| rjw | 1f88458 | 2022-01-06 17:20:42 +0800 | [diff] [blame^] | 1 | inherit hsm-sign-env |
| 2 | |
| 3 | AVBTOOL="python ${DEPLOY_DIR_IMAGE}/avbtool" |
| 4 | SCATTER_FILE="${DEPLOY_DIR_IMAGE}/partition_${BOOTDEV_TYPE}.xml" |
| 5 | |
| 6 | IMAGE_FSTYPE="img" |
| 7 | IMAGE_DIR_ROOTFS="${DEPLOY_DIR_IMAGE}" |
| 8 | |
| 9 | |
| 10 | IMAGE_NAME_ROOTFS="system.${IMAGE_FSTYPE}" |
| 11 | |
| 12 | IMAGE_NAME_BOOTIMG="boot.img" |
| 13 | IMAGE_DIR_BOOTIMG="${DEPLOY_DIR_IMAGE}" |
| 14 | |
| 15 | AVB_BLOCK_SIZE="1024" |
| 16 | AVB_SYSTEM_KEY_NAME="verified_key" |
| 17 | AVB_SYSTEM_KEY="${MTK_KEY_DIR}/${VERIFIED_KEY}.pem" |
| 18 | |
| 19 | DEPENDS += "python-pycrypto-native android-tools-avbtool scatter" |
| 20 | |
| 21 | exec_avbtool() { |
| 22 | |
| 23 | echo "check config setting: enable=${SECURE_BOOT_ENABLE};SE_type=${SECURE_BOOT_TYPE}" |
| 24 | vb_hash_algo=`echo ${VB_HASH_ALGO}|tr 'a-z' 'A-Z'` |
| 25 | vb_rsa_algo=`echo ${VB_RSA_ALGO}|tr 'a-z' 'A-Z'` |
| 26 | if [ -n "${VB_HASH_ALGO}" ] && [ -n "${VB_RSA_ALGO}" ] ; then |
| 27 | AVB_ALGO="${vb_hash_algo}_${vb_rsa_algo}" |
| 28 | else |
| 29 | AVB_ALGO="SHA256_RSA2048" |
| 30 | fi |
| 31 | if [ "${SECURE_BOOT_ENABLE}" = "yes" ] && [ "${SECURE_BOOT_TYPE}" = "avb" ]; then |
| 32 | echo "start AVB sign ... " |
| 33 | echo "PARTITION_SIZE_BOOTIMG=${PARTITION_SIZE_BOOTIMG}; PARTITION_SIZE_ROOTFS=${PARTITION_SIZE_ROOTFS}" |
| 34 | |
| 35 | PARTITION_NAME_ROOTFS="system" |
| 36 | PARTITION_NAME_BOOTIMG="boot" |
| 37 | if [ "${AVB_ANTIROLLBACK_VERSION}" = "" ]; then |
| 38 | AVB_ANTIROLLBACK_VERSION="0" |
| 39 | fi |
| 40 | |
| 41 | echo "start to erase footer: ${IMAGE_NAME_BOOTIMG}" |
| 42 | ${AVBTOOL} erase_footer --image ${IMAGE_DIR_BOOTIMG}/${IMAGE_NAME_BOOTIMG} || true |
| 43 | |
| 44 | echo "start to erase footer: system.${IMAGE_FSTYPE} " |
| 45 | ${AVBTOOL} erase_footer --image ${IMAGE_DIR_ROOTFS}/system.${IMAGE_FSTYPE} || true |
| 46 | |
| 47 | if test -e ${IMAGE_DIR_BOOTIMG}/${IMAGE_NAME_BOOTIMG}; then |
| 48 | echo "start to sign image: ${IMAGE_NAME_BOOTIMG}" |
| 49 | ${HSM_ENV} ${AVBTOOL} add_hash_footer --image ${IMAGE_DIR_BOOTIMG}/${IMAGE_NAME_BOOTIMG} \ |
| 50 | --partition_size ${PARTITION_SIZE_BOOTIMG} \ |
| 51 | --partition_name ${PARTITION_NAME_BOOTIMG} \ |
| 52 | --algorithm ${AVB_ALGO} \ |
| 53 | --key ${AVB_SYSTEM_KEY} \ |
| 54 | ${HSM_SIGN_PARAM} |
| 55 | fi |
| 56 | |
| 57 | if test -e ${IMAGE_DIR_ROOTFS}/system.${IMAGE_FSTYPE}; then |
| 58 | echo "start to sign image: system.${IMAGE_FSTYPE} " |
| 59 | ${HSM_ENV} ${AVBTOOL} add_hashtree_footer --block_size ${AVB_BLOCK_SIZE} \ |
| 60 | --partition_size ${PARTITION_SIZE_ROOTFS} \ |
| 61 | --partition_name ${PARTITION_NAME_ROOTFS} \ |
