5 files changed, 165 insertions, 2 deletions
diff --git a/filesystem/Android.bp b/filesystem/Android.bp
index dfcd405d3..07d57c915 100644
--- a/filesystem/Android.bp
+++ b/filesystem/Android.bp
@@ -13,6 +13,7 @@ bootstrap_go_package {
     ],
     srcs: [
         "avb_add_hash_footer.go",
+        "avb_gen_vbmeta_image.go",
         "bootimg.go",
         "filesystem.go",
         "logical_partition.go",
diff --git a/filesystem/avb_add_hash_footer.go b/filesystem/avb_add_hash_footer.go
index 2ee420cdb..f3fecd042 100644
--- a/filesystem/avb_add_hash_footer.go
+++ b/filesystem/avb_add_hash_footer.go
@@ -67,6 +67,9 @@ type avbAddHashFooterProperties struct {
 
 	// List of properties to add to the footer
 	Props []avbProp
+
+	// Include descriptors from images
+	Include_descriptors_from_images []string `android:"path,arch_variant"`
 }
 
 // The AVB footer adds verification information to the image.
@@ -116,6 +119,11 @@ func (a *avbAddHashFooter) GenerateAndroidBuildActions(ctx android.ModuleContext
 	}
 	cmd.FlagWithArg("--salt ", proptools.String(a.properties.Salt))
 
