Add vbmeta_system_dlkm to cuttlefish
We are preparing for packing/unpacking system_dlkm at assmble_cvd time.
To make modifying system_dlkm.img easier, add a separte vbmeta partition
for system_dlkm
Bug: 273752147
Test: launch_cvd
Change-Id: I2e99a070755233385c293f271a2c0251bc475343
diff --git a/host/commands/assemble_cvd/disk_flags.cc b/host/commands/assemble_cvd/disk_flags.cc
index 585d726..4c9b892 100644
--- a/host/commands/assemble_cvd/disk_flags.cc
+++ b/host/commands/assemble_cvd/disk_flags.cc
@@ -84,6 +84,12 @@
"to "
"be vbmeta_vendor_dlkm.img in the directory specified by "
"-system_image_dir.");
+DEFINE_string(
+ vbmeta_system_dlkm_image, CF_DEFAULTS_VBMETA_SYSTEM_DLKM_IMAGE,
+ "Location of cuttlefish vbmeta_system_dlkm image. If empty it is assumed "
+ "to "
+ "be vbmeta_system_dlkm.img in the directory specified by "
+ "-system_image_dir.");
DEFINE_string(linux_kernel_path, CF_DEFAULTS_LINUX_KERNEL_PATH,
"Location of linux kernel for cuttlefish otheros flow.");
@@ -138,6 +144,7 @@
std::string default_vbmeta_image = "";
std::string default_vbmeta_system_image = "";
std::string default_vbmeta_vendor_dlkm_image = "";
+ std::string default_vbmeta_system_dlkm_image = "";
std::string cur_system_image_dir;
std::string comma_str = "";
@@ -169,6 +176,8 @@
default_vbmeta_system_image += comma_str + cur_system_image_dir + "/vbmeta_system.img";
default_vbmeta_vendor_dlkm_image +=
comma_str + cur_system_image_dir + "/vbmeta_vendor_dlkm.img";
+ default_vbmeta_system_dlkm_image +=
+ comma_str + cur_system_image_dir + "/vbmeta_system_dlkm.img";
}
SetCommandLineOptionWithMode("boot_image", default_boot_image.c_str(),
google::FlagSettingMode::SET_FLAGS_DEFAULT);
@@ -196,6 +205,9 @@
SetCommandLineOptionWithMode("vbmeta_vendor_dlkm_image",
default_vbmeta_vendor_dlkm_image.c_str(),
google::FlagSettingMode::SET_FLAGS_DEFAULT);
+ SetCommandLineOptionWithMode("vbmeta_system_dlkm_image",
+ default_vbmeta_system_dlkm_image.c_str(),
+ google::FlagSettingMode::SET_FLAGS_DEFAULT);
return {};
}
@@ -311,6 +323,22 @@
.read_only = FLAGS_use_overlay,
});
}
+ auto vbmeta_system_dlkm_img = instance.new_vbmeta_system_dlkm_image();
+ if (!FileExists(vbmeta_system_dlkm_img)) {
+ vbmeta_system_dlkm_img = instance.vbmeta_system_dlkm_image();
+ }
+ if (FileExists(vbmeta_system_dlkm_img)) {
+ partitions.push_back(ImagePartition{
+ .label = "vbmeta_system_dlkm_a",
+ .image_file_path = AbsolutePath(vbmeta_system_dlkm_img),
+ .read_only = FLAGS_use_overlay,
+ });
+ partitions.push_back(ImagePartition{
+ .label = "vbmeta_system_dlkm_b",
+ .image_file_path = AbsolutePath(vbmeta_system_dlkm_img),
+ .read_only = FLAGS_use_overlay,
+ });
+ }
auto super_image = instance.new_super_image();
if (!FileExists(super_image)) {
super_image = instance.super_image();
@@ -1123,7 +1151,7 @@
// provide a partition which matches this or the read will fail
for (const auto& vbmeta_image :
{instance_.vbmeta_image(), instance_.vbmeta_system_image(),
- instance_.vbmeta_vendor_dlkm_image()}) {
+ instance_.vbmeta_vendor_dlkm_image(), instance_.vbmeta_system_dlkm_image()}) {
// In some configurations of cuttlefish, the vendor dlkm vbmeta image does
// not exist
if (FileExists(vbmeta_image) && FileSize(vbmeta_image) != VBMETA_MAX_SIZE) {
