Age | Commit message (Collapse) | Author |
|
This reverts commit dc7cea59b3bdf95435e4846309474b28a7fad161.
After more discussions, decides to use the approach of
--extra_footer_args, because `avbtool info_image` doesn't
output a avb property value if the length is >= 256. So
we cannot retain the avb properties based on the output of
avbtool.
Bug: 232062499
Test: atest --host certify_bootimg_test
Change-Id: Id9acb4c8d1238a30451784970443f6112508a6ec
|
|
This reverts commit f754a7c3b8fcff3f74ad67a7c8138d97c3d9e879.
After more thoughts, decided to use another approach: retaining
the AVB properties from the original footer. So no need to use
--extra_footer_args to add new AVB properties.
With this approach, the certify_bootimg script can focus on
boot signature generation without involving too much in the
AVB footer generation.
Bug: 232062499
Test: atest --host certify_bootimg_test
Change-Id: Ie11c2a144cf3a1f33b25fc2ad25ffe2c80b73518
|
|
The current glob() pattern will only certify boot-*.img
in an archive. Changing this to boot*.img to make it certify
a boot.img as well.
Bug: 223288963
Test: atest --host certify_bootimg_test
Change-Id: I7e97fd8ddaa02b628b58aedee2e8be3c8c863605
|
|
This is used to add additional properties in the AVB footer, as VTS
will be running in the GKI pre-release tests, where some VTS test cases
expect SPL settings in the AVB footer of the boot.img.
Note that the official boot.img AVB footer should be added by the
device owner to create device-specific verified boot chain. The CL
here is just to pass GKI pre-release testing.
An usage example:
certify_bootimg --boot_img boot.img \
--algorithm SHA256_RSA4096 \
--key external/avb/test/data/testkey_rsa4096.pem \
--extra_footer_args="--prop com.android.build.boot.os_version:13" \
--extra_footer_args="--prop com.android.build.boot.security_patch:2022-05-05" \
--output boot-certified-img
The above --extra_footer_args can also be specified in a gki-info.txt:
certify_bootimg_extra_footer_args=--prop com.android.build.boot.os_version:13 \
--prop com.android.build.boot.security_patch:2022-05-05
An usage example with --gki_info:
certify_bootimg --boot_img boot.img \
--algorithm SHA256_RSA4096 \
--key external/avb/test/data/testkey_rsa4096.pem \
--gki_info gki-info.txt \
--output boot-certified-img
Bug: 232062499
Test: atest --host certify_bootimg_test
Change-Id: Ib5b7c8f68c56f8318f84fe34b6ad6fa7b01f03fe
|
|
The gki_info file can be used to append additional
'extra_args' during the certification process.
An usage example:
certify_bootimg --boot_img_archive boot-img.tar.gz \
--algorithm SHA256_RSA4096 \
--key external/avb/test/data/testkey_rsa4096.pem \
--extra_args "--prop foo:bar" \
--gki_info /path/to/gki-info.txt \
--output boot-certified-img.tar.gz
An example of the file content of the gki-info.txt:
certify_bootimg_extra_args=--prop KERNEL_RELEASE:5.10.107-android13-1-00361-gf1e8564c5530-ab8332003
Bug: 230426945
Test: atest --host certify_bootimg_test
Change-Id: I484f77b4fd6eacb3cdfc2270543a2cd6d33d58c1
|
|
The common archive format in a kernel tree is usually *.tar.gz
rather than *.zip. Supports different archive formats for
--boot_img_archive (renamed from --boot_img_zip).
An usage example:
certify_bootimg --boot_img_archive boot-img.tar.gz \
--algorithm SHA256_RSA4096 \
--key external/avb/test/data/testkey_rsa4096.pem \
--extra_args "--prop foo:bar" \
--extra_args "--prop gki:nice" \
--output boot-certified-img.tar.gz
The formats of the input archive and the output archive can
be different:
certify_bootimg --boot_img_archive boot-img.zip \
--algorithm SHA256_RSA4096 \
--key external/avb/test/data/testkey_rsa4096.pem \
--extra_args "--prop foo:bar" \
--extra_args "--prop gki:nice" \
--output boot-certified-img.tar
The supported archive formats in the python binary built by
the current Android build system are:
shutil.get_unpack_formats():
[('gztar', ['.tar.gz', '.tgz'], "gzip'ed tar-file"),
('tar', ['.tar'], 'uncompressed tar file'),
('zip', ['.zip'], 'ZIP file')]
Bug: 223288963
Test: atest --host certify_bootimg_test
Change-Id: I74542c435a7b16f66708530e1c00d6fa8331e4cd
|
|
gki-info.txt from a boot-img.zip is used to provide additional
settings and should be optional.
