94 lines
3.1 KiB
Python
Executable file
94 lines
3.1 KiB
Python
Executable file
#!/usr/bin/env python3
|
|
#
|
|
# Copyright 2021, The Android Open Source Project
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
"""Generate a Generic Boot Image certificate suitable for VTS verification."""
|
|
|
|
from argparse import ArgumentParser
|
|
import shlex
|
|
import subprocess
|
|
|
|
|
|
def generate_gki_certificate(image, avbtool, name, algorithm, key, salt,
|
|
additional_avb_args, output):
|
|
"""Shell out to avbtool to generate a GKI certificate."""
|
|
|
|
# Need to specify a value of --partition_size for avbtool to work.
|
|
# We use 64 MB below, but avbtool will not resize the boot image to
|
|
# this size because --do_not_append_vbmeta_image is also specified.
|
|
avbtool_cmd = [
|
|
avbtool, 'add_hash_footer',
|
|
'--partition_name', name,
|
|
'--partition_size', str(64 * 1024 * 1024),
|
|
'--image', image,
|
|
'--algorithm', algorithm,
|
|
'--key', key,
|
|
'--do_not_append_vbmeta_image',
|
|
'--output_vbmeta_image', output,
|
|
]
|
|
|
|
if salt is not None:
|
|
avbtool_cmd += ['--salt', salt]
|
|
|
|
avbtool_cmd += additional_avb_args
|
|
|
|
subprocess.check_call(avbtool_cmd)
|
|
|
|
|
|
def parse_cmdline():
|
|
parser = ArgumentParser(add_help=True)
|
|
|
|
# Required args.
|
|
parser.add_argument('image', help='path to the image')
|
|
parser.add_argument('-o', '--output', required=True,
|
|
help='output certificate file name')
|
|
parser.add_argument('--name', required=True,
|
|
choices=['boot', 'generic_kernel'],
|
|
help='name of the image to be certified')
|
|
parser.add_argument('--algorithm', required=True,
|
|
help='AVB signing algorithm')
|
|
parser.add_argument('--key', required=True,
|
|
help='path to the RSA private key')
|
|
|
|
# Optional args.
|
|
parser.add_argument('--avbtool', default='avbtool',
|
|
help='path to the avbtool executable')
|
|
parser.add_argument('--salt', help='salt to use when computing image hash')
|
|
parser.add_argument('--additional_avb_args', default=[], action='append',
|
|
help='additional arguments to be forwarded to avbtool')
|
|
|
|
args = parser.parse_args()
|
|
|
|
additional_avb_args = []
|
|
for a in args.additional_avb_args:
|
|
additional_avb_args.extend(shlex.split(a))
|
|
args.additional_avb_args = additional_avb_args
|
|
|
|
return args
|
|
|
|
|
|
def main():
|
|
args = parse_cmdline()
|
|
generate_gki_certificate(
|
|
image=args.image, avbtool=args.avbtool, name=args.name,
|
|
algorithm=args.algorithm, key=args.key, salt=args.salt,
|
|
additional_avb_args=args.additional_avb_args,
|
|
output=args.output,
|
|
)
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|