// Copyright (C) 2021 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package filesystem import ( "fmt" "strconv" "strings" "github.com/google/blueprint" "github.com/google/blueprint/proptools" "android/soong/android" ) func init() { android.RegisterModuleType("bootimg", BootimgFactory) } type bootimg struct { android.ModuleBase properties BootimgProperties output android.Path installDir android.InstallPath bootImageType bootImageType } type BootimgProperties struct { // Set the name of the output. Defaults to .img. Stem *string // Path to the linux kernel prebuilt file Kernel_prebuilt *string `android:"arch_variant,path"` // Filesystem module that is used as ramdisk Ramdisk_module *string // Path to the device tree blob (DTB) prebuilt file to add to this boot image Dtb_prebuilt *string `android:"arch_variant,path"` // Header version number. Must be set to one of the version numbers that are currently // supported. Refer to // https://source.android.com/devices/bootloader/boot-image-header Header_version *string // Determines the specific type of boot image this module is building. Can be boot, // vendor_boot or init_boot. Defaults to boot. // Refer to https://source.android.com/devices/bootloader/partitions/vendor-boot-partitions // for vendor_boot. // Refer to https://source.android.com/docs/core/architecture/partitions/generic-boot for // init_boot. Boot_image_type *string // Optional kernel commandline arguments Cmdline []string `android:"arch_variant"` // File that contains bootconfig parameters. This can be set only when `vendor_boot` is true // and `header_version` is greater than or equal to 4. Bootconfig *string `android:"arch_variant,path"` // The size of the partition on the device. It will be a build error if this built partition // image exceeds this size. Partition_size *int64 // When set to true, sign the image with avbtool. Default is false. Use_avb *bool // This can either be "default", or "make_legacy". "make_legacy" will sign the boot image // like how build/make/core/Makefile does, to get bit-for-bit backwards compatibility. But // we may want to reconsider if it's necessary to have two modes in the future. The default // is "default" Avb_mode *string // Name of the partition stored in vbmeta desc. Defaults to the name of this module. Partition_name *string // Path to the private key that avbtool will use to sign this filesystem image. // TODO(jiyong): allow apex_key to be specified here Avb_private_key *string `android:"path_device_first"` // Hash and signing algorithm for avbtool. Default is SHA256_RSA4096. Avb_algorithm *string // The index used to prevent rollback of the image on device. Avb_rollback_index *int64 // The security patch passed to as the com.android.build..security_patch avb property. // Replacement for the make variables BOOT_SECURITY_PATCH / INIT_BOOT_SECURITY_PATCH. Security_patch *string } type bootImageType int const ( unsupported bootImageType = iota boot vendorBoot initBoot ) func toBootImageType(ctx android.ModuleContext, bootImageType string) bootImageType { switch bootImageType { case "boot": return boot case "vendor_boot": return vendorBoot case "init_boot": return initBoot default: ctx.ModuleErrorf("Unknown boot_image_type %s. Must be one of \"boot\", \"vendor_boot\", or \"init_boot\"", bootImageType) } return unsupported } func (b bootImageType) String() string { switch b { case boot: return "boot" case vendorBoot: return "vendor_boot" case initBoot: return "init_boot" default: panic("unknown boot image type") } } func (b bootImageType) isBoot() bool { return b == boot } func (b bootImageType) isVendorBoot() bool { return b == vendorBoot } func (b bootImageType) isInitBoot() bool { return b == initBoot } // bootimg is the image for the boot partition. It consists of header, kernel, ramdisk, and dtb. func BootimgFactory() android.Module { module := &bootimg{} module.AddProperties(&module.properties) android.InitAndroidArchModule(module, android.DeviceSupported, android.MultilibFirst) return module } type bootimgDep struct { blueprint.BaseDependencyTag kind string } var bootimgRamdiskDep = bootimgDep{kind: "ramdisk"} func (b *bootimg) DepsMutator(ctx android.BottomUpMutatorContext) { ramdisk := proptools.String(b.properties.Ramdisk_module) if ramdisk != "" { ctx.AddDependency(ctx.Module(), bootimgRamdiskDep, ramdisk) } } func (b *bootimg) installFileName() string { return proptools.StringDefault(b.properties.Stem, b.BaseModuleName()+".img") } func (b *bootimg) partitionName() string { return proptools.StringDefault(b.properties.Partition_name, b.BaseModuleName()) } func (b *bootimg) GenerateAndroidBuildActions(ctx android.ModuleContext) { b.bootImageType = toBootImageType(ctx, proptools.StringDefault(b.properties.Boot_image_type, "boot")) if b.bootImageType == unsupported { return } kernelProp := proptools.String(b.properties.Kernel_prebuilt) if b.bootImageType.isVendorBoot() && kernelProp != "" { ctx.PropertyErrorf("kernel_prebuilt", "vendor_boot partition can't have kernel") return } if b.bootImageType.isBoot() && kernelProp == "" { ctx.PropertyErrorf("kernel_prebuilt", "boot partition must have kernel") return } var kernel android.Path if kernelProp != "" { kernel = android.PathForModuleSrc(ctx, kernelProp) } unsignedOutput := b.buildBootImage(ctx, kernel) output := unsignedOutput if proptools.Bool(b.properties.Use_avb) { // This bootimg module supports 2 modes of avb signing. It is not clear to this author // why there are differences, but one of them is to match the behavior of make-built boot // images. switch proptools.StringDefault(b.properties.Avb_mode, "default") { case "default": output = b.signImage(ctx, unsignedOutput) case "make_legacy": output = b.addAvbFooter(ctx, unsignedOutput, kernel) default: ctx.PropertyErrorf("avb_mode", `Unknown value for avb_mode, expected "default" or "make_legacy", got: %q`, *b.properties.Avb_mode) } } b.installDir = android.PathForModuleInstall(ctx, "etc") ctx.InstallFile(b.installDir, b.installFileName(), output) ctx.SetOutputFiles([]android.Path{output}, "") b.output = output } func (b *bootimg) buildBootImage(ctx android.ModuleContext, kernel android.Path) android.Path { output := android.PathForModuleOut(ctx, "unsigned", b.installFileName()) builder := android.NewRuleBuilder(pctx, ctx) cmd := builder.Command().BuiltTool("mkbootimg") if kernel != nil { cmd.FlagWithInput("--kernel ", kernel) } // These arguments are passed for boot.img and init_boot.img generation if b.bootImageType.isBoot() || b.bootImageType.isInitBoot() { cmd.FlagWithArg("--os_version ", ctx.Config().PlatformVersionLastStable()) cmd.FlagWithArg("--os_patch_level ", ctx.Config().PlatformSecurityPatch()) } dtbName := proptools.String(b.properties.Dtb_prebuilt) if dtbName != "" { dtb := android.PathForModuleSrc(ctx, dtbName) cmd.FlagWithInput("--dtb ", dtb) } cmdline := strings.Join(b.properties.Cmdline, " ") if cmdline != "" { flag := "--cmdline " if b.bootImageType.isVendorBoot() { flag = "--vendor_cmdline " } cmd.FlagWithArg(flag, proptools.ShellEscapeIncludingSpaces(cmdline)) } headerVersion := proptools.String(b.properties.Header_version) if headerVersion == "" { ctx.PropertyErrorf("header_version", "must be set") return output } verNum, err := strconv.Atoi(headerVersion) if err != nil { ctx.PropertyErrorf("header_version", "%q is not a number", headerVersion) return output } if verNum < 3 { ctx.PropertyErrorf("header_version", "must be 3 or higher for vendor_boot") return output } cmd.FlagWithArg("--header_version ", headerVersion) ramdiskName := proptools.String(b.properties.Ramdisk_module) if ramdiskName != "" { ramdisk := ctx.GetDirectDepWithTag(ramdiskName, bootimgRamdiskDep) if filesystem, ok := ramdisk.(*filesystem); ok { flag := "--ramdisk " if b.bootImageType.isVendorBoot() { flag = "--vendor_ramdisk " } cmd.FlagWithInput(flag, filesystem.OutputPath()) } else { ctx.PropertyErrorf("ramdisk", "%q is not android_filesystem module", ramdisk.Name()) return output } } bootconfig := proptools.String(b.properties.Bootconfig) if bootconfig != "" { if !b.bootImageType.isVendorBoot() { ctx.PropertyErrorf("bootconfig", "requires vendor_boot: true") return output } if verNum < 4 { ctx.PropertyErrorf("bootconfig", "requires header_version: 4 or later") return output } cmd.FlagWithInput("--vendor_bootconfig ", android.PathForModuleSrc(ctx, bootconfig)) } // Output flag for boot.img and init_boot.img flag := "--output " if b.bootImageType.isVendorBoot() { flag = "--vendor_boot " } cmd.FlagWithOutput(flag, output) if b.properties.Partition_size != nil { assertMaxImageSize(builder, output, *b.properties.Partition_size, proptools.Bool(b.properties.Use_avb)) } builder.Build("build_bootimg", fmt.Sprintf("Creating %s", b.BaseModuleName())) return output } func (b *bootimg) addAvbFooter(ctx android.ModuleContext, unsignedImage android.Path, kernel android.Path) android.Path { output := android.PathForModuleOut(ctx, b.installFileName()) builder := android.NewRuleBuilder(pctx, ctx) builder.Command().Text("cp").Input(unsignedImage).Output(output) cmd := builder.Command().BuiltTool("avbtool"). Text("add_hash_footer"). FlagWithInput("--image ", output) if b.properties.Partition_size != nil { cmd.FlagWithArg("--partition_size ", strconv.FormatInt(*b.properties.Partition_size, 10)) } else { cmd.Flag("--dynamic_partition_size") } // If