+	imagePaths := android.PathsForModuleSrc(ctx, a.properties.Include_descriptors_from_images)
+	for _, imagePath := range imagePaths {
+		cmd.FlagWithInput("--include_descriptors_from_image ", imagePath)
+	}
+
 	for _, prop := range a.properties.Props {
 		addAvbProp(ctx, cmd, prop)
 	}
diff --git a/filesystem/avb_gen_vbmeta_image.go b/filesystem/avb_gen_vbmeta_image.go
new file mode 100644
index 000000000..0f331f923
--- /dev/null
+++ b/filesystem/avb_gen_vbmeta_image.go
@@ -0,0 +1,108 @@
+// Copyright (C) 2022 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package filesystem
+
+import (
+	"fmt"
+
+	"github.com/google/blueprint/proptools"
+
+	"android/soong/android"
+)
+
+type avbGenVbmetaImage struct {
+	android.ModuleBase
+
+	properties avbGenVbmetaImageProperties
+
+	output     android.OutputPath
+	installDir android.InstallPath
+}
+
+type avbGenVbmetaImageProperties struct {
+	// Source file of this image. Can reference a genrule type module with the ":module" syntax.
+	Src *string `android:"path,arch_variant"`
+
+	// Name of the image partition. Defaults to the name of this module.
+	Partition_name *string
+
+	// The salt in hex. Required for reproducible builds.
+	Salt *string
+}
+
+// The avbGenVbmetaImage generates an unsigned VBMeta image output for the given image.
+func avbGenVbmetaImageFactory() android.Module {
+	module := &avbGenVbmetaImage{}
+	module.AddProperties(&module.properties)
+	android.InitAndroidArchModule(module, android.DeviceSupported, android.MultilibFirst)
+	return module
+}
+
+func (a *avbGenVbmetaImage) installFileName() string {
+	return a.Name() + ".img"
+}
+
+func (a *avbGenVbmetaImage) GenerateAndroidBuildActions(ctx android.ModuleContext) {
+	builder := android.NewRuleBuilder(pctx, ctx)
+	cmd := builder.Command().BuiltTool("avbtool").Text("add_hash_footer")
+	cmd.Flag("--dynamic_partition_size")
+	cmd.Flag("--do_not_append_vbmeta_image")
+
+	partition_name := proptools.StringDefault(a.properties.Partition_name, a.Name())
+	cmd.FlagWithArg("--partition_name ", partition_name)
+
+	if a.properties.Src == nil {
+		ctx.PropertyErrorf("src", "missing source file")
+		return
+	}
+	input := android.PathForModuleSrc(ctx, proptools.String(a.properties.Src))
+	cmd.FlagWithInput("--image ", input)
+
+	if a.properties.Salt == nil {
+		ctx.PropertyErrorf("salt", "missing salt value")
+		return
+	}
+	cmd.FlagWithArg("--salt ", proptools.String(a.properties.Salt))
+
+	a.output = android.PathForModuleOut(ctx, a.installFileName()).OutputPath
+	cmd.FlagWithOutput("--output_vbmeta_image ", a.output)
+	builder.Build("avbGenVbmetaImage", fmt.Sprintf("avbGenVbmetaImage %s", ctx.ModuleName()))
+}
+
+var _ android.AndroidMkEntriesProvider = (*avbGenVbmetaImage)(nil)
+
+// Implements android.AndroidMkEntriesProvider
+func (a *avbGenVbmetaImage) AndroidMkEntries() []android.AndroidMkEntries {
+	return []android.AndroidMkEntries{android.AndroidMkEntries{
+		Class:      "ETC",
+		OutputFile: android.OptionalPathForPath(a.output),
+		ExtraEntries: []android.AndroidMkExtraEntriesFunc{
+			func(ctx android.AndroidMkExtraEntriesContext, entries *android.AndroidMkEntries) {
+				entries.SetString("LOCAL_MODULE_PATH", a.installDir.String())
+				entries.SetString("LOCAL_INSTALLED_MODULE_STEM", a.installFileName())
+			},
+		},
+	}}
+}
+
+var _ android.OutputFileProducer = (*avbGenVbmetaImage)(nil)
+
+// Implements android.OutputFileProducer
+func (a *avbGenVbmetaImage) OutputFiles(tag string) (android.Paths, error) {
+	if tag == "" {
+		return []android.Path{a.output}, nil
+	}
+	return nil, fmt.Errorf("unsupported module reference tag %q", tag)
+}
diff --git a/filesystem/filesystem.go b/filesystem/filesystem.go
index 1365d4a58..25b8fe89c 100644
--- a/filesystem/filesystem.go
+++ b/filesystem/filesystem.go
@@ -35,6 +35,7 @@ func registerBuildComponents(ctx android.RegistrationContext) {
 	ctx.RegisterModuleType("android_filesystem", filesystemFactory)
 	ctx.RegisterModuleType("android_system_image", systemImageFactory)
 	ctx.RegisterModuleType("avb_add_hash_footer", avbAddHashFooterFactory)
+	ctx.RegisterModuleType("avb_gen_vbmeta_image", avbGenVbmetaImageFactory)
 }
 
 type filesystem struct {
@@ -69,9 +70,13 @@ type filesystemProperties struct {
 	// TODO(jiyong): allow apex_key to be specified here
 	Avb_private_key *string `android:"path"`
 
-	// Hash and signing algorithm for avbtool. Default is SHA256_RSA4096.
+	// Signing algorithm for avbtool. Default is SHA256_RSA4096.
 	Avb_algorithm *string
 
+	// Hash algorithm used for avbtool (for descriptors). This is passed as hash_algorithm to
+	// avbtool. Default used by avbtool is sha1.
+	Avb_hash_algorithm *string
+
 	// Name of the partition stored in vbmeta desc. Defaults to the name of this module.
 	Partition_name *string
 
@@ -261,6 +266,14 @@ func (f *filesystem) buildImageUsingBuildImage(ctx android.ModuleContext) androi
 		Input(rootZip).
 		Input(rebasedDepsZip)
 
