Support certifying the boot.img in a boot-img.tar.gz
The current glob() pattern will only certify boot-*.img
in an archive. Changing this to boot*.img to make it certify
a boot.img as well.
Bug: 223288963
Test: atest --host certify_bootimg_test
Change-Id: I7e97fd8ddaa02b628b58aedee2e8be3c8c863605
diff --git a/gki/certify_bootimg.py b/gki/certify_bootimg.py
index 2c3d80e..68a042e 100755
--- a/gki/certify_bootimg.py
+++ b/gki/certify_bootimg.py
@@ -273,7 +273,7 @@
if os.path.exists(gki_info_file):
load_gki_info_file(gki_info_file, extra_args, extra_footer_args)
- for boot_img in glob.glob(os.path.join(unpack_dir, 'boot-*.img')):
+ for boot_img in glob.glob(os.path.join(unpack_dir, 'boot*.img')):
print(f'Certifying {os.path.basename(boot_img)} ...')
certify_bootimg(boot_img=boot_img, output_img=boot_img,
algorithm=algorithm, key=key, extra_args=extra_args,
diff --git a/gki/certify_bootimg_test.py b/gki/certify_bootimg_test.py
index 779c46f..ec5f505 100644
--- a/gki/certify_bootimg_test.py
+++ b/gki/certify_bootimg_test.py
@@ -82,8 +82,8 @@
e.g., 'zip', 'tar', or 'gztar', etc.
boot_img_info: a list of (boot_image_name, kernel_size,
partition_size) tuples. e.g.,
- [('boot-1.0.img', 4096, 4 * 1024),
- ('boot-2.0.img', 8192, 8 * 1024)].
+ [('boot.img', 4096, 4 * 1024),
+ ('boot-lz4.img', 8192, 8 * 1024)].
gki_info: the file content to be written into 'gki-info.txt' in the
created archive.
@@ -186,18 +186,18 @@
def extract_boot_archive_with_signatures(boot_img_archive, output_dir):
"""Extracts boot images and signatures of a boot images archive.
- Suppose there are two boot images in |boot_img_archive|: boot-1.0.img
- and boot-2.0.img. This function then extracts each boot-*.img and
+ Suppose there are two boot images in |boot_img_archive|: boot.img
+ and boot-lz4.img. This function then extracts each boot*.img and
their signatures as:
- - |output_dir|/boot-1.0.img
- - |output_dir|/boot-2.0.img
- - |output_dir|/boot-1.0/boot_signature1
- - |output_dir|/boot-1.0/boot_signature2
- - |output_dir|/boot-2.0/boot_signature1
- - |output_dir|/boot-2.0/boot_signature2
+ - |output_dir|/boot.img
+ - |output_dir|/boot-lz4.img
+ - |output_dir|/boot/boot_signature1
+ - |output_dir|/boot/boot_signature2
+ - |output_dir|/boot-lz4/boot_signature1
+ - |output_dir|/boot-lz4/boot_signature2
"""
shutil.unpack_archive(boot_img_archive, output_dir)
- for boot_img in glob.glob(os.path.join(output_dir, 'boot-*.img')):
+ for boot_img in glob.glob(os.path.join(output_dir, 'boot*.img')):
img_name = os.path.splitext(os.path.basename(boot_img))[0]
signature_output_dir = os.path.join(output_dir, img_name)
os.mkdir(signature_output_dir, 0o777)
@@ -316,7 +316,7 @@
" Prop: com.android.build.boot.security_patch -> '2022-05-05'\n"
)
- self._EXPECTED_AVB_FOOTER_BOOT_1_0 = ( # pylint: disable=C0103
+ self._EXPECTED_AVB_FOOTER_BOOT = ( # pylint: disable=C0103
