Remove 'generic_ramdisk' and add 'boot' certification am: 3e4ce8371d am: 95809764cd am: 8e93e6f72e am: 0c42606c55

Original change: https://android-review.googlesource.com/c/platform/system/tools/mkbootimg/+/1999090

Change-Id: I7c31e8e6abcab811ca7842aa1657549e571b3934
diff --git a/gki/Android.bp b/gki/Android.bp
index 1c66c51..ac56d38 100644
--- a/gki/Android.bp
+++ b/gki/Android.bp
@@ -31,6 +31,7 @@
     name: "retrofit_gki",
     src: "retrofit_gki.sh",
     required: [
+        "avbtool",
         "mkbootimg",
         "unpack_bootimg",
     ],
@@ -43,6 +44,7 @@
         "retrofit_gki.sh",
     ],
     data_bins: [
+        "avbtool",
         "mkbootimg",
         "unpack_bootimg",
     ],
@@ -56,6 +58,7 @@
     tools: [
         "soong_zip",
         "retrofit_gki",
+        "avbtool",
         "mkbootimg",
         "unpack_bootimg",
     ],
@@ -65,6 +68,7 @@
     cmd: "STAGE_DIR=$(genDir)/gki_retrofitting_tools && " +
          "rm -rf $${STAGE_DIR} && mkdir -p $${STAGE_DIR} && " +
          "cp $(location retrofit_gki) $${STAGE_DIR} && " +
+         "cp $(location avbtool) $${STAGE_DIR} && " +
          "cp $(location mkbootimg) $${STAGE_DIR} && " +
          "cp $(location unpack_bootimg) $${STAGE_DIR} && " +
          "cp $(in) $${STAGE_DIR} && " +
diff --git a/gki/boot_signature_info.sh b/gki/boot_signature_info.sh
index 67ea0c9..febeb1d 100755
--- a/gki/boot_signature_info.sh
+++ b/gki/boot_signature_info.sh
@@ -57,6 +57,7 @@
 readonly BOOT_IMAGE="${TEMP_DIR}/boot.img"
 readonly BOOT_IMAGE_DIR="${TEMP_DIR}/boot.unpack_dir"
 readonly BOOT_IMAGE_ARGS="${TEMP_DIR}/boot.mkbootimg_args"
+readonly BOOT_SIGNATURE_SIZE=$(( 16 << 10 ))
 
 [[ -f "$1" ]] ||
   die "expected one input image"
@@ -74,10 +75,10 @@
 done < "${BOOT_IMAGE_ARGS}"
 
 BOOT_IMAGE_VERSION="$(get_arg --header_version "${boot_args[@]}")"
-if [[ "${BOOT_IMAGE_VERSION}" -ge 4 ]]; then
+if [[ "${BOOT_IMAGE_VERSION}" -ge 4 ]] && [[ -f "${BOOT_IMAGE_DIR}/boot_signature" ]]; then
   cp "${BOOT_IMAGE_DIR}/boot_signature" "${VBMETA_IMAGE}"
 else
-  tail -c "$(( 16 << 10 ))" "${BOOT_IMAGE}" > "${VBMETA_IMAGE}"
+  tail -c "${BOOT_SIGNATURE_SIZE}" "${BOOT_IMAGE}" > "${VBMETA_IMAGE}"
 fi
 
 # Keep carving out vbmeta image from the boot signature until we fail or EOF.
diff --git a/gki/generate_gki_certificate.py b/gki/generate_gki_certificate.py
index 41a858a..0765c08 100755
--- a/gki/generate_gki_certificate.py
+++ b/gki/generate_gki_certificate.py
@@ -55,7 +55,7 @@
     parser.add_argument('-o', '--output', required=True,
                         help='output certificate file name')
     parser.add_argument('--name', required=True,
-                        choices=['generic_kernel', 'generic_ramdisk'],
+                        choices=['boot', 'generic_kernel'],
                         help='name of the image to be certified')
     parser.add_argument('--algorithm', required=True,
                         help='AVB signing algorithm')
diff --git a/gki/retrofit_gki.sh b/gki/retrofit_gki.sh
index 6dec2e2..01af7fa 100755
--- a/gki/retrofit_gki.sh
+++ b/gki/retrofit_gki.sh
@@ -142,6 +142,7 @@
 [[ -z "${OUTPUT_BOOT_IMAGE}" ]] &&
   die "argument '--output': cannot be empty"
 
