commit ac4076de9d5c517e144090487dc165538d15b0d2
author Jiyong Park <jiyong@google.com> Mon Mar 15 23:21:30 2021 +0900
committer Jiyong Park <jiyong@google.com> Tue Mar 16 00:34:57 2021 +0900
tree 79fca3600469760d256cf8c9c0e791c9374dbf0b
parent aa52d66cd572d2cc62573078c02cad062e7ddeb5

bootimg signs image using verity_utils

Previously, bootimg signed the image using avbtool. This didn't work
because avbtool always requires that the partition size is given via
'--partition_size' parameter. The partition size is hard to estimate
especially when the image is not for a real physical partition, but for
a logical partition in a composite image.

With this change, the signing of bootimg is done by verity_utils.py
which internally uses avbtool. The python script is capable of
calculating the minimum required partition size when the partition size
is not given.

In addition, this change adds 'partition_name' property to the
`android_filesystem` module type so that we can customize the partition
name field in the vbmeta descriptor.

Bug: 180676957
Test: m microdroid-boot-5.10
Change-Id: I2e4aa626cf06a2177b4a8d90ff9b9006d2927ae4

filesystem/bootimg.go

diff --git a/filesystem/bootimg.go b/filesystem/bootimg.go
index 876e189..ce1c855 100644
--- a/filesystem/bootimg.go
+++ b/filesystem/bootimg.go
@@ -17,6 +17,7 @@
 import (
 	"fmt"
 	"strconv"
+	"strings"
 
 	"github.com/google/blueprint"
 	"github.com/google/blueprint/proptools"
@@ -200,22 +201,46 @@
 }
 
 func (b *bootimg) signImage(ctx android.ModuleContext, unsignedImage android.OutputPath) android.OutputPath {
-	output := android.PathForModuleOut(ctx, b.installFileName()).OutputPath
-	key := android.PathForModuleSrc(ctx, proptools.String(b.properties.Avb_private_key))
+	propFile, toolDeps := b.buildPropFile(ctx)
 
+	output := android.PathForModuleOut(ctx, b.installFileName()).OutputPath
 	builder := android.NewRuleBuilder(pctx, ctx)
 	builder.Command().Text("cp").Input(unsignedImage).Output(output)
-	builder.Command().
-		BuiltTool("avbtool").
-		Flag("add_hash_footer").
-		FlagWithArg("--partition_name ", b.partitionName()).
-		FlagWithInput("--key ", key).
-		FlagWithOutput("--image ", output)
+	builder.Command().BuiltTool("verity_utils").
+		Input(propFile).
+		Implicits(toolDeps).
+		Output(output)
 
 	builder.Build("sign_bootimg", fmt.Sprintf("Signing %s", b.BaseModuleName()))
 	return output
 }
 
+func (b *bootimg) buildPropFile(ctx android.ModuleContext) (propFile android.OutputPath, toolDeps android.Paths) {
+	var sb strings.Builder
+	var deps android.Paths
+	addStr := func(name string, value string) {
+		fmt.Fprintf(&sb, "%s=%s\n", name, value)
+	}
+	addPath := func(name string, path android.Path) {
+		addStr(name, path.String())
+		deps = append(deps, path)
+	}
+
+	addStr("avb_hash_enable", "true")
+	addPath("avb_avbtool", ctx.Config().HostToolPath(ctx, "avbtool"))
+	algorithm := proptools.StringDefault(b.properties.Avb_algorithm, "SHA256_RSA4096")
+	addStr("avb_algorithm", algorithm)
+	key := android.PathForModuleSrc(ctx, proptools.String(b.properties.Avb_private_key))
+	addPath("avb_key_path", key)
+	addStr("avb_add_hash_footer_args", "") // TODO(jiyong): add --rollback_index
+	partitionName := proptools.StringDefault(b.properties.Partition_name, b.Name())
+	addStr("partition_name", partitionName)
+
+	propFile = android.PathForModuleOut(ctx, "prop").OutputPath
+	android.WriteFileRule(ctx, propFile, sb.String())
+	return propFile, deps
+}
+
 var _ android.AndroidMkEntriesProvider = (*bootimg)(nil)
 
 // Implements android.AndroidMkEntriesProvider