Bug: 223288963
Test: atest --host certify_bootimg_test
Change-Id: I6ed8efe8521560786da246b614dc42ad03761d34
|
|
Uses function calls instead. This makes a certify_bootimg
binary can work without a unpack_bootimg binary. This can
reduce pre-built binaries in a kernel tree.
Bug: 180712476
Bug: 226121398
Test: atest --host mkbootimg_test
Test: atest --host certify_bootimg_test
Change-Id: I48c9f6767cb7b2c3e3bead008e630eeef310fca3
|
|
Bug: None
Test: `python3 -m pylint unpack_bootimg.py` or `repo upload .`
Test: atest --host mkbootimg_test
Change-Id: I8403f1dfa61c63b2cf928ec50b3a087227e858bc
|
|
|
|
Bug: 211741246
Change-Id: I9bd08f77d93c7b2793623dd49511f10e37d0532a
Test: Presubmit unit tests
|
|
Using shlex.split() to split extra_args in shell-like syntax
instead of str.split().
An usage example:
certify_bootimg --boot_img boot.img \
--algorithm SHA256_RSA4096 \
--key external/avb/test/data/testkey_rsa4096.pem \
--extra_args "--prop gki:nice" \
--extra_args '--prop space:"nice to meet you"' \
--output boot-certified.img
Bug: 223288963
Test: atest --host certify_bootimg_test
Change-Id: I0dd195fa7580016c2e5b4ac8ab0cb4d1ebc74fac
|
|
Support reading gki-info.txt from a boot-img.zip, to append
additional settings. e.g., adding BRANCH or BUILD_NUMBER info
into the AVB props of the boot signatures.
Bug: 223288963
Test: atest --host certify_bootimg_test
Change-Id: Ic88602a0d08154e47c0f9f63d946e04ea114d0d4
|
|
This allows us to certify multiple boot images in a
zip archive.
An usage example:
certify_bootimg --boot_img_zip boot-img.zip \
--algorithm SHA256_RSA4096 \
--key external/avb/test/data/testkey_rsa4096.pem \
--extra_args "--prop foo:bar" \
--extra_args "--prop gki:nice" \
--output boot-certified-img.zip
Bug: 223288963
Test: atest --host certify_bootimg_test
Change-Id: I5ea8b81cfc79b7e00fd530d2ac3c8418b9a6568b
|
|
Currently, building vendor_boot image will check size of
dtb image and abort if not specified. We want to allow this condition
and make user to build dtb whether in vendor_boot or vendor_kernel_boot.
Bug: 222429295
Bug: 214409109
Test: atest --host mkbootimg_test
Signed-off-by: Lucas Wei <lucaswei@google.com>
Change-Id: I7a96ddc700d2ca43bd1063fd634ef8af76e94005
|
|
Adding a new script, certify_bootimg.py, to add boot
certificates for a given boot image. The script adds
two certificates: 'boot' and 'generic_kernel'. The former
is to certify the entire boot.img, while the latter
is to certify the kernel packed in the boot.img.
It assumes all boot certificates are within the last 16K
of the boot image, i.e., the boot signature block, before
adding the AVB footer.
It also adds a non-signed AVB hash footer, for device with
AVB to use the output boot image directly if it is unlocked,
where the verification error is allowed.
An usage example:
certify_bootimg --boot_img boot.img \
--algorithm SHA256_RSA4096 \
--key external/avb/test/data/testkey_rsa4096.pem \
--extra_args "--prop foo:bar" \
--extra_args "--prop gki:nice" \
--output boot-certified.img
Bug: 223288963
Test: atest --host certify_bootimg_test
Change-Id: Id03d9967b89d87f3d3e0ce08b886909c68fac18c
|
|
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1999090
Change-Id: I3ed5c238d0a86ea0e4c63d1275c29ee454a4cf62
|
|
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1976890
Change-Id: I90f0a8f2b500fea2991ad6694b74bb196faaeefc
|
|
* Remove 'generic_ramdisk' certification since we are no longer
certifying it in VTS.
* Add 'boot' certification which certifies the entire boot.img.
* 'generic_kernel' certification certifies the kernel.img.
* Remove --boot_signature option.
* Change Android T GKI to have fixed 16K boot_signature size, and must
be appended at the end of the boot image, before appending the AVB
footer.
