commit | 9b54801b5865e4e09266c272222dfff70e0aac93 | [log] [tgz] |
---|---|---|
author | Bowgo Tsai <bowgotsai@google.com> | Tue May 14 16:57:03 2019 +0800 |
committer | Bowgo Tsai <bowgotsai@google.com> | Thu May 16 12:56:41 2019 +0800 |
tree | 79aca90122e770aefc24e6b47842a27cf69d9dd6 | |
parent | bc7e3f98f41108c03a06abbf98add08ad4a05040 [diff] |
Appending per-partition os_version into AVB props os_version is important for keymaster version binding, where it refuses to perform operations with a key that is bound to an old system version. This ensures that an attacker who discovers a weakness in an old version of system or TEE software cannot roll a device back to the vulnerable version and use keys created with the newer version. Previously, os_version for system.img is added into boot.img header for bootloader to read the value then pass to TEE before booting the HLOS. However, with project Treble to modularize each partition, all images are now in the trajectory to be built independently (still on-going). Also, in the Generic System Image (GSI) compliance test, the os_version in OEM's boot.img cannot reflect the actual version of GSI. This CL adds per-partition os_versions into AVB metadata, which is readable by bootloader via libavb without file system dependency. It's still unclear for how os_version in non-system partition should be used. We just add them for completeness here. See more details in: https://source.android.com/security/keystore/version-binding Bug: 132233601 Test: build and avbtool info_image $OUT/vbmeta.img - Prop: com.android.build.boot.os_version -> '10' - Prop: com.android.build.system.os_version -> '10' - Prop: com.android.build.system.security_patch -> '2019-06-05' - Prop: com.android.build.vendor.os_version -> '10' - Prop: com.android.build.vendor.security_patch -> '2019-06-05' - Prop: com.android.build.product.os_version -> '10' - Prop: com.android.build.product.security_patch -> '2019-06-05' Change-Id: I21a77420f2e8a3456f7a8cae5158eb8fc41319e7
This is the Makefile-based portion of the Android Build System.
For documentation on how to run a build, see Usage.txt
For a list of behavioral changes useful for Android.mk writers see Changes.md
For an outdated reference on Android.mk files, see build-system.html. Our Android.mk files look similar, but are entirely different from the Android.mk files used by the NDK build system. When searching for documentation elsewhere, ensure that it is for the platform build system -- most are not.
This Makefile-based system is in the process of being replaced with Soong, a new build system written in Go. During the transition, all of these makefiles are read by Kati, and generate a ninja file instead of being executed directly. That's combined with a ninja file read by Soong so that the build graph of the two systems can be combined and run as one.