Gitiles
Code Review Sign In
review.blissroms.org / platform_build_make / 6ceeb1a8bf68dadabd806dd1dbda95401d293c65^! / . / tools / releasetools / build_image.py
commit6ceeb1a8bf68dadabd806dd1dbda95401d293c65[log] [tgz]
authorBowgo Tsai <bowgotsai@google.com>Wed Oct 11 16:21:48 2017 +0800
committerBowgo Tsai <bowgotsai@google.com>Thu Oct 12 10:08:44 2017 +0800
tree06367a9366f81e1876536963c39725e90dab7752
parent492f67c0ac07fe0b0036c5f2094bc8ea0b0a76ba [diff] [blame]
Adding Android verified boot 1.0 metadata into ENG builds

Adding verified boot metadata with a "disable magic". The resulting
metadata at the end of each image (e.g., system.img, vendor.img) will
be the same as triggering an "adb disable-verity" on an USERDEBUG image.

This can help simplify the code on fs_mgr, which won't have to check if
current image is an ENG build or not.

Bug: 63056044
Test: boot sailfish eng/userdebug builds
Change-Id: I95d23ac7b76c04d6d4483c9c4dc1de16bf0d9c3a

diff --git a/tools/releasetools/build_image.py b/tools/releasetools/build_image.py
index 94626d7..816cf4e 100755
--- a/tools/releasetools/build_image.py
+++ b/tools/releasetools/build_image.py

@@ -225,12 +225,15 @@
   return True
 
 def BuildVerityMetadata(image_size, verity_metadata_path, root_hash, salt,
-                        block_device, signer_path, key, signer_args):
+                        block_device, signer_path, key, signer_args,
+                        verity_disable):
   cmd = ["system/extras/verity/build_verity_metadata.py", "build",
          str(image_size), verity_metadata_path, root_hash, salt, block_device,
          signer_path, key]
   if signer_args:
     cmd.append("--signer_args=\"%s\"" % (' '.join(signer_args),))
+  if verity_disable:
+    cmd.append("--verity_disable")
   output, exit_code = RunCommand(cmd)
   if exit_code != 0:
     print "Could not build verity metadata! Error: %s" % output
@@ -334,8 +337,10 @@
   # build the metadata blocks
   root_hash = prop_dict["verity_root_hash"]
   salt = prop_dict["verity_salt"]
+  verity_disable = "verity_disable" in prop_dict
   if not BuildVerityMetadata(image_size, verity_metadata_path, root_hash, salt,
-                             block_dev, signer_path, signer_key, signer_args):
+                             block_dev, signer_path, signer_key, signer_args,
+                             verity_disable):
     shutil.rmtree(tempdir_name, ignore_errors=True)
     return False
 
@@ -644,6 +649,7 @@
       "verity_key",
       "verity_signer_cmd",
       "verity_fec",
+      "verity_disable",
       "avb_enable",
       "avb_avbtool",
       "avb_salt",