@@ -1221,6 +1249,8 @@
android::base::Split(FLAGS_vbmeta_system_image, ",");
auto vbmeta_vendor_dlkm_image =
android::base::Split(FLAGS_vbmeta_vendor_dlkm_image, ",");
+ auto vbmeta_system_dlkm_image =
+ android::base::Split(FLAGS_vbmeta_system_dlkm_image, ",");
std::vector<std::string> linux_kernel_path =
android::base::Split(FLAGS_linux_kernel_path, ",");
@@ -1308,12 +1338,18 @@
} else {
instance.set_vbmeta_system_image(vbmeta_system_image[instance_index]);
}
- if (instance_index >= vbmeta_system_image.size()) {
+ if (instance_index >= vbmeta_vendor_dlkm_image.size()) {
instance.set_vbmeta_vendor_dlkm_image(vbmeta_vendor_dlkm_image[0]);
} else {
instance.set_vbmeta_vendor_dlkm_image(
vbmeta_vendor_dlkm_image[instance_index]);
}
+ if (instance_index >= vbmeta_system_dlkm_image.size()) {
+ instance.set_vbmeta_system_dlkm_image(vbmeta_system_dlkm_image[0]);
+ } else {
+ instance.set_vbmeta_system_dlkm_image(
+ vbmeta_system_dlkm_image[instance_index]);
+ }
if (instance_index >= super_image.size()) {
cur_super_image = super_image[0];
} else {
diff --git a/host/commands/assemble_cvd/flags_defaults.h b/host/commands/assemble_cvd/flags_defaults.h
index 8ae1f12..0320089 100644
--- a/host/commands/assemble_cvd/flags_defaults.h
+++ b/host/commands/assemble_cvd/flags_defaults.h
@@ -113,6 +113,7 @@
#define CF_DEFAULTS_VBMETA_IMAGE CF_DEFAULTS_DYNAMIC_STRING
#define CF_DEFAULTS_VBMETA_SYSTEM_IMAGE CF_DEFAULTS_DYNAMIC_STRING
#define CF_DEFAULTS_VBMETA_VENDOR_DLKM_IMAGE CF_DEFAULTS_DYNAMIC_STRING
+#define CF_DEFAULTS_VBMETA_SYSTEM_DLKM_IMAGE CF_DEFAULTS_DYNAMIC_STRING
#define CF_DEFAULTS_VENDOR_BOOT_IMAGE CF_DEFAULTS_DYNAMIC_STRING
// Policy default parameters
diff --git a/host/libs/config/cuttlefish_config.h b/host/libs/config/cuttlefish_config.h
index 148d4ba..5b0e4fb 100644
--- a/host/libs/config/cuttlefish_config.h
+++ b/host/libs/config/cuttlefish_config.h
@@ -554,6 +554,8 @@
std::string vbmeta_system_image() const;
std::string vbmeta_vendor_dlkm_image() const;
std::string new_vbmeta_vendor_dlkm_image() const;
+ std::string vbmeta_system_dlkm_image() const;
+ std::string new_vbmeta_system_dlkm_image() const;
// otheros artifacts
std::string otheros_esp_image() const;
@@ -728,6 +730,10 @@
const std::string& vbmeta_vendor_dlkm_image);
void set_new_vbmeta_vendor_dlkm_image(
const std::string& vbmeta_vendor_dlkm_image);
+ void set_vbmeta_system_dlkm_image(
+ const std::string& vbmeta_system_dlkm_image);
+ void set_new_vbmeta_system_dlkm_image(
+ const std::string& vbmeta_system_dlkm_image);
void set_otheros_esp_image(const std::string& otheros_esp_image);
void set_linux_kernel_path(const std::string& linux_kernel_path);
void set_linux_initramfs_path(const std::string& linux_initramfs_path);
diff --git a/host/libs/config/cuttlefish_config_instance.cpp b/host/libs/config/cuttlefish_config_instance.cpp
index 18912ef..567b322 100644
--- a/host/libs/config/cuttlefish_config_instance.cpp
+++ b/host/libs/config/cuttlefish_config_instance.cpp
@@ -207,6 +207,25 @@
set_new_vbmeta_vendor_dlkm_image(const std::string& image) {
(*Dictionary())[kNewVbmetaVendorDlkmImage] = image;
}
+static constexpr char kVbmetaSystemDlkmImage[] = "vbmeta_system_dlkm_image";
+std::string CuttlefishConfig::InstanceSpecific::vbmeta_system_dlkm_image()
