Home | History | Annotate | Download | only in tools 
      1 #!/bin/bash
      2 
      3 if [ $# -ne 3 ]; then
      4   echo "Usage: mk_verified_boot_params.sh <vbmeta.img> <system-qemu.img> <VerifiedBootParams.textproto>"
      5 #when building vendor.img only, this is expected
      6   exit 0
      7 fi
      8 
      9 # Example Output from 'avbtool calculate_kernel_cmdline --image vbmeta.img':
     10 # (actual output is on a single line)
     11 #
     12 # dm="1 vroot none ro 1,0 4666872 verity 1 \
     13 #     PARTUUID=$(ANDROID_SYSTEM_PARTUUID) \
     14 #     PARTUUID=$(ANDROID_SYSTEM_PARTUUID) \
     15 #     4096 4096 583359 583359 sha1 \
     16 #     d3462e6b89750e3f6bca242551bc5ded22843c8f \
     17 #     930e57fa675c2e9f4b8bbc960ee165cbabbe651c \
     18 #     10 $(ANDROID_VERITY_MODE) ignore_zero_blocks \
     19 #     use_fec_from_device PARTUUID=$(ANDROID_SYSTEM_PARTUUID) \
     20 #     fec_roots 2 fec_blocks 587954 fec_start 587954" \
     21 # root=/dev/dm-0
     22 #
     23 # The emulator can not use every parameter (for example fec args require a
     24 # minimum kernel level).  Some parameters must also be substituted.  Therefore
     25 # this script selects arguments from the tool's output to build the actual
     26 # kernel commandline as a textproto file.
     27 
     28 set -e
     29 
     30 function die {
     31   echo $1 >&2
     32   echo "tools/mk_verified_boot_kernel_options.sh might need a fix"
     33   exit 1
     34 }
     35 
     36 # Incrementing major version causes emulator binaries that do not support the
     37 # version to ignore this file.  This can be useful if there is a change
     38 # not supported by older emulator binaries.
     39 readonly MAJOR_VERSION=1
     40 
     41 readonly SRCIMG=$1
     42 readonly QEMU_IMG=$2
     43 readonly TARGET=$3
     44 
     45 # Use sgdisk to determine the partition UUID
     46 [[ $(${SGDISK:-sgdisk} --info 1 $QEMU_IMG | grep "Partition name:" | awk '{print $3}') == "'system'" ]] || die "Partition 1 is not named 'system'."
     47 readonly GUID=$(${SGDISK:-sgdisk} --info 1 $QEMU_IMG | grep "Partition unique GUID:" | awk '{print $4}')
     48 [[ $GUID =~ [[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12} ]] || die "GUID looks incorrect: $GUID"
     49 
     50 # Extract the commandline
     51 readonly CMDLINE=$(${AVBTOOL:-avbtool} calculate_kernel_cmdline --image $SRCIMG)
     52 
     53 # Extracts params from CMDLINE to create a commandline usable by the emulator.
     54 #
     55 # TODO: fec options do not work yet because they require a kernel of >=4.5.
     56 # The emulator is running a 4.4 kernel.  This script ignores options
     57 # for now...