+readonly BOOT_IMAGE_WITHOUT_AVB_FOOTER="${TEMP_DIR}/boot.img.without_avb_footer"
 readonly BOOT_DIR="${TEMP_DIR}/boot"
 readonly INIT_BOOT_DIR="${TEMP_DIR}/init_boot"
 readonly VENDOR_BOOT_DIR="${TEMP_DIR}/vendor_boot"
@@ -149,21 +150,29 @@
 readonly OUTPUT_RAMDISK="${TEMP_DIR}/out.ramdisk"
 readonly OUTPUT_BOOT_SIGNATURE="${TEMP_DIR}/out.boot_signature"
 
+readonly AVBTOOL="${AVBTOOL:-avbtool}"
 readonly MKBOOTIMG="${MKBOOTIMG:-mkbootimg}"
 readonly UNPACK_BOOTIMG="${UNPACK_BOOTIMG:-unpack_bootimg}"
 
-# Fixed boot signature size for boot v2 & v3 for easy discovery in VTS.
-readonly RETROFITTED_BOOT_SIGNATURE_SIZE=$(( 16 << 10 ))
+# Fixed boot signature size for easy discovery in VTS.
+readonly BOOT_SIGNATURE_SIZE=$(( 16 << 10 ))
 
 
 #
 # Preparations are done. Now begin the actual work.
 #
+
+# Copy the boot image because `avbtool erase_footer` edits the file in-place.
+cp "${BOOT_IMAGE}" "${BOOT_IMAGE_WITHOUT_AVB_FOOTER}"
 ( [[ -n "${VERBOSE}" ]] && set -x
+  "${AVBTOOL}" erase_footer --image "${BOOT_IMAGE_WITHOUT_AVB_FOOTER}" 2>/dev/null ||:
+  tail -c "${BOOT_SIGNATURE_SIZE}" "${BOOT_IMAGE_WITHOUT_AVB_FOOTER}" > "${OUTPUT_BOOT_SIGNATURE}"
   "${UNPACK_BOOTIMG}" --boot_img "${BOOT_IMAGE}" --out "${BOOT_DIR}" >/dev/null
   "${UNPACK_BOOTIMG}" --boot_img "${INIT_BOOT_IMAGE}" --out "${INIT_BOOT_DIR}" >/dev/null
-  cp "${BOOT_DIR}/boot_signature" "${OUTPUT_BOOT_SIGNATURE}"
 )
+if [[ "$(file_size "${OUTPUT_BOOT_SIGNATURE}")" -ne "${BOOT_SIGNATURE_SIZE}" ]]; then
+  die "boot signature size must be equal to ${BOOT_SIGNATURE_SIZE}"
+fi
 
 declare -a mkbootimg_args=()
 
@@ -172,7 +181,6 @@
     --header_version 4 \
     --kernel "${BOOT_DIR}/kernel" \
     --ramdisk "${INIT_BOOT_DIR}/ramdisk" \
-    --boot_signature "${OUTPUT_BOOT_SIGNATURE}" \
   )
 elif [[ "${OUTPUT_BOOT_IMAGE_VERSION}" -eq 3 ]]; then
   mkbootimg_args+=( \
@@ -219,15 +227,5 @@
 
