Appending per-partition os_version into AVB props

os_version is important for keymaster version binding, where it
refuses to perform operations with a key that is bound to an old
system version.  This ensures that an attacker who discovers a
weakness in an old version of system or TEE software cannot roll a
device back to the vulnerable version and use keys created with the
newer version.

Previously, os_version for system.img is added into boot.img header
for bootloader to read the value then pass to TEE before booting the
HLOS. However, with project Treble to modularize each partition, all
images are now in the trajectory to be built independently (still
on-going). Also, in the Generic System Image (GSI) compliance test,
the os_version in OEM's boot.img cannot reflect the actual version of
GSI.

This CL adds per-partition os_versions into AVB metadata, which is
readable by bootloader via libavb without file system dependency. It's
still unclear for how os_version in non-system partition should be used.
We just add them for completeness here.

See more details in:
https://source.android.com/security/keystore/version-binding

Bug: 132233601
Test: build and avbtool info_image $OUT/vbmeta.img
      - Prop: com.android.build.boot.os_version -> '10'
      - Prop: com.android.build.system.os_version -> '10'
      - Prop: com.android.build.system.security_patch -> '2019-06-05'
      - Prop: com.android.build.vendor.os_version -> '10'
      - Prop: com.android.build.vendor.security_patch -> '2019-06-05'
      - Prop: com.android.build.product.os_version -> '10'
      - Prop: com.android.build.product.security_patch -> '2019-06-05'

Change-Id: I21a77420f2e8a3456f7a8cae5158eb8fc41319e7
1 file changed
tree: 79aca90122e770aefc24e6b47842a27cf69d9dd6
  1. common/
  2. core/
  3. packaging/
  4. target/
  5. tests/
  6. tools/
  7. .gitignore
  8. buildspec.mk.default
  9. Changes.md
  10. CleanSpec.mk
  11. Deprecation.md
  12. envsetup.sh
  13. help.sh
  14. navbar.md
  15. OWNERS
  16. README.md
  17. tapasHelp.sh
  18. Usage.txt
README.md

Android Make Build System

This is the Makefile-based portion of the Android Build System.

For documentation on how to run a build, see Usage.txt

For a list of behavioral changes useful for Android.mk writers see Changes.md

For an outdated reference on Android.mk files, see build-system.html. Our Android.mk files look similar, but are entirely different from the Android.mk files used by the NDK build system. When searching for documentation elsewhere, ensure that it is for the platform build system -- most are not.

This Makefile-based system is in the process of being replaced with Soong, a new build system written in Go. During the transition, all of these makefiles are read by Kati, and generate a ninja file instead of being executed directly. That's combined with a ninja file read by Soong so that the build graph of the two systems can be combined and run as one.