avbtool: Use no salt instead of random salt for persistent digest descriptors
Descriptors that use a persistent digest (where the digest value is
stored on device in persistent storage and the descriptor has an empty
digest field) cannot use a random salt generated by avbtool because that
would change the digest value. This switches the default (if no '--salt'
option is provided) to no salt if --use_persistent_digest is used with
add_hash(tree)_footer.
Fixes: 118402832
Test: atest libavb_host_unittest
Change-Id: I5115670fe013ffcc013a3b542f70a22f3d7e380e
diff --git a/README.md b/README.md
index 136e2f7..ad1e79f 100644
--- a/README.md
+++ b/README.md
@@ -769,6 +769,15 @@
uppercase partition name, in this case for the partition named 'foo'.
The token will be replaced by the digest in hexadecimal form.
+By default, when the `--use_persistent_digest` option is used with
+`add_hash_footer` or `add_hashtree_footer`, avbtool will generate a
+descriptor with no salt rather than the typical default of generating a
+random salt equal to the digest length. This is because the digest
+value is stored in persistent storage and thus cannot change over time.
+An alternative option would be to manually provide a random salt using
+`--salt`, but this salt would need to remain unchanged for the life
+of the device once the persistent digest value was written.
+
## Updating Stored Rollback Indexes
In order for Rollback Protection to work the bootloader will need to
diff --git a/avbtool b/avbtool
index 6f327f6..b027bbd 100755
--- a/avbtool
+++ b/avbtool
@@ -3036,9 +3036,10 @@
if salt:
salt = salt.decode('hex')
else:
- if salt is None:
- # If salt is not explicitly specified, choose a hash
- # that's the same size as the hash size.
+ if salt is None and not use_persistent_digest:
+ # If salt is not explicitly specified, choose a hash that's the same
+ # size as the hash size. Don't populate a random salt if this
+ # descriptor is being created to use a persistent digest on device.
hash_size = digest_size
salt = open('/dev/urandom').read(hash_size)
else:
@@ -3265,9 +3266,10 @@
if salt:
salt = salt.decode('hex')
else:
- if salt is None:
- # If salt is not explicitly specified, choose a hash
- # that's the same size as the hash size.
+ if salt is None and not use_persistent_root_digest:
+ # If salt is not explicitly specified, choose a hash that's the same
+ # size as the hash size. Don't populate a random salt if this
+ # descriptor is being created to use a persistent digest on device.
hash_size = digest_size
salt = open('/dev/urandom').read(hash_size)
else:
diff --git a/test/avb_slot_verify_unittest.cc b/test/avb_slot_verify_unittest.cc
index f8da839..f63e831 100644
--- a/test/avb_slot_verify_unittest.cc
+++ b/test/avb_slot_verify_unittest.cc
@@ -2680,7 +2680,6 @@
" --rollback_index 0"
" --partition_name factory"
" --partition_size %zd"
- " --salt deadbeef"
" --internal_release_string \"\""
" --use_persistent_digest %s",
factory_path.value().c_str(),
@@ -2709,7 +2708,7 @@
" Image Size: 5242880 bytes\n"
" Hash Algorithm: sha256\n"
" Partition Name: factory\n"
- " Salt: deadbeef\n"
+ " Salt: \n"
" Digest: \n"
" Flags: %d\n",
do_not_use_ab ? 1 : 0),
@@ -2732,7 +2731,6 @@
" --rollback_index 0"
" --partition_name factory"
" --partition_size %zd"
- " --salt deadbeef"
" --hash_algorithm %s"
" --internal_release_string \"\""
" --kernel_cmdline "
@@ -2782,7 +2780,7 @@
" FEC size: 49152 bytes\n"
" Hash Algorithm: %s\n"
" Partition Name: factory\n"
- " Salt: deadbeef\n"
+ " Salt: \n"
" Root Digest: \n"
" Flags: %d\n",
expected_tree_size,
diff --git a/test/avbtool_unittest.cc b/test/avbtool_unittest.cc
index 45b1083..c436a2a 100644
--- a/test/avbtool_unittest.cc
+++ b/test/avbtool_unittest.cc
@@ -760,7 +760,7 @@
size_t partition_size = 1024 * 1024;
base::FilePath path = GenerateImage("digest_location", 1024);
EXPECT_COMMAND(0,
- "./avbtool add_hash_footer --salt d00df00d "
+ "./avbtool add_hash_footer "
"--hash_algorithm sha256 --image %s "
"--partition_size %d --partition_name foobar "
"--algorithm SHA256_RSA2048 "
@@ -792,7 +792,7 @@
" Image Size: 1024 bytes\n"
" Hash Algorithm: sha256\n"
" Partition Name: foobar\n"
- " Salt: d00df00d\n"
+ " Salt: \n"
" Digest: \n"
" Flags: 0\n",
InfoImage(path));
@@ -845,7 +845,7 @@
size_t partition_size = 1024 * 1024;
base::FilePath path = GenerateImage("digest_location", 1024);
EXPECT_COMMAND(0,
- "./avbtool add_hash_footer --salt d00df00d "
+ "./avbtool add_hash_footer "
"--hash_algorithm sha256 --image %s "
"--partition_size %d --partition_name foobar "
"--algorithm SHA256_RSA2048 "
@@ -878,7 +878,7 @@
" Image Size: 1024 bytes\n"
" Hash Algorithm: sha256\n"
" Partition Name: foobar\n"
- " Salt: d00df00d\n"
+ " Salt: \n"
" Digest: \n"
" Flags: 1\n",
InfoImage(path));
@@ -1455,7 +1455,7 @@
size_t partition_size = 10 * 1024 * 1024;
base::FilePath path = GenerateImage("digest_location", partition_size / 2);
EXPECT_COMMAND(0,
- "./avbtool add_hashtree_footer --salt d00df00d "
+ "./avbtool add_hashtree_footer "
"--hash_algorithm sha256 --image %s "
"--partition_size %d --partition_name foobar "
"--algorithm SHA256_RSA2048 "
@@ -1495,7 +1495,7 @@
" FEC size: 49152 bytes\n"
" Hash Algorithm: sha256\n"
" Partition Name: foobar\n"
- " Salt: d00df00d\n"
+ " Salt: \n"
" Root Digest: \n"
" Flags: 0\n",
InfoImage(path));
@@ -1556,7 +1556,7 @@
size_t partition_size = 10 * 1024 * 1024;
base::FilePath path = GenerateImage("digest_location", partition_size / 2);
EXPECT_COMMAND(0,
- "./avbtool add_hashtree_footer --salt d00df00d "
+ "./avbtool add_hashtree_footer "
"--hash_algorithm sha256 --image %s "
"--partition_size %d --partition_name foobar "
"--algorithm SHA256_RSA2048 "
@@ -1597,7 +1597,7 @@
" FEC size: 49152 bytes\n"
" Hash Algorithm: sha256\n"
" Partition Name: foobar\n"
- " Salt: d00df00d\n"
+ " Salt: \n"
" Root Digest: \n"
" Flags: 1\n",
InfoImage(path));