'Footer version: 1.0\n'
'Image size: 131072 bytes\n'
'Original image size: 28672 bytes\n'
@@ -339,8 +339,8 @@
' Partition Name: boot\n'
' Salt: a11ba11b\n'
' Digest: '
- '634e60e08f5b83842c70fa0efa05de87'
- '643cd75357f06eff9acc3d1f93e26795\n'
+ 'b93084707ba2367120e19547f17f1073'
+ '4c7ad8e56008ec2159d5f01b950335ad\n'
' Flags: 0\n'
" Prop: avb -> 'nice'\n"
" Prop: avb_space -> 'nice to meet you'\n"
@@ -348,7 +348,7 @@
" Prop: com.android.build.boot.security_patch -> '2022-05-05'\n"
)
- self._EXPECTED_AVB_FOOTER_BOOT_2_0 = ( # pylint: disable=C0103
+ self._EXPECTED_AVB_FOOTER_BOOT_LZ4 = ( # pylint: disable=C0103
'Footer version: 1.0\n'
'Image size: 262144 bytes\n'
'Original image size: 36864 bytes\n'
@@ -371,8 +371,8 @@
' Partition Name: boot\n'
' Salt: a11ba11b\n'
' Digest: '
- 'f9bb362d8d0e6559f9f8f42eeaf4da9f'
- '0fca6093de74ac406f76719fd0b20102\n'
+ '6b3f583f1bc5fbc284102e0185d02c6b'
+ '294f675c95b9337e89ea1e6b743af2ab\n'
' Flags: 0\n'
" Prop: avb -> 'nice'\n"
" Prop: avb_space -> 'nice to meet you'\n"
@@ -380,7 +380,7 @@
" Prop: com.android.build.boot.security_patch -> '2022-05-05'\n"
)
- self._EXPECTED_AVB_FOOTER_BOOT_3_0 = ( # pylint: disable=C0103
+ self._EXPECTED_AVB_FOOTER_BOOT_GZ = ( # pylint: disable=C0103
'Footer version: 1.0\n'
'Image size: 131072 bytes\n'
'Original image size: 28672 bytes\n'
@@ -403,8 +403,8 @@
' Partition Name: boot\n'
' Salt: a11ba11b\n'
' Digest: '
- 'fb0326a78b3794c79fad414d10f8d69a'
- '86a0da49e5320bd5b4fc09272cb2cad9\n'
+ 'd2098d507e039afc6b4d7ec3de129a8d'
+ 'd0e0cf889c9181ebee65ce2fb25de3f5\n'
' Flags: 0\n'
" Prop: avb -> 'nice'\n"
" Prop: avb_space -> 'nice to meet you'\n"
@@ -576,7 +576,7 @@
" Prop: GKI_INFO -> 'added here'\n"
)
- self._EXPECTED_BOOT_1_0_SIGNATURE1_RSA4096 = ( # pylint: disable=C0103
+ self._EXPECTED_BOOT_SIGNATURE1_RSA4096 = ( # pylint: disable=C0103
'Minimum libavb version: 1.0\n'
'Header Block: 256 bytes\n'
'Authentication Block: 576 bytes\n'
@@ -595,8 +595,8 @@
' Partition Name: boot\n' # boot
' Salt: d00df00d\n'
' Digest: '
- '88465e463bffb9f7dfc0c1f46d01bcf3'
- '15f7693e19bd188a0ca1feca2ed7b9df\n'
+ '30208b4d0a6d16db47fc13c9527bfe81'
+ 'a168d3b3940325d1ca8d3439792bfe18\n'
' Flags: 0\n'
" Prop: gki -> 'nice'\n"
" Prop: space -> 'nice to meet you'\n"
@@ -607,7 +607,7 @@
" Prop: SPACE -> 'nice to meet you'\n"
)
- self._EXPECTED_BOOT_1_0_SIGNATURE2_RSA4096 = ( # pylint: disable=C0103
+ self._EXPECTED_BOOT_SIGNATURE2_RSA4096 = ( # pylint: disable=C0103
'Minimum libavb version: 1.0\n'
'Header Block: 256 bytes\n'
'Authentication Block: 576 bytes\n'
@@ -626,8 +626,8 @@
' Partition Name: generic_kernel\n' # generic_kernel
' Salt: d00df00d\n'
' Digest: '
- '14ac8d0d233e57a317acd05cd458f2bb'
- 'cc78725ef9f66c1b38e90697fb09d943\n'
+ 'd4c8847e7d9900a98f77e1f0b5272854'
+ '7bf9c1e428fea500d419275f72ec5bd6\n'
' Flags: 0\n'
" Prop: gki -> 'nice'\n"