| 62 | --image ${IMAGE_DIR_ROOTFS}/system.${IMAGE_FSTYPE} \ |
| 63 | --algorithm ${AVB_ALGO} \ |
| 64 | --key ${AVB_SYSTEM_KEY} \ |
| 65 | ${HSM_SIGN_PARAM} |
| 66 | |
| 67 | if test -e ${IMAGE_DIR_BOOTIMG}/${IMAGE_NAME_BOOTIMG}; then |
| 68 | echo "start to make vbmeta image" |
| 69 | ${HSM_ENV} ${AVBTOOL} make_vbmeta_image --rollback_index ${AVB_ANTIROLLBACK_VERSION} \ |
| 70 | --include_descriptors_from_image ${IMAGE_DIR_BOOTIMG}/${IMAGE_NAME_BOOTIMG} \ |
| 71 | --include_descriptors_from_image ${IMAGE_DIR_ROOTFS}/system.${IMAGE_FSTYPE} \ |
| 72 | --setup_rootfs_from_kernel ${IMAGE_DIR_ROOTFS}/system.${IMAGE_FSTYPE} \ |
| 73 | --algorithm ${AVB_ALGO} \ |
| 74 | --key ${AVB_SYSTEM_KEY} \ |
| 75 | --output vbmeta.img \ |
| 76 | ${HSM_SIGN_PARAM} |
| 77 | |
| 78 | if [ ${BOOTDEV_TYPE} != "nand" ]; then |
| 79 | echo "start to append vbmeta image" |
| 80 | ${AVBTOOL} append_vbmeta_image --image ${IMAGE_DIR_BOOTIMG}/${IMAGE_NAME_BOOTIMG} \ |
| 81 | --partition_size ${PARTITION_SIZE_BOOTIMG} \ |
| 82 | --vbmeta_image vbmeta.img |
| 83 | else |
| 84 | cp vbmeta.img ${IMAGE_DIR_BOOTIMG}/ |
| 85 | fi |
| 86 | fi |
| 87 | fi |
| 88 | else |
| 89 | exit 0 |
| 90 | fi |
| 91 | } |
| 92 | |
| 93 | python do_avb_sign_img() { |
| 94 | import xml.dom.minidom |
| 95 | import math |
| 96 | secure_boot_type = d.getVar('SECURE_BOOT_TYPE', True) |
| 97 | if secure_boot_type != "avb": |
| 98 | return |
| 99 | bootdev_type = d.getVar('BOOTDEV_TYPE', True) |
| 100 | |
| 101 | deploy_path = d.getVar('DEPLOY_DIR_IMAGE',True) |
| 102 | for file in os.listdir(deploy_path): |
| 103 | if os.path.splitext(file)[1] == '.xml': |
| 104 | partition_path = os.path.join(deploy_path,file) |
| 105 | root = xml.dom.minidom.parse(partition_path) |
| 106 | for partition in root.childNodes: |
| 107 | if partition.nodeName == "partition": |
| 108 | break |
| 109 | lbs = partition.getAttribute("lbs") |
| 110 | lbs = lbs and eval(lbs) or 512 |
| 111 | for node in partition.childNodes: |
| 112 | if node.nodeName != "entry": |
| 113 | continue |
| 114 | start = eval(node.getAttribute("start")) |
| 115 | end = eval(node.getAttribute("end")) |
| 116 | name = node.getAttribute("name") |
| 117 | size = (end-start+1)*lbs |
| 118 | #0.92=62/64 *0.95 |
| 119 | if (bootdev_type == 'nand'): |
| 120 | size = math.ceil(size*0.92/4096)*4096 |
| 121 | if name == "BOOTIMG" or name.startswith("boot"): |
| 122 | d.setVar('PARTITION_SIZE_BOOTIMG', str(size)) |
| 123 | if name == "ROOTFS" or name.startswith("system"): |
| 124 | d.setVar('PARTITION_SIZE_ROOTFS', str(size)) |
| 125 | bb.build.exec_func('exec_avbtool', d) |
| 126 | } |
| 127 | |
| 128 | addtask avb_sign_img after do_image_complete before do_build |