 ( [[ -n "${VERBOSE}" ]] && set -x
   "${MKBOOTIMG}" "${mkbootimg_args[@]}" --output "${OUTPUT_BOOT_IMAGE}"
+  cat "${OUTPUT_BOOT_SIGNATURE}" >> "${OUTPUT_BOOT_IMAGE}"
 )
-
-if [[ "${OUTPUT_BOOT_IMAGE_VERSION}" -eq 2 ]] || [[ "${OUTPUT_BOOT_IMAGE_VERSION}" -eq 3 ]]; then
-  if [[ "$(file_size "${OUTPUT_BOOT_SIGNATURE}")" -gt "${RETROFITTED_BOOT_SIGNATURE_SIZE}" ]]; then
-    die "boot signature size is larger than ${RETROFITTED_BOOT_SIGNATURE_SIZE}"
-  fi
-  # Pad the boot signature and append it to the end.
-  ( [[ -n "${VERBOSE}" ]] && set -x
-    truncate -s "${RETROFITTED_BOOT_SIGNATURE_SIZE}" "${OUTPUT_BOOT_SIGNATURE}"
-    cat "${OUTPUT_BOOT_SIGNATURE}" >> "${OUTPUT_BOOT_IMAGE}"
-  )
-fi
diff --git a/gki/retrofit_gki_test.sh b/gki/retrofit_gki_test.sh
index 41da2c3..b3cb0a5 100755
--- a/gki/retrofit_gki_test.sh
+++ b/gki/retrofit_gki_test.sh
@@ -39,34 +39,29 @@
 readonly TEST_KERNEL="${TEMP_DIR}/kernel"
 readonly TEST_RAMDISK="${TEMP_DIR}/ramdisk"
 readonly TEST_VENDOR_RAMDISK="${TEMP_DIR}/vendor_ramdisk"
-readonly TEST_KERNEL_SIGNATURE="${TEMP_DIR}/kernel.boot_signature"
-
+readonly TEST_BOOT_SIGNATURE="${TEMP_DIR}/boot.boot_signature"
 readonly TEST_V2_RETROFITTED_RAMDISK="${TEMP_DIR}/retrofitted.ramdisk"
-readonly TEST_RETROFITTED_SIGNATURE="${TEMP_DIR}/retrofitted.boot_signature"
-readonly TEST_PADDED_RETROFITTED_SIGNATURE="${TEMP_DIR}/retrofitted.boot_signature.padded"
-
 readonly TEST_BOOT_IMAGE="${TEMP_DIR}/boot.img"
 readonly TEST_INIT_BOOT_IMAGE="${TEMP_DIR}/init_boot.img"
 readonly TEST_VENDOR_BOOT_IMAGE="${TEMP_DIR}/vendor_boot.img"
 
 ( # Run these in subshell because dd is noisy.
+  dd if=/dev/urandom of="${TEST_DTB}" bs=1024 count=10
   dd if=/dev/urandom of="${TEST_KERNEL}" bs=1024 count=10
   dd if=/dev/urandom of="${TEST_RAMDISK}" bs=1024 count=10
-  dd if=/dev/urandom of="${TEST_KERNEL_SIGNATURE}" bs=1024 count=1
-  dd if=/dev/urandom of="${TEST_DTB}" bs=1024 count=10
   dd if=/dev/urandom of="${TEST_VENDOR_RAMDISK}" bs=1024 count=10
+  dd if=/dev/urandom of="${TEST_BOOT_SIGNATURE}" bs=1024 count=16
 ) 2> /dev/null
 
 cat "${TEST_VENDOR_RAMDISK}" "${TEST_RAMDISK}" > "${TEST_V2_RETROFITTED_RAMDISK}"
-cp "${TEST_KERNEL_SIGNATURE}" "${TEST_RETROFITTED_SIGNATURE}"
-cp "${TEST_RETROFITTED_SIGNATURE}" "${TEST_PADDED_RETROFITTED_SIGNATURE}"
-truncate -s $(( 16 << 10 )) "${TEST_PADDED_RETROFITTED_SIGNATURE}"
 
 mkbootimg \
   --header_version 4 \
   --kernel "${TEST_KERNEL}" \
-  --boot_signature "${TEST_KERNEL_SIGNATURE}" \
   --output "${TEST_BOOT_IMAGE}"
+cat "${TEST_BOOT_SIGNATURE}" >> "${TEST_BOOT_IMAGE}"
+avbtool add_hash_footer --image "${TEST_BOOT_IMAGE}" --partition_name boot --partition_size $((20 << 20))
+
 mkbootimg \
   --header_version 4 \
   --ramdisk "${TEST_RAMDISK}" \
@@ -80,6 +75,7 @@
 
 readonly RETROFITTED_IMAGE="${TEMP_DIR}/retrofitted_boot.img"
 readonly RETROFITTED_IMAGE_DIR="${TEMP_DIR}/retrofitted_boot.img.unpack"
+readonly BOOT_SIGNATURE_SIZE=$(( 16 << 10 ))
 
