• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/usr/bin/env python3
2#
3# Copyright 2021, The Android Open Source Project
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9#     http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16#
17
18"""Generate a Generic Boot Image certificate suitable for VTS verification."""
19
20from argparse import ArgumentParser
21import shlex
22import subprocess
23
24
25def generate_gki_certificate(image, avbtool, name, algorithm, key, salt,
26                             additional_avb_args, output):
27    """Shell out to avbtool to generate a GKI certificate."""
28
29    avbtool_cmd = [
30        avbtool, 'add_hash_footer',
31        '--partition_name', name,
32        '--dynamic_partition_size',
33        '--image', image,
34        '--algorithm', algorithm,
35        '--key', key,
36        '--do_not_append_vbmeta_image',
37        '--output_vbmeta_image', output,
38    ]
39
40    if salt is not None:
41        avbtool_cmd += ['--salt', salt]
42
43    avbtool_cmd += additional_avb_args
44
45    subprocess.check_call(avbtool_cmd)
46
47
48def parse_cmdline():
49    parser = ArgumentParser(add_help=True)
50
51    # Required args.
52    parser.add_argument('image', help='path to the image')
53    parser.add_argument('-o', '--output', required=True,
54                        help='output certificate file name')
55    parser.add_argument('--name', required=True,
56                        choices=['boot', 'generic_kernel'],
57                        help='name of the image to be certified')
58    parser.add_argument('--algorithm', required=True,
59                        help='AVB signing algorithm')
60    parser.add_argument('--key', required=True,
61                        help='path to the RSA private key')
62
63    # Optional args.
64    parser.add_argument('--avbtool', default='avbtool',
65                        help='path to the avbtool executable')
66    parser.add_argument('--salt', help='salt to use when computing image hash')
67    parser.add_argument('--additional_avb_args', default=[], action='append',
68                        help='additional arguments to be forwarded to avbtool')
69
70    args = parser.parse_args()
71
72    additional_avb_args = []
73    for a in args.additional_avb_args:
74        additional_avb_args.extend(shlex.split(a))
75    args.additional_avb_args = additional_avb_args
76
77    return args
78
79
80def main():
81    args = parse_cmdline()
82    generate_gki_certificate(
83        image=args.image, avbtool=args.avbtool, name=args.name,
84        algorithm=args.algorithm, key=args.key, salt=args.salt,
85        additional_avb_args=args.additional_avb_args,
86        output=args.output,
87    )
88
89
90if __name__ == '__main__':
91    main()
92