diff options
| author | Tao Bao <tbao@google.com> | 2019-03-26 12:13:04 -0700 |
|---|---|---|
| committer | Tao Bao <tbao@google.com> | 2019-03-26 12:13:37 -0700 |
| commit | a81d42992805af61ccb0b132b79935f6ed709a4e (patch) | |
| tree | 9d2a3bc19923ab4bc4c6628547c7362e8c18265a /tools/releasetools/validate_target_files.py | |
| parent | 072795054a4284924067c5e7e9fa1ca56cb9598a (diff) | |
| download | build_make-a81d42992805af61ccb0b132b79935f6ed709a4e.tar.gz build_make-a81d42992805af61ccb0b132b79935f6ed709a4e.tar.bz2 build_make-a81d42992805af61ccb0b132b79935f6ed709a4e.zip | |
releasetools: Re-enable verifying AVB-signed images.
This reverts commit 9788b4ed31e58301314d226ad8028610642a12e1. All the
blocking issues have been addressed.
Fixes: 120517892
Test: Run validate_target_files.py on crosshatch signed
target_files.zip.
Change-Id: I95de241e159998e002dedddafea65953b1a1b263
Diffstat (limited to 'tools/releasetools/validate_target_files.py')
| -rwxr-xr-x | tools/releasetools/validate_target_files.py | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/tools/releasetools/validate_target_files.py b/tools/releasetools/validate_target_files.py index 275939c94d..1c856a8e14 100755 --- a/tools/releasetools/validate_target_files.py +++ b/tools/releasetools/validate_target_files.py @@ -318,9 +318,31 @@ def ValidateVerifiedBootImages(input_tmp, info_dict, options): if info_dict.get("avb_enable") == "true": logging.info('Verifying Verified Boot 2.0 (AVB) images...') - # TODO(b/120517892): Temporarily disable the verification for AVB-signed - # images. Needing supporting changes in caller to pass in the desired keys. - logging.info('Temporarily disabled due to b/120517892') + key = options['verity_key'] + if key is None: + key = info_dict['avb_vbmeta_key_path'] + + # avbtool verifies all the images that have descriptors listed in vbmeta. + image = os.path.join(input_tmp, 'IMAGES', 'vbmeta.img') + cmd = ['avbtool', 'verify_image', '--image', image, '--key', key] + + # Append the args for chained partitions if any. + for partition in common.AVB_PARTITIONS: + key_name = 'avb_' + partition + '_key_path' + if info_dict.get(key_name) is not None: + chained_partition_arg = common.GetAvbChainedPartitionArg( + partition, info_dict, options[key_name]) + cmd.extend(["--expected_chain_partition", chained_partition_arg]) + + proc = common.Run(cmd) + stdoutdata, _ = proc.communicate() + assert proc.returncode == 0, \ + 'Failed to verify {} with avbtool (key: {}):\n{}'.format( + image, key, stdoutdata) + + logging.info( + 'Verified %s with avbtool (key: %s):\n%s', image, key, + stdoutdata.rstrip()) def main(): |