 
 #
@@ -95,12 +91,13 @@
 
 rm -rf "${RETROFITTED_IMAGE_DIR}"
 unpack_bootimg --boot_img "${RETROFITTED_IMAGE}" --out "${RETROFITTED_IMAGE_DIR}" > /dev/null
+tail -c "${BOOT_SIGNATURE_SIZE}" "${RETROFITTED_IMAGE}" > "${RETROFITTED_IMAGE_DIR}/boot_signature"
 
 cmp -s "${TEST_KERNEL}" "${RETROFITTED_IMAGE_DIR}/kernel" ||
   die "unexpected diff: kernel"
 cmp -s "${TEST_RAMDISK}" "${RETROFITTED_IMAGE_DIR}/ramdisk" ||
   die "unexpected diff: ramdisk"
-cmp -s "${TEST_RETROFITTED_SIGNATURE}" "${RETROFITTED_IMAGE_DIR}/boot_signature" ||
+cmp -s "${TEST_BOOT_SIGNATURE}" "${RETROFITTED_IMAGE_DIR}/boot_signature" ||
   die "unexpected diff: boot signature"
 
 
@@ -114,13 +111,13 @@
 
 rm -rf "${RETROFITTED_IMAGE_DIR}"
 unpack_bootimg --boot_img "${RETROFITTED_IMAGE}" --out "${RETROFITTED_IMAGE_DIR}" > /dev/null
-tail -c $(( 16 << 10 )) "${RETROFITTED_IMAGE}" > "${RETROFITTED_IMAGE_DIR}/boot_signature"
+tail -c "${BOOT_SIGNATURE_SIZE}" "${RETROFITTED_IMAGE}" > "${RETROFITTED_IMAGE_DIR}/boot_signature"
 
 cmp -s "${TEST_KERNEL}" "${RETROFITTED_IMAGE_DIR}/kernel" ||
   die "unexpected diff: kernel"
 cmp -s "${TEST_RAMDISK}" "${RETROFITTED_IMAGE_DIR}/ramdisk" ||
   die "unexpected diff: ramdisk"
-cmp -s "${TEST_PADDED_RETROFITTED_SIGNATURE}" "${RETROFITTED_IMAGE_DIR}/boot_signature" ||
+cmp -s "${TEST_BOOT_SIGNATURE}" "${RETROFITTED_IMAGE_DIR}/boot_signature" ||
   die "unexpected diff: boot signature"
 
 
@@ -135,7 +132,7 @@
 
 rm -rf "${RETROFITTED_IMAGE_DIR}"
 unpack_bootimg --boot_img "${RETROFITTED_IMAGE}" --out "${RETROFITTED_IMAGE_DIR}" > /dev/null
-tail -c $(( 16 << 10 )) "${RETROFITTED_IMAGE}" > "${RETROFITTED_IMAGE_DIR}/boot_signature"
+tail -c "${BOOT_SIGNATURE_SIZE}" "${RETROFITTED_IMAGE}" > "${RETROFITTED_IMAGE_DIR}/boot_signature"
 
 cmp -s "${TEST_DTB}" "${RETROFITTED_IMAGE_DIR}/dtb" ||
   die "unexpected diff: dtb"
@@ -143,5 +140,5 @@
   die "unexpected diff: kernel"
 cmp -s "${TEST_V2_RETROFITTED_RAMDISK}" "${RETROFITTED_IMAGE_DIR}/ramdisk" ||
   die "unexpected diff: ramdisk"
-cmp -s "${TEST_PADDED_RETROFITTED_SIGNATURE}" "${RETROFITTED_IMAGE_DIR}/boot_signature" ||
+cmp -s "${TEST_BOOT_SIGNATURE}" "${RETROFITTED_IMAGE_DIR}/boot_signature" ||
   die "unexpected diff: boot signature"
diff --git a/mkbootimg.py b/mkbootimg.py
index 05aaf38..5c65e2c 100755
--- a/mkbootimg.py
+++ b/mkbootimg.py
@@ -106,8 +106,7 @@
 
 
 def should_add_legacy_gki_boot_signature(args):
-    if (args.boot_signature is None and args.gki_signing_key and
-            args.gki_signing_algorithm):
+    if args.gki_signing_key and args.gki_signing_algorithm:
         return True
     return False
 