     58 
     59 dm_match_regex="dm=\"([^\"]*)\""
     60 [[ "$CMDLINE" =~ $dm_match_regex ]]
     61 
     62 [[ ${#BASH_REMATCH[*]} -eq 2 ]] || die "Missing dm section: $CMDLINE"
     63 
     64 readonly DM_SECTION=${BASH_REMATCH[1]}
     65 readonly DM_SPLIT=($(echo $DM_SECTION | tr ' ' '\n'))
     66 
     67 # Capture everything into a named variable
     68 readonly START_BLOCK=0
     69 readonly SECTOR_COUNT=${DM_SPLIT[5]}
     70 readonly VERITY_VERSION=${DM_SPLIT[7]}
     71 readonly DATA_DEVICE="PARTUUID=$GUID"
     72 readonly HASH_DEVICE="PARTUUID=$GUID"
     73 readonly DATA_BLOCK_SIZE=${DM_SPLIT[10]}
     74 readonly HASH_BLOCK_SIZE=${DM_SPLIT[11]}
     75 readonly NUM_BLOCKS=${DM_SPLIT[12]}
     76 readonly HASH_BLOCK_OFFSET=${DM_SPLIT[13]}
     77 readonly HASH_ALGORITHM=${DM_SPLIT[14]}
     78 readonly ROOT_DIGEST=${DM_SPLIT[15]}
     79 readonly SALT=${DM_SPLIT[16]}
     80 readonly NUM_OPTIONAL_PARAMS=1
     81 
     82 # Sanity Checks
     83 [[ $ROOT_DIGEST =~ [[:xdigit:]]{40} ]] || die "ROOT_DIGEST looks incorrect: $ROOT_DIGEST"
     84 [[ $SALT =~ [[:xdigit:]]{40} ]] || die "SALT looks incorrect: $SALT"
     85 
     86 HEADER_COMMENT="# dm=\"1 vroot none ro 1,$START_BLOCK $SECTOR_COUNT verity $VERITY_VERSION $DATA_DEVICE $HASH_DEVICE $DATA_BLOCK_SIZE $HASH_BLOCK_SIZE $NUM_BLOCKS $HASH_BLOCK_OFFSET $HASH_ALGORITHM $ROOT_DIGEST $SALT $NUM_OPTIONAL_PARAMS ignore_zero_blocks\" androidboot.veritymode=enforcing root=/dev/dm-0"
     87 
     88 echo $HEADER_COMMENT > $TARGET
     89 echo "major_version: $MAJOR_VERSION" >> $TARGET
     90 echo "dm_param: \"1\"" >> $TARGET
     91 echo "dm_param: \"vroot\"  # name" >> $TARGET
     92 echo "dm_param: \"none\"  # UUID" >> $TARGET
     93 echo "dm_param: \"ro\"  # Read-only" >> $TARGET
     94 echo "dm_param: \"1,$START_BLOCK\"  # Start block" >> $TARGET
     95 echo "dm_param: \"$SECTOR_COUNT\"  # Sector count" >> $TARGET
     96 echo "dm_param: \"verity\"  # Type" >> $TARGET
     97 echo "dm_param: \"$VERITY_VERSION\"  # Version" >> $TARGET
     98 echo "dm_param: \"$DATA_DEVICE\"  # Data device" >> $TARGET
     99 echo "dm_param: \"$HASH_DEVICE\"  # Hash device" >> $TARGET
    100 echo "dm_param: \"$DATA_BLOCK_SIZE\"  # Data block size" >> $TARGET
    101 echo "dm_param: \"$HASH_BLOCK_SIZE\"  # Hash block size" >> $TARGET
    102 echo "dm_param: \"$NUM_BLOCKS\"  # Number of blocks" >> $TARGET
    103 echo "dm_param: \"$HASH_BLOCK_OFFSET\"  # Hash block offset" >> $TARGET
    104 echo "dm_param: \"$HASH_ALGORITHM\"  # Hash algorithm" >> $TARGET
    105 echo "dm_param: \"$ROOT_DIGEST\"  # Root digest" >> $TARGET
    106 echo "dm_param: \"$SALT\"  # Salt" >> $TARGET
    107 echo "dm_param: \"$NUM_OPTIONAL_PARAMS\"  # Num optional params" >> $TARGET
    108 echo "dm_param: \"ignore_zero_blocks\"" >> $TARGET
    109 
    110 echo "param: \"androidboot.veritymode=enforcing\"" >> $TARGET
    111 echo "param: \"androidboot.verifiedbootstate=orange\"" >> $TARGET
    112 echo "param: \"root=/dev/dm-0\"" >> $TARGET
    113 
    114 
    115 
    116