+	// run host_init_verifier
+	// Ideally we should have a concept of pluggable linters that verify the generated image.
+	// While such concept is not implement this will do.
+	// TODO(b/263574231): substitute with pluggable linter.
+	builder.Command().
+		BuiltTool("host_init_verifier").
+		FlagWithArg("--out_system=", rootDir.String()+"/system")
+
 	propFile, toolDeps := f.buildPropFile(ctx)
 	output := android.PathForModuleOut(ctx, f.installFileName()).OutputPath
 	builder.Command().BuiltTool("build_image").
@@ -333,7 +346,11 @@ func (f *filesystem) buildPropFile(ctx android.ModuleContext) (propFile android.
 		addStr("avb_algorithm", algorithm)
 		key := android.PathForModuleSrc(ctx, proptools.String(f.properties.Avb_private_key))
 		addPath("avb_key_path", key)
-		addStr("avb_add_hashtree_footer_args", "--do_not_generate_fec")
+		avb_add_hashtree_footer_args := "--do_not_generate_fec"
+		if hashAlgorithm := proptools.String(f.properties.Avb_hash_algorithm); hashAlgorithm != "" {
+			avb_add_hashtree_footer_args += " --hash_algorithm " + hashAlgorithm
+		}
+		addStr("avb_add_hashtree_footer_args", avb_add_hashtree_footer_args)
 		partitionName := proptools.StringDefault(f.properties.Partition_name, f.Name())
 		addStr("partition_name", partitionName)
 		addStr("avb_salt", f.salt())
diff --git a/filesystem/filesystem_test.go b/filesystem/filesystem_test.go
index 9bfcc3d6a..444ffd0aa 100644
--- a/filesystem/filesystem_test.go
+++ b/filesystem/filesystem_test.go
@@ -126,8 +126,34 @@ func TestFileSystemGathersItemsOnlyInSystemPartition(t *testing.T) {
 	android.AssertDeepEquals(t, "entries should have foo only", []string{"components/foo"}, module.entries)
 }
 
+func TestAvbGenVbmetaImage(t *testing.T) {
+	result := fixture.RunTestWithBp(t, `
+		avb_gen_vbmeta_image {
+			name: "input_hashdesc",
+			src: "input.img",
+			partition_name: "input_partition_name",
+			salt: "2222",
+		}`)
+	cmd := result.ModuleForTests("input_hashdesc", "android_arm64_armv8-a").Rule("avbGenVbmetaImage").RuleParams.Command
+	android.AssertStringDoesContain(t, "Can't find correct --partition_name argument",
+		cmd, "--partition_name input_partition_name")
+	android.AssertStringDoesContain(t, "Can't find --do_not_append_vbmeta_image",
+		cmd, "--do_not_append_vbmeta_image")
+	android.AssertStringDoesContain(t, "Can't find --output_vbmeta_image",
+		cmd, "--output_vbmeta_image ")
+	android.AssertStringDoesContain(t, "Can't find --salt argument",
+		cmd, "--salt 2222")
+}
+
 func TestAvbAddHashFooter(t *testing.T) {
 	result := fixture.RunTestWithBp(t, `
+		avb_gen_vbmeta_image {
+			name: "input_hashdesc",
+			src: "input.img",
+			partition_name: "input",
+			salt: "2222",
+		}
+
 		avb_add_hash_footer {
 			name: "myfooter",
 			src: "input.img",
@@ -145,6 +171,7 @@ func TestAvbAddHashFooter(t *testing.T) {
 					file: "value_file",
 				},
 			],
+			include_descriptors_from_images: ["input_hashdesc"],
 		}
 	`)
 	cmd := result.ModuleForTests("myfooter", "android_arm64_armv8-a").Rule("avbAddHashFooter").RuleParams.Command
@@ -158,4 +185,6 @@ func TestAvbAddHashFooter(t *testing.T) {
 		cmd, "--prop 'prop1:value1'")
 	android.AssertStringDoesContain(t, "Can't find --prop_from_file argument",
 		cmd, "--prop_from_file 'prop2:value_file'")
+	android.AssertStringDoesContain(t, "Can't find --include_descriptors_from_image",
+		cmd, "--include_descriptors_from_image ")
 }