" Prop: space -> 'nice to meet you'\n"
@@ -638,7 +638,7 @@
" Prop: SPACE -> 'nice to meet you'\n"
)
- self._EXPECTED_BOOT_2_0_SIGNATURE1_RSA4096 = ( # pylint: disable=C0103
+ self._EXPECTED_BOOT_LZ4_SIGNATURE1_RSA4096 = ( # pylint: disable=C0103
'Minimum libavb version: 1.0\n'
'Header Block: 256 bytes\n'
'Authentication Block: 576 bytes\n'
@@ -657,8 +657,8 @@
' Partition Name: boot\n' # boot
' Salt: d00df00d\n'
' Digest: '
- '3e6a9854a9d2350a7071083bc3f37376'
- '37573fd87b1c72b146cb4870ac6af36f\n'
+ '9d3a0670a9fd3de66e940117ef97700f'
+ 'ed5fd1c6fb90798fd3873af45fc91cb4\n'
' Flags: 0\n'
" Prop: gki -> 'nice'\n"
" Prop: space -> 'nice to meet you'\n"
@@ -669,7 +669,7 @@
" Prop: SPACE -> 'nice to meet you'\n"
)
- self._EXPECTED_BOOT_2_0_SIGNATURE2_RSA4096 = ( # pylint: disable=C0103
+ self._EXPECTED_BOOT_LZ4_SIGNATURE2_RSA4096 = ( # pylint: disable=C0103
'Minimum libavb version: 1.0\n'
'Header Block: 256 bytes\n'
'Authentication Block: 576 bytes\n'
@@ -688,8 +688,8 @@
' Partition Name: generic_kernel\n' # generic_kernel
' Salt: d00df00d\n'
' Digest: '
- '92fb8443cd284b67a4cbf5ce00348b50'
- '1c657e0aedf4e2181c92ad7fc8b5224f\n'
+ '7d109e3dccca9e30e04249162d07e58c'
+ '62fdf269804b35857b956fba339b2679\n'
' Flags: 0\n'
" Prop: gki -> 'nice'\n"
" Prop: space -> 'nice to meet you'\n"
@@ -700,7 +700,7 @@
" Prop: SPACE -> 'nice to meet you'\n"
)
- self._EXPECTED_BOOT_3_0_SIGNATURE1_RSA4096 = ( # pylint: disable=C0103
+ self._EXPECTED_BOOT_GZ_SIGNATURE1_RSA4096 = ( # pylint: disable=C0103
'Minimum libavb version: 1.0\n'
'Header Block: 256 bytes\n'
'Authentication Block: 576 bytes\n'
@@ -719,14 +719,14 @@
' Partition Name: boot\n' # boot
' Salt: d00df00d\n'
' Digest: '
- '9b9cd845a367d7fc9b61d6ac02b0e7c9'
- 'dc3d3b219abf60dd6e19359f0353c917\n'
+ '6fcddc6167ae3c2037b424d35c3ef107'
+ 'f586510dbb2d652d7c08b88e6ea52fc6\n'
' Flags: 0\n'
" Prop: gki -> 'nice'\n"
" Prop: space -> 'nice to meet you'\n"
)
- self._EXPECTED_BOOT_3_0_SIGNATURE2_RSA4096 = ( # pylint: disable=C0103
+ self._EXPECTED_BOOT_GZ_SIGNATURE2_RSA4096 = ( # pylint: disable=C0103
'Minimum libavb version: 1.0\n'
'Header Block: 256 bytes\n'
'Authentication Block: 576 bytes\n'
@@ -745,8 +745,8 @@
' Partition Name: generic_kernel\n' # generic_kernel
' Salt: d00df00d\n'
' Digest: '
- '0cd7d331ed9b32dcd92f00e2cac75595'
- '52199170afe788a8fcf1954f9ea072d0\n'
+ '7a6a43eb4048b783346fb6d039103647'
+ '6c4313146da521467af282dff1838d0e\n'
' Flags: 0\n'
" Prop: gki -> 'nice'\n"
" Prop: space -> 'nice to meet you'\n"
@@ -999,8 +999,8 @@
boot_img_archive_name,
'gztar',
# A list of (boot_img_name, kernel_size, partition_size).
- [('boot-1.0.img', 8 * 1024, 128 * 1024),
- ('boot-2.0.img', 16 * 1024, 256 * 1024)],
+ [('boot.img', 8 * 1024, 128 * 1024),
+ ('boot-lz4.img', 16 * 1024, 256 * 1024)],
gki_info)
# Certify the boot image archive, with a RSA4096 key.
@@ -1023,31 +1023,31 @@
temp_out_dir)
