Commit e947cb63 authored Jan 25, 2019 by David Zeuthen

avbtool: verify_image: Add --follow_chain_partitions option.

This is useful in situations where you don't know (or don't care)
about the key/rollback index used for the chain partition. Here's an
example of it works on an AOSP image:

 $ avbtool verify_image --image vbmeta.img --follow_chain_partitions
 Verifying image vbmeta.img using embedded public key
 vbmeta: Successfully verified SHA256_RSA4096 vbmeta struct in vbmeta.img
 system: Chained but ROLLBACK_SLOT (which is 1) and KEY (which has sha1 cdbb77177f731920bbe0a0f94f84d9038ae0617d) not specified
 --
 Verifying image system.img using embedded public key
 vbmeta: Successfully verified footer and SHA256_RSA2048 vbmeta struct in system.img
 system: Successfully verified sha1 hashtree of system.img for image of 2906116096 bytes
 boot: Successfully verified sha256 hash of boot.img for image of 31236096 bytes
 dtbo: Successfully verified sha256 hash of dtbo.img for image of 1745968 bytes
 product: Successfully verified sha1 hashtree of product.img for image of 309526528 bytes
 vendor: Successfully verified sha1 hashtree of vendor.img for image of 792514560 bytes

This new feature also works with the existing --expected_chain_partitions option:

 $ avbtool extract_public_key --key /path/to/AOSP/external/avb/test/data/testkey_rsa2048.pem --output testkey_rsa2048.avbpubkey

 $ avbtool verify_image --image vbmeta.img --follow_chain_partitions --expected_chain_partition system:1:testkey_rsa2048.avbpubkey
 Verifying image vbmeta.img using embedded public key
 vbmeta: Successfully verified SHA256_RSA4096 vbmeta struct in vbmeta.img
 system: Successfully verified chain partition descriptor matches expected data
 --
 Verifying image system.img using embedded public key
 vbmeta: Successfully verified footer and SHA256_RSA2048 vbmeta struct in system.img
 system: Successfully verified sha1 hashtree of system.img for image of 2906116096 bytes
 boot: Successfully verified sha256 hash of boot.img for image of 31236096 bytes
 dtbo: Successfully verified sha256 hash of dtbo.img for image of 1745968 bytes
 product: Successfully verified sha1 hashtree of product.img for image of 309526528 bytes
 vendor: Successfully verified sha1 hashtree of vendor.img for image of 792514560 bytes

Bug: 122887773
Test: New unit test and all unit tests pass.
Change-Id: If9332005c46e64f536e0ad4d9dbe160745975966

parent d7156cd3

Show whitespace changes

Inline Side-by-side

Ghost User @ghost
mentioned in commit c789bfd5
· Nov 16, 2022

mentioned in commit c789bfd5

mentioned in commit c789bfd58b50737f4507aff23004565108cf4b26

Toggle commit list
Ghost User @ghost
mentioned in commit a43221c0
· Nov 16, 2022

mentioned in commit a43221c0

mentioned in commit a43221c036708fd102bf44eeefc8a192fafeb904

Toggle commit list
Ghost User @ghost
mentioned in commit ee4de055
· Nov 16, 2022

mentioned in commit ee4de055

mentioned in commit ee4de055bdc87a57977ee7a168f76433c6c7a86e

Toggle commit list

Please to comment