path/to/boot-img.zip.
         boot_img_info: a list of (boot_image_name, kernel_size,
@@ -86,6 +89,14 @@ def generate_test_boot_image_archive(output_zip, boot_img_info):
                                      seed=name,
                                      avb_partition_size=partition_size)
 
+        gki_info = os.path.join(temp_out_dir, 'gki-info.txt')
+        with open(gki_info, 'w', encoding='utf-8') as f:
+            f.write('certify_bootimg_extra_args='
+                    '--prop KERNEL_RELEASE:5.10.42'
+                    '-android13-0-00544-ged21d463f856 '
+                    '--prop BRANCH:android13-5.10-2022-05 '
+                    '--prop BUILD_NUMBER:ab8295296\n')
+
         archive_base_name = os.path.splitext(output_zip)[0]
         shutil.make_archive(archive_base_name, 'zip', temp_out_dir)
 
@@ -309,7 +320,7 @@ class CertifyBootimgTest(unittest.TestCase):
             'Minimum libavb version:   1.0\n'
             'Header Block:             256 bytes\n'
             'Authentication Block:     576 bytes\n'
-            'Auxiliary Block:          1344 bytes\n'
+            'Auxiliary Block:          1536 bytes\n'
             'Public key (sha1):        '
             '2597c218aae470a130f61162feaae70afd97f011\n'
             'Algorithm:                SHA256_RSA4096\n'    # RSA4096
@@ -329,13 +340,17 @@ class CertifyBootimgTest(unittest.TestCase):
             '      Flags:                 0\n'
             "    Prop: foo -> 'bar'\n"
             "    Prop: gki -> 'nice'\n"
+            "    Prop: KERNEL_RELEASE -> '5.10.42-android13-0-00544-"
+            "ged21d463f856'\n"
+            "    Prop: BRANCH -> 'android13-5.10-2022-05'\n"
+            "    Prop: BUILD_NUMBER -> 'ab8295296'\n"
         )
 
         self._EXPECTED_BOOT_1_0_SIGNATURE2_RSA4096 = (   # pylint: disable=C0103
             'Minimum libavb version:   1.0\n'
             'Header Block:             256 bytes\n'
             'Authentication Block:     576 bytes\n'
-            'Auxiliary Block:          1344 bytes\n'
+            'Auxiliary Block:          1536 bytes\n'
             'Public key (sha1):        '
             '2597c218aae470a130f61162feaae70afd97f011\n'
             'Algorithm:                SHA256_RSA4096\n'    # RSA4096
@@ -355,13 +370,17 @@ class CertifyBootimgTest(unittest.TestCase):
             '      Flags:                 0\n'
             "    Prop: foo -> 'bar'\n"
             "    Prop: gki -> 'nice'\n"
+            "    Prop: KERNEL_RELEASE -> '5.10.42-android13-0-00544-"
+            "ged21d463f856'\n"
+            "    Prop: BRANCH -> 'android13-5.10-2022-05'\n"
+            "    Prop: BUILD_NUMBER -> 'ab8295296'\n"
         )
 
         self._EXPECTED_BOOT_2_0_SIGNATURE1_RSA4096 = (   # pylint: disable=C0103
             'Minimum libavb version:   1.0\n'
             'Header Block:             256 bytes\n'
             'Authentication Block:     576 bytes\n'
-            'Auxiliary Block:          1344 bytes\n'
+            'Auxiliary Block:          1536 bytes\n'
             'Public key (sha1):        '
             '2597c218aae470a130f61162feaae70afd97f011\n'
             'Algorithm:                SHA256_RSA4096\n'    # RSA4096
@@ -381,13 +400,17 @@ class CertifyBootimgTest(unittest.TestCase):
             '      Flags:                 0\n'
             "    Prop: foo -> 'bar'\n"
             "    Prop: gki -> 'nice'\n"
+            "    Prop: KERNEL_RELEASE -> '5.10.42-android13-0-00544-"
+            "ged21d463f856'\n"
+            "    Prop: BRANCH -> 'android13-5.10-2022-05'\n"
+            "    Prop: BUILD_NUMBER -> 'ab8295296'\n"
         )
 
         self._EXPECTED_BOOT_2_0_SIGNATURE2_RSA4096 = (   # pylint: disable=C0103
             'Minimum libavb version:   1.0\n'
             'Header Block:             256 bytes\n'
             'Authentication Block:     576 bytes\n'
-            'Auxiliary Block:          1344 bytes\n'
+            'Auxiliary Block:          1536 bytes\n'
             'Public key (sha1):        '
             '2597c218aae470a130f61162feaae70afd97f011\n'
             'Algorithm:                SHA256_RSA4096\n'    # RSA4096
@@ -407,6 +430,10 @@ class CertifyBootimgTest(unittest.TestCase):
             '      Flags:                 0\n'
             "    Prop: foo -> 'bar'\n"
             "    Prop: gki -> 'nice'\n"
+            "    Prop: KERNEL_RELEASE -> '5.10.42-android13-0-00544-"
+            "ged21d463f856'\n"
+            "    Prop: BRANCH -> 'android13-5.10-2022-05'\n"
+            "    Prop: BUILD_NUMBER -> 'ab8295296'\n"
         )
 
     def _test_boot_signatures(self, signatures_dir, expected_signatures_info):
author	Bowgo Tsai <bowgotsai@google.com>	2022-03-18 15:55:31 +0800
committer	Bowgo Tsai <bowgotsai@google.com>	2022-03-21 16:12:18 +0800
commit	67def5e80a68acfbb9b25e932328dff0fcbbbcb2 (patch)
tree	692ff3e30430fd948752dea6bce04280bb5ceb75
parent	045c41a6aaab9eb2d5b0c4bb5df5caa1aeee9846 (diff)
download	mkbootimg-67def5e80a68acfbb9b25e932328dff0fcbbbcb2.tar.gz