Bug: 211741246
Test: atest --host mkbootimg_test
Test: atest --host retrofit_gki_test
Test: ./boot_signature_info.sh boot-5.10.img
Change-Id: Ibb9f9bb9fba6a82e4c913b8c23ce519816e96eeb
|
|
|
|
Bug: 214455710
Merged-In: Iebcf0e826ae0f61a00e2ec522ceeb0e8a6ceb8e8
Change-Id: I5a6fbace443c2140a1fe614a5be1119f4f2ab5fc
|
|
Only GKI kernel, boot.img, need to be officially certified.
Also remove V3 & V4 retrofit plan as the latest consensus is to support
V2 only.
Bug: 210367929
Test: retrofit_gki_test
Change-Id: Ia1d81b3382fe62a39a028a933a1f4275977d8bbd
|
|
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1963686
Change-Id: I06a41e7a4764816e7bd881e6a04d233f1af11da7
|
|
Added SPDX-license-identifier-Apache-2.0 to:
gki/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Change-Id: I957d3faf553c8199d3468e0d1d07003c6d35c516
|
|
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1960407
Change-Id: I68fbe5c21a88b1b3edb37d5218dd6248dc84b93b
|
|
Dumps the boot_signature info of a boot.img or init_boot.img.
For debugging and development.
Bug: 210367929
Test: manual
Change-Id: Icb0a99708aacaf2784be65503b72c614481627a1
|
|
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1956320
Change-Id: I52b692e0f343bcd09c137e43525e6f48dc176cf5
|
|
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1952245
Change-Id: I7a74da524a3c248a1ce781f76a466f6acb292b1a
|
|
For easy pickup from ci.android.com
The zip archive would contain the `retrofit_gki` tool and its
dependencies plus a README file.
Bug: 210367929
Test: m dist && unzip out/dist/gki_retrofitting_tools.zip
Change-Id: I2ffb457e8c09091e7aaf248b1e18f4c4d96e4492
|
|
Bug: 210367929
Test: cd system/tools/mkbootimg/gki && atest --host-unit-test-only
Test: atest vts_gki_compliance_test
Change-Id: I972f98ec1c1c94a5df843a94d931eaf7c583a1f8
|
|
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1952244
Change-Id: I71c6d560c1ed3a915cc3b9eb0f266148ec7c48f4
|
|
Which is the concatenation of all vendor ramdisks.
Bug: 210367929
Test: manual
Change-Id: Ieeaf8093fbca397b8f3c505006e02a1c8b89a071
|
|
d423092fec
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1940794
Change-Id: I68a47b2faf959e69cdfbaf340fb890a51e68bff2
|
|
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1940794
Change-Id: I6e7668dd2b562b344b4a9d247ec7dc7acc4e2751
|
|
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1940794
Change-Id: I5e57574f9a6ee61ec8442d52bfd040afd7b1136c
|
|
|
|
am: 8bfa493d8e am: 3abe52d850 am: 14c7d4b133
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1933195
Change-Id: Ie49166af9a3c4ada00faae8dfee98ad558058b44
|
|
am: 8bfa493d8e am: 3abe52d850
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1933195
Change-Id: I6ec9f5a3fd3133a442b231e6ed34208168f99a9a
|
|
am: 8bfa493d8e
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1933195
Change-Id: I9102a4b3bb1b7b1dc69d4d15c0ad16bc47191117
|
|
|
|
times am: 388052e43c am: 91252412ac am: 83f2cc9612
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1941493
Change-Id: I53ac90fe350302833621de7310cbb9d343e9a4d3
|
|
times am: 388052e43c am: 91252412ac
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1941493
Change-Id: I048a57d51c48cfe2bea504196c7cb22710b8c45c
|
|
times am: 388052e43c
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1941493
Change-Id: Ie00c3389718ae31af33a3c2feb0d043fed5ae872
|
|
They are concatenated and forwarded to avbtool.
Bug: 211741246
Bug: 210367929
Test: atest --host mkbootimg_test
Change-Id: Iebcf0e826ae0f61a00e2ec522ceeb0e8a6ceb8e8
|
|
Test: N/A
Bug: N/A
Change-Id: I4e47c58c3527049ad73fc0e15c4f98d57d05f95e
|
|
am: c7d21760d2 am: 414d58ed95
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1933194
Change-Id: I39e1722aca21d570db8752434f72769e9a95f706
|
|
am: c7d21760d2
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1933194
Change-Id: I9f02d070454ca931f2f07b7ffd37d1d192be56ca
|
|
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1933194
Change-Id: I20eac8d67c1d969b408505b43ec4cae88ad7442c
|
|
am: 073ed07638
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1933193
Change-Id: Ib4382d1352354453b59aaf78711e462337965e10
|
|
Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1933193
Change-Id: Idfdd547183d60104f3410f8a2ed13dad9ad8b6b8
|