# Checks an AVB footer exists and the image size remains.
- boot_1_img = os.path.join(temp_out_dir, 'boot-1.0.img')
- self.assertTrue(has_avb_footer(boot_1_img))
- self.assertEqual(os.path.getsize(boot_1_img), 128 * 1024)
+ boot_img = os.path.join(temp_out_dir, 'boot.img')
+ self.assertTrue(has_avb_footer(boot_img))
+ self.assertEqual(os.path.getsize(boot_img), 128 * 1024)
- boot_2_img = os.path.join(temp_out_dir, 'boot-2.0.img')
- self.assertTrue(has_avb_footer(boot_2_img))
- self.assertEqual(os.path.getsize(boot_2_img), 256 * 1024)
+ boot_lz4_img = os.path.join(temp_out_dir, 'boot-lz4.img')
+ self.assertTrue(has_avb_footer(boot_lz4_img))
+ self.assertEqual(os.path.getsize(boot_lz4_img), 256 * 1024)
# Checks the content in the AVB footer.
self._test_boot_signatures(
temp_out_dir,
- {'boot-1.0.img': self._EXPECTED_AVB_FOOTER_BOOT_1_0,
- 'boot-2.0.img': self._EXPECTED_AVB_FOOTER_BOOT_2_0})
+ {'boot.img': self._EXPECTED_AVB_FOOTER_BOOT,
+ 'boot-lz4.img': self._EXPECTED_AVB_FOOTER_BOOT_LZ4})
# Checks the content in the GKI certificate.
self._test_boot_signatures(
temp_out_dir,
- {'boot-1.0/boot_signature1':
- self._EXPECTED_BOOT_1_0_SIGNATURE1_RSA4096,
- 'boot-1.0/boot_signature2':
- self._EXPECTED_BOOT_1_0_SIGNATURE2_RSA4096,
- 'boot-2.0/boot_signature1':
- self._EXPECTED_BOOT_2_0_SIGNATURE1_RSA4096,
- 'boot-2.0/boot_signature2':
- self._EXPECTED_BOOT_2_0_SIGNATURE2_RSA4096})
+ {'boot/boot_signature1':
+ self._EXPECTED_BOOT_SIGNATURE1_RSA4096,
+ 'boot/boot_signature2':
+ self._EXPECTED_BOOT_SIGNATURE2_RSA4096,
+ 'boot-lz4/boot_signature1':
+ self._EXPECTED_BOOT_LZ4_SIGNATURE1_RSA4096,
+ 'boot-lz4/boot_signature2':
+ self._EXPECTED_BOOT_LZ4_SIGNATURE2_RSA4096})
def test_certify_bootimg_archive_without_gki_info(self):
"""Tests certify_bootimg for a boot images archive."""
@@ -1060,7 +1060,7 @@
boot_img_archive_name,
'zip',
# A list of (boot_img_name, kernel_size, partition_size).
- [('boot-3.0.img', 8 * 1024, 128 * 1024)],
+ [('boot-gz.img', 8 * 1024, 128 * 1024)],
gki_info=None)
# Certify the boot image archive, with a RSA4096 key.
boot_certified_img_archive = os.path.join(
@@ -1084,7 +1084,7 @@
boot_img_archive_name,
'tar',
# A list of (boot_img_name, kernel_size, partition_size).
- [('boot-3.0.img', 8 * 1024, 128 * 1024)],
+ [('boot-gz.img', 8 * 1024, 128 * 1024)],
gki_info='a=b\n'
'c=d\n')
# Certify the boot image archive, with a RSA4096 key.
@@ -1107,22 +1107,22 @@
temp_out_dir)
# Checks an AVB footer exists and the image size remains.
- boot_3_img = os.path.join(temp_out_dir, 'boot-3.0.img')
+ boot_3_img = os.path.join(temp_out_dir, 'boot-gz.img')
self.assertTrue(has_avb_footer(boot_3_img))
self.assertEqual(os.path.getsize(boot_3_img), 128 * 1024)
# Checks the content in the AVB footer.
self._test_boot_signatures(
temp_out_dir,
- {'boot-3.0.img': self._EXPECTED_AVB_FOOTER_BOOT_3_0})
+ {'boot-gz.img': self._EXPECTED_AVB_FOOTER_BOOT_GZ})
# Checks the content in the GKI certificate.
self._test_boot_signatures(
temp_out_dir,
- {'boot-3.0/boot_signature1':
- self._EXPECTED_BOOT_3_0_SIGNATURE1_RSA4096,
- 'boot-3.0/boot_signature2':
- self._EXPECTED_BOOT_3_0_SIGNATURE2_RSA4096})
+ {'boot-gz/boot_signature1':
+ self._EXPECTED_BOOT_GZ_SIGNATURE1_RSA4096,
+ 'boot-gz/boot_signature2':
+ self._EXPECTED_BOOT_GZ_SIGNATURE2_RSA4096})
# I don't know how, but we need both the logger configuration and verbosity