+ const {
+ return (*Dictionary())[kVbmetaSystemDlkmImage].asString();
+}
+void CuttlefishConfig::MutableInstanceSpecific::set_vbmeta_system_dlkm_image(
+ const std::string& image) {
+ (*Dictionary())[kVbmetaSystemDlkmImage] = image;
+}
+static constexpr char kNewVbmetaSystemDlkmImage[] =
+ "new_vbmeta_system_dlkm_image";
+std::string CuttlefishConfig::InstanceSpecific::new_vbmeta_system_dlkm_image()
+ const {
+ return (*Dictionary())[kNewVbmetaSystemDlkmImage].asString();
+}
+void CuttlefishConfig::MutableInstanceSpecific::
+ set_new_vbmeta_system_dlkm_image(const std::string& image) {
+ (*Dictionary())[kNewVbmetaSystemDlkmImage] = image;
+}
static constexpr char kOtherosEspImage[] = "otheros_esp_image";
std::string CuttlefishConfig::InstanceSpecific::otheros_esp_image() const {
return (*Dictionary())[kOtherosEspImage].asString();
diff --git a/required_images b/required_images
index 7ae2fef..ab6c2c0 100644
--- a/required_images
+++ b/required_images
@@ -6,4 +6,5 @@
vbmeta.img
vbmeta_system.img
vbmeta_vendor_dlkm.img
+vbmeta_system_dlkm.img
vendor_boot.img
diff --git a/shared/BoardConfig.mk b/shared/BoardConfig.mk
index 26f7bed..a835cf5 100644
--- a/shared/BoardConfig.mk
+++ b/shared/BoardConfig.mk
@@ -148,13 +148,19 @@
BOARD_AVB_INIT_BOOT_ROLLBACK_INDEX_LOCATION := 3
# Enabled chained vbmeta for vendor_dlkm
-BOARD_AVB_VBMETA_CUSTOM_PARTITIONS := vendor_dlkm
+BOARD_AVB_VBMETA_CUSTOM_PARTITIONS := vendor_dlkm system_dlkm
BOARD_AVB_VBMETA_VENDOR_DLKM := vendor_dlkm
BOARD_AVB_VBMETA_VENDOR_DLKM_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem
BOARD_AVB_VBMETA_VENDOR_DLKM_ALGORITHM := SHA256_RSA4096
BOARD_AVB_VBMETA_VENDOR_DLKM_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP)
BOARD_AVB_VBMETA_VENDOR_DLKM_ROLLBACK_INDEX_LOCATION := 4
+BOARD_AVB_VBMETA_SYSTEM_DLKM := system_dlkm
+BOARD_AVB_VBMETA_SYSTEM_DLKM_KEY_PATH := external/avb/test/data/testkey_rsa4096.pem
+BOARD_AVB_VBMETA_SYSTEM_DLKM_ALGORITHM := SHA256_RSA4096
+BOARD_AVB_VBMETA_SYSTEM_DLKM_ROLLBACK_INDEX := $(PLATFORM_SECURITY_PATCH_TIMESTAMP)
+BOARD_AVB_VBMETA_SYSTEM_DLKM_ROLLBACK_INDEX_LOCATION := 5
+
# Using sha256 for dm-verity partitions. b/178983355
# system, system_other, product.
diff --git a/shared/config/fstab.in b/shared/config/fstab.in
index baea40d..c14c0ff 100644
--- a/shared/config/fstab.in
+++ b/shared/config/fstab.in
@@ -21,8 +21,8 @@
vendor_dlkm /vendor_dlkm ext4 noatime,ro,errors=panic wait,logical,first_stage_mount,slotselect,avb=vbmeta_vendor_dlkm
odm_dlkm /odm_dlkm erofs ro wait,logical,first_stage_mount,slotselect,avb
odm_dlkm /odm_dlkm ext4 noatime,ro,errors=panic wait,logical,first_stage_mount,slotselect,avb
-system_dlkm /system_dlkm erofs ro wait,logical,first_stage_mount,slotselect,avb=vbmeta
-system_dlkm /system_dlkm ext4 noatime,ro,errors=panic wait,logical,first_stage_mount,slotselect,avb=vbmeta
+system_dlkm /system_dlkm erofs ro wait,logical,first_stage_mount,slotselect,avb=vbmeta_system_dlkm
+system_dlkm /system_dlkm ext4 noatime,ro,errors=panic wait,logical,first_stage_mount,slotselect,avb=vbmeta_system_dlkm
# ZRAM, SD-Card and virtiofs shares
/dev/block/zram0 none swap defaults zramsize=75%
/dev/block/vdc1 /sdcard vfat defaults recoveryonly