you don't provide a salt, avbtool will use random bytes for the salt. // This is bad for determinism (cached builds and diff tests are affected), so instead, // we try to provide a salt. The requirements for a salt are not very clear, one aspect of it // is that if it's unpredictable, attackers trying to change the contents of a partition need // to find a new hash collision every release, because the salt changed. if kernel != nil { cmd.Textf(`--salt $(sha256sum "%s" | cut -d " " -f 1)`, kernel.String()) cmd.Implicit(kernel) } else { cmd.Textf(`--salt $(sha256sum "%s" "%s" | cut -d " " -f 1 | tr -d '\n')`, ctx.Config().BuildNumberFile(ctx), ctx.Config().Getenv("BUILD_DATETIME_FILE")) cmd.OrderOnly(ctx.Config().BuildNumberFile(ctx)) } cmd.FlagWithArg("--partition_name ", b.bootImageType.String()) if b.properties.Avb_algorithm != nil { cmd.FlagWithArg("--algorithm ", proptools.NinjaAndShellEscape(*b.properties.Avb_algorithm)) } if b.properties.Avb_private_key != nil { key := android.PathForModuleSrc(ctx, proptools.String(b.properties.Avb_private_key)) cmd.FlagWithInput("--key ", key) } if !b.bootImageType.isVendorBoot() { cmd.FlagWithArg("--prop ", proptools.NinjaAndShellEscape(fmt.Sprintf( "com.android.build.%s.os_version:%s", b.bootImageType.String(), ctx.Config().PlatformVersionLastStable()))) } fingerprintFile := ctx.Config().BuildFingerprintFile(ctx) cmd.FlagWithArg("--prop ", fmt.Sprintf("com.android.build.%s.fingerprint:$(cat %s)", b.bootImageType.String(), fingerprintFile.String())) cmd.OrderOnly(fingerprintFile) if b.properties.Security_patch != nil { cmd.FlagWithArg("--prop ", proptools.NinjaAndShellEscape(fmt.Sprintf( "com.android.build.%s.security_patch:%s", b.bootImageType.String(), *b.properties.Security_patch))) } if b.properties.Avb_rollback_index != nil { cmd.FlagWithArg("--rollback_index ", strconv.FormatInt(*b.properties.Avb_rollback_index, 10)) } builder.Build("add_avb_footer", fmt.Sprintf("Adding avb footer to %s", b.BaseModuleName())) return output } func (b *bootimg) signImage(ctx android.ModuleContext, unsignedImage android.Path) android.Path { propFile, toolDeps := b.buildPropFile(ctx) output := android.PathForModuleOut(ctx, b.installFileName()) builder := android.NewRuleBuilder(pctx, ctx) builder.Command().Text("cp").Input(unsignedImage).Output(output) builder.Command().BuiltTool("verity_utils"). Input(propFile). Implicits(toolDeps). Output(output) builder.Build("sign_bootimg", fmt.Sprintf("Signing %s", b.BaseModuleName())) return output } // Calculates avb_salt from some input for deterministic output. func (b *bootimg) salt() string { var input []string input = append(input, b.properties.Cmdline...) input = append(input, proptools.StringDefault(b.properties.Partition_name, b.Name())) input = append(input, proptools.String(b.properties.Header_version)) return sha1sum(input) } func (b *bootimg) buildPropFile(ctx android.ModuleContext) (android.Path, android.Paths) { var sb strings.Builder var deps android.Paths addStr := func(name string, value string) { fmt.Fprintf(&sb, "%s=%s\n", name, value) } addPath := func(name string, path android.Path) { addStr(name, path.String()) deps = append(deps, path) } addStr("avb_hash_enable", "true") addPath("avb_avbtool", ctx.Config().HostToolPath(ctx, "avbtool")) algorithm := proptools.StringDefault(b.properties.Avb_algorithm, "SHA256_RSA4096") addStr("avb_algorithm", algorithm) key := android.PathForModuleSrc(ctx, proptools.String(b.properties.Avb_private_key)) addPath("avb_key_path", key) addStr("avb_add_hash_footer_args", "") // TODO(jiyong): add --rollback_index partitionName := proptools.StringDefault(b.properties.Partition_name, b.Name()) addStr("partition_name", partitionName) addStr("avb_salt", b.salt()) propFile := android.PathForModuleOut(ctx, "prop") android.WriteFileRule(ctx, propFile, sb.String()) return propFile, deps } var _ android.AndroidMkEntriesProvider = (*bootimg)(nil) // Implements android.AndroidMkEntriesProvider func (b *bootimg) AndroidMkEntries() []android.AndroidMkEntries { return []android.AndroidMkEntries{android.AndroidMkEntries{ Class: "ETC", OutputFile: android.OptionalPathForPath(b.output), ExtraEntries: []android.AndroidMkExtraEntriesFunc{ func(ctx android.AndroidMkExtraEntriesContext, entries *android.AndroidMkEntries) { entries.SetString("LOCAL_MODULE_PATH", b.installDir.String()) entries.SetString("LOCAL_INSTALLED_MODULE_STEM", b.installFileName()) }, }, }} } var _ Filesystem = (*bootimg)(nil) func (b *bootimg) OutputPath() android.Path { return b.output } func (b *bootimg) SignedOutputPath() android.Path { if proptools.Bool(b.properties.Use_avb) { return b.OutputPath() } return nil }