@@ -135,9 +134,7 @@
     if args.header_version >= 4:
         # The signature used to verify boot image v4.
         boot_signature_size = 0
-        if args.boot_signature:
-            boot_signature_size = filesize(args.boot_signature)
-        elif should_add_legacy_gki_boot_signature(args):
+        if should_add_legacy_gki_boot_signature(args):
             boot_signature_size = BOOT_IMAGE_V4_SIGNATURE_SIZE
         args.output.write(pack('I', boot_signature_size))
     pad_file(args.output, BOOT_IMAGE_HEADER_V3_PAGESIZE)
@@ -548,8 +545,6 @@
                         help='boot image header version')
     parser.add_argument('-o', '--output', type=FileType('wb'),
                         help='output file name')
-    parser.add_argument('--boot_signature', type=FileType('rb'),
-                        help='path to the GKI certificate file')
     parser.add_argument('--vendor_boot', type=FileType('wb'),
                         help='vendor boot output file name')
     parser.add_argument('--vendor_ramdisk', type=FileType('rb'),
@@ -595,16 +590,6 @@
     vbmeta partition) via the Android Verified Boot process, when the
     device boots.
     """
-
-    if args.boot_signature:
-        write_padded_file(args.output, args.boot_signature, pagesize)
-        return
-
-    if not should_add_legacy_gki_boot_signature(args):
-        return
-
-    # Fallback to the legacy certificating method.
-
     # Flush the buffer for signature calculation.
     args.output.flush()
 
@@ -640,7 +625,7 @@
         write_padded_file(args.output, args.recovery_dtbo, pagesize)
     if args.header_version == 2:
         write_padded_file(args.output, args.dtb, pagesize)
-    if args.header_version >= 4:
+    if args.header_version >= 4 and should_add_legacy_gki_boot_signature(args):
         add_boot_image_signature(args, pagesize)
 
 
diff --git a/tests/mkbootimg_test.py b/tests/mkbootimg_test.py
index 1e13d55..28f47f0 100644
--- a/tests/mkbootimg_test.py
+++ b/tests/mkbootimg_test.py
@@ -213,8 +213,6 @@
             ramdisk = generate_test_file(os.path.join(temp_out_dir, 'ramdisk'),
                                          0x1000)
 
-            # The boot signature will be zeros if no
-            # --gki_signing_[algorithm|key] is provided.
             mkbootimg_cmds = [
                 'mkbootimg',
                 '--header_version', '4',
@@ -234,6 +232,8 @@
             subprocess.run(mkbootimg_cmds, check=True)
             subprocess.run(unpack_bootimg_cmds, check=True)
 
+            # The boot signature will be empty if no
+            # --gki_signing_[algorithm|key] is provided.
             boot_signature = os.path.join(temp_out_dir, 'out', 'boot_signature')
             self.assertFalse(os.path.exists(boot_signature))
 
@@ -424,15 +424,12 @@
                                         0x1000)
             ramdisk = generate_test_file(os.path.join(temp_out_dir, 'ramdisk'),
                                          0x1000)
-            boot_signature = generate_test_file(
-                os.path.join(temp_out_dir, 'boot_signature'), 0x800)
             mkbootimg_cmds = [
                 'mkbootimg',
                 '--header_version', '4',
                 '--kernel', kernel,
                 '--ramdisk', ramdisk,
                 '--cmdline', TEST_KERNEL_CMDLINE,
-                '--boot_signature', boot_signature,
                 '--output', boot_img,
             ]
             unpack_bootimg_cmds = [
diff --git a/unpack_bootimg.py b/unpack_bootimg.py
index 2357e70..437408f 100755
--- a/unpack_bootimg.py
+++ b/unpack_bootimg.py
@@ -142,10 +142,6 @@
         args.extend(['--kernel', os.path.join(self.image_dir, 'kernel')])
         args.extend(['--ramdisk', os.path.join(self.image_dir, 'ramdisk')])
 
-        if self.header_version >= 4 and self.boot_signature_size > 0:
-            args.extend(['--boot_signature',
-                         os.path.join(self.image_dir, 'boot_signature')])
-
         if self.header_version <= 2:
             if self.second_size > 0:
                 args.extend(['--second',